isomorfeus-empowerment 2.5.5 → 22.9.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/isomorfeus/empowerment/anonymous.rb +13 -2
- data/lib/isomorfeus/empowerment/authentication_handler.rb +60 -0
- data/lib/isomorfeus/empowerment/config.rb +4 -4
- data/lib/isomorfeus/empowerment/local_system.rb +13 -2
- data/lib/isomorfeus/empowerment/local_system_policy.rb +1 -1
- data/lib/isomorfeus/empowerment/session.rb +69 -27
- data/lib/isomorfeus/empowerment/session_cleanup.rb +3 -2
- data/lib/isomorfeus/empowerment/session_task.rb +7 -1
- data/lib/isomorfeus/empowerment/version.rb +1 -1
- data/lib/isomorfeus-empowerment.rb +10 -9
- data/lib/lucid_user.rb +153 -0
- metadata +20 -22
- data/lib/lucid_user/authentication.rb +0 -123
- data/lib/lucid_user/authorization.rb +0 -42
- data/lib/lucid_user/base.rb +0 -10
- data/lib/lucid_user/mixin.rb +0 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e771b58cef0a5856ce230b553e27de84b168c44d48087619de02ae73ed6c7a67
|
|
4
|
+
data.tar.gz: 0cdfe9141e3e81264e756629e1f177adc943dfecc6890a9e5ac5227a9637afe6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b08887cab6471b2e0b169c2c964a4b0d244068414e31bd8e6270eedc81a846ef9b4fab60690bc4bfba0db9366cc9af846f62a42c70aefea990268fdf2f5c2ff
|
|
7
|
+
data.tar.gz: 74fc2aa0e03a0ebd1cdda94d42a6588900583e87d61dfded31a9abf2314e1a4c2312ae25925b0b4c78e7c1f10a55c50020d7b6e2c6e0913e87187d2544a66b98
|
|
@@ -1,5 +1,16 @@
|
|
|
1
|
-
class Anonymous
|
|
2
|
-
|
|
1
|
+
class Anonymous < LucidUser
|
|
2
|
+
class << self
|
|
3
|
+
undef_method :load
|
|
4
|
+
undef_method :load!
|
|
5
|
+
undef_method :destroy
|
|
6
|
+
undef_method :create
|
|
7
|
+
undef_method :search
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
undef_method :create
|
|
11
|
+
undef_method :save
|
|
12
|
+
undef_method :destroy
|
|
13
|
+
undef_method :reload
|
|
3
14
|
|
|
4
15
|
def anonymous?
|
|
5
16
|
true
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
module Isomorfeus
|
|
2
|
+
module Empowerment
|
|
3
|
+
class AuthenticationHandler < LucidHandler
|
|
4
|
+
TIMEOUT = 30
|
|
5
|
+
|
|
6
|
+
def process_request(response_agent)
|
|
7
|
+
# promise_send_path('Isomorfeus::Transport::Handler::AuthenticationHandler', 'login', user_class_name, user_identifier, user_password)
|
|
8
|
+
response_agent.agent_result = { error: 'Authentication failed' }
|
|
9
|
+
tries = pub_sub_client.instance_variable_get(:@isomorfeus_authentication_tries)
|
|
10
|
+
tries = 0 unless tries
|
|
11
|
+
tries += 1
|
|
12
|
+
sleep(5) if tries > 3 # TODO, this needs a better solution (store data in user/session)
|
|
13
|
+
Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_authentication_tries, tries)
|
|
14
|
+
user_class_name = response_agent.request['login']&.keys&.first
|
|
15
|
+
invalid_data_error! unless user_class_name && user_class_name.is_a?(String)
|
|
16
|
+
user = nil
|
|
17
|
+
invalid_data_error! unless Isomorfeus.valid_user_class_name?(user_class_name)
|
|
18
|
+
user_class = Isomorfeus.cached_user_class(user_class_name)
|
|
19
|
+
user_hash = response_agent.request.dig('login', user_class_name)
|
|
20
|
+
invalid_data_error! unless user_hash && user_hash.is_a?(Hash)
|
|
21
|
+
user_str = user_hash.keys.first
|
|
22
|
+
promise = user_class.promise_login(user: user_str , pass: user_hash[user_str])
|
|
23
|
+
unless promise.realized?
|
|
24
|
+
start = Time.now
|
|
25
|
+
until promise.realized?
|
|
26
|
+
break if (Time.now - start) > TIMEOUT
|
|
27
|
+
sleep 0.01
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
key = promise.value
|
|
31
|
+
authentication_error! unless key.is_a?(String)
|
|
32
|
+
cu = Thread.current[:isomorfeus_user]
|
|
33
|
+
Thread.current[:isomorfeus_user] = LocalSystem.new
|
|
34
|
+
begin
|
|
35
|
+
user = user_class.load(key: key)
|
|
36
|
+
ensure
|
|
37
|
+
Thread.current[:isomorfeus_user] = cu
|
|
38
|
+
end
|
|
39
|
+
authentication_error! unless user
|
|
40
|
+
session_id = SecureRandom.uuid
|
|
41
|
+
session_cookie = "session=#{session_id}; SameSite=Strict; HttpOnly; Path=/; Max-Age=2592000#{'; Secure' if Isomorfeus.production?}"
|
|
42
|
+
session_cookie_accessor = SecureRandom.uuid
|
|
43
|
+
Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_authentication_tries, nil)
|
|
44
|
+
Isomorfeus.session_class.add(session_id: session_id, cookie: session_cookie, user: user, accessor: session_cookie_accessor)
|
|
45
|
+
response_agent.agent_result = { success: 'ok', state: { data_state: { user_class_name => { user.key => Isomorfeus.store.dig(:data_state, user_class_name, user.key) }}}, session_cookie_accessor: session_cookie_accessor }
|
|
46
|
+
rescue Exception => e
|
|
47
|
+
STDERR.puts "Isomorfeus::Empowerment::AuthenticationHandler: #{e.message}\n#{e.backtrace&.join("\n")}" if Isomorfeus.development?
|
|
48
|
+
response_agent.agent_result = { error: 'Authentication failed' }
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def invalid_data_error!
|
|
52
|
+
raise 'Received invalid data!'
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def authentication_error!
|
|
56
|
+
raise 'Authentication failed!'
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
@@ -7,8 +7,8 @@ module Isomorfeus
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def init_current_user
|
|
10
|
-
if Isomorfeus.
|
|
11
|
-
|
|
10
|
+
if Isomorfeus.current_user_sid_s
|
|
11
|
+
LucidObject.instance_from_sid_s(Isomorfeus.current_user_sid_s)
|
|
12
12
|
else
|
|
13
13
|
Anonymous.new
|
|
14
14
|
end
|
|
@@ -17,10 +17,10 @@ module Isomorfeus
|
|
|
17
17
|
def set_current_user(user)
|
|
18
18
|
if user
|
|
19
19
|
@current_user = user
|
|
20
|
-
Isomorfeus.
|
|
20
|
+
Isomorfeus.current_user_sid_s = user.sid.to_s
|
|
21
21
|
else
|
|
22
22
|
@current_user = Anonymous.new
|
|
23
|
-
Isomorfeus.
|
|
23
|
+
Isomorfeus.current_user_sid_s = nil
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
else
|
|
@@ -1,5 +1,16 @@
|
|
|
1
|
-
class LocalSystem
|
|
2
|
-
|
|
1
|
+
class LocalSystem < LucidUser
|
|
2
|
+
class << self
|
|
3
|
+
undef_method :load
|
|
4
|
+
undef_method :load!
|
|
5
|
+
undef_method :destroy
|
|
6
|
+
undef_method :create
|
|
7
|
+
undef_method :search
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
undef_method :create
|
|
11
|
+
undef_method :save
|
|
12
|
+
undef_method :destroy
|
|
13
|
+
undef_method :reload
|
|
3
14
|
|
|
4
15
|
def anonymous?
|
|
5
16
|
false
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module Isomorfeus
|
|
2
2
|
module Empowerment
|
|
3
|
-
class Session < LucidObject
|
|
3
|
+
class Session < LucidObject
|
|
4
4
|
# :key is the session_id
|
|
5
5
|
attribute :user_class_name, required: true
|
|
6
6
|
attribute :user_key, required: true
|
|
@@ -9,53 +9,95 @@ module Isomorfeus
|
|
|
9
9
|
attribute :ctime, required: true
|
|
10
10
|
attribute :atime, required: true # only updated when the last access is more than 10 minutes ago
|
|
11
11
|
|
|
12
|
+
query :accessor, "accessor:\"%{accessor}\""
|
|
13
|
+
|
|
12
14
|
class << self
|
|
13
15
|
def add(session_id:, cookie:, user:, accessor:)
|
|
14
|
-
t = Time.now
|
|
15
|
-
|
|
16
|
+
t = Time.now.to_s
|
|
17
|
+
cu = Thread.current[:isomorfeus_user]
|
|
18
|
+
begin
|
|
19
|
+
Thread.current[:isomorfeus_user] = LocalSystem.new
|
|
20
|
+
self.create(key: session_id, attributes: { user_class_name: user.class.name, user_key: user.key, cookie: cookie, accessor: accessor, ctime: t, atime: t })
|
|
21
|
+
ensure
|
|
22
|
+
Thread.current[:isomorfeus_user] = cu
|
|
23
|
+
end
|
|
24
|
+
nil
|
|
16
25
|
end
|
|
17
26
|
|
|
18
27
|
def take_cookie(accessor:)
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
28
|
+
res = nil
|
|
29
|
+
cu = Thread.current[:isomorfeus_user]
|
|
30
|
+
begin
|
|
31
|
+
Thread.current[:isomorfeus_user] = LocalSystem.new
|
|
32
|
+
s = self.search(:accessor, { accessor: accessor }).first
|
|
33
|
+
if s
|
|
34
|
+
cookie = s[:cookie]
|
|
35
|
+
if cookie
|
|
36
|
+
session_info = cookie.split('; ').first
|
|
37
|
+
session_id = session_info.split('=').last.strip
|
|
38
|
+
s[:cookie] = nil
|
|
39
|
+
s.save
|
|
40
|
+
res = cookie
|
|
41
|
+
else
|
|
42
|
+
# asked for the same cookie a second time
|
|
43
|
+
# can probably only be due to session hijacking
|
|
44
|
+
# so delete session associated with that accessor
|
|
45
|
+
s.destroy
|
|
46
|
+
end
|
|
34
47
|
end
|
|
48
|
+
ensure
|
|
49
|
+
Thread.current[:isomorfeus_user] = cu
|
|
35
50
|
end
|
|
51
|
+
res
|
|
36
52
|
end
|
|
37
53
|
|
|
38
54
|
def get_user(session_id:)
|
|
55
|
+
res = nil
|
|
39
56
|
s = touch(session_id: session_id)
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
57
|
+
cu = Thread.current[:isomorfeus_user]
|
|
58
|
+
begin
|
|
59
|
+
Thread.current[:isomorfeus_user] = LocalSystem.new
|
|
60
|
+
res = s[:user_class_name].constantize.load(key: s[:user_key]) if s
|
|
61
|
+
rescue
|
|
62
|
+
nil
|
|
63
|
+
ensure
|
|
64
|
+
Thread.current[:isomorfeus_user] = cu
|
|
65
|
+
end
|
|
66
|
+
res
|
|
43
67
|
end
|
|
44
68
|
|
|
45
69
|
def touch(session_id:)
|
|
46
|
-
|
|
70
|
+
cu = Thread.current[:isomorfeus_user]
|
|
71
|
+
ls = LocalSystem.new
|
|
72
|
+
begin
|
|
73
|
+
Thread.current[:isomorfeus_user] = ls
|
|
74
|
+
s = self.load(key: session_id)
|
|
75
|
+
ensure
|
|
76
|
+
Thread.current[:isomorfeus_user] = cu
|
|
77
|
+
end
|
|
47
78
|
return nil unless s
|
|
48
79
|
t = Time.now
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
s.
|
|
80
|
+
a = s[:atime] ? Time.parse(s[:atime]) : Time.at(0)
|
|
81
|
+
if (t - a) > 600
|
|
82
|
+
s[:atime] = t.to_s
|
|
83
|
+
begin
|
|
84
|
+
Thread.current[:isomorfeus_user] = ls
|
|
85
|
+
s.save
|
|
86
|
+
ensure
|
|
87
|
+
Thread.current[:isomorfeus_user] = cu
|
|
88
|
+
end
|
|
52
89
|
end
|
|
53
90
|
s
|
|
54
91
|
end
|
|
55
|
-
alias_method :get_session, :touch
|
|
56
92
|
|
|
57
93
|
def remove(session_id:)
|
|
58
|
-
|
|
94
|
+
cu = Thread.current[:isomorfeus_user]
|
|
95
|
+
begin
|
|
96
|
+
Thread.current[:isomorfeus_user] = LocalSystem.new
|
|
97
|
+
self.destroy(key: session_id)
|
|
98
|
+
ensure
|
|
99
|
+
Thread.current[:isomorfeus_user] = cu
|
|
100
|
+
end
|
|
59
101
|
end
|
|
60
102
|
end
|
|
61
103
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module Isomorfeus
|
|
2
2
|
module Empowerment
|
|
3
|
-
class SessionCleanup < LucidSimpleOperation
|
|
3
|
+
class SessionCleanup < LucidSimpleOperation
|
|
4
4
|
def self.sessions_cleaned
|
|
5
5
|
@sessions_cleaned
|
|
6
6
|
end
|
|
@@ -31,7 +31,8 @@ module Isomorfeus
|
|
|
31
31
|
Isomorfeus::Empowerment::Session.each do |session|
|
|
32
32
|
# cleanup sessions that have last been accessed more than 20 minutes ago
|
|
33
33
|
self.class.sessions_counted += 1
|
|
34
|
-
|
|
34
|
+
st = Time.parse(session[:atime])
|
|
35
|
+
if (t - st) > 1200
|
|
35
36
|
sessions_to_cleanup << session.key
|
|
36
37
|
end
|
|
37
38
|
end
|
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
module Isomorfeus
|
|
2
2
|
module Empowerment
|
|
3
|
-
class SessionTask < LucidObject
|
|
3
|
+
class SessionTask < LucidObject
|
|
4
4
|
STATES = %w[ready running failed]
|
|
5
|
+
|
|
6
|
+
query :ready, 'state:"ready"'
|
|
7
|
+
query :running, 'state:"running"'
|
|
8
|
+
query :failed, 'state:"failed"'
|
|
9
|
+
query :all, 'state:*'
|
|
10
|
+
|
|
5
11
|
# when the task is added to the queue its added as ready
|
|
6
12
|
# when its running, its running
|
|
7
13
|
# when it failes, it failed, the exception attribute is filled
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
|
|
1
|
+
|
|
2
2
|
require 'isomorfeus-transport'
|
|
3
|
+
require 'isomorfeus-redux'
|
|
4
|
+
require 'isomorfeus-i18n'
|
|
5
|
+
require 'isomorfeus-policy'
|
|
3
6
|
require 'isomorfeus-data'
|
|
4
7
|
require 'isomorfeus-operation'
|
|
5
|
-
require 'lucid_user/authentication'
|
|
6
|
-
require 'lucid_user/authorization'
|
|
7
|
-
require 'lucid_user/mixin'
|
|
8
|
-
require 'lucid_user/base'
|
|
9
|
-
require 'isomorfeus/empowerment/anonymous'
|
|
10
8
|
require 'isomorfeus/empowerment/config'
|
|
9
|
+
require 'lucid_user'
|
|
10
|
+
require 'isomorfeus/empowerment/anonymous'
|
|
11
11
|
|
|
12
12
|
if RUBY_ENGINE != 'opal'
|
|
13
13
|
require 'active_support'
|
|
@@ -17,11 +17,12 @@ if RUBY_ENGINE != 'opal'
|
|
|
17
17
|
require 'isomorfeus/empowerment/local_system_policy'
|
|
18
18
|
require 'isomorfeus/empowerment/session_task'
|
|
19
19
|
require 'isomorfeus/empowerment/init_timer_task'
|
|
20
|
+
require 'isomorfeus/empowerment/authentication_handler'
|
|
20
21
|
|
|
21
22
|
# register daily session cleanup task
|
|
22
|
-
Isomorfeus::Empowerment::SessionTask.create(key: 'isomorfeus_empowerment_session_cleanup',
|
|
23
|
-
|
|
24
|
-
|
|
23
|
+
# Isomorfeus::Empowerment::SessionTask.create(key: 'isomorfeus_empowerment_session_cleanup',
|
|
24
|
+
# fields: { operation_class_name: 'Isomorfeus::Empowerment::SessionCleanup',
|
|
25
|
+
# props: {}, user_class_name: 'LocalSystem', user_key: 'local_system', state: 'ready', fail: false })
|
|
25
26
|
|
|
26
27
|
require 'iso_opal'
|
|
27
28
|
Opal.append_path(__dir__.untaint) unless IsoOpal.paths_include?(__dir__.untaint)
|
data/lib/lucid_user.rb
ADDED
|
@@ -0,0 +1,153 @@
|
|
|
1
|
+
class LucidUser < LucidObject
|
|
2
|
+
if RUBY_ENGINE == 'opal'
|
|
3
|
+
class << self
|
|
4
|
+
def execute_login(&block)
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
|
|
8
|
+
send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
|
|
12
|
+
user_class = self
|
|
13
|
+
class_name = self.name
|
|
14
|
+
if Isomorfeus.production?
|
|
15
|
+
Isomorfeus.raise_error(message: "Connection not secure, can't login!") unless Isomorfeus::Transport.socket.url.start_with?('wss:')
|
|
16
|
+
else
|
|
17
|
+
`console.warn("Connection not secure, ensure a secure connection in production, otherwise login will fail!")` unless Isomorfeus::Transport.socket.url.start_with?('wss:')
|
|
18
|
+
end
|
|
19
|
+
Isomorfeus::Transport.promise_send_path('Isomorfeus::Empowerment::AuthenticationHandler', 'login', self.name, { user => pass }).then do |agent|
|
|
20
|
+
if agent.processed
|
|
21
|
+
agent.result
|
|
22
|
+
else
|
|
23
|
+
agent.processed = true
|
|
24
|
+
if agent.response.key?(:success)
|
|
25
|
+
Isomorfeus.store.dispatch(type: 'REDUX_MERGE', state: agent.response[:state])
|
|
26
|
+
key = agent.response.dig(:state, :data_state, class_name).keys.first
|
|
27
|
+
logged_in_user = user_class.new(key: key)
|
|
28
|
+
cookie_accessor = agent.response[:session_cookie_accessor]
|
|
29
|
+
begin
|
|
30
|
+
target = if block_given?
|
|
31
|
+
block.call(logged_in_user)
|
|
32
|
+
else
|
|
33
|
+
`window.location.pathname`
|
|
34
|
+
end
|
|
35
|
+
unless target.class == String && target.start_with?('/')
|
|
36
|
+
Isomorfeus.raise_error(message: "A path must be returned as string starting with '/', returned was #{target}!")
|
|
37
|
+
end
|
|
38
|
+
rescue
|
|
39
|
+
target = `window.location.pathname`
|
|
40
|
+
end
|
|
41
|
+
cookie_query = "#{Isomorfeus.cookie_eater_path}?#{cookie_accessor}=#{target}"
|
|
42
|
+
`window.location = cookie_query` # doing page load and redirect
|
|
43
|
+
nil
|
|
44
|
+
else
|
|
45
|
+
Isomorfeus.raise_error(message: "Login failed with '#{agent.response[:error]}'!") # triggers .fail
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def promise_logout(scheme: :isomorfeus)
|
|
53
|
+
send("promise_deauthentication_with_#{scheme}")
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def promise_deauthentication_with_isomorfeus
|
|
57
|
+
p = Promise.new
|
|
58
|
+
begin
|
|
59
|
+
`window.location = #{Isomorfeus.api_logout_path}`
|
|
60
|
+
rescue
|
|
61
|
+
p.reject
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
else
|
|
65
|
+
class << self
|
|
66
|
+
def inherited(base)
|
|
67
|
+
Isomorfeus.add_valid_data_class(base)
|
|
68
|
+
Isomorfeus.add_valid_user_class(base)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def passwords_match?(encrypted_password, given_password)
|
|
72
|
+
bcrypt_pass = BCrypt::Password.new(encrypted_password)
|
|
73
|
+
bcrypt_pass == given_password
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def execute_login(&block)
|
|
77
|
+
@execute_login_block = block
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
|
|
81
|
+
send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
|
|
85
|
+
key = @execute_login_block.call(user: user, pass: pass)
|
|
86
|
+
if key.is_a?(String)
|
|
87
|
+
block.call(key) if block_given?
|
|
88
|
+
Promise.new.resolve(key)
|
|
89
|
+
else
|
|
90
|
+
Promise.new.resolve(nil)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def encrypt_password(password, password_confirmation)
|
|
96
|
+
raise "Password and confirmation don't match!" unless password == password_confirmation
|
|
97
|
+
BCrypt::Password.create(password).to_s
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def promise_logout(scheme: :isomorfeus)
|
|
101
|
+
send("promise_deauthentication_with_#{scheme}")
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
def promise_deauthentication_with_isomorfeus
|
|
105
|
+
Promise.new.resolve(true)
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
def anonymous?
|
|
110
|
+
self.class == Anonymous
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
# authorization
|
|
114
|
+
|
|
115
|
+
def record_authorization_reason
|
|
116
|
+
@_isomorfeus_record_authorization_reason = true
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
def stop_to_record_authorization_reason
|
|
120
|
+
@_isomorfeus_record_authorization_reason = false
|
|
121
|
+
@_isomorfeus_authorization_reason = nil
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def authorization_reason
|
|
125
|
+
@_isomorfeus_authorization_reason
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
def authorized?(target_class, target_method = nil, props = nil)
|
|
129
|
+
begin
|
|
130
|
+
class_name = self.class.name
|
|
131
|
+
class_name = class_name.split('>::').last if class_name.start_with?('#<')
|
|
132
|
+
policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
|
|
133
|
+
rescue ::NameError
|
|
134
|
+
policy_class = nil
|
|
135
|
+
end
|
|
136
|
+
return false unless policy_class
|
|
137
|
+
policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
|
|
138
|
+
result = policy_instance.authorized?(target_class, target_method, props)
|
|
139
|
+
@_isomorfeus_authorization_reason = policy_instance.reason
|
|
140
|
+
result
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
def authorized!(target_class, target_method = nil, props = nil)
|
|
144
|
+
class_name = self.class.name
|
|
145
|
+
class_name = class_name.split('>::').last if class_name.start_with?('#<')
|
|
146
|
+
policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
|
|
147
|
+
Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: policy class #{class_name}Policy not found!") unless policy_class
|
|
148
|
+
policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
|
|
149
|
+
result = policy_instance.authorized!(target_class, target_method, props)
|
|
150
|
+
@_isomorfeus_authorization_reason = policy_instance.reason
|
|
151
|
+
result
|
|
152
|
+
end
|
|
153
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: isomorfeus-empowerment
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 22.9.0.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jan Biedermann
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,98 +16,98 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 7.0.
|
|
19
|
+
version: 7.0.3
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 7.0.
|
|
26
|
+
version: 7.0.3
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: isomorfeus-asset-manager
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.15.1
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.15.1
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: isomorfeus-data
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - '='
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
47
|
+
version: 22.9.0.rc1
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - '='
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
54
|
+
version: 22.9.0.rc1
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: isomorfeus-operation
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - '='
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 22.9.0.rc1
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - '='
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 22.9.0.rc1
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: isomorfeus-policy
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - '='
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version:
|
|
75
|
+
version: 22.9.0.rc1
|
|
76
76
|
type: :runtime
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - '='
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version:
|
|
82
|
+
version: 22.9.0.rc1
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: isomorfeus-transport
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
87
|
- - '='
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
89
|
+
version: 22.9.0.rc1
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - '='
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
96
|
+
version: 22.9.0.rc1
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: isomorfeus
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
101
|
- - '='
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
103
|
+
version: 22.9.0.rc1
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - '='
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 22.9.0.rc1
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rake
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -146,6 +146,7 @@ files:
|
|
|
146
146
|
- README.md
|
|
147
147
|
- lib/isomorfeus-empowerment.rb
|
|
148
148
|
- lib/isomorfeus/empowerment/anonymous.rb
|
|
149
|
+
- lib/isomorfeus/empowerment/authentication_handler.rb
|
|
149
150
|
- lib/isomorfeus/empowerment/config.rb
|
|
150
151
|
- lib/isomorfeus/empowerment/init_timer_task.rb
|
|
151
152
|
- lib/isomorfeus/empowerment/local_system.rb
|
|
@@ -154,10 +155,7 @@ files:
|
|
|
154
155
|
- lib/isomorfeus/empowerment/session_cleanup.rb
|
|
155
156
|
- lib/isomorfeus/empowerment/session_task.rb
|
|
156
157
|
- lib/isomorfeus/empowerment/version.rb
|
|
157
|
-
- lib/lucid_user
|
|
158
|
-
- lib/lucid_user/authorization.rb
|
|
159
|
-
- lib/lucid_user/base.rb
|
|
160
|
-
- lib/lucid_user/mixin.rb
|
|
158
|
+
- lib/lucid_user.rb
|
|
161
159
|
homepage: https://isomorfeus.com
|
|
162
160
|
licenses:
|
|
163
161
|
- MIT
|
|
@@ -175,9 +173,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
175
173
|
version: '0'
|
|
176
174
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
175
|
requirements:
|
|
178
|
-
- - "
|
|
176
|
+
- - ">"
|
|
179
177
|
- !ruby/object:Gem::Version
|
|
180
|
-
version:
|
|
178
|
+
version: 1.3.1
|
|
181
179
|
requirements: []
|
|
182
180
|
rubygems_version: 3.3.7
|
|
183
181
|
signing_key:
|
|
@@ -1,123 +0,0 @@
|
|
|
1
|
-
module LucidUser
|
|
2
|
-
module Authentication
|
|
3
|
-
def anonymous?
|
|
4
|
-
self.class == Anonymous
|
|
5
|
-
end
|
|
6
|
-
|
|
7
|
-
if RUBY_ENGINE == 'opal'
|
|
8
|
-
def self.included(base)
|
|
9
|
-
base.instance_exec do
|
|
10
|
-
def execute_login(&block)
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
|
|
14
|
-
send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
|
|
18
|
-
if Isomorfeus.production?
|
|
19
|
-
Isomorfeus.raise_error(message: "Connection not secure, can't login!") unless Isomorfeus::Transport.socket.url.start_with?('wss:')
|
|
20
|
-
else
|
|
21
|
-
`console.warn("Connection not secure, ensure a secure connection in production, otherwise login will fail!")` unless Isomorfeus::Transport.socket.url.start_with?('wss:')
|
|
22
|
-
end
|
|
23
|
-
Isomorfeus::Transport.promise_send_path('Isomorfeus::Transport::Handler::AuthenticationHandler', 'login', self.name, user, pass).then do |agent|
|
|
24
|
-
if agent.processed
|
|
25
|
-
agent.result
|
|
26
|
-
else
|
|
27
|
-
agent.processed = true
|
|
28
|
-
if agent.response.key?(:success)
|
|
29
|
-
Isomorfeus.store.dispatch(type: 'DATA_LOAD', data: agent.response[:data])
|
|
30
|
-
class_name = agent.response[:data].keys.first
|
|
31
|
-
key = agent.response[:data][class_name].keys.first
|
|
32
|
-
logged_in_user = Isomorfeus.cached_data_class(class_name).new(key: key)
|
|
33
|
-
cookie_accessor = agent.response[:session_cookie_accessor]
|
|
34
|
-
begin
|
|
35
|
-
target = if block_given?
|
|
36
|
-
block.call(logged_in_user)
|
|
37
|
-
else
|
|
38
|
-
`window.location.pathname`
|
|
39
|
-
end
|
|
40
|
-
unless target.class == String && target.start_with?('/')
|
|
41
|
-
Isomorfeus.raise_error(message: "A path must be returned as string starting with '/', returned was #{target}!")
|
|
42
|
-
end
|
|
43
|
-
rescue
|
|
44
|
-
target = `window.location.pathname`
|
|
45
|
-
end
|
|
46
|
-
cookie_query = "#{Isomorfeus.cookie_eater_path}?#{cookie_accessor}=#{target}"
|
|
47
|
-
`window.location = cookie_query` # doing page load and redirect
|
|
48
|
-
nil
|
|
49
|
-
else
|
|
50
|
-
Isomorfeus.raise_error(message: "Login failed with '#{agent.response[:error]}'!") # triggers .fail
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
def promise_logout(scheme: :isomorfeus)
|
|
59
|
-
send("promise_deauthentication_with_#{scheme}")
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def promise_deauthentication_with_isomorfeus
|
|
63
|
-
cookie = `document.cookie`
|
|
64
|
-
p = Promise.new
|
|
65
|
-
begin
|
|
66
|
-
logout_query = Isomorfeus.api_logout_path
|
|
67
|
-
`window.location = logout_query`
|
|
68
|
-
rescue
|
|
69
|
-
p.reject
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
else
|
|
73
|
-
def self.included(base)
|
|
74
|
-
Isomorfeus.add_valid_user_class(base)
|
|
75
|
-
|
|
76
|
-
base.instance_exec do
|
|
77
|
-
def execute_login(&block)
|
|
78
|
-
@execute_login_block = block
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
|
|
82
|
-
send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
|
|
86
|
-
promise_or_user = @execute_login_block.call(user: user, pass: pass)
|
|
87
|
-
if promise_or_user.class == Promise
|
|
88
|
-
if block_given?
|
|
89
|
-
promise_or_user.then do |user|
|
|
90
|
-
block.call(user)
|
|
91
|
-
user
|
|
92
|
-
end
|
|
93
|
-
else
|
|
94
|
-
promise_or_user
|
|
95
|
-
end
|
|
96
|
-
else
|
|
97
|
-
block.call(user) if block_given?
|
|
98
|
-
Promise.new.resolve(promise_or_user)
|
|
99
|
-
end
|
|
100
|
-
end
|
|
101
|
-
end
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
def encrypt_password(password, password_confirmation)
|
|
105
|
-
raise "Password and confirmation don't match!" unless password == password_confirmation
|
|
106
|
-
BCrypt::Password.create(password).to_s
|
|
107
|
-
end
|
|
108
|
-
|
|
109
|
-
def passwords_match?(encrypted_password, given_password)
|
|
110
|
-
bcrypt_pass = BCrypt::Password.new(encrypted_password)
|
|
111
|
-
bcrypt_pass == given_password
|
|
112
|
-
end
|
|
113
|
-
|
|
114
|
-
def promise_logout(scheme: :isomorfeus)
|
|
115
|
-
send("promise_deauthentication_with_#{scheme}")
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
def promise_deauthentication_with_isomorfeus
|
|
119
|
-
Promise.new.resolve(true)
|
|
120
|
-
end
|
|
121
|
-
end
|
|
122
|
-
end
|
|
123
|
-
end
|
|
@@ -1,42 +0,0 @@
|
|
|
1
|
-
module LucidUser
|
|
2
|
-
module Authorization
|
|
3
|
-
def record_authorization_reason
|
|
4
|
-
@_isomorfeus_record_authorization_reason = true
|
|
5
|
-
end
|
|
6
|
-
|
|
7
|
-
def stop_to_record_authorization_reason
|
|
8
|
-
@_isomorfeus_record_authorization_reason = false
|
|
9
|
-
@_isomorfeus_authorization_reason = nil
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def authorization_reason
|
|
13
|
-
@_isomorfeus_authorization_reason
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def authorized?(target_class, target_method = nil, props = nil)
|
|
17
|
-
begin
|
|
18
|
-
class_name = self.class.name
|
|
19
|
-
class_name = class_name.split('>::').last if class_name.start_with?('#<')
|
|
20
|
-
policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
|
|
21
|
-
rescue ::NameError
|
|
22
|
-
policy_class = nil
|
|
23
|
-
end
|
|
24
|
-
return false unless policy_class
|
|
25
|
-
policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
|
|
26
|
-
result = policy_instance.authorized?(target_class, target_method, props)
|
|
27
|
-
@_isomorfeus_authorization_reason = policy_instance.reason
|
|
28
|
-
result
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def authorized!(target_class, target_method = nil, props = nil)
|
|
32
|
-
class_name = self.class.name
|
|
33
|
-
class_name = class_name.split('>::').last if class_name.start_with?('#<')
|
|
34
|
-
policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
|
|
35
|
-
Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: policy class #{class_name}Policy not found!") unless policy_class
|
|
36
|
-
policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
|
|
37
|
-
result = policy_instance.authorized!(target_class, target_method, props)
|
|
38
|
-
@_isomorfeus_authorization_reason = policy_instance.reason
|
|
39
|
-
result
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
end
|
data/lib/lucid_user/base.rb
DELETED