isaca-rails 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/views/isaca/rails/platform/administrators/edit.html.erb +2 -1
- data/app/views/isaca/rails/platform/administrators/index.html.erb +2 -0
- data/app/views/isaca/rails/platform/administrators/new.html.erb +2 -0
- data/app/views/isaca/rails/platform/administrators/show.html.erb +2 -0
- data/app/views/layouts/isaca-rails.html.erb +0 -1
- data/lib/isaca/rails/authentication.rb +25 -9
- data/lib/isaca/rails/authorization.rb +21 -2
- data/lib/isaca/rails/version.rb +1 -1
- data/lib/isaca/rails.rb +28 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0665c673ccf45eeeaa4c3310bb97299be912e312a01e541dad5528fb9d069d55
|
|
4
|
+
data.tar.gz: b338c55d02e1cc5dcabde9db79fc02b01bb75aa9f1145c92151774c1d8656a5b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55dd988503bf5bff3bfa86121de9358e88d64bb4040499304b63d1c44dca97e563c650ba08d0332da4523f8aae7b8ccf1d9d93cee211545605f060ddc31531dc
|
|
7
|
+
data.tar.gz: 8a55b6b1de6fac91130789c85c08d22f5f2c8c70934c7707080fd6a1b26ec7e9acab767e2e0f6025bc2bf16c66a03a0de4743738ffa9ccd1de74d2481c653760
|
|
@@ -17,14 +17,20 @@ module Isaca
|
|
|
17
17
|
def authenticate_isaca_user
|
|
18
18
|
if user_signed_in?
|
|
19
19
|
if request.path != user_consent_path && redirect_for_consent?
|
|
20
|
-
session[:after_sign_in_path] = request.fullpath if request.get?
|
|
20
|
+
session[:after_sign_in_path] = request.fullpath if request.get? && request.format.html?
|
|
21
21
|
flash.alert = t('isaca.rails.user_consent.consent_required')
|
|
22
22
|
redirect_to user_consent_path
|
|
23
23
|
end
|
|
24
24
|
else
|
|
25
25
|
session[:after_sign_in_path] = request.fullpath if request.get?
|
|
26
26
|
flash.alert = t('isaca.rails.sessions.sign_in_required')
|
|
27
|
-
|
|
27
|
+
|
|
28
|
+
respond_to do |format|
|
|
29
|
+
format.html {redirect_to sign_in_path}
|
|
30
|
+
format.json do
|
|
31
|
+
render json: {error: t('isaca.rails.sessions.sign_in_required')}.to_json, status: :unauthorized
|
|
32
|
+
end
|
|
33
|
+
end
|
|
28
34
|
end
|
|
29
35
|
end
|
|
30
36
|
|
|
@@ -32,12 +38,10 @@ module Isaca
|
|
|
32
38
|
#
|
|
33
39
|
# @return [ActiveModel::Model|nil]
|
|
34
40
|
def current_isaca_user
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
41
|
+
if @current_isaca_user
|
|
42
|
+
@current_isaca_user
|
|
43
|
+
else
|
|
38
44
|
set_current_isaca_user if token_cookie_exists?
|
|
39
|
-
rescue Isaca::ServiceError => e
|
|
40
|
-
Rails.logger.warn("Error occurred while setting the current isaca user: #{e.message}")
|
|
41
45
|
end
|
|
42
46
|
end
|
|
43
47
|
|
|
@@ -116,11 +120,23 @@ module Isaca
|
|
|
116
120
|
# @raise [Isaca::ServiceError] An error can be raised by {Isaca::Request::GetUserDetailsByToken#get} or {Isaca::Request::GetUserByID#get}
|
|
117
121
|
def set_current_isaca_user
|
|
118
122
|
# Using the Token cookie we can fetch our users details from isaca
|
|
119
|
-
|
|
123
|
+
if Isaca::Rails.configuration.cache_sso
|
|
124
|
+
isaca_user = ::Rails.cache.fetch("isaca/request/get_user_details_by_token/#{cookies['Token']}", expires_in: 2.minutes) do
|
|
125
|
+
Isaca::Request::GetUserDetailsByToken.get(cookies['Token'])
|
|
126
|
+
end
|
|
127
|
+
else
|
|
128
|
+
isaca_user = Isaca::Request::GetUserDetailsByToken.get(cookies['Token'])
|
|
129
|
+
end
|
|
120
130
|
|
|
121
131
|
# The GetUserDetailsByToken endpoint does not return everything we need, we need to supplement our attributes
|
|
122
132
|
# by fetching the GetUserByID endpoint as well.
|
|
123
|
-
|
|
133
|
+
if Isaca::Rails.configuration.cache_sso
|
|
134
|
+
membership = ::Rails.cache.fetch("isaca/request/get_user_by_id/#{isaca_user.imis_id}", expires_in: 15.minutes) do
|
|
135
|
+
Isaca::Request::GetUserByID.get(isaca_user.imis_id)
|
|
136
|
+
end
|
|
137
|
+
else
|
|
138
|
+
membership = Isaca::Request::GetUserByID.get(isaca_user.imis_id)
|
|
139
|
+
end
|
|
124
140
|
|
|
125
141
|
# Set all the aggregated user data to a hash for user record creation or user record updating
|
|
126
142
|
attributes = {
|
|
@@ -25,10 +25,29 @@ module Isaca
|
|
|
25
25
|
|
|
26
26
|
privilege = "#{behavior}_#{controller_name.underscore}".to_sym
|
|
27
27
|
unless user_has_privilege?(current_isaca_user, privilege)
|
|
28
|
-
|
|
28
|
+
respond_to do |format|
|
|
29
|
+
message = "#{t('isaca.rails.claims.admin_required')} Missing claim: #{privilege}."
|
|
30
|
+
|
|
31
|
+
format.html do
|
|
32
|
+
redirect_to root_path, alert: message
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
format.json do
|
|
36
|
+
render json: {error: message}.to_json, status: :forbidden
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
29
40
|
end
|
|
30
41
|
else
|
|
31
|
-
|
|
42
|
+
respond_to do |format|
|
|
43
|
+
format.html do
|
|
44
|
+
redirect_to root_path, alert: t('isaca.rails.claims.admin_required')
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
format.json do
|
|
48
|
+
render json: {error: t('isaca.rails.claims.admin_required')}.to_json, status: :forbidden
|
|
49
|
+
end
|
|
50
|
+
end
|
|
32
51
|
end
|
|
33
52
|
end
|
|
34
53
|
|
data/lib/isaca/rails/version.rb
CHANGED
data/lib/isaca/rails.rb
CHANGED
|
@@ -64,15 +64,42 @@ module Isaca
|
|
|
64
64
|
# Default `::User`
|
|
65
65
|
attr_accessor :user_model
|
|
66
66
|
|
|
67
|
-
# Whether or not users should be redirected and required to provide consent if they have not already
|
|
67
|
+
# Whether or not users should be redirected and required to provide consent if they have not already.
|
|
68
68
|
#
|
|
69
69
|
# Isaca::Rails.configure {|config| config.redirect_for_consent = ::Person}
|
|
70
70
|
#
|
|
71
71
|
# Default true
|
|
72
72
|
attr_accessor :redirect_for_consent
|
|
73
73
|
|
|
74
|
+
# Whether or not Rails should cache ISACA SSO endpoints.
|
|
75
|
+
#
|
|
76
|
+
# Isaca::Rails.configure {|config| config.cache_sso = false}
|
|
77
|
+
#
|
|
78
|
+
# Default false
|
|
79
|
+
attr_accessor :cache_sso
|
|
80
|
+
|
|
81
|
+
# If cache_sso is true, token caching should expire based on the given value.
|
|
82
|
+
# Keep in mind that if a user logs out of another ISACA service that the session
|
|
83
|
+
# cannot be validated until the cache expires [assuming a Token cookie still exists].
|
|
84
|
+
#
|
|
85
|
+
# Isaca::Rails.configure {|config| config.cache_sso_token_expires_in = 2.minutes}
|
|
86
|
+
#
|
|
87
|
+
# Default 2 minutes
|
|
88
|
+
attr_accessor :cache_sso_token_expires_in
|
|
89
|
+
|
|
90
|
+
# If cache_sso is true, user details caching should expire based on the given value.
|
|
91
|
+
# The duration of this cache will impact how frequently a user's personal data is "synced".
|
|
92
|
+
#
|
|
93
|
+
# Isaca::Rails.configure {|config| config.cache_sso_details_expires_in = 15.minutes}
|
|
94
|
+
#
|
|
95
|
+
# Default 15 minutes
|
|
96
|
+
attr_accessor :cache_sso_details_expires_in
|
|
97
|
+
|
|
74
98
|
def initialize
|
|
75
99
|
@redirect_for_consent = true
|
|
100
|
+
@cache_sso = false
|
|
101
|
+
@cache_sso_token_expires_in = 2.minutes
|
|
102
|
+
@cache_sso_details_expires_in = 15.minutes
|
|
76
103
|
end
|
|
77
104
|
|
|
78
105
|
def user_model
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: isaca-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthew Orahood
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|