hubssolib 3.6.1 → 3.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/Gemfile.lock +1 -1
- data/hubssolib.gemspec +1 -1
- data/lib/hub_sso_lib.rb +117 -14
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13d41f0609a0ebf34e61267f91db31652699915b531010ddbda76ecc63110239
|
|
4
|
+
data.tar.gz: aea0e7149740e0d25714bc1a0b9a2b5333910058497a0ec24906a65364475218
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 30c7c7f431d456cb286bd439be4e7ec3d80abde85d856e6f8914daf3d46e8f5ca0d36ac380a7240ddecde149f225fd8c80a5738070d9ed9404e87e77823e1e85
|
|
7
|
+
data.tar.gz: c48fefd6183cbfe3d5f8c9bd9e5f503d31f24524ff000121f73b0f2651d7d081e72fa5f4870d0ae6ec6d7599d900eea8b4b4b283380d36a3f2184e2da46a69dc
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## 3.7.0, 28-Mar-2025
|
|
2
|
+
|
|
3
|
+
* Login indicator cookie wasn't updated on session timeout, so when the page loaded for pages that do *not* require authorisation, the warning flash about being timed out would show, but the indicator would still show a "logged in" state until the next page fetch.
|
|
4
|
+
* User trust mechanism introduced, including HubSsoLib::Core#hubssolib_trusted? convenience accessor for Hub-integrated applications to check on user trust and `HubSsoLib::Core#hubssolib_review_action` convenience alias for `HubSsoLib::Trust.get_trust_object().review_action`.
|
|
5
|
+
|
|
1
6
|
## 3.6.1, 27-Mar-2025
|
|
2
7
|
|
|
3
8
|
Some fixes:
|
data/Gemfile.lock
CHANGED
data/hubssolib.gemspec
CHANGED
data/lib/hub_sso_lib.rb
CHANGED
|
@@ -23,14 +23,16 @@ module HubSsoLib
|
|
|
23
23
|
require 'json'
|
|
24
24
|
require 'yaml'
|
|
25
25
|
|
|
26
|
-
# DRb
|
|
26
|
+
# DRb connections.
|
|
27
27
|
#
|
|
28
|
-
HUB_CONNECTION_URI
|
|
28
|
+
HUB_CONNECTION_URI = ENV['HUB_CONNECTION_URI' ] || 'drbunix:' + File.join(ENV['HOME'] || '/', '/.hub_drb')
|
|
29
|
+
HUB_TRUST_CONNECTION_URI = ENV['HUB_TRUST_CONNECTION_URI'] || 'drbunix:' + File.join(ENV['HOME'] || '/', '/.hub_trust_drb')
|
|
29
30
|
|
|
30
|
-
unless HUB_CONNECTION_URI.downcase.start_with?('drbunix:')
|
|
31
|
+
unless HUB_CONNECTION_URI.downcase.start_with?('drbunix:') && HUB_TRUST_CONNECTION_URI.downcase.start_with?('drbunix:')
|
|
31
32
|
puts
|
|
32
33
|
puts '*' * 80
|
|
33
|
-
puts
|
|
34
|
+
puts 'You *must* "drbunix:" for HUB_CONNECTION_URI and HUB_TRUST_CONNECTION_URI.'
|
|
35
|
+
puts "Either or both of #{HUB_CONNECTION_URI.inspect} and #{HUB_TRUST_CONNECTION_URI.inspect} is invalid)"
|
|
34
36
|
puts '*' * 80
|
|
35
37
|
puts
|
|
36
38
|
|
|
@@ -39,7 +41,7 @@ module HubSsoLib
|
|
|
39
41
|
|
|
40
42
|
# External application command registry for on-user-change events.
|
|
41
43
|
#
|
|
42
|
-
HUB_COMMAND_REGISTRY = ENV['HUB_COMMAND_REGISTRY'] || File.join(
|
|
44
|
+
HUB_COMMAND_REGISTRY = ENV['HUB_COMMAND_REGISTRY'] || File.join(ENV['HOME'] || '/', '/.hub_cmd_reg')
|
|
43
45
|
|
|
44
46
|
unless Dir.exist?(File.dirname(HUB_COMMAND_REGISTRY))
|
|
45
47
|
puts
|
|
@@ -221,7 +223,7 @@ module HubSsoLib
|
|
|
221
223
|
return @role_array.dup
|
|
222
224
|
end
|
|
223
225
|
|
|
224
|
-
# Return a copy of the
|
|
226
|
+
# Return a copy of the internal roles list as a human readable string.
|
|
225
227
|
#
|
|
226
228
|
def to_human_s
|
|
227
229
|
human_names = []
|
|
@@ -259,6 +261,7 @@ module HubSsoLib
|
|
|
259
261
|
return false if roles.nil?
|
|
260
262
|
|
|
261
263
|
# Ensure we've an array of roles, one way or another
|
|
264
|
+
#
|
|
262
265
|
roles = roles.to_s if roles.class == Symbol
|
|
263
266
|
roles = roles.split(',') if roles.class == String
|
|
264
267
|
|
|
@@ -360,6 +363,7 @@ module HubSsoLib
|
|
|
360
363
|
# Author: A.D.Hodgkinson #
|
|
361
364
|
# #
|
|
362
365
|
# History: 21-Oct-2006 (ADH): Created. #
|
|
366
|
+
# 26-Feb-2025 (ADH): Add 'trusted' concept. #
|
|
363
367
|
#######################################################################
|
|
364
368
|
|
|
365
369
|
class User
|
|
@@ -388,6 +392,7 @@ module HubSsoLib
|
|
|
388
392
|
attr_accessor :user_email
|
|
389
393
|
attr_accessor :user_created_at
|
|
390
394
|
attr_accessor :user_password_reset_code_expires_at
|
|
395
|
+
attr_accessor :user_trusted
|
|
391
396
|
|
|
392
397
|
def initialize
|
|
393
398
|
@user_salt = nil
|
|
@@ -405,6 +410,7 @@ module HubSsoLib
|
|
|
405
410
|
@user_email = nil
|
|
406
411
|
@user_created_at = nil
|
|
407
412
|
@user_password_reset_code_expires_at = nil
|
|
413
|
+
@user_trusted = nil
|
|
408
414
|
end
|
|
409
415
|
end # User class
|
|
410
416
|
|
|
@@ -465,7 +471,7 @@ module HubSsoLib
|
|
|
465
471
|
|
|
466
472
|
class SessionFactory
|
|
467
473
|
def initialize
|
|
468
|
-
@hub_be_quiet =
|
|
474
|
+
@hub_be_quiet = (ENV['HUB_QUIET_SERVER'] == 'yes')
|
|
469
475
|
@hub_sessions = {}
|
|
470
476
|
|
|
471
477
|
puts "Session factory: Awakening..." unless @hub_be_quiet
|
|
@@ -785,7 +791,7 @@ module HubSsoLib
|
|
|
785
791
|
QUEUE = ::Queue.new
|
|
786
792
|
|
|
787
793
|
def self.run
|
|
788
|
-
puts "Server: Starting at #{ HUB_CONNECTION_URI }" if ENV['HUB_QUIET_SERVER']
|
|
794
|
+
puts "Server: Starting at #{ HUB_CONNECTION_URI }" if ENV['HUB_QUIET_SERVER'] != 'yes'
|
|
789
795
|
|
|
790
796
|
@@hub_session_factory = HubSsoLib::SessionFactory.new
|
|
791
797
|
|
|
@@ -815,6 +821,79 @@ module HubSsoLib
|
|
|
815
821
|
end # Runner class
|
|
816
822
|
end # Server module
|
|
817
823
|
|
|
824
|
+
#######################################################################
|
|
825
|
+
# Class: Trust #
|
|
826
|
+
# #
|
|
827
|
+
# Purpose: Allow other applications to call into the Hub Rails #
|
|
828
|
+
# application to tell it about untrusted user operations. #
|
|
829
|
+
# The application can then store the details, e-mail #
|
|
830
|
+
# moderators and in due course call back to the originating #
|
|
831
|
+
# other application to move the user action forwards. #
|
|
832
|
+
# #
|
|
833
|
+
# The external API is HubSsoLib::Trust::Server, implemented #
|
|
834
|
+
# by the Hub Rails application, not this gem. #
|
|
835
|
+
# #
|
|
836
|
+
# Author: A.D.Hodgkinson #
|
|
837
|
+
# #
|
|
838
|
+
# History: 19-Mar-2025 (ADH): Created #
|
|
839
|
+
#######################################################################
|
|
840
|
+
|
|
841
|
+
class Trust
|
|
842
|
+
|
|
843
|
+
# Return the DRb endpoint URI for the trust server.
|
|
844
|
+
#
|
|
845
|
+
def self.get_trust_server_connection_uri
|
|
846
|
+
HUB_TRUST_CONNECTION_URI
|
|
847
|
+
end
|
|
848
|
+
|
|
849
|
+
# Start the trust server. This should only ever be called by the Hub Rails
|
|
850
|
+
# application, which implements HubSsoLib::Trust::Server.
|
|
851
|
+
#
|
|
852
|
+
def self.launch_server
|
|
853
|
+
uri = self.get_trust_server_connection_uri()
|
|
854
|
+
path = URI.parse(uri).path
|
|
855
|
+
already_running = File.exist?(path)
|
|
856
|
+
|
|
857
|
+
unless ENV['HUB_QUIET_SERVER'] == 'yes'
|
|
858
|
+
message = unless already_running
|
|
859
|
+
"Trust server: Starting at #{ uri }"
|
|
860
|
+
else
|
|
861
|
+
"Trust server: Already running at at #{ uri }"
|
|
862
|
+
end
|
|
863
|
+
|
|
864
|
+
puts message
|
|
865
|
+
end
|
|
866
|
+
|
|
867
|
+
unless already_running
|
|
868
|
+
loop do
|
|
869
|
+
DRb.start_service(uri, ::HubSsoLib::Trust::Server.new)
|
|
870
|
+
DRb.thread.join # Keep the thread alive...
|
|
871
|
+
end # ...but auto-restart if e.g. DRb.stop_service() is invoked
|
|
872
|
+
end
|
|
873
|
+
end
|
|
874
|
+
|
|
875
|
+
# Obtain a connection to the trust server. This is called by any client
|
|
876
|
+
# code that needs to talk to the server which must, at the time called, be
|
|
877
|
+
# running via startup within the Hub Rails application.
|
|
878
|
+
#
|
|
879
|
+
# The returned object is an instance of ::HubSsoLib::Trust::Server, which
|
|
880
|
+
# is defined inside the Hub Rails application. See there for details.
|
|
881
|
+
#
|
|
882
|
+
def self.get_trust_object
|
|
883
|
+
HUB_MUTEX.synchronize do
|
|
884
|
+
begin
|
|
885
|
+
DRb.current_server
|
|
886
|
+
rescue DRb::DRbServerNotFound
|
|
887
|
+
DRb.start_service()
|
|
888
|
+
end
|
|
889
|
+
|
|
890
|
+
@@trust_object ||= DRbObject.new_with_uri(self.get_trust_server_connection_uri())
|
|
891
|
+
end
|
|
892
|
+
|
|
893
|
+
return @@trust_object
|
|
894
|
+
end
|
|
895
|
+
end
|
|
896
|
+
|
|
818
897
|
#######################################################################
|
|
819
898
|
# Module: Core #
|
|
820
899
|
# Various authors #
|
|
@@ -848,6 +927,8 @@ module HubSsoLib
|
|
|
848
927
|
#
|
|
849
928
|
def hubssolib_log_out
|
|
850
929
|
self.hubssolib_current_user = nil # (which deals with all related session and cookie consequences)
|
|
930
|
+
@hubssolib_session = nil
|
|
931
|
+
cookies.delete(HUB_LOGIN_INDICATOR_COOKIE, domain: :all, path: '/')
|
|
851
932
|
end
|
|
852
933
|
|
|
853
934
|
# Returns true or false if a user is logged in or not, respectively.
|
|
@@ -991,6 +1072,26 @@ module HubSsoLib
|
|
|
991
1072
|
return (puser && !puser.empty? && puser != pnormal)
|
|
992
1073
|
end
|
|
993
1074
|
|
|
1075
|
+
# Convenience method that returns +true+ if there's a currently logged-in
|
|
1076
|
+
# Hub user that has been flagged as trusted, else - whether there is no
|
|
1077
|
+
# current user, or they haven't been flagged as trusted - returns +false+.
|
|
1078
|
+
#
|
|
1079
|
+
def hubssolib_trusted?
|
|
1080
|
+
self.hubssolib_current_user&.user_trusted == 'true'
|
|
1081
|
+
end
|
|
1082
|
+
|
|
1083
|
+
# Convenience accessor to HubSsoLib::Trust.get_trust_object().review_action
|
|
1084
|
+
# - see that method for details. Note that the Trust object is implemented
|
|
1085
|
+
# in the Hub application, not here; see:
|
|
1086
|
+
#
|
|
1087
|
+
# HubSsoLib::Trust::Server::review_action
|
|
1088
|
+
#
|
|
1089
|
+
# ...in "app/hub/lib/hub_sso_lib/trust/server.rb".
|
|
1090
|
+
#
|
|
1091
|
+
def hubssolib_review_action(**args)
|
|
1092
|
+
HubSsoLib::Trust.get_trust_object().review_action(**args)
|
|
1093
|
+
end
|
|
1094
|
+
|
|
994
1095
|
# Public read-only accessor methods for common user activities:
|
|
995
1096
|
# return the current user's roles as a Roles object, or nil if
|
|
996
1097
|
# there's no user.
|
|
@@ -1031,7 +1132,7 @@ module HubSsoLib
|
|
|
1031
1132
|
# hubssolib_get_name.
|
|
1032
1133
|
#
|
|
1033
1134
|
def hubssolib_unique_name
|
|
1034
|
-
user = hubssolib_current_user
|
|
1135
|
+
user = self.hubssolib_current_user
|
|
1035
1136
|
user ? "#{user.user_real_name} (#{user.user_id})" : 'Anonymous'
|
|
1036
1137
|
end
|
|
1037
1138
|
|
|
@@ -1267,7 +1368,7 @@ module HubSsoLib
|
|
|
1267
1368
|
# quietly log out and let action processing carry on.
|
|
1268
1369
|
|
|
1269
1370
|
if (hubssolib_session_expired?)
|
|
1270
|
-
hubssolib_log_out
|
|
1371
|
+
hubssolib_log_out()
|
|
1271
1372
|
hubssolib_set_flash(:attention, 'Your session timed out, so you are no longer logged in.')
|
|
1272
1373
|
else
|
|
1273
1374
|
hubssolib_set_last_used(Time.now.utc)
|
|
@@ -1297,7 +1398,6 @@ module HubSsoLib
|
|
|
1297
1398
|
def hubssolib_afterwards
|
|
1298
1399
|
begin
|
|
1299
1400
|
DRb.current_server
|
|
1300
|
-
DRb.stop_service()
|
|
1301
1401
|
rescue DRb::DRbServerNotFound
|
|
1302
1402
|
# Nothing to do; no service is running.
|
|
1303
1403
|
end
|
|
@@ -1441,11 +1541,13 @@ module HubSsoLib
|
|
|
1441
1541
|
|
|
1442
1542
|
:hubssolib_current_user,
|
|
1443
1543
|
:hubssolib_unique_name,
|
|
1544
|
+
:hubssolib_account_link,
|
|
1545
|
+
:hubssolib_flash_data,
|
|
1546
|
+
|
|
1444
1547
|
:hubssolib_logged_in?,
|
|
1445
1548
|
:hubssolib_authorized?,
|
|
1446
1549
|
:hubssolib_privileged?,
|
|
1447
|
-
:
|
|
1448
|
-
:hubssolib_flash_data
|
|
1550
|
+
:hubssolib_trusted?
|
|
1449
1551
|
)
|
|
1450
1552
|
end
|
|
1451
1553
|
end
|
|
@@ -1606,8 +1708,9 @@ module HubSsoLib
|
|
|
1606
1708
|
# halted (since the overall return value is therefore 'false').
|
|
1607
1709
|
#
|
|
1608
1710
|
def hubssolib_access_denied
|
|
1609
|
-
# See hubsso_must_login for the reason behind the following call.
|
|
1610
1711
|
|
|
1712
|
+
# See hubsso_must_login for the reason behind the following call.
|
|
1713
|
+
#
|
|
1611
1714
|
if hubssolib_ensure_https
|
|
1612
1715
|
hubssolib_set_flash(:alert, 'You do not have permission to carry out that action on this site.')
|
|
1613
1716
|
redirect_to HUB_PATH_PREFIX + '/'
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hubssolib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Hodgkinson and others
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-03-
|
|
10
|
+
date: 2025-03-28 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: drb
|