isomorfeus-empowerment 2.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8b9ca78286e54574f0295388fc69058dff4697173d544a215957aaf628d1f195
+  data.tar.gz: 4f8c8204a4fd01c1e778b5ab66b38d76f3fa41fb1640f98b9e685a6f09878f52
+SHA512:
+  metadata.gz: 8271f0a513146ae534ba5c8303f83659d1f245a32bfc11423559e32de2f54db68bf1cf4e3b700d99433dcef43c7f3014c37d751d80ad7e79b7a38b4e3b3b7979
+  data.tar.gz: 408395a706c07e5af963d750187b617ff00aa3e7898146a59ac15337ac25f6807f9c0a8fc7a53931a85fc0e2795cc1551f9f8da7744cf826ba7ad87410809821

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Jan Biedermann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,23 @@
+# isomorfeus-empowerment
+
+Users, Authorization and Authentication for Isomorfeus.
+
+### Community and Support
+At the [Isomorfeus Framework Project](https://isomorfeus.com)
+
+## Installation
+isomorfeus-empowerment is usually installed with the installer.
+Otherwise add to your Gemfile:
+```ruby
+gem 'isomorfeus-empowerment'
+```
+and bundle install/update
+
+## Usage
+
+isomorfeus-empowerment provides severel helpful classes and infrastructure for users, authentication and sessions.
+
+- [LucidUser](docs/user.md)
+- [Authentication and Current User](docs/authentication.md)
+
+Sessions are managed automatically and regularly cleaned up.

data/lib/isomorfeus/empowerment/anonymous.rb

@@ -0,0 +1,11 @@
+class Anonymous
+  include LucidUser::Authorization
+
+  def anonymous?
+    true
+  end
+
+  def key
+    'anonymous'
+  end
+end

data/lib/isomorfeus/empowerment/config.rb

@@ -0,0 +1,60 @@
+module Isomorfeus
+  # available settings
+  class << self
+    if RUBY_ENGINE == 'opal'
+      def current_user
+        @current_user ||= init_current_user
+      end
+
+      def init_current_user
+        if Isomorfeus.current_user_sid
+          Isomorfeus.instance_from_sid(Isomorfeus.current_user_sid)
+        else
+          Anonymous.new
+        end
+      end
+
+      def set_current_user(user)
+        if user
+          @current_user = user
+          Isomorfeus.current_user_sid = user.sid
+        else
+          @current_user = Anonymous.new
+          Isomorfeus.current_user_sid = nil
+        end
+      end
+    else
+      attr_reader :session_class
+
+      def valid_user_class_names
+        @valid_user_class_names ||= Set.new
+      end
+
+      def valid_user_class_name?(class_name)
+        valid_user_class_names.include?(class_name)
+      end
+
+      def add_valid_user_class(klass)
+        valid_user_class_names << raw_class_name(klass)
+      end
+
+      def cached_user_classes
+        @cached_user_classes ||= {}
+      end
+
+      def cached_user_class(class_name)
+        return "::#{class_name}".constantize if Isomorfeus.development?
+        return cached_user_classes[class_name] if cached_user_classes.key?(class_name)
+        cached_user_classes[class_name] = "::#{class_name}".constantize
+      end
+
+      def current_user
+        Thread.current[:isomorfeus_user] ||= Anonymous.new
+      end
+
+      def session_class
+        @session_class ||= Isomorfeus::Empowerment::Session
+      end
+    end
+  end
+end

data/lib/isomorfeus/empowerment/init_timer_task.rb

@@ -0,0 +1,5 @@
+Isomorfeus.operation_timer_tasks[:sessions] = Concurrent::TimerTask.new(execution_interval: 600, timeout_interval: 3600) do |timer_task|
+  Isomorfeus::Operation::RunTask.new(Isomorfeus::Empowerment::SessionTask, timer_task: timer_task, interval: 600, recurring: true).run
+end
+
+Isomorfeus.operation_timer_tasks[:sessions].execute

data/lib/isomorfeus/empowerment/local_system.rb

@@ -0,0 +1,11 @@
+class LocalSystem
+  include LucidUser::Authorization
+
+  def anonymous?
+    false
+  end
+
+  def key
+    'local_system'
+  end
+end

data/lib/isomorfeus/empowerment/local_system_policy.rb

@@ -0,0 +1,3 @@
+class LocalSystemPolicy < LucidPolicy::Base
+  allow all
+end

data/lib/isomorfeus/empowerment/session.rb

@@ -0,0 +1,63 @@
+module Isomorfeus
+  module Empowerment
+    class Session  < LucidObject::Base
+      # :key is the session_id
+      attribute :user_class_name, required: true
+      attribute :user_key, required: true
+      attribute :accessor, index: :value
+      attribute :cookie
+      attribute :ctime, required: true
+      attribute :atime, required: true # only updated when the last access is more than 10 minutes ago
+
+      class << self
+        def add(session_id:, cookie:, user:, accessor:)
+          t = Time.now
+          self.create(key: session_id, attributes: { user_class_name: user.class.name, user_key: user.key, cookie: cookie, accessor: accessor, ctime: t, atime: t })
+        end
+
+        def take_cookie(accessor:)
+          s = self.search(:accessor, accessor).first
+          if s
+            cookie = s.cookie
+            if cookie
+              session_info = cookie.split('; ').first
+              session_id = session_info.split('=').last.strip
+              s.cookie = nil
+              s.save
+              cookie
+            else
+              # asked for the same cookie a second time
+              # can probably only be due to session hijacking
+              # so delete session associated with that accessor
+              s.destroy
+              nil
+            end
+          end
+        end
+
+        def get_user(session_id:)
+          s = touch(session_id: session_id)
+          s.user_class_name.constantize.load(key: s.user_key) if s
+        rescue
+          nil
+        end
+
+        def touch(session_id:)
+          s = self.load(key: session_id)
+          return nil unless s
+          t = Time.now
+          if (t - s.atime) > 600
+            s.atime = t
+            s.save
+          end
+          s
+        end
+        alias_method :get_session, :touch
+
+        def remove(session_id:)
+          self.destroy(key: session_id)
+        end
+      end
+    end
+  end
+end

data/lib/isomorfeus/empowerment/session_cleanup.rb

@@ -0,0 +1,46 @@
+module Isomorfeus
+  module Empowerment
+    class SessionCleanup < LucidSimpleOperation::Base
+      def self.sessions_cleaned
+        @sessions_cleaned
+      end
+
+      def self.sessions_cleaned=(v)
+        @sessions_cleaned = v
+      end
+
+      def self.sessions_counted
+        @sessions_counted
+      end
+
+      def self.sessions_counted=(v)
+        @sessions_counted = v
+      end
+
+      def self.reset_counters
+        @sessions_cleaned = 0
+        @sessions_counted = 0
+      end
+
+      op do
+        self.class.reset_counters
+        t = Time.now
+        # need to collect the sessions and then delete each individually to avoid a longstanding
+        # blocking transaction, that could potentially prevent new logins
+        sessions_to_cleanup = []
+        Isomorfeus::Empowerment::Session.each(readonly: true) do |session|
+          # cleanup sessions that have last been accessed more than 20 minutes ago
+          self.class.sessions_counted += 1
+          if (t - session.atime) > 1200
+            sessions_to_cleanup << session.key
+          end
+        end
+        sessions_to_cleanup.each do |key|
+          Isomorfeus::Empowerment::Session.destroy(key: key)
+          self.class.sessions_cleaned += 1
+          sleep 0.001 # sleep one millisecond to favor other transactions
+        end
+      end
+    end
+  end
+end

data/lib/isomorfeus/empowerment/session_task.rb

@@ -0,0 +1,23 @@
+module Isomorfeus
+  module Empowerment
+    class SessionTask < LucidObject::Base
+      STATES = %w[ready running failed]
+      # when the task is added to the queue its added as ready
+      # when its running, its running
+      # when it failes, it failed, the exception attribute is filled
+      # when it was successful, its removed from the queue
+      attribute :operation_class_name, class: String, required: true, validate_block: proc { |v| raise 'Invalid Operation class!' unless Isomorfeus.valid_operation_class_name?(v) }
+      attribute :props
+      attribute :user_class_name, class: String, default: 'Anonymous'
+      attribute :user_key, class: String, default: 'anonymous'
+      attribute :state, class: String, required: true, index: :value, ensure: proc { |v| Isomorfeus::Empowerment::SessionTask::STATES.include?(v) ? v : 'ready' }
+      attribute :exception
+      attribute :rtime
+      attribute :fail, default: false
+
+      def get_exception
+        Marshal.load(exception) if exception
+      end
+    end
+  end
+end

data/lib/isomorfeus/empowerment/version.rb

@@ -0,0 +1,5 @@
+module Isomorfeus
+  module Empowerment
+    VERSION = '2.3.0'
+  end
+end

data/lib/isomorfeus-empowerment.rb

@@ -0,0 +1,28 @@
+require 'isomorfeus-policy'
+require 'isomorfeus-transport'
+require 'isomorfeus-data'
+require 'isomorfeus-operation'
+require 'lucid_user/authentication'
+require 'lucid_user/authorization'
+require 'lucid_user/mixin'
+require 'lucid_user/base'
+require 'isomorfeus/empowerment/anonymous'
+require 'isomorfeus/empowerment/config'
+
+if RUBY_ENGINE != 'opal'
+  require 'active_support'
+  require 'isomorfeus/empowerment/session'
+  require 'isomorfeus/empowerment/session_cleanup'
+  require 'isomorfeus/empowerment/local_system'
+  require 'isomorfeus/empowerment/local_system_policy'
+  require 'isomorfeus/empowerment/session_task'
+  require 'isomorfeus/empowerment/init_timer_task'
+
+  # register daily session cleanup task
+  Isomorfeus::Empowerment::SessionTask.create(key: 'isomorfeus_empowerment_session_cleanup',
+    attributes: { operation_class_name: 'Isomorfeus::Empowerment::SessionCleanup',
+      props: {}, user_class_name: 'LocalSystem', user_key: 'local_system', state: 'ready', fail: false })
+
+  require 'iso_opal'
+  Opal.append_path(__dir__.untaint) unless IsoOpal.paths_include?(__dir__.untaint)
+end

data/lib/lucid_user/authentication.rb

@@ -0,0 +1,123 @@
+module LucidUser
+  module Authentication
+    def anonymous?
+      self.class == Anonymous
+    end
+
+    if RUBY_ENGINE == 'opal'
+      def self.included(base)
+        base.instance_exec do
+          def execute_login(&block)
+          end
+
+          def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
+            send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
+          end
+
+          def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
+            if Isomorfeus.production?
+              Isomorfeus.raise_error(message: "Connection not secure, can't login!") unless Isomorfeus::Transport.socket.url.start_with?('wss:')
+            else
+              `console.warn("Connection not secure, ensure a secure connection in production, otherwise login will fail!")` unless Isomorfeus::Transport.socket.url.start_with?('wss:')
+            end
+            Isomorfeus::Transport.promise_send_path('Isomorfeus::Transport::Handler::AuthenticationHandler', 'login', self.name, user, pass).then do |agent|
+              if agent.processed
+                agent.result
+              else
+                agent.processed = true
+                if agent.response.key?(:success)
+                  Isomorfeus.store.dispatch(type: 'DATA_LOAD', data: agent.response[:data])
+                  class_name = agent.response[:data].keys.first
+                  key = agent.response[:data][class_name].keys.first
+                  logged_in_user = Isomorfeus.cached_data_class(class_name).new(key: key)
+                  cookie_accessor = agent.response[:session_cookie_accessor]
+                  begin
+                    target = if block_given?
+                               block.call(logged_in_user)
+                             else
+                               `window.location.pathname`
+                             end
+                    unless target.class == String && target.start_with?('/')
+                      Isomorfeus.raise_error(message: "A path must be returned as string starting with '/', returned was #{target}!")
+                    end
+                  rescue
+                    target = `window.location.pathname`
+                  end
+                  cookie_query = "#{Isomorfeus.cookie_eater_path}?#{cookie_accessor}=#{target}"
+                  `window.location = cookie_query` # doing page load and redirect
+                  nil
+                else
+                  Isomorfeus.raise_error(message: "Login failed with '#{agent.response[:error]}'!") # triggers .fail
+                end
+              end
+            end
+          end
+        end
+      end
+
+      def promise_logout(scheme: :isomorfeus)
+        send("promise_deauthentication_with_#{scheme}")
+      end
+
+      def promise_deauthentication_with_isomorfeus
+        cookie = `document.cookie`
+        p = Promise.new
+        begin
+          logout_query = Isomorfeus.api_logout_path
+          `window.location = logout_query`
+        rescue
+          p.reject
+        end
+      end
+    else
+      def self.included(base)
+        Isomorfeus.add_valid_user_class(base)
+
+        base.instance_exec do
+          def execute_login(&block)
+            @execute_login_block = block
+          end
+
+          def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
+            send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
+          end
+
+          def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
+            promise_or_user = @execute_login_block.call(user: user, pass: pass)
+            if promise_or_user.class == Promise
+              if block_given?
+                promise_or_user.then do |user|
+                  block.call(user)
+                  user
+                end
+              else
+                promise_or_user
+              end
+            else
+              block.call(user) if block_given?
+              Promise.new.resolve(promise_or_user)
+            end
+          end
+        end
+      end
+
+      def encrypt_password(password, password_confirmation)
+        raise "Password and confirmation don't match!" unless password == password_confirmation
+        BCrypt::Password.create(password).to_s
+      end
+
+      def passwords_match?(encrypted_password, given_password)
+        bcrypt_pass = BCrypt::Password.new(encrypted_password)
+        bcrypt_pass == given_password
+      end
+
+      def promise_logout(scheme: :isomorfeus)
+        send("promise_deauthentication_with_#{scheme}")
+      end
+
+      def promise_deauthentication_with_isomorfeus
+        Promise.new.resolve(true)
+      end
+    end
+  end
+end

data/lib/lucid_user/authorization.rb

@@ -0,0 +1,42 @@
+module LucidUser
+  module Authorization
+    def record_authorization_reason
+      @_isomorfeus_record_authorization_reason = true
+    end
+
+    def stop_to_record_authorization_reason
+      @_isomorfeus_record_authorization_reason = false
+      @_isomorfeus_authorization_reason = nil
+    end
+
+    def authorization_reason
+      @_isomorfeus_authorization_reason
+    end
+
+    def authorized?(target_class, target_method = nil, props = nil)
+      begin
+        class_name = self.class.name
+        class_name = class_name.split('>::').last if class_name.start_with?('#<')
+        policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
+      rescue ::NameError
+        policy_class = nil
+      end
+      return false unless policy_class
+      policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
+      result = policy_instance.authorized?(target_class, target_method, props)
+      @_isomorfeus_authorization_reason = policy_instance.reason
+      result
+    end
+
+    def authorized!(target_class, target_method = nil, props = nil)
+      class_name = self.class.name
+      class_name = class_name.split('>::').last if class_name.start_with?('#<')
+      policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
+      Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: policy class #{class_name}Policy not found!") unless policy_class
+      policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
+      result = policy_instance.authorized!(target_class, target_method, props)
+      @_isomorfeus_authorization_reason = policy_instance.reason
+      result
+    end
+  end
+end

data/lib/lucid_user/base.rb

@@ -0,0 +1,10 @@
+module LucidUser
+  class Base
+    def self.inherited(base)
+      base.include LucidUser::Mixin
+      if RUBY_ENGINE != 'opal'
+        Isomorfeus.add_valid_data_class(base)
+      end
+    end
+  end
+end

data/lib/lucid_user/mixin.rb

@@ -0,0 +1,9 @@
+module LucidUser
+  module Mixin
+    def self.included(base)
+      base.include(LucidObject::Mixin)
+      base.include(LucidUser::Authentication)
+      base.include(LucidUser::Authorization)
+    end
+  end
+end

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification
+name: isomorfeus-empowerment
+version: !ruby/object:Gem::Version
+  version: 2.3.0
+platform: ruby
+authors:
+- Jan Biedermann
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-03-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.0.2
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-asset-manager
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.14.21
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.14.21
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-data
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-operation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-policy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-transport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: isomorfeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+description: Users, Authorization and Authentication for Isomorfeus.
+email: jan@kursator.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/isomorfeus-empowerment.rb
+- lib/isomorfeus/empowerment/anonymous.rb
+- lib/isomorfeus/empowerment/config.rb
+- lib/isomorfeus/empowerment/init_timer_task.rb
+- lib/isomorfeus/empowerment/local_system.rb
+- lib/isomorfeus/empowerment/local_system_policy.rb
+- lib/isomorfeus/empowerment/session.rb
+- lib/isomorfeus/empowerment/session_cleanup.rb
+- lib/isomorfeus/empowerment/session_task.rb
+- lib/isomorfeus/empowerment/version.rb
+- lib/lucid_user/authentication.rb
+- lib/lucid_user/authorization.rb
+- lib/lucid_user/base.rb
+- lib/lucid_user/mixin.rb
+homepage: https://isomorfeus.com
+licenses:
+- MIT
+metadata:
+  github_repo: ssh://github.com/isomorfeus/gems
+  source_code_uri: https://github.com/isomorfeus/isomorfeus-project/isomorfeus-empowerment
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key:
+specification_version: 4
+summary: Users, Authorization and Authentication for Isomorfeus.
+test_files: []