hubssolib 3.0.3 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +3 -3
- data/README.md +10 -10
- data/hubssolib.gemspec +1 -1
- data/lib/hub_sso_lib.rb +3 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 59532e45ebc82569e9f43aab07611c7092c5cf8f140db8bc08a6b98043d7e500
|
|
4
|
+
data.tar.gz: 0e59ad5183becc64d8ff59b71062eec2b18c77b916f4030053010214ae8e6289
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f046c3981c7749598f57e68a4db7fd6528c1d97e74bb4fe437fc4a72c31ceb011eb4a7c8f4cd59a820b0d14ee18e5947da533b987b2a73f91101582c6e4e1286
|
|
7
|
+
data.tar.gz: e3389646a064fd1e077ea4b5649d7d984b723933643003974134dd02c0f718ee063ea523b24a369b328a04ffcff9fd5cc3842f3bd9e5510f44fbe60a3af878a3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
## 3.1.0, 14-Feb-2025
|
|
2
|
+
|
|
3
|
+
Environment variable `HUB_IDLE_TIME_LIMIT` can be used to override the idle timeout, with a value expressed in seconds. It must be set in the environment of any application using Hub, including the Hub application itself.
|
|
4
|
+
|
|
1
5
|
## 3.0.3, 10-Feb-2025
|
|
2
6
|
|
|
3
7
|
Change JavaScript code used for the login indicator so that simpler engines such as [Duktape](https://duktape.org) can run it. Operates correctly in script-enabled [NetSurf](https://www.netsurf-browser.org) now.
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
hubssolib (3.0
|
|
4
|
+
hubssolib (3.1.0)
|
|
5
5
|
base64 (~> 0.2)
|
|
6
6
|
drb (~> 2.2)
|
|
7
7
|
|
|
@@ -13,7 +13,7 @@ GEM
|
|
|
13
13
|
debug (1.10.0)
|
|
14
14
|
irb (~> 1.10)
|
|
15
15
|
reline (>= 0.3.8)
|
|
16
|
-
diff-lcs (1.
|
|
16
|
+
diff-lcs (1.6.0)
|
|
17
17
|
docile (1.4.1)
|
|
18
18
|
doggo (1.4.0)
|
|
19
19
|
rspec-core (~> 3.13)
|
|
@@ -52,7 +52,7 @@ GEM
|
|
|
52
52
|
simplecov_json_formatter (~> 0.1)
|
|
53
53
|
simplecov-html (0.13.1)
|
|
54
54
|
simplecov_json_formatter (0.1.4)
|
|
55
|
-
stringio (3.1.
|
|
55
|
+
stringio (3.1.3)
|
|
56
56
|
|
|
57
57
|
PLATFORMS
|
|
58
58
|
ruby
|
data/README.md
CHANGED
|
@@ -48,13 +48,15 @@ Finally you can install the Hub application using whatever mechanism you prefer
|
|
|
48
48
|
|
|
49
49
|
Some configuration is needed using externally set environment variables. These are actually picked up by the Hub gem but you won't know what values to set until the application, DRb server and gem are all installed.
|
|
50
50
|
|
|
51
|
-
*
|
|
52
|
-
*
|
|
53
|
-
*
|
|
51
|
+
* `HUB_CONNECTION_URI` — as already discussed, this holds a DRb URI giving the connection socket on which the server listens and to which clients connect; it defaults to `~/.hub_drb`.
|
|
52
|
+
* `HUB_PATH_PREFIX` — sometimes the Hub Gem redirects to various locations within the Hub application. If you have installed the application away from document root, specify the prefix to put onto redirection paths here (otherwise, provide an empty string). For example, when redirecting to the `account` controller's `login` method, the path used is `HUB_PATH_PREFIX + '/account/login'`.
|
|
53
|
+
* `HUB_BYPASS_SSL` - normally Hub sets cookies as secure-only in Production mode, requiring `https` fetches. This isn't enforced in e.g. development mode. If you want to allow insecure transport in Production, set `HUB_BYPASS_SSL` to `true`.
|
|
54
54
|
|
|
55
|
-
Usually, these are set up in a Web server configuration file as part of launching an FCGI process to host the Hub application.
|
|
55
|
+
Usually, these are set up in a Web server configuration file as part of launching an FCGI process to host the Hub application. Don't forget to set up the application's `database.yml` file in the usual fashion. use `rake db:migrate` to build the empty database structure.
|
|
56
56
|
|
|
57
|
-
|
|
57
|
+
Optional environment variables for configuration are:
|
|
58
|
+
|
|
59
|
+
* `HUB_IDLE_TIME_LIMIT` - by default Hub applies a 4 hour session idle timeout. Override by setting this variable to a number **in seconds**. This must be set equally in the environment of **all applications using Hub** including Hub itself, since it is the "beforehand" callback that checks the idle timer; this can run at any time in any of your collection of Hub-integrated applications, depending on the part of your site with which the user next interacts.
|
|
58
60
|
|
|
59
61
|
## Cookies and domains
|
|
60
62
|
|
|
@@ -105,7 +107,7 @@ For full integration with Hub, particularly when it comes to showing or hiding t
|
|
|
105
107
|
|
|
106
108
|
Applications with no concept of user log-in are easy to integrate with Hub. Applications with only the concept of logging in for administrative purposes are similarly easy, provided your administrators do not mind having to log in using the application's own administrative mechanisms (so you basically treat the application as if it has no existing user model).
|
|
107
109
|
|
|
108
|
-
To integrate, add the Hub
|
|
110
|
+
To integrate, add the Hub callbacks into `application.rb` just inside the definition of the `ApplicationController` class:
|
|
109
111
|
|
|
110
112
|
```ruby
|
|
111
113
|
# Hub single sign-on support.
|
|
@@ -149,7 +151,7 @@ Here, only accounts with the webmaster or privileged role associated can access
|
|
|
149
151
|
|
|
150
152
|
If you want to integrate Hub with an application which already has the concept of user accounts, logging in and logging out, there are two main approaches.
|
|
151
153
|
|
|
152
|
-
* Remove the existing mechanism and replace with Hub (see above). Removal may be through actually deleting code, models and
|
|
154
|
+
* Remove the existing mechanism and replace with Hub (see above). Removal may be through actually deleting code, models and callbacks related to that mechanism or simply removing or blocking access to the parts of the application that deal with the users and dropping in Hub equivalents over a minimum amount of code, reducing overall changes to the application but leaving a less clean result.
|
|
153
155
|
* Use a `before_action` in the application controller to run special code which you write, which maps a logged in Hub user to an existing application user. If the visitor is logged into Hub and no corresponding local application user account exists, one is created automatically based on the Hub account credentials.
|
|
154
156
|
|
|
155
157
|
Neither approach is problem-free and both require quite a lot of effort and testing. Automated testing is very hard because the modified application's behaviour depends upon logging in or out of Hub, which is running elsewhere. Unfortunately Rails doesn't offer a universally supported single sign-on mechanism so applications all use different approaches to user management; this means that there is no magic bullet to integration with Hub. You have to learn and understand the structure of the application being integrated and be prepared to make changes that are potentially quite extensive.
|
|
@@ -247,7 +249,7 @@ Before any action in a Hub integrated application, `hubssolib_beforehand` must b
|
|
|
247
249
|
before_action :hubssolib_beforehand
|
|
248
250
|
```
|
|
249
251
|
|
|
250
|
-
|
|
252
|
+
This callback is the core of the Hub protection mechanism, making sure that no action can run unless the user is logged in (unless the action is completely protected) and their account is associated with at least one of the roles required to access the action.
|
|
251
253
|
|
|
252
254
|
#### The "after" action: `hubssolib_afterwards`
|
|
253
255
|
|
|
@@ -257,8 +259,6 @@ After any action in a Hub integrated application, `hubssolib_afterward` must be
|
|
|
257
259
|
after_action :hubssolib_afterwards
|
|
258
260
|
```
|
|
259
261
|
|
|
260
|
-
At the time of writing the filter does nothing, but is included to allow for future expansion and avoid API changes that might force application integrators to modify their code.
|
|
261
|
-
|
|
262
262
|
#### Finding out about the current user
|
|
263
263
|
|
|
264
264
|
Most Hub integration methods are geared around making it easy to find out about a currently logged in user.
|
data/hubssolib.gemspec
CHANGED
data/lib/hub_sso_lib.rb
CHANGED
|
@@ -34,12 +34,14 @@ module HubSsoLib
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
# Location of Hub application root.
|
|
37
|
+
#
|
|
37
38
|
HUB_PATH_PREFIX = ENV['HUB_PATH_PREFIX'] || ''
|
|
38
39
|
|
|
39
40
|
# Time limit, *in seconds*, for the account inactivity timeout.
|
|
40
41
|
# If a user performs no Hub actions during this time they will
|
|
41
42
|
# be automatically logged out upon their next action.
|
|
42
|
-
|
|
43
|
+
#
|
|
44
|
+
HUB_IDLE_TIME_LIMIT = ENV['HUB_IDLE_TIME_LIMIT']&.to_i || 4 * 60 * 60
|
|
43
45
|
|
|
44
46
|
# Shared cookie name.
|
|
45
47
|
HUB_COOKIE_NAME = :hubapp_shared_id
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hubssolib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Hodgkinson and others
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-02-
|
|
10
|
+
date: 2025-02-14 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: drb
|