isaca-rails 0.2.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/views/isaca/rails/platform/administrators/edit.html.erb +2 -1
- data/app/views/isaca/rails/platform/administrators/index.html.erb +2 -0
- data/app/views/isaca/rails/platform/administrators/new.html.erb +2 -0
- data/app/views/isaca/rails/platform/administrators/show.html.erb +2 -0
- data/app/views/layouts/isaca-rails.html.erb +0 -1
- data/lib/isaca/rails/authentication.rb +25 -9
- data/lib/isaca/rails/authorization.rb +21 -2
- data/lib/isaca/rails/version.rb +1 -1
- data/lib/isaca/rails.rb +28 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0665c673ccf45eeeaa4c3310bb97299be912e312a01e541dad5528fb9d069d55
|
|
4
|
+
data.tar.gz: b338c55d02e1cc5dcabde9db79fc02b01bb75aa9f1145c92151774c1d8656a5b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55dd988503bf5bff3bfa86121de9358e88d64bb4040499304b63d1c44dca97e563c650ba08d0332da4523f8aae7b8ccf1d9d93cee211545605f060ddc31531dc
|
|
7
|
+
data.tar.gz: 8a55b6b1de6fac91130789c85c08d22f5f2c8c70934c7707080fd6a1b26ec7e9acab767e2e0f6025bc2bf16c66a03a0de4743738ffa9ccd1de74d2481c653760
|
|
@@ -17,14 +17,20 @@ module Isaca
|
|
|
17
17
|
def authenticate_isaca_user
|
|
18
18
|
if user_signed_in?
|
|
19
19
|
if request.path != user_consent_path && redirect_for_consent?
|
|
20
|
-
session[:after_sign_in_path] = request.fullpath if request.get?
|
|
20
|
+
session[:after_sign_in_path] = request.fullpath if request.get? && request.format.html?
|
|
21
21
|
flash.alert = t('isaca.rails.user_consent.consent_required')
|
|
22
22
|
redirect_to user_consent_path
|
|
23
23
|
end
|
|
24
24
|
else
|
|
25
25
|
session[:after_sign_in_path] = request.fullpath if request.get?
|
|
26
26
|
flash.alert = t('isaca.rails.sessions.sign_in_required')
|
|
27
|
-
|
|
27
|
+
|
|
28
|
+
respond_to do |format|
|
|
29
|
+
format.html {redirect_to sign_in_path}
|
|
30
|
+
format.json do
|
|
31
|
+
render json: {error: t('isaca.rails.sessions.sign_in_required')}.to_json, status: :unauthorized
|
|
32
|
+
end
|
|
33
|
+
end
|
|
28
34
|
end
|
|
29
35
|
end
|
|
30
36
|
|
|
@@ -32,12 +38,10 @@ module Isaca
|
|
|
32
38
|
#
|
|
33
39
|
# @return [ActiveModel::Model|nil]
|
|
34
40
|
def current_isaca_user
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
41
|
+
if @current_isaca_user
|
|
42
|
+
@current_isaca_user
|
|
43
|
+
else
|
|
38
44
|
set_current_isaca_user if token_cookie_exists?
|
|
39
|
-
rescue Isaca::ServiceError => e
|
|
40
|
-
Rails.logger.warn("Error occurred while setting the current isaca user: #{e.message}")
|
|
41
45
|
end
|
|
42
46
|
end
|
|
43
47
|
|
|
@@ -116,11 +120,23 @@ module Isaca
|
|
|
116
120
|
# @raise [Isaca::ServiceError] An error can be raised by {Isaca::Request::GetUserDetailsByToken#get} or {Isaca::Request::GetUserByID#get}
|
|
117
121
|
def set_current_isaca_user
|
|
118
122
|
# Using the Token cookie we can fetch our users details from isaca
|
|
119
|
-
|
|
123
|
+
if Isaca::Rails.configuration.cache_sso
|
|
124
|
+
isaca_user = ::Rails.cache.fetch("isaca/request/get_user_details_by_token/#{cookies['Token']}", expires_in: 2.minutes) do
|
|
125
|
+
Isaca::Request::GetUserDetailsByToken.get(cookies['Token'])
|
|
126
|
+
end
|
|
127
|
+
else
|
|
128
|
+
isaca_user = Isaca::Request::GetUserDetailsByToken.get(cookies['Token'])
|
|
129
|
+
end
|
|
120
130
|
|
|
121
131
|
# The GetUserDetailsByToken endpoint does not return everything we need, we need to supplement our attributes
|
|
122
132
|
# by fetching the GetUserByID endpoint as well.
|
|
123
|
-
|
|
133
|
+
if Isaca::Rails.configuration.cache_sso
|
|
134
|
+
membership = ::Rails.cache.fetch("isaca/request/get_user_by_id/#{isaca_user.imis_id}", expires_in: 15.minutes) do
|
|
135
|
+
Isaca::Request::GetUserByID.get(isaca_user.imis_id)
|
|
136
|
+
end
|
|
137
|
+
else
|
|
138
|
+
membership = Isaca::Request::GetUserByID.get(isaca_user.imis_id)
|
|
139
|
+
end
|
|
124
140
|
|
|
125
141
|
# Set all the aggregated user data to a hash for user record creation or user record updating
|
|
126
142
|
attributes = {
|
|
@@ -25,10 +25,29 @@ module Isaca
|
|
|
25
25
|
|
|
26
26
|
privilege = "#{behavior}_#{controller_name.underscore}".to_sym
|
|
27
27
|
unless user_has_privilege?(current_isaca_user, privilege)
|
|
28
|
-
|
|
28
|
+
respond_to do |format|
|
|
29
|
+
message = "#{t('isaca.rails.claims.admin_required')} Missing claim: #{privilege}."
|
|
30
|
+
|
|
31
|
+
format.html do
|
|
32
|
+
redirect_to root_path, alert: message
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
format.json do
|
|
36
|
+
render json: {error: message}.to_json, status: :forbidden
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
29
40
|
end
|
|
30
41
|
else
|
|
31
|
-
|
|
42
|
+
respond_to do |format|
|
|
43
|
+
format.html do
|
|
44
|
+
redirect_to root_path, alert: t('isaca.rails.claims.admin_required')
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
format.json do
|
|
48
|
+
render json: {error: t('isaca.rails.claims.admin_required')}.to_json, status: :forbidden
|
|
49
|
+
end
|
|
50
|
+
end
|
|
32
51
|
end
|
|
33
52
|
end
|
|
34
53
|
|
data/lib/isaca/rails/version.rb
CHANGED
data/lib/isaca/rails.rb
CHANGED
|
@@ -64,15 +64,42 @@ module Isaca
|
|
|
64
64
|
# Default `::User`
|
|
65
65
|
attr_accessor :user_model
|
|
66
66
|
|
|
67
|
-
# Whether or not users should be redirected and required to provide consent if they have not already
|
|
67
|
+
# Whether or not users should be redirected and required to provide consent if they have not already.
|
|
68
68
|
#
|
|
69
69
|
# Isaca::Rails.configure {|config| config.redirect_for_consent = ::Person}
|
|
70
70
|
#
|
|
71
71
|
# Default true
|
|
72
72
|
attr_accessor :redirect_for_consent
|
|
73
73
|
|
|
74
|
+
# Whether or not Rails should cache ISACA SSO endpoints.
|
|
75
|
+
#
|
|
76
|
+
# Isaca::Rails.configure {|config| config.cache_sso = false}
|
|
77
|
+
#
|
|
78
|
+
# Default false
|
|
79
|
+
attr_accessor :cache_sso
|
|
80
|
+
|
|
81
|
+
# If cache_sso is true, token caching should expire based on the given value.
|
|
82
|
+
# Keep in mind that if a user logs out of another ISACA service that the session
|
|
83
|
+
# cannot be validated until the cache expires [assuming a Token cookie still exists].
|
|
84
|
+
#
|
|
85
|
+
# Isaca::Rails.configure {|config| config.cache_sso_token_expires_in = 2.minutes}
|
|
86
|
+
#
|
|
87
|
+
# Default 2 minutes
|
|
88
|
+
attr_accessor :cache_sso_token_expires_in
|
|
89
|
+
|
|
90
|
+
# If cache_sso is true, user details caching should expire based on the given value.
|
|
91
|
+
# The duration of this cache will impact how frequently a user's personal data is "synced".
|
|
92
|
+
#
|
|
93
|
+
# Isaca::Rails.configure {|config| config.cache_sso_details_expires_in = 15.minutes}
|
|
94
|
+
#
|
|
95
|
+
# Default 15 minutes
|
|
96
|
+
attr_accessor :cache_sso_details_expires_in
|
|
97
|
+
|
|
74
98
|
def initialize
|
|
75
99
|
@redirect_for_consent = true
|
|
100
|
+
@cache_sso = false
|
|
101
|
+
@cache_sso_token_expires_in = 2.minutes
|
|
102
|
+
@cache_sso_details_expires_in = 15.minutes
|
|
76
103
|
end
|
|
77
104
|
|
|
78
105
|
def user_model
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: isaca-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthew Orahood
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|