keyper 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ca507246830d7b92ea2613584e66ac99c14894b2
+  data.tar.gz: f0527aa75dfe5753902c530a218afd5d6b5123ed
+SHA512:
+  metadata.gz: 9c1aeca8bfe2477853465b72f33fe912732fdfa841355095e1c7230d1d09e330b61d47550050d32bb3451f03abe90c0a49f2298f8c0ebfcc76868c8c1239e9f6
+  data.tar.gz: 8cdffbdf880e7760263ace646a97ab85f0cf28e60a6dc32a0f7f2e5a5d566ca344d63634d0d8f3a85dacfac979df85efd919fd54e7771432deca53ad80b5b367

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Greg Woods
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,97 @@
+# Keyper
+
+This engine adds basic API functionality to a Ruby on Rails application. It enables mobile apps to login to your web service, request a set of API credentials, and then authenticate subsequent requests with key and secret headers.
+
+## Compatibility
+
+Keyper has been built with common Rails authentication practices in mind, and can work well with tools such as [has_secure_password](http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password) or [Authlogic](https://github.com/binarylogic/authlogic).
+
+Broadly speaking, Keyper assumes your application has `User` and `UserSession` models, as well as the following controller methods:
+
+- `require_user`
+- `current_user`
+- `current_user_session`
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'keyper'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install keyper
+```
+
+## Usage
+
+Mount the engine in our application's `routes.rb` file. This will determine the base path for API login.
+
+```ruby
+Rails.application.routes.draw do
+  mount Keyper::Engine => "/api"
+end
+```
+
+API key authentication is not enabled globally. Instead, you should include the `Keyper::ApiKeyAuthentication` module selectively in any controllers you wish to expose.
+
+```ruby
+class ProtectedStuffController < ApplicationController
+  include Keyper::ApiKeyAuthentication
+  before_action :require_user
+end
+```
+
+You can then optionally configure the engine, or leave it at the [default settings](lib/keyper/configuration.rb).
+
+```ruby
+Keyper.configure do |config|
+  config.invalidate_keys_on_password_change = true
+  config.attribute_refresh_interval = 1.minute
+end
+```
+
+## Authentication
+
+Your mobile application should first attempt to create an API key. Make a POST request to the `/api/api_keys` endpoint, passing `:username` and `:password` parameters.
+
+```
+curl -X POST -F 'user_session[username]=username' -F 'user_session[password]=password' http://localhost:3000/api/api_keys
+```
+
+Sample response:
+
+```json
+{
+  "api_key":"06e374a582721189a58192413190600a",
+  "api_secret":"6240aa5521b44041d6a6874bf1001852"
+}
+```
+
+Store those values securely in your application. You can then make authenticated requests by passing those values as `Api-Key` and `Api-Secret` headers, respectively.
+
+```
+curl --header "Api-Key: 06e374a582721189a58192413190600a" --header "Api-Secret: 6240aa5521b44041d6a6874bf1001852"  http://localhost:3000/protected_stuff
+```
+
+You can hit the `/api/api_keys/check` endpoint to quickly check the validity of your keys. A 200 response means your keys are good.
+
+```
+curl --header "Api-Key: 06e374a582721189a58192413190600a" --header "Api-Secret: 6240aa5521b44041d6a6874bf1001852"  http://localhost:3000/api/api_keys/check
+```
+
+When your user logs out, it is a good idea to delete the associated API key. You can do that by making a DELETE request. Pass the key and secret headers as you normally would, then specify which key you wish to delete in the restful url parameter.
+
+```
+curl -X DELETE \
+  --header "Api-Key: 06e374a582721189a58192413190600a" \
+  --header "Api-Secret: 6240aa5521b44041d6a6874bf1001852"  \
+  http://localhost:3000/api/api_keys/06e374a582721189a58192413190600a
+```

data/Rakefile

@@ -0,0 +1,33 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Keyper'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/tb_apis_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/keyper .js
+//= link_directory ../stylesheets/keyper .css

data/app/assets/javascripts/tb_api_keys/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/tb_api_keys/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/concerns/keyper/api_key_authentication.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module Keyper::ApiKeyAuthentication
+  extend ActiveSupport::Concern
+
+  API_KEY = 'Api-Key'
+  API_SECRET = 'Api-Secret'
+
+  # Override the default current_user functionality
+  #
+  def current_user
+    return @current_user if defined?(@current_user)
+    @current_user = if passed_api_keys?
+                      authenticate_with_api_keys
+                    elsif current_user_session && current_user_session.record
+                      current_user_session.record
+                    end
+  end
+
+  private
+
+  # True if the api key headers are present
+  #
+  def passed_api_keys?
+    request.headers.key?(API_KEY) && request.headers.key?(API_SECRET)
+  end
+
+  # Check the validity of the keys
+  #
+  def authenticate_with_api_keys
+    key = Keyper::ApiKey.find_by(api_key: request.headers[API_KEY])
+    unless key && key.authenticate(request.headers[API_SECRET])
+      raise Keyper::ApiKeyError, I18n.t(:api_key, scope: [:keyper, :errors])
+    end
+    if key.should_update_attributes?
+      key.update(
+        last_used_at: Time.zone.now,
+        last_used_ip: request.remote_ip,
+        last_used_ua: request.user_agent
+      )
+    end
+    key.user
+  end
+end

data/app/controllers/keyper/api_keys_controller.rb

@@ -0,0 +1,62 @@
+class Keyper::ApiKeysController < ApplicationController
+  include Keyper::ApiKeyAuthentication
+  before_action :require_user, except: [:create, :check]
+  skip_before_action :verify_authenticity_token
+
+  respond_to :json if defined?(ActionController::Responder)
+
+  def index
+    @api_keys = Keyper::ApiKey.where(user: current_user).map do |api_key|
+      {
+        api_key: api_key.api_key,
+        last_used_at: api_key.last_used_at
+      }
+    end
+    render json: @api_keys
+  end
+
+  def create
+    authentication = Keyper::Authentication.new(user_session_params)
+    if authentication.valid?
+      @api_key = Keyper::ApiKey.create(user: authentication.user)
+      render json: {
+        api_key: @api_key.api_key,
+        api_secret: @api_key.password
+      }
+    elsif defined?(ActionController::Responder)
+      respond_with authentication
+    else
+      render json: {
+        errors: authentication.errors
+      }, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    @api_key = Keyper::ApiKey.find_by!(
+      api_key: params[:id],
+      user: current_user
+    )
+    @api_key.destroy
+    head :ok
+  end
+
+  def check
+    key = Keyper::ApiKey.find_by(api_key: check_api_key_params[:api_key])
+    if key.present? && key.authenticate(check_api_key_params[:api_secret])
+      head :ok
+    else
+      head :unauthorized
+    end
+  end
+
+  private
+
+  def user_session_params
+    params.require(:user_session).permit(:username, :password)
+  end
+
+  def check_api_key_params
+    params.require(:api_key).permit(:api_key, :api_secret)
+  end
+end

data/app/controllers/keyper/application_controller.rb

@@ -0,0 +1,5 @@
+module Keyper
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+  end
+end

data/app/helpers/keyper/application_helper.rb

@@ -0,0 +1,4 @@
+module Keyper
+  module ApplicationHelper
+  end
+end

data/app/jobs/keyper/application_job.rb

@@ -0,0 +1,4 @@
+module Keyper
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/keyper/application_mailer.rb

@@ -0,0 +1,6 @@
+module Keyper
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/application_record.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

data/app/models/concerns/keyper/has_api_keys.rb

@@ -0,0 +1,23 @@
+module Keyper::HasApiKeys
+  extend ActiveSupport::Concern
+
+  included do
+    has_many :api_keys, class_name: 'Keyper::ApiKey', foreign_key: :user_id, dependent: :destroy
+    before_update :invalidate_api_keys
+  end
+
+  private
+
+  def invalidate_api_keys
+    return unless Keyper.invalidate_keys_on_password_change
+    method_candidates = [
+      :password_digest_changed?, :password_changed?
+    ]
+    method_candidates.each do |method|
+      if respond_to?(method, true) && send(method)
+        api_keys.destroy_all
+        break
+      end
+    end
+  end
+end

data/app/models/keyper/api_key.rb

@@ -0,0 +1,25 @@
+module Keyper
+  class ApiKey < ApplicationRecord
+    self.table_name = :keyper_api_keys
+    has_secure_password
+    belongs_to :user,
+      class_name: Keyper.user_class_name
+
+    before_validation :generate_api_key_and_secret, on: :create
+    validates :api_key, :user, presence: true
+
+    def should_update_attributes?
+      return last_used_at.nil? || last_used_at < Keyper.attribute_refresh_interval.ago
+    end
+
+    private
+
+    def generate_api_key_and_secret
+      self.api_key = loop do
+        key = SecureRandom.hex(16)
+        break key unless Keyper::ApiKey.exists?(api_key: key)
+      end
+      self.password = SecureRandom.hex(16)
+    end
+  end
+end

data/app/models/keyper/authentication.rb

@@ -0,0 +1,30 @@
+module Keyper
+  class Authentication
+    include ActiveModel::Model
+
+    attr_accessor :user, :username, :password
+    validates :username, :password, presence: true
+    validate :username_and_password_are_correct
+
+    def username_and_password_are_correct
+      user_class = Object.const_get(Keyper.user_class_name)
+      @user = user_class.find_by(
+        Keyper.user_finder_field => @username
+      )
+      unless @user && user_authenticated?(@user, password)
+        errors.add(:base, I18n.t(:login_failed, scope: [:keyper, :errors]))
+        false
+      end
+    end
+
+    def user_authenticated?(user, password)
+      method_candidates = [
+        :valid_password?, :authenticate
+      ]
+      method_candidates.each do |method|
+        return true if user.respond_to?(method) && user.send(method, password)
+      end
+      return false
+    end
+  end
+end

data/config/locales/en.yml

@@ -0,0 +1,5 @@
+en:
+  keyper:
+    errors:
+      api_key: The passed API key and secret combination is not valid
+      login_failed: Username or password are incorrect

data/config/routes.rb

@@ -0,0 +1,7 @@
+Keyper::Engine.routes.draw do
+  scope module: :keyper do
+    resources :api_keys, only: [:index, :create, :destroy] do
+      post :check, on: :collection
+    end
+  end
+end

data/db/migrate/20161025210140_create_keyper_api_keys.rb

@@ -0,0 +1,14 @@
+class CreateKeyperApiKeys < ActiveRecord::Migration[5.0]
+  def change
+    create_table :keyper_api_keys do |t|
+      t.references :user, foreign_key: false
+      t.string :api_key, null: false
+      t.index :api_key, unique: true
+      t.string :password_digest, null: false
+      t.datetime :last_used_at
+      t.string :last_used_ip
+      t.string :last_used_ua
+      t.timestamps
+    end
+  end
+end

data/lib/keyper.rb

@@ -0,0 +1,6 @@
+require 'keyper/engine'
+
+module Keyper
+  require 'keyper/configuration'
+  require 'keyper/errors'
+end

data/lib/keyper/configuration.rb

@@ -0,0 +1,17 @@
+module Keyper
+  include ActiveSupport::Configurable
+  config_accessor :user_class_name, :user_finder_field,
+    :invalidate_keys_on_password_change, :attribute_refresh_interval
+
+  # The class name of your User model
+  self.user_class_name = 'User'.freeze
+
+  # What field should we use in the finder
+  self.user_finder_field = :username
+
+  # If true, api keys will be destroyed any time the user changes their password
+  self.invalidate_keys_on_password_change = true
+
+  # How often should we update the api key tracking attributes
+  self.attribute_refresh_interval = 1.minute
+end

data/lib/keyper/engine.rb

@@ -0,0 +1,27 @@
+require 'bcrypt'
+
+module Keyper
+  class Engine < ::Rails::Engine
+    engine_name 'keyper'
+    # isolate_namespace Keyper
+    # config.autoload_paths += Dir["#{config.root}/lib/**/"]
+
+    config.generators do |g|
+      g.test_framework :rspec, fixture: false
+      g.fixture_replacement :factory_girl, dir: 'spec/factories'
+      g.assets false
+      g.helper true
+    end
+
+    initializer 'keyper.filter_parameters' do
+      Rails.application.config.filter_parameters += [:api_secret]
+    end
+
+    initializer 'keyper.models' do |_config|
+      ActiveSupport.on_load(:active_record) do
+        user_class = Object.const_get(Keyper.user_class_name)
+        user_class.send :include, Keyper::HasApiKeys
+      end
+    end
+  end
+end

data/lib/keyper/errors.rb

@@ -0,0 +1,3 @@
+class Keyper::ApiKeyError < StandardError
+
+end

data/lib/keyper/version.rb

@@ -0,0 +1,3 @@
+module Keyper
+  VERSION = '0.1.0'.freeze
+end

data/lib/tasks/keyper_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :keyper do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,187 @@
+--- !ruby/object:Gem::Specification
+name: keyper
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Greg Woods
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0.1
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.15'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Add API keys to a Ruby on Rails application
+email:
+- greg.woods@moserit.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/tb_apis_manifest.js
+- app/assets/javascripts/tb_api_keys/application.js
+- app/assets/stylesheets/tb_api_keys/application.css
+- app/controllers/concerns/keyper/api_key_authentication.rb
+- app/controllers/keyper/api_keys_controller.rb
+- app/controllers/keyper/application_controller.rb
+- app/helpers/keyper/application_helper.rb
+- app/jobs/keyper/application_job.rb
+- app/mailers/keyper/application_mailer.rb
+- app/models/application_record.rb
+- app/models/concerns/keyper/has_api_keys.rb
+- app/models/keyper/api_key.rb
+- app/models/keyper/authentication.rb
+- config/locales/en.yml
+- config/routes.rb
+- db/migrate/20161025210140_create_keyper_api_keys.rb
+- lib/keyper.rb
+- lib/keyper/configuration.rb
+- lib/keyper/engine.rb
+- lib/keyper/errors.rb
+- lib/keyper/version.rb
+- lib/tasks/keyper_tasks.rake
+homepage: https://github.com/moser-inc/keyper
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Add API keys to a Ruby on Rails application
+test_files: []