RubyGems - hubssolib - Versions diffs - 2.1.0 → 3.0.1 - Mend

hubssolib 2.1.0 → 3.0.1

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5fafbf54747841c2d90eaa755481e8c1eecf9e060d64e62d7ff6a446acf2bbc4
-  data.tar.gz: 2243d8561879026aedc904f6505e3a38e2193db7ed5d94540bc520976e15ef23
+  metadata.gz: 36b026e98baa7f70c200a5abe0ff7e5e3a874e9aaf5a1f88c33114e45cb1ab14
+  data.tar.gz: d19ff3d675d0b63286e06c03b6c3bce05be434a16f554533efde1152bb9c2641
 SHA512:
-  metadata.gz: a3653217e5809704a69b20fcae5f94a3066ed26085fdced81c36c8f8bf99b9299212ddf51fde2af411790dd51ebcbd004fe4993c61c0a6588e39f8b080a6abce
-  data.tar.gz: 437fa627ad45ae7baa8e9772a3c1157db324d7b62d889fb53eb81b395317b985b02a5d04ee1f4e7cd1111de3ca24ed16376913ad0b5328b4e630ff241167d793
+  metadata.gz: a8d0724e454ffab27e616a91b1aa9837d4aefa5dff6d871bb92671ddefda789626e7cf3ed2dc523b48d4a09bcb3210c81ff279c7e553d2d579c8b00d6af693dd
+  data.tar.gz: 36f17712168ba66f8de41193c41959dfa3ddb81e1ae5c683f4f747d177a6e4f5643aee2a8b387eaa244f0945608ee88f70552143f58f344e2a4078dabbf65ea4

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,58 @@
+## 3.0.0, 28-Jan-2025 and 3.0.1, 03-Feb-2025
+* The Hub "login indication" URL approach is now dropped, so layout templates **should be updated.**
+In Hub v1 and v2, login indication was done via an image that was served by the Hub application itself, wrapped in a link that visited a "conditional login" endpoint which stored the return-to URL, ensured HTTPS was in use and visited either the log in, or log out page as required. In client applications it looked a bit like this:
+```html
+<a class="img" href="<%= ENV['HUB_PATH_PREFIX'] %>/account/login_conditional">
+  <img src="<%= ENV['HUB_PATH_PREFIX'] %>/account/login_indication" alt="Account" height="22" width="90" />
+</a>
+```
+This dates back to a time when CSS support was not that widespread and RISC OS Open needed the web site to work well on web browsers available at the time. Things have improved considerably since then, so now a cleaner, pure CSS solution is used. This requires no image fetch via the Hub application. Just use:
+```ruby
+<%= hubssolib_account_link() %>
+```
+...in place of the markup above. You probably want to add some supporting CSS too; for example:
+```css
+#hubssolib_login_indication a#hubssolib_logged_in_link,
+#hubssolib_login_indication a#hubssolib_logged_out_link {
+  display:         block;
+  text-align:      center;
+  text-decoration: none;
+  font:            sans-serif;
+  font-size:       10pt;
+  line-height:     20px;
+  height:          20px;
+  width:           88px;
+  border:          1px solid #ccc;
+}
+#hubssolib_login_indication a#hubssolib_logged_in_link {
+  color:        #050;
+  border-color: #050;
+  background:   #efe;
+}
+#hubssolib_login_indication a#hubssolib_logged_out_link {
+  color:        #500;
+  border-color: #500;
+  background:   #fee;
+}
+#hubssolib_login_indication a#hubssolib_login_noscript {
+  text-decoration: none;
+}
+```
+Version 3.0.1 patches the system to make sure that the correct current login state is shown even if a browser has a page cached. To achieve this, JavaScript is used to check cookie state and update the indication on-the-fly. There is a `noscript` fallback that uses the old, inefficient `login_indication` image mechanism - just in case. The CSS styles above are designed to match those images, though of course, they certainly don't have to!
 ## 2.1.0, 01-Jul-2022
 * Use `HUB_QUIET_SERVER=yes ...` to quieten `$stdout` output from Hub server.
@@ -5,6 +60,8 @@
 * Maintenance `bundle update`.
 * A few minor tidy-ups in the implementation.
 ## Version 1.0.0 -> Version 2.0.0, 19-Apr-2020
 The public interface to applications is generally unchanged, but the cookie storage mechanism has been improved and is not compatible with v1 of Hub. You will need to use the newer Hub application, server and gem, but hopefully will find you don't need to change anything with your integrated applications.

data/Gemfile.lock CHANGED Viewed

@@ -1,46 +1,69 @@
 PATH
   remote: .
   specs:
-    hubssolib (2.1.0)
+    hubssolib (3.0.1)
+      base64 (~> 0.2)
+      drb (~> 2.2)
 GEM
   remote: https://rubygems.org/
   specs:
-    byebug (11.1.3)
-    diff-lcs (1.5.0)
-    docile (1.4.0)
-    doggo (1.2.0)
-      rspec-core (~> 3.10)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    base64 (0.2.0)
+    date (3.4.1)
+    debug (1.10.0)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
+    diff-lcs (1.5.1)
+    docile (1.4.1)
+    doggo (1.4.0)
+      rspec-core (~> 3.13)
+    drb (2.2.1)
+    io-console (0.8.0)
+    irb (1.15.1)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    pp (0.6.2)
+      prettyprint
+    prettyprint (0.2.0)
+    psych (5.2.3)
+      date
+      stringio
+    rdoc (6.11.0)
+      psych (>= 4.0.0)
+    reline (0.6.0)
+      io-console (~> 0.5)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.2)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
-    simplecov (0.21.2)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.2)
+    simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
-    simplecov-html (0.12.3)
+    simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
+    stringio (3.1.2)
 PLATFORMS
   ruby
 DEPENDENCIES
-  byebug (~> 11.1)
-  doggo (~> 1.2)
+  debug (~> 1.1)
+  doggo (~> 1.4)
   hubssolib!
-  rspec (~> 3.8)
-  rspec-mocks (~> 3.8)
-  simplecov (~> 0.16)
+  rspec (~> 3.13)
+  rspec-mocks (~> 3.13)
+  simplecov (~> 0.22)
 BUNDLED WITH
-   2.3.17
+   2.6.2

data/README.md CHANGED Viewed

@@ -24,28 +24,10 @@ The latest version of the Hub gem source code is available at:
 ### The Hub library gem
-First of all, download and unpack the Hub gem sources. Change into the source directory (usually, `rails/gems/hubssolib`) and build with:
-```sh
-gem build hubssolib.gemspec
-```
-Install the Hub gem using the `gem` command in the usual fashion. For example, for version 1.0.0 of the library, issue the following command:
-```sh
-gem install hubssolib-1.0.0.gem
-```
-If you run multiple gem repositories you can instruct `gem` to install into a specific location using the `--install-dir` command line switch:
-```sh
-gem install hubssolib-1.0.0.gem --install-dir=/home/username/gems
-```
 Include in a project by adding this to your `Gemfile`:
 ```ruby
-gem 'hubssolib', '~> 1.0.0', :require => 'hub_sso_lib'
+gem 'hubssolib', '~> 3.0', require: 'hub_sso_lib'
 ```
 ### The DRb server
@@ -55,7 +37,7 @@ The Hub DRb server consists of a small wrapper Ruby script which does most of it
 ```sh
 HUB_CONNECTION_URI="drbunix:/home/username/sockets/.hub_drb"
 export HUB_CONNECTION_URI
-ruby /home/username/hub/hub_sso_server.rb &
+ruby /home/username/hubssolib/hub_sso_server.rb &
 ```
 The default is to use a file `.hub_drb` in the root of the current user's home directory. If you specify a custom URI, note that it _MUST_ start with `drbunix:`; the hub server must not be run on an IP port for security reasons.
@@ -66,7 +48,7 @@ Finally you can install the Hub application using whatever mechanism you prefer
 Some configuration is needed using externally set environment variables. These are actually picked up by the Hub gem but you won't know what values to set until the application, DRb server and gem are all installed.
-*   `HUB_CONNECTION_URI` — as already discussed, this must hold a DRb URI giving the connection socket on which the server listens and to which clients connect.
+*   `HUB_CONNECTION_URI` — as already discussed, this holds a DRb URI giving the connection socket on which the server listens and to which clients connect; it defaults to `~/.hub_drb`.
 *   `HUB_PATH_PREFIX` — sometimes the Hub Gem redirects to various locations within the Hub application. If you have installed the application away from document root, specify the prefix to put onto redirection paths here (otherwise, provide an empty string). For example, when redirecting to the `account` controller's `login` method, the path used is `HUB_PATH_PREFIX + '/account/login'`.
 *   `HUB_BYPASS_SSL` - normally Hub sets cookies as secure-only in Production mode, requiring `https` fetches. This isn't enforced in e.g. development mode. If you want to allow insecure transport in Production, set `HUB_BYPASS_SSL` to `true`.
@@ -87,11 +69,22 @@ bundle exec rails s -b 127.0.0.1 --port 3000
 ...and then launch integrating applications with:
 ```
-HUB_PATH_PREFIX="http://127.0.0.1:3000" be rails s -b 127.0.0.1 --port <other-port>
+HUB_BYPASS_SSL="true" HUB_PATH_PREFIX="http://127.0.0.1:3000" be rails s -b 127.0.0.1 --port <other-port>
 ```
 ...and fetch `http://127.0.0.1:<other-port>` in your web browser.
+## Your application's session cookies
+It is often a good idea to clear application cookies when Hub users log in or out, so that there is no stale session data hanging around. **The Hub application auto-clears *all* cookies *ending with* the name `app_session`** for this purpose. Therefore, your application might include a `config/initializers/session_store.rb` file that says something like this:
+```ruby
+# Be sure to restart your server when you modify this file.
+Rails.application.config.session_store :cookie_store, key: 'yourappname_app_session'
+```
+This of course only applies if you're using cookies for your session data.
 ## Testing the installation
 Visit your application in a Web browser and follow the links to sign up for a new account. To sign up, provide a name that will be displayed to users and a valid e-mail address. A confirmation message is sent to the address, containing a link that must be followed to activate the account. One created, users can log in and out of their accounts (with the possibility of sending a password reset request to their e-mail address in case they forget how to log in) and change their screen names. Users cannot change their recorded e-mail address — instead, they must create a new account under the new address.

data/hubssolib.gemspec CHANGED Viewed

@@ -4,10 +4,10 @@ spec = Gem::Specification.new do |s|
   s.platform = Gem::Platform::RUBY
   s.name     = 'hubssolib'
-  s.version  = '2.1.0'
+  s.version  = '3.0.1'
   s.author   = 'Andrew Hodgkinson and others'
   s.email    = 'ahodgkin@rowing.org.uk'
-  s.homepage = 'http://hub.pond.org.uk/'
+  s.homepage = 'http://pond.org.uk/'
   s.summary  = 'Cross-application single sign-on support library.'
   s.license  = 'MIT'
@@ -22,11 +22,14 @@ spec = Gem::Specification.new do |s|
   EOF
   s.files = FileList['lib/**/*.rb', '[A-Z]*'].to_a
-  s.required_ruby_version = '>= 2.5.9' # Not tested on earlier versions
+  s.required_ruby_version = '>= 3.0.0' # Not tested on earlier versions
-  s.add_development_dependency 'byebug',      '~> 11.1'
-  s.add_development_dependency 'simplecov',   '~>  0.16'
-  s.add_development_dependency 'doggo',       '~>  1.2'
-  s.add_development_dependency 'rspec',       '~>  3.8'
-  s.add_development_dependency 'rspec-mocks', '~>  3.8'
+  s.add_dependency 'drb',    '~> 2.2'
+  s.add_dependency 'base64', '~> 0.2'
+  s.add_development_dependency 'debug',       '~> 1.1'
+  s.add_development_dependency 'simplecov',   '~> 0.22'
+  s.add_development_dependency 'doggo',       '~> 1.4'
+  s.add_development_dependency 'rspec',       '~> 3.13'
+  s.add_development_dependency 'rspec-mocks', '~> 3.13'
 end

data/lib/hub_sso_lib.rb CHANGED Viewed

@@ -44,6 +44,10 @@ module HubSsoLib
   # Shared cookie name.
   HUB_COOKIE_NAME = 'hubapp_shared_id'
+  # Principally for #hubssolib_account_link.
+  HUB_LOGIN_INDICATOR_COOKIE       = 'hubapp_shared_id_alive'
+  HUB_LOGIN_INDICATOR_COOKIE_VALUE = 'Y'
   # Bypass SSL, for testing purposes? Rails 'production' mode will
   # insist on SSL otherwise. Development & test environments do not,
   # so do not need this variable setting.
@@ -427,7 +431,7 @@ module HubSsoLib
     # The returned object is proxied via DRb - it is shared between processes.
     #
     # +key+::       Session key; lazy-initialises a new session under this key
-    #               if none is found, then immeediately rotates it.
+    #               if none is found, then immediately rotates it.
     #
     # +remote_ip+:: Request's remote IP address. If there is an existing
     #               session which matches this, it's returned. If there is an
@@ -518,6 +522,67 @@ module HubSsoLib
       !!self.hubssolib_current_user
     end
+    # Returns markup for a link that leads to Hub's conditional login endpoint,
+    # inline-styled as a red "Log in" or green "Account" button. This can be
+    # used in page templates to avoid needing any additional images or other
+    # such resources and using pure HTML + CSS for the login indication.
+    #
+    # JavaScript is used so that e.g. "back" button fully-cached displays by a
+    # browser will get updated with the correct login state, where needed (so
+    # long as the 'pageshow' event is supported). NOSCRIPT browsers use the old
+    # no-cache image fallback, which is much less efficient, but works.
+    #
+    def hubssolib_account_link
+      logged_in        = self.hubssolib_logged_in?()
+      ui_href          = "#{HUB_PATH_PREFIX}/account/login_conditional"
+      noscript_img_src = "#{HUB_PATH_PREFIX}/account/login_indication.png"
+      noscript_img_tag = helpers.image_tag(noscript_img_src, size: '90x22', border: '0', alt: 'Log in or out')
+      logged_in_link   = helpers.link_to('Account',        ui_href, id: 'hubssolib_logged_in_link')
+      logged_out_link  = helpers.link_to('Log in',         ui_href, id: 'hubssolib_logged_out_link')
+      noscript_link    = helpers.link_to(noscript_img_tag, ui_href, id: 'hubssolib_login_noscript')
+      # Yes, it's ugly, but yes, it works and it's a lot better for the server
+      # to avoid the repeated image fetches. It probably works out as overall
+      # more efficient for clients too - despite all the JS etc. work, there's
+      # no network fetch overhead or image rendering. On mobile in particular,
+      # the JS solution is likely to use less battery power.
+      #
+      safe_markup = <<~HTML
+        <div id="hubssolib_login_indication">
+          <noscript>
+            #{noscript_link}
+          </noscript>
+        </div>
+        <script type="text/javascript">
+          const logged_in_html  = "#{helpers.j(logged_in_link)}";
+          const logged_out_html = "#{helpers.j(logged_out_link)}";
+          const container       = document.getElementById('hubssolib_login_indication')
+          function hubSsoLibLoginStateWriteLink() {
+            const regexp = '#{helpers.j(HUB_LOGIN_INDICATOR_COOKIE)}\\s*=\\s*([^;]+)';
+            const flag   = document.cookie.match(regexp)?.pop() || '';
+            if (flag === '#{HUB_LOGIN_INDICATOR_COOKIE_VALUE}') {
+              container.innerHTML = logged_in_html;
+            } else {
+              container.innerHTML = logged_out_html;
+            }
+          }
+          #{
+            # Immediate update, plus on-load update - including fully cached
+            # loads in the browser when the "Back" button is used. No stale
+            # login indications should thus arise from cached data.
+          }
+          hubSsoLibLoginStateWriteLink();
+          window.addEventListener('pageshow', hubSsoLibLoginStateWriteLink);
+        </script>
+      HTML
+      return safe_markup.html_safe()
+    end
     # Check if the user is authorized to perform the current action. If calling
     # from a helper, pass the action name and class name; otherwise by default,
     # the current action name and 'self.class' will be used.
@@ -644,7 +709,7 @@ module HubSsoLib
     def hubssolib_beforehand
       # Does this action require a logged in user?
+      #
       if (self.class.respond_to? :hubssolib_permissions)
         login_is_required = !self.class.hubssolib_permissions.permitted?('', action_name)
       else
@@ -652,19 +717,30 @@ module HubSsoLib
       end
       # If we require login but we're logged out, redirect to Hub login.
+      # NOTE EARLY EXIT
+      #
       logged_in = hubssolib_logged_in?
-      if (login_is_required and logged_in == false)
-        hubssolib_store_location
-        return hubssolib_must_login
-      end
+      if logged_in == false
+        cookies.delete(HUB_LOGIN_INDICATOR_COOKIE)
-      # If we reach here the user is either logged, or the method does
-      # not require them to be. In the latter case, if we're not logged
-      # in there is no more work to do - exit early.
+        if login_is_required
+          hubssolib_store_location
+          return hubssolib_must_login
+        else
+          return true
+        end
+      end
-      return true unless logged_in # true -> let action processing continue
+      # Definitely logged in.
+      #
+      cookies[HUB_LOGIN_INDICATOR_COOKIE] = {
+        value:    HUB_LOGIN_INDICATOR_COOKIE_VALUE,
+        domain:   :all,
+        path:     '/',
+        secure:   ! hub_bypass_ssl?,
+        httponly: false
+      }
       # So we reach here knowing we're logged in, but the action may or
       # may not require authorisation.
@@ -855,6 +931,7 @@ module HubSsoLib
                 :hubssolib_current_user,
                 :hubssolib_unique_name,
                 :hubssolib_logged_in?,
+                :hubssolib_account_link,
                 :hubssolib_authorized?,
                 :hubssolib_privileged?,
                 :hubssolib_flash_data
@@ -961,11 +1038,11 @@ module HubSsoLib
       key         = hub_session.session_key_rotation unless hub_session.nil?
       cookies[HUB_COOKIE_NAME] = {
-        :value    => key,
-        :domain   => :all,
-        :path     => '/',
-        :secure   => ! hub_bypass_ssl?,
-        :httponly => true
+        value:    key,
+        domain:   :all,
+        path:     '/',
+        secure:   ! hub_bypass_ssl?,
+        httponly: true
       }
       return hub_session

metadata CHANGED Viewed

@@ -1,85 +1,112 @@
 --- !ruby/object:Gem::Specification
 name: hubssolib
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 3.0.1
 platform: ruby
 authors:
 - Andrew Hodgkinson and others
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-01 00:00:00.000000000 Z
+date: 2025-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: drb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.22'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.22'
 - !ruby/object:Gem::Dependency
   name: doggo
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.13'
 - !ruby/object:Gem::Dependency
   name: rspec-mocks
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.13'
 description: |2
       The Hub SSO Library supports single sign-on across multiple Rails
       applications on the same host. The Hub application provides account
@@ -99,11 +126,10 @@ files:
 - README.md
 - hubssolib.gemspec
 - lib/hub_sso_lib.rb
-homepage: http://hub.pond.org.uk/
+homepage: http://pond.org.uk/
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -111,15 +137,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.9
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Cross-application single sign-on support library.
 test_files: []