hub_identity_ruby 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7150d6fb299d13222c6c6e8405c81120a3169373101f28ec0a4b226a0a72762c
+  data.tar.gz: b798852d84e06d895d441271adb092268482ea973460718d5fbdceace308c139
+SHA512:
+  metadata.gz: 0b364c5594fd0dbbfe97dcc988b8d1d3f3660960f762b80fcd4525c5108595832226c149610536f5f61642970ab09ef698b7c86e1d411de6a64c2d33207db890
+  data.tar.gz: 99b1791c83af3e9720806ebf3fd963d5d68dabe391f76bfd556f71577838501de79dfe0860a3fd90cb829ae9f98e15087dc915ec8356063ae643752cd5441939

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 erin boeger
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,64 @@
+# HubIdentityRuby
+A Rails Engine designed to make implementing HubIdentity authentication easy and fast.
+In order to use this package you need to have an account with [HubIdentity](https://stage-identity.hubsynch.com/)
+
+Currently this is only for [Hivelocity](https://www.hivelocity.co.jp/) uses. If you have a
+commercial interest please contact the Package Manager Erin Boeger through linkedIn or Github or
+through [Hivelocity](https://www.hivelocity.co.jp/contact/).
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'hub_identity_ruby'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install hub_identity_ruby
+```
+
+inside your ApplicationController:
+```ruby
+include HubIdentityRuby::ControllerHelpers
+```
+
+inside your routes.rb mount the HubIdentity routes.
+```ruby
+mount HubIdentityRuby::Engine => "/hub_identity_ruby"
+```
+This will add the following routes to your application:
+- sessions_new GET    /sessions/new(.:format)     hub_identity_ruby/sessions#new
+- sessions_create GET    /sessions/create(.:format)  hub_identity_ruby/sessions#create
+- sessions_destroy DELETE /sessions/destroy(.:format) hub_identity_ruby/sessions#destroy
+
+
+## Environmental Variables
+set your public and private keys and HubIdentity url
+```bash
+HUBIDENTITY_PRIVATE_KEY="a private key from HubIdentity website"
+HUBIDENTITY_PUBLIC_KEY="a public key from HubIdentity website"
+HUBIDENTITY_URL="for production deployment defaults to staging server"
+```
+
+Currently the HUBIDENTITY_URL defaults to staging HubIdentity server.
+
+## Restricted routes
+
+For authentication required (restricted) routes add the `before_action` helpers.
+for example:
+
+```ruby
+before_action :authenticate_user!, only: [:page_1, :page_2]
+before_action :set_current_user
+```
+use the `before_action :authenticate_user!` to restrict routes and require a user to authenticate.
+use the `before_action :set_current_user` helper to have an `@current_user` in your views to help with navigation.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,18 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/hub_identity_ruby_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/hub_identity_ruby .css

data/app/assets/stylesheets/hub_identity_ruby/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/hub_identity_ruby/application_controller.rb

@@ -0,0 +1,4 @@
+module HubIdentityRuby
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/hub_identity_ruby/sessions_controller.rb

@@ -0,0 +1,38 @@
+require_dependency "hub_identity_ruby/application_controller"
+
+module HubIdentityRuby
+  class SessionsController < ApplicationController
+
+    def new
+      redirect_to "#{HubIdentityRuby::Server.hostname}/browser/v1/providers?api_key=#{public_key}"
+    end
+
+    def create
+      current_user = get_current_user
+      if current_user.present?
+        session[:current_user] = current_user
+        flash[:notice] = "logged in sucessfully through HubIdentity"
+        redirect_to "/"
+      else
+        flash[:alert] = "authentication failure"
+        redirect_to "/"
+      end
+    end
+
+    def destroy
+      session.destroy
+      flash[:notice] = "logged out sucessfully"
+      redirect_to "/"
+    end
+
+    private
+
+    def get_current_user
+      HubIdentityRuby::Server.get_current_user(params["user_token"])
+    end
+
+    def public_key
+      ENV['HUBIDENTITY_PUBLIC_KEY']
+    end
+  end
+end

data/app/helpers/hub_identity_ruby/application_helper.rb

@@ -0,0 +1,4 @@
+module HubIdentityRuby
+  module ApplicationHelper
+  end
+end

data/app/jobs/hub_identity_ruby/application_job.rb

@@ -0,0 +1,4 @@
+module HubIdentityRuby
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/hub_identity_ruby/application_mailer.rb

@@ -0,0 +1,6 @@
+module HubIdentityRuby
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/hub_identity_ruby/application_record.rb

@@ -0,0 +1,5 @@
+module HubIdentityRuby
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/hub_identity_ruby/current_user.rb

@@ -0,0 +1,41 @@
+module HubIdentityRuby
+  class CurrentUser
+
+    def initialize(json_params)
+      user_params = parse(json_params)
+      @email = user_params["email"]
+      @owner_type = user_params["owner_type"]
+      @owner_uid = user_params["owner_uid"]
+      @user_type = user_params["user_type"]
+      @uid = user_params["uid"]
+    end
+
+    def hash
+      hash_values if valid?
+    end
+
+    private
+
+    def hash_values
+      {
+        "email" => @email,
+        "owner_type" => @owner_type,
+        "owner_uid" => @owner_uid,
+        "user_type" => @user_type,
+        "uid" => @uid
+      }
+    end
+
+    def parse(json_params)
+      begin
+        JSON.parse(json_params)
+      rescue
+        {}
+      end
+    end
+
+    def valid?
+      @email.present? && @uid.present? && @user_type.present?
+    end
+  end
+end

data/app/models/hub_identity_ruby/server.rb

@@ -0,0 +1,44 @@
+module HubIdentityRuby
+  class Server
+    HUBIDENTITY_BASE_URL = "https://stage-identity.hubsynch.com"
+
+    def self.certs
+      # response = Faraday.get "#{hostname}/api/v1/oauth/certs"
+      response = Excon.get("#{hostname}/api/v1/oauth/certs")
+      JSON.parse(response.body, symbolize_names: true)
+    end
+
+    def self.get_cert(key_id)
+      certs.find {|key| key[:kid] == key_id}
+    end
+
+    def self.get_current_user(user_token)
+      if user_token.present?
+        url = "#{hostname}/api/v1/current_user/#{user_token}"
+        response = Excon.get(url, :headers => {'x-api-key' => private_api_key})
+        # response = Faraday.get(url) do |req|
+        #   req.headers['x-api-key'] = private_api_key
+        # end
+
+        if response.status == 200
+          CurrentUser.new(response.body).hash
+        else
+          nil
+        end
+      end
+    end
+
+    def self.hostname
+      ENV['HUBIDENTITY_URL'] || HUBIDENTITY_BASE_URL
+    end
+
+    class << self
+      private
+
+      def private_api_key
+        ENV['HUBIDENTITY_PRIVATE_KEY']
+      end
+    end
+  end
+end
+

data/app/models/hub_identity_ruby/token.rb

@@ -0,0 +1,83 @@
+require 'jwt'
+
+module HubIdentityRuby
+  class Token
+
+    def initialize(jwt_token)
+      token_array = jwt_token.split(".")
+      @headers = token_array[0]
+      @claims = token_array[1]
+      @signature = Base64.urlsafe_decode64(token_array[2])
+    end
+
+    def current_user
+      if valid? && type == "access"
+        user_params
+      else
+        nil
+      end
+    end
+
+    def decoded_claims
+      decode_and_parse(@claims)
+    end
+
+    def decoded_headers
+      decode_and_parse(@headers)
+    end
+
+    def expired?
+      Time.now > expiration_time
+    end
+
+    def expiration_time
+      Time.at(decoded_claims[:exp])
+    end
+
+    def issuer
+      decoded_claims[:iss]
+    end
+
+    def type
+      decoded_claims[:typ]
+    end
+
+    def valid?
+      valid_signature? && !expired? && issuer == "HubIdentity"
+    end
+
+    def valid_signature?
+      begin
+        rsa_public_key.verify(OpenSSL::Digest.new('sha256'), @signature,  @headers + "." + @claims)
+      rescue
+        false
+      end
+    end
+
+    private
+
+    def decode_and_parse(string)
+      decoded = Base64.urlsafe_decode64(string)
+      JSON.parse(decoded, symbolize_names: true)
+    end
+
+    def rsa_public_key
+      key = Server.get_cert(decoded_headers[:kid])
+      JWT::JWK.import(key).public_key if key
+    end
+
+    def user_params
+      {
+        email: decoded_claims[:email],
+        owner_type: decoded_claims[:owner_type],
+        owner_uid: decoded_claims[:owner_uid],
+        uid: decoded_claims[:uid],
+        user_type: user_type
+      }
+    end
+
+    def user_type
+      decoded_claims[:sub].split(":").first
+    end
+  end
+end

data/app/views/layouts/hub_identity_ruby/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Hub identity ruby</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag "hub_identity_ruby/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,5 @@
+HubIdentityRuby::Engine.routes.draw do
+  get '/sessions/new', to: 'sessions#new'
+  get '/sessions/create', to: 'sessions#create'
+  delete '/sessions/destroy', to: 'sessions#destroy'
+end

data/lib/hub_identity_ruby.rb

@@ -0,0 +1,7 @@
+require "hub_identity_ruby/version"
+require "hub_identity_ruby/engine"
+require 'hub_identity_ruby/controller_helpers'
+require 'excon'
+
+module HubIdentityRuby
+end

data/lib/hub_identity_ruby/controller_helpers.rb

@@ -0,0 +1,16 @@
+module HubIdentityRuby
+  module ControllerHelpers
+
+    def authenticate_user!
+      redirect_to hub_identity_ruby.sessions_new_path unless current_user?
+    end
+
+    def current_user?
+      session[:current_user]
+    end
+
+    def set_current_user
+      @current_user = session[:current_user]
+    end
+  end
+end

data/lib/hub_identity_ruby/engine.rb

@@ -0,0 +1,5 @@
+module HubIdentityRuby
+  class Engine < ::Rails::Engine
+    isolate_namespace HubIdentityRuby
+  end
+end

data/lib/hub_identity_ruby/version.rb

@@ -0,0 +1,3 @@
+module HubIdentityRuby
+  VERSION = '0.1.0'
+end

data/lib/tasks/hub_identity_ruby_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :hub_identity_ruby do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification
+name: hub_identity_ruby
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- erin boeger
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-03-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.3
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.79.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.79.0
+description: HubIdentity is an authentication service which features various authentication
+  methods for an applications users.
+email:
+- erin@hivelocity.co.jp
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/hub_identity_ruby_manifest.js
+- app/assets/stylesheets/hub_identity_ruby/application.css
+- app/controllers/hub_identity_ruby/application_controller.rb
+- app/controllers/hub_identity_ruby/sessions_controller.rb
+- app/helpers/hub_identity_ruby/application_helper.rb
+- app/jobs/hub_identity_ruby/application_job.rb
+- app/mailers/hub_identity_ruby/application_mailer.rb
+- app/models/hub_identity_ruby/application_record.rb
+- app/models/hub_identity_ruby/current_user.rb
+- app/models/hub_identity_ruby/server.rb
+- app/models/hub_identity_ruby/token.rb
+- app/views/layouts/hub_identity_ruby/application.html.erb
+- config/routes.rb
+- lib/hub_identity_ruby.rb
+- lib/hub_identity_ruby/controller_helpers.rb
+- lib/hub_identity_ruby/engine.rb
+- lib/hub_identity_ruby/version.rb
+- lib/tasks/hub_identity_ruby_tasks.rake
+homepage: https://stage-identity.hubsynch.com/
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://stage-identity.hubsynch.com/
+  source_code_uri: https://github.com/ErinHivelociy/hub_identity_ruby
+  changelog_uri: https://github.com/ErinHivelociy/hub_identity_ruby
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key:
+specification_version: 4
+summary: Easy Rails integration of HubIdentity authentication.
+test_files: []