keycard 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f5d7f477660b581edd56242cba917ceac9a92c56
+  data.tar.gz: 64257be7f76d1497ca3f8397e18e6c56d7e49269
+SHA512:
+  metadata.gz: 6105dc8009f59f487d8f463d97325ef021f2f922ada9d912cdf6b83d193efe1c9d7cbf86af1c9c0fb3c3959b50dda8ef73dcb55162e61e7b41a091f08f1ff0e7
+  data.tar.gz: c55623373226fffa991ac9ef370a71085ca2da258080ab3ea6046788ebc9f691eaac5bd1bed5c2029ab6ea8131f608981ef9a9e8c781ca20a643824bf260e73d

data/.envrc

@@ -0,0 +1 @@
+PATH_add bin

data/.gitignore

@@ -0,0 +1,20 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+Gemfile.lock
+
+# rspec failure tracking
+.rspec_status
+
+# Keycard database files
+/db/*.sqlite
+/db/keycard.log
+/db/keycard.yml
+
+keycard*.gem

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,30 @@
+Rails:
+  Enabled: true
+
+Rails/Delegate:
+  Enabled: false
+
+# inherit_gem:
+#   rubocop-rails:
+#     - config/rails.yml
+
+AllCops:
+  DisplayCopNames: true
+  TargetRubyVersion: 2.4
+  Exclude:
+    - 'bin/**/*'
+    - 'vendor/**/*'
+
+Layout/MultilineMethodDefinitionBraceLayout:
+  EnforcedStyle: same_line
+
+Metrics/LineLength:
+  Max: 110
+
+Metrics/BlockLength:
+  Exclude:
+    - '*.gemspec'
+  ExcludedMethods: ['describe', 'context']
+
+Style/StringLiterals:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.2
+before_install: gem install bundler -v 1.16.0

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in keycard.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,27 @@
+Copyright (c) 2018, The Regents of the University of Michigan.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+* Redistributions of source code must retain the above copyright
+  notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+* Neither the name of the The University of Michigan nor the
+  names of its contributors may be used to endorse or promote products
+  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS OF THE UNIVERSITY OF MICHIGAN AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OF THE
+UNIVERSITY OF MICHIGAN BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,46 @@
+[![Build Status](https://travis-ci.org/mlibrary/keycard.svg?branch=master)](https://travis-ci.org/mlibrary/keycard?branch=master)
+[![Coverage Status](https://coveralls.io/repos/github/mlibrary/keycard/badge.svg?branch=master)](https://coveralls.io/github/mlibrary/keycard?branch=master)
+
+# Keycard
+
+Keycard provides authentication support and user/request information, especially
+in Rails applications.
+
+Keycard is designed to give you sound guidelines and integration between
+authentication and authorization without constraining your application. It
+takes inspiration from [Sorcery](https://github.com/Sorcery/sorcery), but has
+four important distinctions:
+
+1. It does not use mixins to configure a "model that can log in".
+2. It provides a way to retrieve user and session attributes like directory
+   information or IP address-based region, rather than being strictly about
+   logging in and out.
+3. It only provides one built-in strategy for logins, focused on single sign-on
+   scenarios.
+4. It offers an optional group implementation for whatever objects your
+   application manages as accounts or users.
+
+The ultimate goal is to provide useful tools that integrate easily and simplify
+building applications that have clean, well-factored designs. Keycard should
+help you focus on solving your application problems, while remaining invisible
+-- not magical -- to most of your application.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'keycard'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install keycard
+
+## License
+
+Keycard is licensed under the BSD-3-Clause license. See [LICENSE.md](LICENSE.md).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "keycard"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/db/migrations/1_create_tables.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# rubocop:disable Metrics/BlockLength
+
+Sequel.migration do
+  change do
+    create_table(:aa_inst) do
+      Integer :uniqueIdentifier, null: false
+      String :organizationName, size: 128, null: false
+      Integer :manager
+      DateTime :lastModifiedTime, default: Sequel::CURRENT_TIMESTAMP, null: false
+      String :lastModifiedBy, size: 64, null: false
+      String :dlpsDeleted, size: 1, fixed: true, null: false
+
+      primary_key [:uniqueIdentifier]
+    end
+
+    create_table(:aa_network, ignore_index_errors: true) do
+      Integer :uniqueIdentifier, null: false
+      String :dlpsDNSName, size: 128
+      String :dlpsCIDRAddress, size: 18
+      Bignum :dlpsAddressStart
+      Bignum :dlpsAddressEnd
+      String :dlpsAccessSwitch, size: 5, null: false
+      String :coll, size: 32
+      Integer :inst
+      DateTime :lastModifiedTime, default: Sequel::CURRENT_TIMESTAMP, null: false
+      String :lastModifiedBy, size: 64, null: false
+      String :dlpsDeleted, size: 1, fixed: true, null: false
+
+      check Sequel::SQL::BooleanExpression.new(:>=, Sequel::SQL::Identifier.new(:dlpsAddressStart), 0)
+      check Sequel::SQL::BooleanExpression.new(:>=, Sequel::SQL::Identifier.new(:dlpsAddressEnd), 0)
+      primary_key [:uniqueIdentifier]
+
+      index [:dlpsAddressEnd], name: :network_dlpsAddressEnd_index
+      index [:dlpsAddressStart], name: :network_dlpsAddressStart_index
+    end
+  end
+end
+
+# rubocop:enable Metrics/BlockLength

data/keycard.gemspec

@@ -0,0 +1,41 @@
+
+# frozen_string_literal: true
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "keycard/version"
+
+Gem::Specification.new do |spec|
+  spec.name    = "keycard"
+  spec.version = Keycard::VERSION
+  spec.authors = ["Noah Botimer", "Aaron Elkiss"]
+  spec.email   = ["botimer@umich.edu", "aelkiss@umich.edu"]
+  spec.license = "BSD-3-Clause"
+
+  spec.summary = <<~SUMMARY
+    Keycard provides authentication support and user/request information,
+    especially in Rails applications.
+  SUMMARY
+  spec.homepage = "https://github.com/mlibrary/keycard"
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "mysql2"
+  spec.add_dependency "sequel"
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop", "~> 0.52"
+  spec.add_development_dependency "rubocop-rails", "~> 1.1"
+  spec.add_development_dependency "rubocop-rspec", "~> 1.16"
+  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "yard", "~> 0.9"
+end

data/lib/keycard.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "keycard/version"
+require "sequel"
+
+# All of the Keycard components are contained within this top-level module.
+module Keycard
+end
+
+require "keycard/db"
+require "keycard/railtie" if defined?(Rails)
+require "keycard/request_attributes"
+require "keycard/institution_finder"

data/lib/keycard/db.rb

@@ -0,0 +1,159 @@
+# frozen_string_literal: true
+
+require 'ostruct'
+require 'logger'
+require 'yaml'
+
+module Keycard
+  # Module for database interactions for Keycard.
+  module DB
+    # Any error with the database that Keycard itself detects but cannot handle.
+    class DatabaseError < StandardError; end
+
+    CONNECTION_ERROR = 'The Keycard database is not initialized. Call initialize! first.'
+
+    ALREADY_CONNECTED = 'Already connected; refusing to connect to another database.'
+
+    MISSING_CONFIG = <<~MSG
+      KEYCARD_DATABASE_URL and DATABASE_URL are both missing and a connection
+      has not been configured. Cannot connect to the Keycard database.
+      See Keycard::DB.connect! for help.
+    MSG
+
+    LOAD_ERROR = <<~MSG
+      Error loading Keycard database models.
+      Verify connection information and that the database is migrated.
+    MSG
+
+    SCHEMA_HEADER = "# Keycard Database Version\n"
+
+    class << self
+      # Initialize Keycard
+      #
+      # This connects to the database if it has not already happened and
+      # requires all of the Keycard model classes. It is required to do the
+      # connection setup first because of the design decision in Sequel that
+      # the schema is examined at the time of extending Sequel::Model.
+      def initialize!
+        connect! unless connected?
+        begin
+          model_files.each do |file|
+            require_relative file
+          end
+        rescue Sequel::DatabaseError, NoMethodError => e
+          raise DatabaseError, LOAD_ERROR + "\n" + e.message
+        end
+        db
+      end
+
+      # Connect to the Keycard database.
+      #
+      # The default is to use the settings under {.config}, but can be
+      # supplied here (and they will be merged into config as a side effect).
+      # The keys that will be used from either source are documented here as
+      # the options.
+      #
+      # Only one "mode" will be used; the first of these supplied will take
+      # precedence:
+      #
+      # 1. An already-connected {Sequel::Database} object
+      # 2. A connection string
+      # 3. A connection options hash
+      #
+      # While Keycard serves as a singleton, this will raise a DatabaseError
+      # if already connected. Check `connected?` if you are unsure.
+      #
+      # @see {Sequel.connect}
+      # @param [Hash] config Optional connection config
+      # @option config [String] :url A Sequel database URL
+      # @option config [Hash]   :opts A set of connection options
+      # @option config [Sequel::Database] :db An already-connected database;
+      # @return [Sequel::Database] The initialized database connection
+      def connect!(config = {})
+        raise DatabaseError, ALREADY_CONNECTED if connected?
+        merge_config!(config)
+        raise DatabaseError, MISSING_CONFIG if self.config.db.nil? && conn_opts.empty?
+
+        # We splat here because we might give one or two arguments depending
+        # on whether we have a string or not; to add our logger regardless.
+        @db = self.config.db || Sequel.connect(*conn_opts)
+      end
+
+      # Run any pending migrations.
+      # This will connect with the current config if not already conencted.
+      def migrate!
+        connect! unless connected?
+        Sequel.extension :migration
+        Sequel::Migrator.run(db, File.join(__dir__, '../../db/migrations'), table: schema_table)
+      end
+
+      def schema_table
+        :keycard_schema
+      end
+
+      def schema_file
+        'db/keycard.yml'
+      end
+
+      def dump_schema!
+        connect! unless connected?
+        version = db[schema_table].first.to_yaml
+        File.write(schema_file, SCHEMA_HEADER + version)
+      end
+
+      def load_schema!
+        connect! unless connected?
+        version = YAML.load_file(schema_file)[:version]
+        db[schema_table].delete
+        db[schema_table].insert(version: version)
+      end
+
+      def model_files
+        []
+      end
+
+      # Merge url, opts, or db settings from a hash into our config
+      def merge_config!(config = {})
+        self.config.url  = config[:url]  if config.key?(:url)
+        self.config.opts = config[:opts] if config.key?(:opts)
+        self.config.db   = config[:db]   if config.key?(:db)
+      end
+
+      def conn_opts
+        log = { logger: Logger.new('db/keycard.log') }
+        url = config.url
+        opts = config.opts
+        if url
+          [url, log]
+        elsif opts
+          [log.merge(opts)]
+        else
+          []
+        end
+      end
+
+      def config
+        @config ||= OpenStruct.new(
+          url: ENV['KEYCARD_DATABASE_URL'] || ENV['DATABASE_URL']
+        )
+      end
+
+      def connected?
+        !@db.nil?
+      end
+
+      # The Keycard database
+      # @return [Sequel::Database] The connected database; be sure to call initialize! first.
+      def db
+        raise DatabaseError, CONNECTION_ERROR unless connected?
+        @db
+      end
+
+      # Forward the Sequel::Database []-syntax down to db for convenience.
+      # Everything else must be called on db directly, but this is nice sugar.
+      def [](*args)
+        db[*args]
+      end
+    end
+  end
+end

data/lib/keycard/institution_finder.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+module Keycard
+  # looks up institution ID(s) by IP address
+  class InstitutionFinder
+    INST_QUERY = <<~SQL
+        SELECT inst FROM aa_network WHERE
+                ? >= dlpsAddressStart
+            AND ? <= dlpsAddressEnd
+            AND dlpsAccessSwitch = 'allow'
+            AND dlpsDeleted = 'f'
+            AND inst is not null
+      AND inst NOT IN
+          ( SELECT inst FROM aa_network WHERE
+            ? >= dlpsAddressStart
+            AND ? <= dlpsAddressEnd
+            AND dlpsAccessSwitch = 'deny'
+            AND dlpsDeleted = 'f' )
+    SQL
+
+    def initialize(db: Keycard::DB.db)
+      @db = db
+      @stmt = @db[INST_QUERY, *[:$client_ip] * 4].prepare(:select, :unused)
+    end
+
+    def attributes_for(request)
+      return {} unless (numeric_ip = numeric_ip(client_ip(request)))
+
+      insts = insts_for_ip(numeric_ip)
+
+      if !insts.empty?
+        { 'dlpsInstitutionId' => insts }
+      else
+        {}
+      end
+    end
+
+    private
+
+    attr_reader :stmt
+
+    def insts_for_ip(numeric_ip)
+      stmt.call(client_ip: numeric_ip).map { |row| row[:inst] }
+    end
+
+    def numeric_ip(dotted_ip)
+      return unless dotted_ip
+
+      begin
+        IPAddr.new(dotted_ip).to_i
+      rescue IPAddr::InvalidAddressError
+        nil
+      end
+    end
+
+    def client_ip(request)
+      request.get_header('X-Forwarded-For')
+    end
+  end
+end

data/lib/keycard/railtie.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+module Keycard
+  # Railtie to hook Keycard into Rails applications.
+  #
+  # This does three things at present:
+  #
+  #   1. Loads our rake tasks, so you can run keycard:migrate from the app.
+  #   2. Pulls the Rails database information off of the ActiveRecord
+  #      connection and puts it on Keycard::DB.config before any application
+  #      initializers are run.
+  #   3. Sets up the Keycard database connection after application
+  #      initializers have run, if it has not already been done and we are not
+  #      running as a Rake task. This condition is key because when we are in
+  #      rails server or console, we want to initialize!, but when we are in
+  #      a rake task to update the database, we have to let it connect, but
+  #      not initialize.
+  class Railtie < Rails::Railtie
+    railtie_name :keycard
+
+    class << self
+      # Register a callback to run before anything in 'config/initializers' runs.
+      # The block will get a reference to Keycard::DB.config as its only parameter.
+      def before_initializers(&block)
+        before_blocks << block
+      end
+
+      # Register a callback to run after anything in 'config/initializers' runs.
+      # The block will get a reference to Keycard::DB.config as its only parameter.
+      # Keycard::DB.initialize! will not have been automatically called at this
+      # point, so this is an opportunity to do so if an initializer has not.
+      def after_initializers(&block)
+        after_blocks << block
+      end
+
+      # Register a callback to run when Keycard is ready and fully initialized.
+      # This will happen once in production, and on each request in development.
+      # If you need to do something once in development, you can choose between
+      # keeping a flag or using the after_initializers.
+      def when_keycard_is_ready(&block)
+        ready_blocks << block
+      end
+
+      def before_blocks
+        @before ||= []
+      end
+
+      def after_blocks
+        @after ||= []
+      end
+
+      def ready_blocks
+        @ready ||= []
+      end
+
+      def under_rake!
+        @rake = true
+      end
+
+      def under_rake?
+        @rake ||= false
+      end
+    end
+
+    # This runs before anything in 'config/initializers' runs.
+    initializer "keycard.before_initializers", before: :load_config_initializers do
+      config = Keycard::DB.config
+      unless config.url
+        opts = ActiveRecord::Base.connection.instance_variable_get(:@config).dup
+        opts.delete(:flags)
+        config[:opts] = opts
+      end
+
+      Railtie.before_blocks.each do |block|
+        block.call(config.to_h)
+      end
+    end
+
+    # This runs after everything in 'config/initializers' runs.
+    initializer "keycard.after_initializers", after: :load_config_initializers do
+      config = Keycard::DB.config
+      Railtie.after_blocks.each do |block|
+        block.call(config.to_h)
+      end
+    end
+
+    # This runs before any block registered under a `config.to_prepare`, which
+    # could be in plugins or initializers that want to use a fully configured
+    # Keycard instance. The `to_prepare` hook is run once at the start of a
+    # production instance and for every request in development (unless caching
+    # is turned on so there is no reloading).
+    initializer "keycard.ready", after: :finisher_hook do
+      Keycard::DB.initialize! unless Railtie.under_rake?
+
+      Railtie.ready_blocks.each do |block|
+        block.call(Keycard::DB.db)
+      end
+    end
+
+    def rake_files
+      base = Pathname(__dir__) + '../tasks/'
+      [base + 'migrate.rake']
+    end
+
+    rake_tasks do
+      Railtie.under_rake!
+      rake_files.each { |file| load file }
+    end
+  end
+end

data/lib/keycard/request_attributes.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Keycard
+  # This class is responsible for extracting the user attributes (i.e. the
+  # complete set of things that determine the user's #identity), given a Rack
+  # request.
+  class RequestAttributes
+    def initialize(request, finder: InstitutionFinder.new)
+      @finder = finder
+      @request = request
+    end
+
+    def [](attr)
+      all[attr]
+    end
+
+    def all
+      finder.attributes_for(request)
+    end
+
+    private
+
+    attr_reader :finder
+    attr_reader :request
+  end
+end

data/lib/keycard/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Keycard
+  VERSION = "0.1.0"
+end

data/lib/tasks/migrate.rake

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'keycard'
+
+if defined?(Rails)
+  # When db:schema:dump is called directly, we can tack this on.
+  # If we do it unconditionally, db:migrate will try to dump before we have
+  # been able to migrate the Keycard tables.
+  if Rake.application.top_level_tasks.include?('db:schema:dump')
+    Rake::Task['db:schema:dump'].enhance do
+      Rake::Task['keycard:schema:dump'].invoke
+    end
+  end
+
+  # Run our schema load to make sure that the version number is stored in
+  # schema_info, so migrations don't try to double-run. The actual table
+  # structure is handled by the Rails schema:dump and schema:load.
+  # A db:setup will trigger this, so we don't have to handle it separately.
+  Rake::Task['db:schema:load'].enhance do
+    Rake::Task['keycard:schema:load'].invoke
+  end
+
+  # We hook into db:migrate for convenience.
+  Rake::Task['db:migrate'].enhance do
+    Rake::Task['keycard:migrate'].invoke
+  end
+
+end
+
+namespace :keycard do
+  desc "Migrate the Keycard database to the latest version"
+  task :migrate do
+    if defined?(Rails)
+      # Load the 'environment', which does the full Rails initialization.
+      # The Railtie is smart enough to know whether we are in a Rake task,
+      # so it can avoid initializing and we can migrate safely before the
+      # models are loaded.
+      Rake::Task['environment'].invoke
+    end
+
+    # After migrating, we initialize here, even though it isn't strictly
+    # necessary, but it will ensure that migration does a small sanity check
+    # that at least all of the tables expected by model classes exist.
+    Keycard::DB.migrate!
+    Keycard::DB.initialize!
+  end
+
+  # We don't bother defining the schema:dump and schema:load tasks if we're
+  # not running under Rails. They exist only to cooperate with the dumps done
+  # by Rails, since schema.rb includes any Keycard tables in the same
+  # database as the application -- a convenient default mode.
+  if defined?(Rails)
+    namespace :schema do
+      desc "Dump the Keycard version to db/keycard.yml"
+      task :dump do
+        Rake::Task['environment'].invoke
+        Keycard::DB.dump_schema!
+      end
+
+      desc "Load the Keycard version from db/keycard.yml"
+      task :load do
+        Rake::Task['environment'].invoke
+        Keycard::DB.load_schema!
+      end
+
+      # When running under Rails, we dump the schema after migrating so
+      # everything stays synced up for db:setup against a new database.
+      # Rake::Task['keycard:schema:dump'].invoke
+      Rake::Task['keycard:migrate'].enhance do
+        Rake::Task['keycard:schema:dump'].invoke
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,235 @@
+--- !ruby/object:Gem::Specification
+name: keycard
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Noah Botimer
+- Aaron Elkiss
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-03-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.52'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.52'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: 
+email:
+- botimer@umich.edu
+- aelkiss@umich.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".envrc"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE.md
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- db/migrations/1_create_tables.rb
+- keycard.gemspec
+- lib/keycard.rb
+- lib/keycard/db.rb
+- lib/keycard/institution_finder.rb
+- lib/keycard/railtie.rb
+- lib/keycard/request_attributes.rb
+- lib/keycard/version.rb
+- lib/tasks/migrate.rake
+homepage: https://github.com/mlibrary/keycard
+licenses:
+- BSD-3-Clause
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Keycard provides authentication support and user/request information, especially
+  in Rails applications.
+test_files: []