heroku-bouncer 0.4.0.pre3 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/lib/heroku/bouncer/middleware.rb +49 -31
  4. metadata +18 -6
  5. data/Gemfile.lock +0 -62
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e309a66ada0259f78b01d8524259250a0cbba5ab
4
- data.tar.gz: 66b98fb8a1fa87093aa6b632c1097077a3d13792
3
+ metadata.gz: 03abaeaa8715d6bcd3f72fad85fa58dd8f0645c0
4
+ data.tar.gz: 0debdadff5ca498f87a3f2d90a37b80dd00c84ce
5
5
  SHA512:
6
- metadata.gz: c334ee9efd1af0e1c6e9e9d9ea72c3c26f63b514179cb6a163cd7bb58859b3b6497811f7fada20ff59ae571f963ec430d4f4929d5d9c99d282e81c9d65cd4143
7
- data.tar.gz: dd1ce965ccea7181e62189b361b5125d730a0cb30c5fdf3cbb543d07cae42b5bd8604b546ca7cc70d3f6c04e1a4c1747316664cd018396e4d1268963385fa77c
6
+ metadata.gz: e1d4d8f927f12a89f3d4f2d6855129a14ac623a08b99e2e1cb81d9d82810e57b6cf727fdb99f3398696f19b3ba827f96af8e817c230f70a56d9dd5db80fe85ab
7
+ data.tar.gz: c018b6dc635a21cfeb88da1fb57869c40e8ef8d5eaa411b091ffea5fe0e2f3e453e110255d8777d89d91021c597e7fd03dfdba852c2692b599ad7d13f24e9de4
data/README.md CHANGED
@@ -90,7 +90,7 @@ use Heroku::Bouncer,
90
90
  secret: ENV['HEROKU_BOUNCER_SECRET']
91
91
  ```
92
92
 
93
- There are 7 additional options you can pass to the middleware:
93
+ There are 8 additional options you can pass to the middleware:
94
94
 
95
95
  * `oauth[:scope]`: The [OAuth scope][] to use when requesting the OAuth
96
96
  token. Default: `identity`.
@@ -105,7 +105,7 @@ There are 7 additional options you can pass to the middleware:
105
105
  `true`
106
106
  * `session_sync_nonce`: If present, determines the name of a cookie shared across properties under a same domain in order to keep their sessions synchronized. Default: `nil`
107
107
  * `allow_anonymous`: Accepts a lambda that gets called with each request. If the lambda evals to true, the request will not enforce authentication (e.g: `allow_anonymous: lambda { |req| !/\A\/admin/.match(req.fullpath) }` will allow anonymous requests except those with under the `/admin` path). Default: `nil`, which does not allow anonymous access to any URL.
108
-
108
+ * `skip`: Accepts a lambda that gets called with each request's `env`. If the lambda gets evaluated to true, heroku-bouncer's middleware will be completely skipped. Default: 'false', which applies heroku-bouncer to all requests.
109
109
 
110
110
  You use these by passing a hash to the `use` call, for example:
111
111
 
data/lib/heroku/bouncer/middleware.rb CHANGED
@@ -26,11 +26,12 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
26
26
  @expose_user = extract_option(options, :expose_user, true)
27
27
  @session_sync_nonce = extract_option(options, :session_sync_nonce, nil)
28
28
  @allow_anonymous = extract_option(options, :allow_anonymous, nil)
29
+ @skip = extract_option(options, :skip, false)
29
30
  end
30
31
  end
31
32
 
32
33
  def call(env)
33
- if @disabled
34
+ if @disabled || skip?(env)
34
35
  @app.call(env)
35
36
  else
36
37
  unlock_session_data(env) do
@@ -39,45 +40,24 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
39
40
  end
40
41
  end
41
42
 
42
- def unlock_session_data(env, &block)
43
- decrypt_store(env)
44
- return_value = yield
45
- encrypt_store(env)
46
- return_value
47
- end
48
-
49
- def auth_request?
50
- %w[/auth/heroku/callback /auth/heroku /auth/failure /auth/sso-logout /auth/logout /auth/login].include?(request.path)
51
- end
52
-
53
- def session_nonce_mismatch?
54
- (store_read(@session_sync_nonce.to_sym).to_s != session_nonce_cookie.to_s) && !auth_request?
55
- end
56
-
57
- def session_nonce_cookie
58
- @session_sync_nonce && request.cookies[@session_sync_nonce]
59
- end
60
-
61
- def anonymous_request_allowed?
62
- auth_request? || (@allow_anonymous && @allow_anonymous.call(request))
63
- end
64
-
65
43
  before do
66
- if @session_sync_nonce && session_nonce_mismatch?
67
- if session_nonce_cookie.to_s.empty?
44
+ if session_nonce_mismatch?
45
+ if @session_sync_nonce && session_nonce_cookie.to_s.empty?
68
46
  destroy_session
69
47
  redirect to(request.url)
70
48
  else
71
- store_write(:return_to, request.url)
72
- redirect to('/auth/heroku')
49
+ require_authentication
73
50
  end
74
51
  end
75
52
 
76
53
  if store_read(:user)
77
- expose_store
54
+ if expired? && !auth_request?
55
+ require_authentication
56
+ else
57
+ expose_store
58
+ end
78
59
  elsif !anonymous_request_allowed?
79
- store_write(:return_to, request.url)
80
- redirect to('/auth/heroku')
60
+ require_authentication
81
61
  end
82
62
  end
83
63
 
@@ -97,6 +77,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
97
77
  end
98
78
  store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
99
79
  store_write(:token, token) if @expose_token
80
+ store_write(:expires_at, Time.now.to_i + 3600 * 8)
100
81
  redirect to(store_delete(:return_to) || '/')
101
82
  end
102
83
 
@@ -132,6 +113,43 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
132
113
 
133
114
  private
134
115
 
116
+ def unlock_session_data(env, &block)
117
+ decrypt_store(env)
118
+ yield
119
+ ensure
120
+ encrypt_store(env)
121
+ end
122
+
123
+ def auth_request?
124
+ %w[/auth/heroku/callback /auth/heroku /auth/failure /auth/sso-logout /auth/logout /auth/login].include?(request.path)
125
+ end
126
+
127
+ def session_nonce_mismatch?
128
+ @session_sync_nonce && (store_read(@session_sync_nonce.to_sym).to_s != session_nonce_cookie.to_s) && !auth_request?
129
+ end
130
+
131
+ def session_nonce_cookie
132
+ @session_sync_nonce && request.cookies[@session_sync_nonce]
133
+ end
134
+
135
+ def anonymous_request_allowed?
136
+ auth_request? || (@allow_anonymous && @allow_anonymous.call(request))
137
+ end
138
+
139
+ def expired?
140
+ ts = store_read(:expires_at)
141
+ ts.nil? || Time.now.to_i > ts
142
+ end
143
+
144
+ def skip?(env)
145
+ @skip && @skip.call(env)
146
+ end
147
+
148
+ def require_authentication
149
+ store_write(:return_to, request.url)
150
+ redirect to('/auth/heroku')
151
+ end
152
+
135
153
  def extract_option(options, option, default = nil)
136
154
  options.has_key?(option) ? options[option] : default
137
155
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0.pre3
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-12-09 00:00:00.000000000 Z
11
+ date: 2014-01-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - '>='
137
137
  - !ruby/object:Gem::Version
138
138
  version: '0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: delorean
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - '>='
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - '>='
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
139
153
  description: ID please.
140
154
  email:
141
155
  - jd@heroku.com
@@ -152,7 +166,6 @@ files:
152
166
  - lib/heroku/bouncer.rb
153
167
  - README.md
154
168
  - Gemfile
155
- - Gemfile.lock
156
169
  - Rakefile
157
170
  homepage: https://github.com/heroku/heroku-bouncer
158
171
  licenses:
@@ -169,9 +182,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
169
182
  version: '0'
170
183
  required_rubygems_version: !ruby/object:Gem::Requirement
171
184
  requirements:
172
- - - '>'
185
+ - - '>='
173
186
  - !ruby/object:Gem::Version
174
- version: 1.3.1
187
+ version: '0'
175
188
  requirements: []
176
189
  rubyforge_project:
177
190
  rubygems_version: 2.0.14
@@ -180,5 +193,4 @@ specification_version: 4
180
193
  summary: Rapidly add Heroku OAuth to your Ruby app.
181
194
  test_files:
182
195
  - Gemfile
183
- - Gemfile.lock
184
196
  - Rakefile
data/Gemfile.lock DELETED
@@ -1,62 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- heroku-bouncer (0.4.0.pre2)
5
- faraday (~> 0.8)
6
- omniauth-heroku (>= 0.1.0)
7
- rack (~> 1.0)
8
- sinatra (~> 1.0)
9
-
10
- GEM
11
- remote: https://rubygems.org/
12
- specs:
13
- faraday (0.8.8)
14
- multipart-post (~> 1.2.0)
15
- hashie (1.2.0)
16
- httpauth (0.2.0)
17
- jwt (0.1.8)
18
- multi_json (>= 1.5)
19
- metaclass (0.0.1)
20
- minitest (5.0.8)
21
- minitest-spec-context (0.0.3)
22
- mocha (0.14.0)
23
- metaclass (~> 0.0.1)
24
- multi_json (1.8.2)
25
- multipart-post (1.2.0)
26
- oauth2 (0.8.1)
27
- faraday (~> 0.8)
28
- httpauth (~> 0.1)
29
- jwt (~> 0.1.4)
30
- multi_json (~> 1.0)
31
- rack (~> 1.2)
32
- omniauth (1.1.4)
33
- hashie (>= 1.2, < 3)
34
- rack
35
- omniauth-heroku (0.1.1)
36
- omniauth (~> 1.0)
37
- omniauth-oauth2 (~> 1.0)
38
- omniauth-oauth2 (1.1.1)
39
- oauth2 (~> 0.8.0)
40
- omniauth (~> 1.0)
41
- rack (1.5.2)
42
- rack-protection (1.5.0)
43
- rack
44
- rack-test (0.6.2)
45
- rack (>= 1.0)
46
- rake (10.1.0)
47
- sinatra (1.4.4)
48
- rack (~> 1.4)
49
- rack-protection (~> 1.4)
50
- tilt (~> 1.3, >= 1.3.4)
51
- tilt (1.4.1)
52
-
53
- PLATFORMS
54
- ruby
55
-
56
- DEPENDENCIES
57
- heroku-bouncer!
58
- minitest (~> 5.0)
59
- minitest-spec-context
60
- mocha
61
- rack-test
62
- rake