mauth-client 6.4.3 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +6 -3
- data/.ruby-version +1 -1
- data/.travis.yml +7 -5
- data/Appraisals +1 -1
- data/CHANGELOG.md +8 -0
- data/Gemfile +16 -0
- data/README.md +78 -29
- data/Rakefile +20 -12
- data/UPGRADE_GUIDE.md +21 -0
- data/doc/mauth-client_CLI.md +1 -11
- data/examples/Gemfile +0 -1
- data/examples/README.md +14 -13
- data/examples/get_country_info.rb +44 -0
- data/exe/mauth-client +1 -23
- data/gemfiles/faraday_0.x.gemfile +17 -1
- data/gemfiles/faraday_1.x.gemfile +16 -0
- data/gemfiles/faraday_2.x.gemfile +16 -0
- data/lib/mauth/client/{local_authenticator.rb → authenticator.rb} +124 -3
- data/lib/mauth/client/security_token_cacher.rb +1 -1
- data/lib/mauth/client.rb +13 -99
- data/lib/mauth/config_env.rb +84 -0
- data/lib/mauth/version.rb +1 -1
- data/mauth-client.gemspec +1 -16
- metadata +7 -216
- data/doc/mauth.yml.md +0 -84
- data/examples/Gemfile.lock +0 -69
- data/examples/config.yml +0 -12
- data/examples/get_user_info.rb +0 -58
- data/lib/mauth/client/authenticator_base.rb +0 -133
- data/lib/mauth/client/remote_authenticator.rb +0 -85
- data/lib/mauth/dice_bag/mauth.rb.dice +0 -12
- data/lib/mauth/dice_bag/mauth.yml.dice +0 -18
- data/lib/mauth/dice_bag/mauth_key.dice +0 -1
- data/lib/mauth/dice_bag/mauth_templates.rb +0 -21
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mauth-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 7.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matthew Szenher
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: exe
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2023-05-24 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: addressable
|
@@ -41,26 +41,6 @@ dependencies:
|
|
41
41
|
- - "~>"
|
42
42
|
- !ruby/object:Gem::Version
|
43
43
|
version: '1.0'
|
44
|
-
- !ruby/object:Gem::Dependency
|
45
|
-
name: dice_bag
|
46
|
-
requirement: !ruby/object:Gem::Requirement
|
47
|
-
requirements:
|
48
|
-
- - ">="
|
49
|
-
- !ruby/object:Gem::Version
|
50
|
-
version: '0.9'
|
51
|
-
- - "<"
|
52
|
-
- !ruby/object:Gem::Version
|
53
|
-
version: '2.0'
|
54
|
-
type: :runtime
|
55
|
-
prerelease: false
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
requirements:
|
58
|
-
- - ">="
|
59
|
-
- !ruby/object:Gem::Version
|
60
|
-
version: '0.9'
|
61
|
-
- - "<"
|
62
|
-
- !ruby/object:Gem::Version
|
63
|
-
version: '2.0'
|
64
44
|
- !ruby/object:Gem::Dependency
|
65
45
|
name: faraday
|
66
46
|
requirement: !ruby/object:Gem::Requirement
|
@@ -129,188 +109,6 @@ dependencies:
|
|
129
109
|
- - "~>"
|
130
110
|
- !ruby/object:Gem::Version
|
131
111
|
version: '1.0'
|
132
|
-
- !ruby/object:Gem::Dependency
|
133
|
-
name: appraisal
|
134
|
-
requirement: !ruby/object:Gem::Requirement
|
135
|
-
requirements:
|
136
|
-
- - ">="
|
137
|
-
- !ruby/object:Gem::Version
|
138
|
-
version: '0'
|
139
|
-
type: :development
|
140
|
-
prerelease: false
|
141
|
-
version_requirements: !ruby/object:Gem::Requirement
|
142
|
-
requirements:
|
143
|
-
- - ">="
|
144
|
-
- !ruby/object:Gem::Version
|
145
|
-
version: '0'
|
146
|
-
- !ruby/object:Gem::Dependency
|
147
|
-
name: benchmark-ips
|
148
|
-
requirement: !ruby/object:Gem::Requirement
|
149
|
-
requirements:
|
150
|
-
- - "~>"
|
151
|
-
- !ruby/object:Gem::Version
|
152
|
-
version: '2.7'
|
153
|
-
type: :development
|
154
|
-
prerelease: false
|
155
|
-
version_requirements: !ruby/object:Gem::Requirement
|
156
|
-
requirements:
|
157
|
-
- - "~>"
|
158
|
-
- !ruby/object:Gem::Version
|
159
|
-
version: '2.7'
|
160
|
-
- !ruby/object:Gem::Dependency
|
161
|
-
name: bundler
|
162
|
-
requirement: !ruby/object:Gem::Requirement
|
163
|
-
requirements:
|
164
|
-
- - ">="
|
165
|
-
- !ruby/object:Gem::Version
|
166
|
-
version: '1.17'
|
167
|
-
type: :development
|
168
|
-
prerelease: false
|
169
|
-
version_requirements: !ruby/object:Gem::Requirement
|
170
|
-
requirements:
|
171
|
-
- - ">="
|
172
|
-
- !ruby/object:Gem::Version
|
173
|
-
version: '1.17'
|
174
|
-
- !ruby/object:Gem::Dependency
|
175
|
-
name: byebug
|
176
|
-
requirement: !ruby/object:Gem::Requirement
|
177
|
-
requirements:
|
178
|
-
- - ">="
|
179
|
-
- !ruby/object:Gem::Version
|
180
|
-
version: '0'
|
181
|
-
type: :development
|
182
|
-
prerelease: false
|
183
|
-
version_requirements: !ruby/object:Gem::Requirement
|
184
|
-
requirements:
|
185
|
-
- - ">="
|
186
|
-
- !ruby/object:Gem::Version
|
187
|
-
version: '0'
|
188
|
-
- !ruby/object:Gem::Dependency
|
189
|
-
name: rack-test
|
190
|
-
requirement: !ruby/object:Gem::Requirement
|
191
|
-
requirements:
|
192
|
-
- - "~>"
|
193
|
-
- !ruby/object:Gem::Version
|
194
|
-
version: 1.1.0
|
195
|
-
type: :development
|
196
|
-
prerelease: false
|
197
|
-
version_requirements: !ruby/object:Gem::Requirement
|
198
|
-
requirements:
|
199
|
-
- - "~>"
|
200
|
-
- !ruby/object:Gem::Version
|
201
|
-
version: 1.1.0
|
202
|
-
- !ruby/object:Gem::Dependency
|
203
|
-
name: rake
|
204
|
-
requirement: !ruby/object:Gem::Requirement
|
205
|
-
requirements:
|
206
|
-
- - "~>"
|
207
|
-
- !ruby/object:Gem::Version
|
208
|
-
version: '12.0'
|
209
|
-
type: :development
|
210
|
-
prerelease: false
|
211
|
-
version_requirements: !ruby/object:Gem::Requirement
|
212
|
-
requirements:
|
213
|
-
- - "~>"
|
214
|
-
- !ruby/object:Gem::Version
|
215
|
-
version: '12.0'
|
216
|
-
- !ruby/object:Gem::Dependency
|
217
|
-
name: rspec
|
218
|
-
requirement: !ruby/object:Gem::Requirement
|
219
|
-
requirements:
|
220
|
-
- - "~>"
|
221
|
-
- !ruby/object:Gem::Version
|
222
|
-
version: '3.8'
|
223
|
-
type: :development
|
224
|
-
prerelease: false
|
225
|
-
version_requirements: !ruby/object:Gem::Requirement
|
226
|
-
requirements:
|
227
|
-
- - "~>"
|
228
|
-
- !ruby/object:Gem::Version
|
229
|
-
version: '3.8'
|
230
|
-
- !ruby/object:Gem::Dependency
|
231
|
-
name: rubocop
|
232
|
-
requirement: !ruby/object:Gem::Requirement
|
233
|
-
requirements:
|
234
|
-
- - '='
|
235
|
-
- !ruby/object:Gem::Version
|
236
|
-
version: 1.25.1
|
237
|
-
type: :development
|
238
|
-
prerelease: false
|
239
|
-
version_requirements: !ruby/object:Gem::Requirement
|
240
|
-
requirements:
|
241
|
-
- - '='
|
242
|
-
- !ruby/object:Gem::Version
|
243
|
-
version: 1.25.1
|
244
|
-
- !ruby/object:Gem::Dependency
|
245
|
-
name: rubocop-mdsol
|
246
|
-
requirement: !ruby/object:Gem::Requirement
|
247
|
-
requirements:
|
248
|
-
- - "~>"
|
249
|
-
- !ruby/object:Gem::Version
|
250
|
-
version: '0.1'
|
251
|
-
type: :development
|
252
|
-
prerelease: false
|
253
|
-
version_requirements: !ruby/object:Gem::Requirement
|
254
|
-
requirements:
|
255
|
-
- - "~>"
|
256
|
-
- !ruby/object:Gem::Version
|
257
|
-
version: '0.1'
|
258
|
-
- !ruby/object:Gem::Dependency
|
259
|
-
name: rubocop-performance
|
260
|
-
requirement: !ruby/object:Gem::Requirement
|
261
|
-
requirements:
|
262
|
-
- - '='
|
263
|
-
- !ruby/object:Gem::Version
|
264
|
-
version: 1.13.2
|
265
|
-
type: :development
|
266
|
-
prerelease: false
|
267
|
-
version_requirements: !ruby/object:Gem::Requirement
|
268
|
-
requirements:
|
269
|
-
- - '='
|
270
|
-
- !ruby/object:Gem::Version
|
271
|
-
version: 1.13.2
|
272
|
-
- !ruby/object:Gem::Dependency
|
273
|
-
name: simplecov
|
274
|
-
requirement: !ruby/object:Gem::Requirement
|
275
|
-
requirements:
|
276
|
-
- - "~>"
|
277
|
-
- !ruby/object:Gem::Version
|
278
|
-
version: '0.16'
|
279
|
-
type: :development
|
280
|
-
prerelease: false
|
281
|
-
version_requirements: !ruby/object:Gem::Requirement
|
282
|
-
requirements:
|
283
|
-
- - "~>"
|
284
|
-
- !ruby/object:Gem::Version
|
285
|
-
version: '0.16'
|
286
|
-
- !ruby/object:Gem::Dependency
|
287
|
-
name: timecop
|
288
|
-
requirement: !ruby/object:Gem::Requirement
|
289
|
-
requirements:
|
290
|
-
- - "~>"
|
291
|
-
- !ruby/object:Gem::Version
|
292
|
-
version: '0.9'
|
293
|
-
type: :development
|
294
|
-
prerelease: false
|
295
|
-
version_requirements: !ruby/object:Gem::Requirement
|
296
|
-
requirements:
|
297
|
-
- - "~>"
|
298
|
-
- !ruby/object:Gem::Version
|
299
|
-
version: '0.9'
|
300
|
-
- !ruby/object:Gem::Dependency
|
301
|
-
name: webmock
|
302
|
-
requirement: !ruby/object:Gem::Requirement
|
303
|
-
requirements:
|
304
|
-
- - "~>"
|
305
|
-
- !ruby/object:Gem::Version
|
306
|
-
version: '3.0'
|
307
|
-
type: :development
|
308
|
-
prerelease: false
|
309
|
-
version_requirements: !ruby/object:Gem::Requirement
|
310
|
-
requirements:
|
311
|
-
- - "~>"
|
312
|
-
- !ruby/object:Gem::Version
|
313
|
-
version: '3.0'
|
314
112
|
description: Client for signing and authentication of requests and responses with
|
315
113
|
mAuth authentication. Includes middleware for Rack and Faraday for incoming and
|
316
114
|
outgoing requests and responses.
|
@@ -337,15 +135,13 @@ files:
|
|
337
135
|
- LICENSE.txt
|
338
136
|
- README.md
|
339
137
|
- Rakefile
|
138
|
+
- UPGRADE_GUIDE.md
|
340
139
|
- doc/implementations.md
|
341
140
|
- doc/mauth-client_CLI.md
|
342
141
|
- doc/mauth-proxy.md
|
343
|
-
- doc/mauth.yml.md
|
344
142
|
- examples/Gemfile
|
345
|
-
- examples/Gemfile.lock
|
346
143
|
- examples/README.md
|
347
|
-
- examples/
|
348
|
-
- examples/get_user_info.rb
|
144
|
+
- examples/get_country_info.rb
|
349
145
|
- examples/mauth_key
|
350
146
|
- exe/mauth-client
|
351
147
|
- exe/mauth-proxy
|
@@ -355,16 +151,11 @@ files:
|
|
355
151
|
- lib/mauth-client.rb
|
356
152
|
- lib/mauth/autoload.rb
|
357
153
|
- lib/mauth/client.rb
|
358
|
-
- lib/mauth/client/
|
359
|
-
- lib/mauth/client/local_authenticator.rb
|
360
|
-
- lib/mauth/client/remote_authenticator.rb
|
154
|
+
- lib/mauth/client/authenticator.rb
|
361
155
|
- lib/mauth/client/security_token_cacher.rb
|
362
156
|
- lib/mauth/client/signer.rb
|
157
|
+
- lib/mauth/config_env.rb
|
363
158
|
- lib/mauth/core_ext.rb
|
364
|
-
- lib/mauth/dice_bag/mauth.rb.dice
|
365
|
-
- lib/mauth/dice_bag/mauth.yml.dice
|
366
|
-
- lib/mauth/dice_bag/mauth_key.dice
|
367
|
-
- lib/mauth/dice_bag/mauth_templates.rb
|
368
159
|
- lib/mauth/errors.rb
|
369
160
|
- lib/mauth/fake/rack.rb
|
370
161
|
- lib/mauth/faraday.rb
|
@@ -388,7 +179,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
388
179
|
requirements:
|
389
180
|
- - ">="
|
390
181
|
- !ruby/object:Gem::Version
|
391
|
-
version: 2.
|
182
|
+
version: 2.7.0
|
392
183
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
393
184
|
requirements:
|
394
185
|
- - ">="
|
data/doc/mauth.yml.md
DELETED
@@ -1,84 +0,0 @@
|
|
1
|
-
# mauth.yml
|
2
|
-
|
3
|
-
The conventional way to configure MAuth-Client for your project is through a YAML file which lives in your project at `config/mauth.yml`.
|
4
|
-
It is keyed on environment, and for the most part its contents are passed directly to instantiate an MAuth::Client.
|
5
|
-
See the documentation for [MAuth::Client#initialize](../lib/mauth/client.rb) for more details of what it accepts.
|
6
|
-
|
7
|
-
## Generating keys
|
8
|
-
|
9
|
-
To generate a private key (`mauth_key`) and its public counterpart (`mauth_key.pub`) run:
|
10
|
-
|
11
|
-
```
|
12
|
-
openssl genrsa -out mauth_key 2048
|
13
|
-
openssl rsa -in mauth_key -pubout -out mauth_key.pub
|
14
|
-
```
|
15
|
-
|
16
|
-
## Format
|
17
|
-
|
18
|
-
```yaml
|
19
|
-
common: &common
|
20
|
-
mauth_baseurl: https://mauth-innovate.imedidata.com
|
21
|
-
mauth_api_version: v1
|
22
|
-
app_uuid: 123we997-0333-44d8-8fCf-5dd555c5bd51
|
23
|
-
private_key: |
|
24
|
-
-----BEGIN RSA PRIVATE KEY-----
|
25
|
-
AIIEowIBAAKCAQEAwLYWYcKrCAl7uWVlkwzBcBXRiRREqGYLXEnRGgDrlqbY+lDg
|
26
|
-
gwMNga3ylckui/rTUZhtefx1MLtxgnTGiil45eleoJgjdfsOO5yXzUA46KW0cuL4
|
27
|
-
...
|
28
|
-
oEKe4QKBgFNbVJp3Zut83MzpN4Zu7/wZ/+q9ds9WMMxWb4hUugKQTPjsgj+8tCqa
|
29
|
-
SIY2exfsy7Y8NoOnBPlGiXKhgaF21T8kqV9C7R6OAuP0U6CgMJnINx/UjozvBENH
|
30
|
-
Ux45QdvRd6vai8nHp7AgV7rr55SxXAZVgATll84uBUpfpmC6YK/j
|
31
|
-
-----END RSA PRIVATE KEY-----
|
32
|
-
v2_only_authenticate: false
|
33
|
-
v2_only_sign_requests: false
|
34
|
-
disable_fallback_to_v1_on_v2_failure: true
|
35
|
-
|
36
|
-
production:
|
37
|
-
<<: *common
|
38
|
-
development:
|
39
|
-
<<: *common
|
40
|
-
test:
|
41
|
-
<<: *common
|
42
|
-
```
|
43
|
-
|
44
|
-
Optionally you can load the private key from a file:
|
45
|
-
|
46
|
-
```yaml
|
47
|
-
common: &common
|
48
|
-
mauth_baseurl: https://mauth-innovate.imedidata.com
|
49
|
-
mauth_api_version: v1
|
50
|
-
app_uuid: 123we997-0333-44d8-8fCf-5dd555c5bd51
|
51
|
-
private_key_file: config/my_mauth_private.key
|
52
|
-
v2_only_authenticate: false
|
53
|
-
v2_only_sign_requests: false
|
54
|
-
disable_fallback_to_v1_on_v2_failure: true
|
55
|
-
v1_only_sign_requests: false
|
56
|
-
|
57
|
-
production:
|
58
|
-
<<: *common
|
59
|
-
development:
|
60
|
-
<<: *common
|
61
|
-
test:
|
62
|
-
<<: *common
|
63
|
-
```
|
64
|
-
|
65
|
-
## Configuration options
|
66
|
-
|
67
|
-
- `private_key` - Required for signing and for authenticating responses. May be omitted if only remote authentication of requests is being performed.
|
68
|
-
- `private_key_file` - May be used instead of `private_key`, mauth-client will load the file instead.
|
69
|
-
- `app_uuid` - Required in the same circumstances where a `private_key` is required.
|
70
|
-
- `mauth_baseurl` - Required for authentication but not for signing. Needed for local authentication to retrieve public keys and for remote authentication. Usually this is `https://mauth.imedidata.com` for production.
|
71
|
-
- `mauth_api_version` - Required for authentication but not for signing. only `v1` exists as of this writing.
|
72
|
-
- `v2_only_sign_requests` - If true, all outgoing requests will be signed with only the V2 protocol. Defaults to false.
|
73
|
-
- `v2_only_authenticate` - If true, any incoming request or incoming response that does not use the V2 protocol will be rejected. Defaults to false.
|
74
|
-
- `disable_fallback_to_v1_on_v2_failure` - If true, any incoming V2 requests that fail authentication will not fall back to V1 authentication. Defaults to false.
|
75
|
-
- `v1_only_sign_requests` - If true, all outgoing requests will be signed with only the V1 protocol. Defaults to true. Note, cannot be `true` if `v2_only_sign_requests` is also `true`.
|
76
|
-
|
77
|
-
## Usage in your application
|
78
|
-
|
79
|
-
Load mauth.yml, merge in any other configuration that is needed for your usage, and pass the config along to instantiate a `MAuth::Client` or a middleware.
|
80
|
-
See the [README](../README.md) for more detail.
|
81
|
-
|
82
|
-
## Usage in MAuth-Client executables (mauth-client, mauth-proxy)
|
83
|
-
|
84
|
-
See the [MAuth-Client CLI Tool doc](./mauth-client_CLI.md#configuration).
|
data/examples/Gemfile.lock
DELETED
@@ -1,69 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: ..
|
3
|
-
specs:
|
4
|
-
mauth-client (6.4.3)
|
5
|
-
addressable (~> 2.0)
|
6
|
-
coderay (~> 1.0)
|
7
|
-
dice_bag (>= 0.9, < 2.0)
|
8
|
-
faraday (>= 0.9, < 3.0)
|
9
|
-
faraday-http-cache (>= 2.0, < 3.0)
|
10
|
-
rack (> 2.2.3)
|
11
|
-
term-ansicolor (~> 1.0)
|
12
|
-
|
13
|
-
GEM
|
14
|
-
remote: https://rubygems.org/
|
15
|
-
specs:
|
16
|
-
addressable (2.8.1)
|
17
|
-
public_suffix (>= 2.0.2, < 6.0)
|
18
|
-
coderay (1.1.3)
|
19
|
-
dice_bag (1.6.1)
|
20
|
-
diff-lcs (~> 1.0)
|
21
|
-
rake
|
22
|
-
thor (< 2.0)
|
23
|
-
diff-lcs (1.5.0)
|
24
|
-
faraday (1.10.2)
|
25
|
-
faraday-em_http (~> 1.0)
|
26
|
-
faraday-em_synchrony (~> 1.0)
|
27
|
-
faraday-excon (~> 1.1)
|
28
|
-
faraday-httpclient (~> 1.0)
|
29
|
-
faraday-multipart (~> 1.0)
|
30
|
-
faraday-net_http (~> 1.0)
|
31
|
-
faraday-net_http_persistent (~> 1.0)
|
32
|
-
faraday-patron (~> 1.0)
|
33
|
-
faraday-rack (~> 1.0)
|
34
|
-
faraday-retry (~> 1.0)
|
35
|
-
ruby2_keywords (>= 0.0.4)
|
36
|
-
faraday-em_http (1.0.0)
|
37
|
-
faraday-em_synchrony (1.0.0)
|
38
|
-
faraday-excon (1.1.0)
|
39
|
-
faraday-http-cache (2.4.1)
|
40
|
-
faraday (>= 0.8)
|
41
|
-
faraday-httpclient (1.0.1)
|
42
|
-
faraday-multipart (1.0.4)
|
43
|
-
multipart-post (~> 2)
|
44
|
-
faraday-net_http (1.0.1)
|
45
|
-
faraday-net_http_persistent (1.2.0)
|
46
|
-
faraday-patron (1.0.0)
|
47
|
-
faraday-rack (1.0.0)
|
48
|
-
faraday-retry (1.0.3)
|
49
|
-
multipart-post (2.2.3)
|
50
|
-
public_suffix (5.0.0)
|
51
|
-
rack (3.0.0)
|
52
|
-
rake (13.0.6)
|
53
|
-
ruby2_keywords (0.0.5)
|
54
|
-
sync (0.5.0)
|
55
|
-
term-ansicolor (1.7.1)
|
56
|
-
tins (~> 1.0)
|
57
|
-
thor (1.2.1)
|
58
|
-
tins (1.31.1)
|
59
|
-
sync
|
60
|
-
|
61
|
-
PLATFORMS
|
62
|
-
ruby
|
63
|
-
|
64
|
-
DEPENDENCIES
|
65
|
-
faraday (~> 1.0)
|
66
|
-
mauth-client!
|
67
|
-
|
68
|
-
BUNDLED WITH
|
69
|
-
2.2.29
|
data/examples/config.yml
DELETED
@@ -1,12 +0,0 @@
|
|
1
|
-
imedidata:
|
2
|
-
host: https://innovate.imedidata.com
|
3
|
-
|
4
|
-
mauth:
|
5
|
-
mauth_baseurl: https://mauth-innovate.imedidata.com
|
6
|
-
mauth_api_version: v1
|
7
|
-
app_uuid: <APP UUID>
|
8
|
-
private_key_file: ./mauth_key
|
9
|
-
v2_only_authenticate: false
|
10
|
-
v2_only_sign_requests: false
|
11
|
-
disable_fallback_to_v1_on_v2_failure: true
|
12
|
-
v1_only_sign_requests: false
|
data/examples/get_user_info.rb
DELETED
@@ -1,58 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
abort "USAGE: ./#{__FILE__} <USER UUID>" unless ARGV.size == 1
|
5
|
-
|
6
|
-
require 'bundler/setup'
|
7
|
-
Bundler.require(:default)
|
8
|
-
|
9
|
-
def config
|
10
|
-
@config ||= YAML.safe_load(File.open('./config.yml'))
|
11
|
-
end
|
12
|
-
|
13
|
-
# get user information
|
14
|
-
def get_user_info_mauth(user_uuid)
|
15
|
-
get_data_from_imedidata "users/#{user_uuid}.json"
|
16
|
-
end
|
17
|
-
|
18
|
-
# fetch data from iMedidata
|
19
|
-
def get_data_from_imedidata(resource_name)
|
20
|
-
puts "fetching #{resource_name}..."
|
21
|
-
begin
|
22
|
-
connection = Faraday::Connection.new(url: config['imedidata']['host']) do |builder|
|
23
|
-
builder.use MAuth::Faraday::RequestSigner, config['mauth']
|
24
|
-
builder.adapter Faraday.default_adapter
|
25
|
-
end
|
26
|
-
|
27
|
-
# get the data
|
28
|
-
response = connection.get "/api/v2/#{resource_name}"
|
29
|
-
puts "HTTP #{response.status}"
|
30
|
-
|
31
|
-
# return the user info
|
32
|
-
if response.status == 200
|
33
|
-
result = JSON.parse(response.body)
|
34
|
-
puts JSON.pretty_generate(result)
|
35
|
-
result
|
36
|
-
else
|
37
|
-
puts response.body
|
38
|
-
nil
|
39
|
-
end
|
40
|
-
rescue JSON::ParserError => e
|
41
|
-
puts "Error parsing data from imedidata: #{e.inspect}"
|
42
|
-
puts e.backtrace.join("\n")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
get_user_info_mauth(ARGV[0])
|
47
|
-
|
48
|
-
### OTHER EXAMPLES
|
49
|
-
|
50
|
-
#### get study groups for an user
|
51
|
-
def get_study_groups_mauth(user_uuid)
|
52
|
-
get_data_from_imedidata "users/#{user_uuid}/study_groups.json"
|
53
|
-
end
|
54
|
-
|
55
|
-
#### get roles for a user in an application study
|
56
|
-
def get_user_study_roles_mauth(user_uuid, study_uuid)
|
57
|
-
get_data_from_imedidata "users/#{user_uuid}/studies/#{study_uuid}/apps/#{config["mauth"]["app_uuid"]}/roles.json"
|
58
|
-
end
|
@@ -1,133 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# methods common to RemoteRequestAuthenticator and LocalAuthenticator
|
4
|
-
|
5
|
-
module MAuth
|
6
|
-
class Client
|
7
|
-
module AuthenticatorBase
|
8
|
-
ALLOWED_DRIFT_SECONDS = 300
|
9
|
-
|
10
|
-
# takes an incoming request or response object, and returns whether
|
11
|
-
# the object is authentic according to its signature.
|
12
|
-
def authentic?(object)
|
13
|
-
log_authentication_request(object)
|
14
|
-
begin
|
15
|
-
authenticate!(object)
|
16
|
-
true
|
17
|
-
rescue InauthenticError, MAuthNotPresent, MissingV2Error
|
18
|
-
false
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
# raises InauthenticError unless the given object is authentic. Will only
|
23
|
-
# authenticate with v2 if the environment variable V2_ONLY_AUTHENTICATE
|
24
|
-
# is set. Otherwise will fall back to v1 when v2 authentication fails
|
25
|
-
def authenticate!(object)
|
26
|
-
case object.protocol_version
|
27
|
-
when 2
|
28
|
-
begin
|
29
|
-
authenticate_v2!(object)
|
30
|
-
rescue InauthenticError => e
|
31
|
-
raise e if v2_only_authenticate?
|
32
|
-
raise e if disable_fallback_to_v1_on_v2_failure?
|
33
|
-
|
34
|
-
object.fall_back_to_mws_signature_info
|
35
|
-
raise e unless object.signature
|
36
|
-
|
37
|
-
log_authentication_request(object)
|
38
|
-
authenticate_v1!(object)
|
39
|
-
logger.warn('Completed successful authentication attempt after fallback to v1')
|
40
|
-
end
|
41
|
-
when 1
|
42
|
-
if v2_only_authenticate?
|
43
|
-
# If v2 is required but not present and v1 is present we raise MissingV2Error
|
44
|
-
msg = 'This service requires mAuth v2 mcc-authentication header but only v1 x-mws-authentication is present'
|
45
|
-
logger.error(msg)
|
46
|
-
raise MissingV2Error, msg
|
47
|
-
end
|
48
|
-
|
49
|
-
authenticate_v1!(object)
|
50
|
-
else
|
51
|
-
sub_str = v2_only_authenticate? ? '' : 'X-MWS-Authentication header is blank, '
|
52
|
-
msg = "Authentication Failed. No mAuth signature present; #{sub_str}MCC-Authentication header is blank."
|
53
|
-
logger.warn("mAuth signature not present on #{object.class}. Exception: #{msg}")
|
54
|
-
raise MAuthNotPresent, msg
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
private
|
59
|
-
|
60
|
-
# NOTE: This log is likely consumed downstream and the contents SHOULD NOT
|
61
|
-
# be changed without a thorough review of downstream consumers.
|
62
|
-
def log_authentication_request(object)
|
63
|
-
object_app_uuid = object.signature_app_uuid || '[none provided]'
|
64
|
-
object_token = object.signature_token || '[none provided]'
|
65
|
-
logger.info(
|
66
|
-
'Mauth-client attempting to authenticate request from app with mauth' \
|
67
|
-
" app uuid #{object_app_uuid} to app with mauth app uuid #{client_app_uuid}" \
|
68
|
-
" using version #{object_token}."
|
69
|
-
)
|
70
|
-
end
|
71
|
-
|
72
|
-
def log_inauthentic(object, message)
|
73
|
-
logger.error("mAuth signature authentication failed for #{object.class}. Exception: #{message}")
|
74
|
-
end
|
75
|
-
|
76
|
-
def time_within_valid_range!(object, time_signed, now = Time.now)
|
77
|
-
return if (-ALLOWED_DRIFT_SECONDS..ALLOWED_DRIFT_SECONDS).cover?(now.to_i - time_signed)
|
78
|
-
|
79
|
-
msg = "Time verification failed. #{time_signed} not within #{ALLOWED_DRIFT_SECONDS} of #{now}"
|
80
|
-
log_inauthentic(object, msg)
|
81
|
-
raise InauthenticError, msg
|
82
|
-
end
|
83
|
-
|
84
|
-
# V1 helpers
|
85
|
-
def authenticate_v1!(object)
|
86
|
-
time_valid_v1!(object)
|
87
|
-
token_valid_v1!(object)
|
88
|
-
signature_valid_v1!(object)
|
89
|
-
end
|
90
|
-
|
91
|
-
def time_valid_v1!(object)
|
92
|
-
if object.x_mws_time.nil?
|
93
|
-
msg = 'Time verification failed. No x-mws-time present.'
|
94
|
-
log_inauthentic(object, msg)
|
95
|
-
raise InauthenticError, msg
|
96
|
-
end
|
97
|
-
time_within_valid_range!(object, object.x_mws_time.to_i)
|
98
|
-
end
|
99
|
-
|
100
|
-
def token_valid_v1!(object)
|
101
|
-
return if object.signature_token == MWS_TOKEN
|
102
|
-
|
103
|
-
msg = "Token verification failed. Expected #{MWS_TOKEN}; token was #{object.signature_token}"
|
104
|
-
log_inauthentic(object, msg)
|
105
|
-
raise InauthenticError, msg
|
106
|
-
end
|
107
|
-
|
108
|
-
# V2 helpers
|
109
|
-
def authenticate_v2!(object)
|
110
|
-
time_valid_v2!(object)
|
111
|
-
token_valid_v2!(object)
|
112
|
-
signature_valid_v2!(object)
|
113
|
-
end
|
114
|
-
|
115
|
-
def time_valid_v2!(object)
|
116
|
-
if object.mcc_time.nil?
|
117
|
-
msg = 'Time verification failed. No MCC-Time present.'
|
118
|
-
log_inauthentic(object, msg)
|
119
|
-
raise InauthenticError, msg
|
120
|
-
end
|
121
|
-
time_within_valid_range!(object, object.mcc_time.to_i)
|
122
|
-
end
|
123
|
-
|
124
|
-
def token_valid_v2!(object)
|
125
|
-
return if object.signature_token == MWSV2_TOKEN
|
126
|
-
|
127
|
-
msg = "Token verification failed. Expected #{MWSV2_TOKEN}; token was #{object.signature_token}"
|
128
|
-
log_inauthentic(object, msg)
|
129
|
-
raise InauthenticError, msg
|
130
|
-
end
|
131
|
-
end
|
132
|
-
end
|
133
|
-
end
|