jungle_path 0.0.0

data/lib/jungle_path/app/schemas/schema_all_in_one.rb

@@ -0,0 +1,181 @@
+  # schema.rb
+require 'jungle_path/db_model'
+require 'jungle_path/schema'
+
+module Schema
+  # schema meta data:
+
+  def self.version
+    # Specify database version number.
+    # This version number will be used to apply database
+    # migrations.
+    # If the configatron.db.name does not exist, then
+    # this schema is applied directly and the appropriate
+    # version number is recorded in the database.
+    # Version of nil will run all available migrations
+    #1
+    nil
+  end
+
+  def self.migrations_path
+    ::File.expand_path('../ztools/db/migrations',::File.dirname(__FILE__))
+  end
+
+  # base table:
+
+  class Base < DBModel::Table
+	end
+
+  # Used for database versioning with Sequel migrations:
+  class SchemaInfo < Schema::Base
+    self.description = "Used by sequel migration."
+    define(
+      [:version, :integer, :primary_key]
+    )
+  end
+
+  # application tables examples:
+
+  class Answer < Schema::Base
+    self.description = ""
+    define(
+      [:id, :primary_key],
+      [:question_id, :foreign_key, :question],
+      [:description, :string],
+      [:is_correct, :boolean],
+      [:audit_user]
+    )
+  end
+
+  class Practice < Schema::Base
+    self.description = ""
+    define(
+      [:id, :primary_key],
+      [:user_id, :foreign_key, :user],
+      [:notes, :string],
+      [:random_question_order, :boolean],
+      [:random_answer_order, :boolean],
+      [:audit_user]
+    )
+  end
+
+  class PracticeQuiz < Schema::Base
+    self.description = ""
+    define(
+      [:practice_id, :foreign_key, :practice, :primary_key],
+      [:quiz_id, :foreign_key, :quiz, :primary_key],
+      [:audit_user]
+    )
+    def self.plural_table_name
+      "practice_quizzes"
+    end
+  end
+
+  class PracticeQuestion < Schema::Base
+    self.description = ""
+    define(
+      [:practice_id, :foreign_key, :practice, :primary_key],
+      [:question_id, :foreign_key, :question, :primary_key],
+      [:note, :string],
+      [:audit_user]
+    )
+  end
+
+  class PracticeAnswer < Schema::Base
+    self.description = ""
+    define(
+      [:practice_id, :foreign_key, :practice, :primary_key],
+      [:answer_id, :foreign_key, :answer, :primary_key],
+      [:label, :string],
+      [:selected, :boolean],
+      [:audit_user]
+    )
+  end
+
+  class Question < Schema::Base
+    self.description = ""
+    define(
+      [:id, :primary_key],
+      [:quiz_id, :foreign_key, :quiz],
+      [:name, :string],
+      [:description, :string],
+      [:audit_user]
+    )
+  end
+
+  class Quiz < Schema::Base
+    self.description = ""
+    define(
+      [:id, :primary_key],
+      [:name, :string],
+      [:description, :string],
+      [:private, :boolean, :default, true],
+      [:audit_user]
+    )
+    def self.plural_table_name
+      "quizzes"
+    end
+  end
+
+  class Log < Schema::Base
+    define(
+      [:id, :primary_key],
+      [:set_id, :integer],
+      [:name, :string],
+      [:type, :string],
+      [:item, :string, :secure],
+      [:timestamp, :timestamp]
+    )
+  end
+
+
+  class Role < Schema::Base
+    self.description = "User authorization: Roles for Users to assume in system."
+    define(
+      [:id, :primary_key],
+      [:name, :string, :unique_index, [:name], :not_null],
+      [:description, :string],
+      [:audit_user]
+    )
+  end
+
+
+
+  class User < Schema::Base
+    self.description = "User of system."
+    define(
+      [:id, :primary_key],
+      [:name, :string, :desc, "Your human name! :)"],
+      [:first_name, :string, :index],
+      [:last_name, :string, :index],
+      [:user_name, :string, :unique, :not_null, :alternate_key, :desc, "may use an email address as a user_name"],
+      [:email, :string, :index],
+      [:phone, :string, :desc, "mobile phone number", :index],
+      [:sms_verification_code, :string, :secure, :desc, "phone verification/sign-in code."],
+      [:hash, :string, :not_null, :secure, :calculated, :desc, "See password_hash.rb for details."],
+      [:key, :string, :unique, :secure, :calculated, :desc, "Used as alternative to user_name/password."],
+      [:activation_key, :string, :secure],
+      [:active, :boolean],
+      [:is_valid, :boolean, :calculated],
+      [:password_reset_code, :string, :secure],
+      [:audit_user]
+    )
+  end
+
+  class User
+		@auth
+		@query_filters
+    @password
+		attr_accessor :auth, :query_filters, :password
+	end
+
+
+  class UserRole < Schema::Base
+    self.description = "Assign authorization roles to users of system."
+    define(
+      [:user_id, :foreign_key, :user, :primary_key],
+      [:role_id, :foreign_key, :role, :primary_key],
+      [:audit_user]
+    )
+  end
+end

data/lib/jungle_path/app.rb

@@ -0,0 +1,8 @@
+module JunglePath
+	module App
+		def self.sample_config_ru
+		end
+		def self.sample_run_sh
+		end
+	end
+end

data/lib/jungle_path/authentication/auth_provider/default.rb

@@ -0,0 +1,83 @@
+module JunglePath
+	module Authentication
+		module AuthProvider
+			class Default
+				def authenticate request, data_provider=nil, no_cache=false
+					puts "Auth.authenticate"
+					data_provider = JunglePath::Authentication::DataProvider::Default.new unless data_provider
+					remote_user = request.env['REMOTE_USER']
+					remote_password = request.env['REMOTE_PASSWORD']
+					puts "remote_user: #{remote_user}."
+					puts "remote_password: #{remote_password}."
+					identity = basic_authentication(data_provider, remote_user, remote_password, no_cache)
+					identity = basic_authentication(data_provider, remote_user, remote_password, true) unless identity and identity.valid?
+				end
+
+				def basic_authentication data_provider, remote_user, remote_password, no_cache=false
+					identity, assume_identity = parse_identities(remote_user, remote_password)
+					puts "identity: #{identity}"
+					puts "assume_identity: #{assume_identity}"
+					valid = false
+					identity = authenticate_identity(data_provider, identity, no_cache)
+					identity = authorize_identity(data_provider, identity, no_cache)
+					assume_identity = authenticate_identity(assume_identity, no_cache) if assume_identity and identity and identity.valid?
+					assume_identity = authorize_identity(data_provider, assume_identity, no_cache) if assume_identity
+					valid = (assume_identity and assume_identity.valid?) or (identity and identity.valid?)
+					return assume_identity if assume_identity
+					identity
+				end
+
+				def parse_identities remote_user, remote_password
+					identity = JunglePath::Authentication::Identity.new
+					identity.remote_user = remote_user
+					identity.remote_password = remote_password
+					assume_identity = nil
+					if remote_user and remote_user.include?("|")
+						parts = remote_user.split('|')
+						identity.user_name = parts[1]
+						assume_identity = JunglePath::Authentication::Identity.new
+						assume_identity.user_name = parts[0]
+						assume_identity.remote_user = remote_user
+						assume_identity.remote_password = remote_password
+					else
+						identity.user_name = remote_user
+					end
+					return identity, assume_identity
+				end
+				
+				def authenticate_identity data_provider, identity, no_cache=false
+					id = nil
+					if identity
+						id = identity.dup
+						id.user = data_provider.get_user(identity.user_name, identity.remote_password, no_cache)
+						id.key = id.user
+						id.valid = (id.user and id.user.is_valid)
+					end
+					id
+				end
+
+				def authorize_identity data_provider, identity, no_cache
+					id = nil
+					if identity
+						id = identity.dup
+						if id.valid?
+							id.roles = data_provider.get_roles(id, no_cache)
+							id.default_role = id.roles[0] if id.roles
+							id.auth = data_provider.get_auth(id, no_cache)
+							id.user.auth = id.auth if id.user
+							id.query_filters = data_provider.get_query_filters(id, no_cache)
+						else
+							id.roles = nil
+							id.default_role = nil
+							id.auth = nil
+							id.user.auth = nil if id.user
+							id.query_filters = nil
+						end
+					end
+					id
+				end
+
+			end
+		end
+	end
+end

data/lib/jungle_path/authentication/auth_provider.rb

@@ -0,0 +1,7 @@
+module JunglePath
+	module Authentication
+		module AuthProvider
+			require 'jungle_path/authentication/auth_provider/default'
+		end
+	end
+end

data/lib/jungle_path/authentication/data_provider/default.rb

@@ -0,0 +1,144 @@
+module JunglePath
+	require 'jungle_path/authorization/filter'
+	module Authentication
+		module DataProvider
+			class Default
+				def initialize models_hash
+					@roles = {
+						root: {
+							id: 0,
+							name: :root,
+							description: 'root can do anything',
+							permissions: [:root],
+							restrictions: []
+						},
+						admin: {
+							id: 1,
+							name: :admin,
+							description: 'admin and add, edit and delete users, but not root users.',
+							permissions: [:admin],
+							restrictions: []
+						},
+						user: {
+							id: 2,
+							name: :user,
+							description: 'basic system user -- has read only access.',
+							permissions: [:read],
+							restrictions: [:query_only, :me_related]
+						}
+					}
+					@users = {
+						root: {
+							id: 0,
+							name: 'root',
+							email: nil,
+							phone: nil,
+							active: true,
+							user_name: :root,
+							password: 'test',
+							roles: [:root]
+						},
+						admin: {
+							id: 1,
+							name: 'admin',
+							email: nil,
+							phone: nil,
+							active: true,
+							user_name: :admin,
+							password: 'test',
+							roles: [:admin]
+						},
+						user: {
+							id: 2,
+							name: 'user',
+							email: nil,
+							phone: nil,
+							active: true,
+							user_name: :user,
+							password: 'test',
+							roles: [:user]
+						}
+					}
+					@models = models_hash # (parameter models_hash usually from Schema::Base.models)
+					@role_permissions = {}
+					@role_restrictions = {}
+					@roles.each do |role|
+						@role_permissions[role.name] = role.permissions
+						@role_restrictions[role.name] = role.role_restrictions
+					end
+					@role_schema_filters = lambda {|identity|
+						filters = {
+							root: :allow_all_tables,
+							admin: :allow_all_tables,
+							user: :hide_nonpublic_tables
+						}
+					}
+					@schema_filters = lambda {|identity|
+						filters = {
+							allow_all_tables: {allow: [table: /./]},
+							hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
+						}
+					}
+					@role_query_filters = lambda {|identity|
+						filters = {
+							admin: [
+								{table_name: :table_i_want_to_filter, sub_select: "select id from table_i_want_to_filter where a = b"}
+							]
+							# more...
+						}
+					}
+					@restriction_query_filters = lambda {|identity|
+						filters = {
+							me_related:[
+								{table_name: :user, sub_select: "select id from user where id = #{identity.user.id}"}
+							]
+						}
+					}
+					@user_query_filters = lambda {|identity|
+						filters = {}
+					}
+				end
+
+				def get_user(user_name, password, no_cache=false)
+					lower_case_user_name = nil
+					lower_case_user_name = user_name.downcase.to_sym if user_name
+					hash = @users[lower_case_user_name]
+					user = JunglePath::Schema::User.new(hash, false) if hash
+					halt 401, "Unauthorized" unless user
+					halt 401, "Unauthorized: user #{user.user_name} is not marked as active." unless user.active
+					user.is_valid = (user.password == password)
+					user.password = password
+					user
+				end
+
+				def get_roles(identity, no_cache=false)
+					result = []
+					roles = @users[identity.user.user_name.to_sym].roles
+					roles.each do |role_symbol|
+						role = @roles[role_symbol]
+						result << ({id: role[:id], name: role[:name], description: role[:description]})
+					end
+					result
+				end
+
+				def get_auth(identity, no_cache=false)
+					auth = JunglePath::Authorization::Filter.new(identity.roles, @models, @role_permissions, @role_restrictions, @role_schema_filters.call(identity), @schema_filters.call(identity))
+				end
+
+				def get_query_filters(identity, no_cache=false)
+					filters = []
+					@role_query_filters.call(identity).each do |filter|
+						filters << filter
+					end
+					@restriction_query_filters.call(identity).each do |filter|
+						filters << filter
+					end
+					@user_query_filters.call(identity).each do |filter|
+						filters << filter
+					end
+					filters
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/authentication/data_provider.rb

@@ -0,0 +1,7 @@
+module JunglePath
+	module Authentication
+		module DataProvider
+			require 'jungle_path/authentication/data_provider/default'
+		end
+	end
+end

data/lib/jungle_path/authentication/helpers.rb

@@ -0,0 +1,19 @@
+require 'securerandom'
+
+module JunglePath
+  module Authentication
+		module Helpers
+		  def self.generate_api_key(prefix="sk_")
+		    begin
+		      key = SecureRandom.urlsafe_base64(18)
+		    end while key.include? ?_
+		    key = prefix + key
+		  end
+
+		  def self.expires_in_timestamp(days: 0, hours: 0, minutes: 0, seconds: 0)
+		    s = seconds + (minutes * 60) + (hours * 60 * 60) + (days * 24 * 60 * 60)
+		    expires_timestamp = Time.new + s
+		  end
+		end
+	end
+end

data/lib/jungle_path/authentication/identity.rb

@@ -0,0 +1,30 @@
+module JunglePath
+  module Authentication
+		class Identity
+			attr_accessor :remote_user, :remote_password, :user_name, :user, :key, :valid, :roles, :default_role, :auth, :query_filters
+			def to_s
+				"JunglePath::Authentication::Identity: {\n  remote_user: #{@remote_user},\n  remote_password: #{@remote_password},\n  user_name: #{@user_name},\n  user: #{@user},\n  key: #{@key},\n  valid: #{@valid},\n  roles: #{@roles},\n  auth: #{@auth}\n,query_filters: #{@query_filters}\n}"
+			end
+      def to_h
+        {
+          remote_user: @remote_user,
+          remote_password: @remote_password,
+          user_name: @user_name,
+          user: @user,
+          key: @key,
+          valid: @valid,
+          roles: @roles,
+          default_role: @default_role,
+          auth: @auth,
+          query_filters: @query_filters
+        }
+      end
+      def to_hash
+        to_h
+      end
+			def valid?
+				@valid
+			end
+		end
+	end
+end

data/lib/jungle_path/authentication/password_hash.rb

@@ -0,0 +1,124 @@
+# https://crackstation.net/hashing-security.htm#rubysourcecode
+# Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
+# Copyright (c) 2013, Taylor Hornby
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+# Changed 2017-03-30:
+# I wrapped this in jungle_path gem...
+require 'securerandom'
+require 'openssl'
+require 'base64'
+
+module JunglePath
+  module Authentication
+
+    # Salted password hashing with PBKDF2-SHA1.
+    # Authors: @RedragonX (dicesoft.net), havoc AT defuse.ca
+    # www: http://crackstation.net/hashing-security.htm
+    module PasswordHash
+
+      # The following constants can be changed without breaking existing hashes.
+      PBKDF2_ITERATIONS = 1000
+      SALT_BYTE_SIZE = 24
+      HASH_BYTE_SIZE = 24
+
+      HASH_SECTIONS = 4
+      SECTION_DELIMITER = ':'
+      ITERATIONS_INDEX = 1
+      SALT_INDEX = 2
+      HASH_INDEX = 3
+
+      # Returns a salted PBKDF2 hash of the password.
+      def self.createHash( password )
+        salt = SecureRandom.base64( SALT_BYTE_SIZE )
+        pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac_sha1(
+          password,
+          salt,
+          PBKDF2_ITERATIONS,
+          HASH_BYTE_SIZE
+        )
+        return ["sha1", PBKDF2_ITERATIONS, salt, Base64.encode64( pbkdf2 )].join( SECTION_DELIMITER )
+      end
+
+      # Checks if a password is correct given a hash of the correct one.
+      # correctHash must be a hash string generated with createHash.
+      def self.validatePassword( password, correctHash )
+        params = correctHash.split( SECTION_DELIMITER )
+        return false if params.length != HASH_SECTIONS
+
+        pbkdf2 = Base64.decode64( params[HASH_INDEX] )
+        testHash = OpenSSL::PKCS5::pbkdf2_hmac_sha1(
+          password,
+          params[SALT_INDEX],
+          params[ITERATIONS_INDEX].to_i,
+          pbkdf2.length
+        )
+
+        return pbkdf2 == testHash
+      end
+
+      # Run tests to ensure the module is functioning properly.
+      # Returns true if all tests succeed, false if not.
+      def self.runSelfTests
+        puts "Sample hashes:"
+        3.times { puts createHash("password") }
+
+        puts "\nRunning self tests..."
+        @@allPass = true
+
+        correctPassword = 'aaaaaaaaaa'
+        wrongPassword = 'aaaaaaaaab'
+        hash = createHash(correctPassword)
+
+        assert( validatePassword( correctPassword, hash ) == true, "correct password" )
+        assert( validatePassword( wrongPassword, hash ) == false, "wrong password" )
+
+        h1 = hash.split( SECTION_DELIMITER )
+        h2 = createHash( correctPassword ).split( SECTION_DELIMITER )
+        assert( h1[HASH_INDEX] != h2[HASH_INDEX], "different hashes" )
+        assert( h1[SALT_INDEX] != h2[SALT_INDEX], "different salt" )
+
+        if @@allPass
+          puts "*** ALL TESTS PASS ***"
+        else
+          puts "*** FAILURES ***"
+        end
+
+        return @@allPass
+      end
+
+      def self.assert( truth, msg )
+        if truth
+          puts "PASS [#{msg}]"
+        else
+          puts "FAIL [#{msg}]"
+          @@allPass = false
+        end
+      end
+
+    end
+  end
+end
+#PasswordHash.runSelfTests

data/lib/jungle_path/authentication.rb

@@ -0,0 +1,9 @@
+module JunglePath
+	module Authentication
+		require 'jungle_path/authentication/auth_provider'
+		require 'jungle_path/authentication/data_provider'
+		require 'jungle_path/authentication/helpers'
+		require 'jungle_path/authentication/identity'
+		require 'jungle_path/authentication/password_hash'
+	end
+end