hubssolib 3.6.0 → 3.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: faacd8f740f867ee072f0f8e0f15324109941026b836cb3fcc8618f61ee68e02
-  data.tar.gz: 6ef08dccd8bbe03a974c238353a27d7f249a40911a40d65dfcd481dd6fe7b48e
+  metadata.gz: 13d41f0609a0ebf34e61267f91db31652699915b531010ddbda76ecc63110239
+  data.tar.gz: aea0e7149740e0d25714bc1a0b9a2b5333910058497a0ec24906a65364475218
 SHA512:
-  metadata.gz: 67b9f58743d8f9ed2983d3b9b970fd00d50ba335dcd761f8c9626866c9c91a1e65c378bb0139835c1e8eb48557e681ea510f6391373d06e1a6806aaf8b8fc2e2
-  data.tar.gz: d4e6efe525fb55b25f40c888ab4d05a7041c90c1cddcba7bab74002d299b2a1f96e35f58ea211cb666da68fda3d129400a7bf874bc8b7ddf09e9fdd6a8d1fbd2
+  metadata.gz: 30c7c7f431d456cb286bd439be4e7ec3d80abde85d856e6f8914daf3d46e8f5ca0d36ac380a7240ddecde149f225fd8c80a5738070d9ed9404e87e77823e1e85
+  data.tar.gz: c48fefd6183cbfe3d5f8c9bd9e5f503d31f24524ff000121f73b0f2651d7d081e72fa5f4870d0ae6ec6d7599d900eea8b4b4b283380d36a3f2184e2da46a69dc

data/CHANGELOG.md

@@ -1,9 +1,26 @@
+## 3.7.0, 28-Mar-2025
+
+* Login indicator cookie wasn't updated on session timeout, so when the page loaded for pages that do *not* require authorisation, the warning flash about being timed out would show, but the indicator would still show a "logged in" state until the next page fetch.
+* User trust mechanism introduced, including HubSsoLib::Core#hubssolib_trusted? convenience accessor for Hub-integrated applications to check on user trust and `HubSsoLib::Core#hubssolib_review_action` convenience alias for `HubSsoLib::Trust.get_trust_object().review_action`.
+
+## 3.6.1, 27-Mar-2025
+
+Some fixes:
+
+* Session reload could fail if a Hub flash happened to be persisted, because YAML won't load Symbol by default and it wasn't in the allow-list.
+  - Remove the flash message from the dump since some flash from "whenever" may well be confusing if reloaded and shown at some later time.
+  - Add Symbol so that if restarting under this gem version, a dump from an older version which _does_ contain flash data will still load OK.
+
+* Secure services failure redirection _still_ wasn't quite in the right place - the earliest thing that runs is of course the 'before action' hook. Moved it there and added a Sentry warning too.
+
 ## 3.6.0, 26-Mar-2025
 
 Cleans up and offers new enumeration features. Ordering by last-recently-active first allows clients to be deterministic about enumerated sessions. Features created to support improvements in the Hub app v3.6.0.
 
-Note that the session generator in the factory - HubSsoLib::SessionFactory#get_hub_session_proxy - no longer pays attention to IP address parameter, which should now be omitted (it is now an ignored parameter that defaults to +nil+). See implementation comments for rationale, but basically, IP addresses can legitimately change for users due to DHCP (even if that's rare) and given v3.5.0's on-shutdown session store, it didn't seem wise to keep IP addresses around inside there for any length of time. It was cleanest to just drop them. PII in persisted data is once again limited to "real name" and e-mail address.
-s
+* HubSsoLib::Core#enumerate_hub_sessions is deprecated. Use HubSsoLib::Core#enumerate_hub_session_keys instead.
+* For any client code that might be "hitting the metal" and calling the DRb server directly, note that HubSsoLib::SessionFactory#get_hub_session_proxy no longer pays attention to IP address parameter and this should be removed (it is now an ignored parameter that defaults to +nil+). See implementation comments for rationale, but basically, IP addresses can legitimately change for users due to DHCP (even if that's rare) and given v3.5.0's on-shutdown session store, it didn't seem wise to keep IP addresses around inside there for any length of time. It was cleanest to just drop them. PII in persisted data is once again limited to "real name" and e-mail address.
+* HubSsoLib::Core exception handling for the Hub app's "tasks" notification is more extensive. A few prior gem versions unwittingly restricted it to only one specific method call. Now it's done in the current user retrieval, which is an endpoint used by a majority of Core module method calls.
+
 ## 3.5.0, 25-Mar-2025
 
 Builds on the cleaner session interface with some changes and improvements:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hubssolib (3.5.0)
+    hubssolib (3.7.0)
       base64 (~> 0.2)
       drb (~> 2.2)
 
@@ -52,7 +52,7 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    stringio (3.1.5)
+    stringio (3.1.6)
 
 PLATFORMS
   ruby

data/hubssolib.gemspec

@@ -4,7 +4,7 @@ spec = Gem::Specification.new do |s|
   s.platform = Gem::Platform::RUBY
   s.name     = 'hubssolib'
 
-  s.version  = '3.6.0'
+  s.version  = '3.7.0'
   s.author   = 'Andrew Hodgkinson and others'
   s.email    = 'ahodgkin@rowing.org.uk'
   s.homepage = 'http://pond.org.uk/'

data/lib/hub_sso_lib.rb

@@ -23,14 +23,16 @@ module HubSsoLib
   require 'json'
   require 'yaml'
 
-  # DRb connection.
+  # DRb connections.
   #
-  HUB_CONNECTION_URI = ENV['HUB_CONNECTION_URI'] || 'drbunix:' + File.join( ENV['HOME'] || '/', '/.hub_drb')
+  HUB_CONNECTION_URI       = ENV['HUB_CONNECTION_URI'      ] || 'drbunix:' + File.join(ENV['HOME'] || '/', '/.hub_drb')
+  HUB_TRUST_CONNECTION_URI = ENV['HUB_TRUST_CONNECTION_URI'] || 'drbunix:' + File.join(ENV['HOME'] || '/', '/.hub_trust_drb')
 
-  unless HUB_CONNECTION_URI.downcase.start_with?('drbunix:')
+  unless HUB_CONNECTION_URI.downcase.start_with?('drbunix:') && HUB_TRUST_CONNECTION_URI.downcase.start_with?('drbunix:')
     puts
     puts '*' * 80
-    puts "You *must* use a 'drbunix:' scheme for HUB_CONNECTION_URI (#{ HUB_CONNECTION_URI.inspect } is invalid)"
+    puts 'You *must* "drbunix:" for HUB_CONNECTION_URI and HUB_TRUST_CONNECTION_URI.'
+    puts "Either or both of #{HUB_CONNECTION_URI.inspect} and #{HUB_TRUST_CONNECTION_URI.inspect} is invalid)"
     puts '*' * 80
     puts
 
@@ -39,7 +41,7 @@ module HubSsoLib
 
   # External application command registry for on-user-change events.
   #
-  HUB_COMMAND_REGISTRY = ENV['HUB_COMMAND_REGISTRY'] || File.join( ENV['HOME'] || '/', '/.hub_cmd_reg')
+  HUB_COMMAND_REGISTRY = ENV['HUB_COMMAND_REGISTRY'] || File.join(ENV['HOME'] || '/', '/.hub_cmd_reg')
 
   unless Dir.exist?(File.dirname(HUB_COMMAND_REGISTRY))
     puts
@@ -221,7 +223,7 @@ module HubSsoLib
       return @role_array.dup
     end
 
-    # Return a copy of the intenal roles list as a human readable string.
+    # Return a copy of the internal roles list as a human readable string.
     #
     def to_human_s
       human_names = []
@@ -259,6 +261,7 @@ module HubSsoLib
       return false if roles.nil?
 
       # Ensure we've an array of roles, one way or another
+      #
       roles = roles.to_s       if roles.class == Symbol
       roles = roles.split(',') if roles.class == String
 
@@ -360,6 +363,7 @@ module HubSsoLib
   # Author:  A.D.Hodgkinson                                             #
   #                                                                     #
   # History: 21-Oct-2006 (ADH): Created.                                #
+  #          26-Feb-2025 (ADH): Add 'trusted' concept.                  #
   #######################################################################
 
   class User
@@ -388,6 +392,7 @@ module HubSsoLib
     attr_accessor :user_email
     attr_accessor :user_created_at
     attr_accessor :user_password_reset_code_expires_at
+    attr_accessor :user_trusted
 
     def initialize
       @user_salt = nil
@@ -405,6 +410,7 @@ module HubSsoLib
       @user_email = nil
       @user_created_at = nil
       @user_password_reset_code_expires_at = nil
+      @user_trusted = nil
     end
   end # User class
 
@@ -465,7 +471,7 @@ module HubSsoLib
 
   class SessionFactory
     def initialize
-      @hub_be_quiet = ! ENV['HUB_QUIET_SERVER'].nil?
+      @hub_be_quiet = (ENV['HUB_QUIET_SERVER'] == 'yes')
       @hub_sessions = {}
 
       puts "Session factory: Awakening..." unless @hub_be_quiet
@@ -477,7 +483,8 @@ module HubSsoLib
             permitted_classes: [
               ::HubSsoLib::Session,
               ::HubSsoLib::User,
-              Time
+              Time,
+              Symbol
             ]
           )
 
@@ -741,6 +748,8 @@ module HubSsoLib
           @hub_sessions.each do | key, session |
             next if session&.session_user&.user_id.nil? # NOTE EARLY LOOP RESTART
 
+            session.session_flash = nil
+
             dump = ::YAML.dump({key => session})
             dump.sub!(/^---\n/, '') # (avoid multiple document markers)
 
@@ -782,7 +791,7 @@ module HubSsoLib
       QUEUE = ::Queue.new
 
       def self.run
-        puts "Server: Starting at #{ HUB_CONNECTION_URI }" if ENV['HUB_QUIET_SERVER'].nil?
+        puts "Server: Starting at #{ HUB_CONNECTION_URI }" if ENV['HUB_QUIET_SERVER'] != 'yes'
 
         @@hub_session_factory = HubSsoLib::SessionFactory.new
 
@@ -812,6 +821,79 @@ module HubSsoLib
     end # Runner class
   end # Server module
 
+  #######################################################################
+  # Class:   Trust                                                      #
+  #                                                                     #
+  # Purpose: Allow other applications to call into the Hub Rails        #
+  #          application to tell it about untrusted user operations.    #
+  #          The application can then store the details, e-mail         #
+  #          moderators and in due course call back to the originating  #
+  #          other application to move the user action forwards.        #
+  #                                                                     #
+  #          The external API is HubSsoLib::Trust::Server, implemented  #
+  #          by the Hub Rails application, not this gem.                #
+  #                                                                     #
+  # Author:  A.D.Hodgkinson                                             #
+  #                                                                     #
+  # History: 19-Mar-2025 (ADH): Created                                 #
+  #######################################################################
+
+  class Trust
+
+    # Return the DRb endpoint URI for the trust server.
+    #
+    def self.get_trust_server_connection_uri
+      HUB_TRUST_CONNECTION_URI
+    end
+
+    # Start the trust server. This should only ever be called by the Hub Rails
+    # application, which implements HubSsoLib::Trust::Server.
+    #
+    def self.launch_server
+      uri             = self.get_trust_server_connection_uri()
+      path            = URI.parse(uri).path
+      already_running = File.exist?(path)
+
+      unless ENV['HUB_QUIET_SERVER'] == 'yes'
+        message = unless already_running
+          "Trust server: Starting at #{ uri }"
+        else
+          "Trust server: Already running at at #{ uri }"
+        end
+
+        puts message
+      end
+
+      unless already_running
+        loop do
+          DRb.start_service(uri, ::HubSsoLib::Trust::Server.new)
+          DRb.thread.join # Keep the thread alive...
+        end               # ...but auto-restart if e.g. DRb.stop_service() is invoked
+      end
+    end
+
+    # Obtain a connection to the trust server. This is called by any client
+    # code that needs to talk to the server which must, at the time called, be
+    # running via startup within the Hub Rails application.
+    #
+    # The returned object is an instance of ::HubSsoLib::Trust::Server, which
+    # is defined inside the Hub Rails application. See there for details.
+    #
+    def self.get_trust_object
+      HUB_MUTEX.synchronize do
+        begin
+          DRb.current_server
+        rescue DRb::DRbServerNotFound
+          DRb.start_service()
+        end
+
+        @@trust_object ||= DRbObject.new_with_uri(self.get_trust_server_connection_uri())
+      end
+
+      return @@trust_object
+    end
+  end
+
   #######################################################################
   # Module:  Core                                                       #
   #          Various authors                                            #
@@ -845,6 +927,8 @@ module HubSsoLib
     #
     def hubssolib_log_out
       self.hubssolib_current_user = nil # (which deals with all related session and cookie consequences)
+      @hubssolib_session = nil
+      cookies.delete(HUB_LOGIN_INDICATOR_COOKIE, domain: :all, path: '/')
     end
 
     # Returns true or false if a user is logged in or not, respectively.
@@ -863,18 +947,6 @@ module HubSsoLib
       user        = hub_session&.session_user
 
       return (user&.user_id.nil? ? nil : user)
-
-    rescue Exception => e
-
-      # At this point there tends to be no Session data, so we're going to have
-      # to encode the exception data into the URI... It must be escaped twice,
-      # as many servers treat "%2F" in a URI as a "/". Apache can then fail to
-      # serve the page, raising a 404 error unless "AllowEncodedSlashes on" is
-      # specified in its configuration.
-      #
-      suffix   = '/' + CGI::escape(CGI::escape(hubssolib_set_exception_data(e)))
-      new_path = HUB_PATH_PREFIX + '/tasks/service'
-      redirect_to(new_path + suffix) unless request.path.include?(new_path)
     end
 
     # Sets the currently signed in user. Note that although this works and is
@@ -1000,6 +1072,26 @@ module HubSsoLib
       return (puser && !puser.empty? && puser != pnormal)
     end
 
+    # Convenience method that returns +true+ if there's a currently logged-in
+    # Hub user that has been flagged as trusted, else - whether there is no
+    # current user, or they haven't been flagged as trusted - returns +false+.
+    #
+    def hubssolib_trusted?
+      self.hubssolib_current_user&.user_trusted == 'true'
+    end
+
+    # Convenience accessor to HubSsoLib::Trust.get_trust_object().review_action
+    # - see that method for details. Note that the Trust object is implemented
+    # in the Hub application, not here; see:
+    #
+    #   HubSsoLib::Trust::Server::review_action
+    #
+    # ...in "app/hub/lib/hub_sso_lib/trust/server.rb".
+    #
+    def hubssolib_review_action(**args)
+      HubSsoLib::Trust.get_trust_object().review_action(**args)
+    end
+
     # Public read-only accessor methods for common user activities:
     # return the current user's roles as a Roles object, or nil if
     # there's no user.
@@ -1040,7 +1132,7 @@ module HubSsoLib
     # hubssolib_get_name.
     #
     def hubssolib_unique_name
-      user = hubssolib_current_user
+      user = self.hubssolib_current_user
       user ? "#{user.user_real_name} (#{user.user_id})" : 'Anonymous'
     end
 
@@ -1276,7 +1368,7 @@ module HubSsoLib
         # quietly log out and let action processing carry on.
 
         if (hubssolib_session_expired?)
-          hubssolib_log_out
+          hubssolib_log_out()
           hubssolib_set_flash(:attention, 'Your session timed out, so you are no longer logged in.')
         else
           hubssolib_set_last_used(Time.now.utc)
@@ -1285,6 +1377,19 @@ module HubSsoLib
         return true # true -> let action processing continue
 
       end
+
+    rescue Exception => e
+      Sentry.capture_exception(e) if defined?(Sentry) && Sentry.respond_to?(:capture_exception)
+
+      # At this point there tends to be no Session data, so we're going to have
+      # to encode the exception data into the URI... It must be escaped twice,
+      # as many servers treat "%2F" in a URI as a "/". Apache can then fail to
+      # serve the page, raising a 404 error unless "AllowEncodedSlashes on" is
+      # specified in its configuration.
+      #
+      suffix   = '/' + CGI::escape(CGI::escape(hubssolib_set_exception_data(e)))
+      new_path = HUB_PATH_PREFIX + '/tasks/service'
+      redirect_to(new_path + suffix) unless request.path.include?(new_path)
     end
 
     # Mandatory controller "after_action" callback method to tidy up after Hub
@@ -1293,7 +1398,6 @@ module HubSsoLib
     def hubssolib_afterwards
       begin
         DRb.current_server
-        DRb.stop_service()
       rescue DRb::DRbServerNotFound
         # Nothing to do; no service is running.
       end
@@ -1437,11 +1541,13 @@ module HubSsoLib
 
           :hubssolib_current_user,
           :hubssolib_unique_name,
+          :hubssolib_account_link,
+          :hubssolib_flash_data,
+
           :hubssolib_logged_in?,
           :hubssolib_authorized?,
           :hubssolib_privileged?,
-          :hubssolib_account_link,
-          :hubssolib_flash_data
+          :hubssolib_trusted?
         )
       end
     end
@@ -1602,8 +1708,9 @@ module HubSsoLib
     # halted (since the overall return value is therefore 'false').
     #
     def hubssolib_access_denied
-      # See hubsso_must_login for the reason behind the following call.
 
+      # See hubsso_must_login for the reason behind the following call.
+      #
       if hubssolib_ensure_https
         hubssolib_set_flash(:alert, 'You do not have permission to carry out that action on this site.')
         redirect_to HUB_PATH_PREFIX + '/'

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: hubssolib
 version: !ruby/object:Gem::Version
-  version: 3.6.0
+  version: 3.7.0
 platform: ruby
 authors:
 - Andrew Hodgkinson and others
 bindir: bin
 cert_chain: []
-date: 2025-03-26 00:00:00.000000000 Z
+date: 2025-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: drb