microservices-login 0.7.11

data/lib/razor_risk/cassini/applications/route_verb_adaptors/login/basic_login.rb

@@ -0,0 +1,171 @@
+# encoding: UTF-8
+
+# ######################################################################## #
+#
+#  Copyright (c) 2019 Razor Risk Technologies Pty Limited. All rights reserved.
+#
+# ######################################################################## #
+
+# ##########################################################
+# requires
+
+require 'razor_risk/cassini/applications/rest_framework/verb_handler'
+require 'razor_risk/cassini/applications/route_verb_adaptors/utils/call_system_status'
+require 'razor_risk/cassini/authorisation'
+require 'razor_risk/cassini/header_functions'
+require 'razor_risk/cassini/util/conversion_util'
+
+require 'razor_risk/razor/connectivity/entity_connectors/exceptions'
+
+require 'razor_risk/core/diagnostics/logger'
+
+require 'pantheios'
+
+
+# ##########################################################
+# module
+
+module RazorRisk
+module Cassini
+module Applications
+module RouteVerbAdaptors
+module Login
+
+
+# ##########################################################
+# BasicLogin
+
+# Handler for Basic Authentication Login.
+class BasicLogin < RESTFramework::VerbHandler
+
+    # ##########################################################
+    # includes
+
+    include ::RazorRisk::Cassini::Applications::RouteVerbAdaptors::Utils
+    include ::RazorRisk::Cassini::Authorisation::SecurityModelHelpers
+    include ::RazorRisk::Cassini::Authorisation::HeaderHelpers
+    include ::RazorRisk::Cassini::HeaderFunctions
+    include ::RazorRisk::Cassini::Util::ConversionUtil
+
+    include ::RazorRisk::Razor::Connectivity::EntityConnectors::Exceptions
+    include ::RazorRisk::Razor::Connectivity::Razor3::EntityConnectors
+
+    include ::Pantheios
+
+    include ::RazorRisk::Core::Diagnostics::Logger
+
+    # ##########################################################
+    # constants
+
+    private
+    HTTP_AUTHORIZATION = ::RazorRisk::Cassini::Constants::HTTP_AUTHORIZATION
+
+    public
+    # Supported Content Types.
+    HTTP_ACCEPTS     = %w{
+        application/xml
+        application/json
+        text/xml
+    }
+    # Supported HTTP Verb .
+    HTTP_VERB        = :post
+    # Supported query parameters.
+    QUERY_PARAMETERS = %w{}
+    # Supported route variables.
+    ROUTE_VARIABLES  = %w{}
+
+
+    # ##########################################################
+    # handler
+
+    # Handles a basic authorisation login request.
+    #
+    # @see https://tools.ietf.org/html/rfc7617 RFC-7617 : The 'Basic' HTTP
+    #   Authentication Scheme
+    #
+    # @param env [::Hash] The Rack request environment (@see
+    #   Rack::Request#env).
+    # @param params [::Hash] Validated query parameters (@see
+    #   ValidateQueryParametersHelper#validate_query_parameters)
+    # @param request [::Sinatra::Request] The request to be handled.
+    # @param response [::Sinatra::Response] The response object that will be
+    #   used for the HTTP response.
+    def handle env, params, request, response
+
+        trace(
+            ParamNames[ :env, :params, :request, :response ],
+            env, params, request, response
+        )
+
+        auth_scheme = settings.authentication_scheme
+        auth        = env[HTTP_AUTHORIZATION]
+
+        unless auth
+            halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
+        end
+
+        username, password, domain = credentials_from_Basic(auth).map do |s|
+            s.empty? ? nil : s unless s.nil?
+        end
+
+        unless username and password
+            halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
+        end
+
+        # All we do here is issue a Razor Request for system-status -
+        # since it's arbitrary, really - and verify that it worked
+
+        options = {
+            auth_test_mode:  settings.auth_test_mode,
+            auth_scheme:     auth_scheme,
+            razor_requester: settings.razor_requester,
+            message_map:     settings.message_map,
+        }
+
+        cr  = razor_requester_credentials_options(
+            auth_scheme,
+            [ username, password, domain ],
+            **options
+        )
+        call_system_status(cr, **options)
+
+        status 200
+
+        if request.accept? 'text/plain'
+
+            content_type 'text/plain'
+            ''
+        elsif request.accept?('text/xml')
+
+            content_type 'text/xml'
+            %Q{<?xml version="1.0"?><response result="success"/>}
+        elsif request.accept?('application/xml')
+
+            content_type 'application/xml'
+            %Q{<?xml version="1.0"?><response result="success"/>}
+        elsif request.accept? 'application/json'
+
+            content_type 'application/json'
+            '{}'
+        else
+
+            log :violation, 'Invalid accept type'
+            halt 500, {}, 'Oops! Something went wrong!'
+        end
+    end
+
+end # class BasicLogin
+
+
+# ##########################################################
+# module
+
+end # module Login
+end # module RouteVerbAdaptors
+end # module Applications
+end # module Cassini
+end # module RazorRisk
+
+# ############################## end of file ############################# #
+
+

data/lib/razor_risk/cassini/applications/route_verb_adaptors/login/jwt_login.rb

@@ -0,0 +1,194 @@
+# encoding: UTF-8
+
+# ######################################################################## #
+#
+#  Copyright (c) 2019 Razor Risk Technologies Pty Limited. All rights reserved.
+#
+# ######################################################################## #
+
+# ##########################################################
+# requires
+
+require 'razor_risk/cassini/applications/rest_framework/verb_handler'
+require 'razor_risk/cassini/applications/route_verb_adaptors/utils/open_session'
+require 'razor_risk/cassini/authorisation'
+require 'razor_risk/cassini/header_functions'
+require 'razor_risk/cassini/util/conversion_util'
+
+require 'razor_risk/razor/connectivity/entity_connectors/exceptions'
+
+require 'razor_risk/core/diagnostics/logger'
+
+require 'pantheios'
+
+
+# ##########################################################
+# module
+
+module RazorRisk
+module Cassini
+module Applications
+module RouteVerbAdaptors
+module Login
+
+
+# ##########################################################
+# JWTLogin
+
+# Handler for JSON Web Token Authentication Login.
+class JWTLogin < RESTFramework::VerbHandler
+
+    # ##########################################################
+    # includes
+
+    include ::RazorRisk::Cassini::Applications::RouteVerbAdaptors::Utils
+    include ::RazorRisk::Cassini::Authorisation::SecurityModelHelpers
+    include ::RazorRisk::Cassini::Authorisation::HeaderHelpers
+    include ::RazorRisk::Cassini::HeaderFunctions
+    include ::RazorRisk::Cassini::Util::ConversionUtil
+
+    include ::RazorRisk::Razor::Connectivity::EntityConnectors::Exceptions
+    include ::RazorRisk::Razor::Connectivity::Razor3::EntityConnectors
+
+    include ::Pantheios
+
+    include ::RazorRisk::Core::Diagnostics::Logger
+
+    # ##########################################################
+    # constants
+
+    private
+    HTTP_AUTHORIZATION = ::RazorRisk::Cassini::Constants::HTTP_AUTHORIZATION
+
+    public
+    # Supported Content Types.
+    HTTP_ACCEPTS     = %w{
+        application/xml
+        application/json
+        text/xml
+    }
+    # Supported HTTP Verb .
+    HTTP_VERB        = :post
+    # Supported query parameters.
+    QUERY_PARAMETERS = %w{}
+    # Supported route variables.
+    ROUTE_VARIABLES  = %w{}
+
+
+    # ##########################################################
+    # handler
+
+    # Handles a JWT login request which will open a Razor Session and create
+    # a JSON Web Token for that session.
+    #
+    # @see https://tools.ietf.org/html/rfc7519 RFC-7519 : JSON Web Token
+    #   (JWT).
+    #
+    # @param env [::Hash] The Rack request environment (@see
+    #   Rack::Request#env).
+    # @param params [::Hash] Validated query parameters (@see
+    #   ValidateQueryParametersHelper#validate_query_parameters)
+    # @param request [::Sinatra::Request] The request to be handled.
+    # @param response [::Sinatra::Response] The response object that will be
+    #   used for the HTTP response.
+    def handle env, params, request, response
+
+        trace(
+            ParamNames[ :env, :params, :request, :response ],
+            env, params, request, response
+        )
+
+        auth_scheme = settings.authentication_scheme
+        auth        = env[HTTP_AUTHORIZATION]
+
+        # to serve direct and also as a delegated server, we accept form
+        # params and also accept (delegated) basic authenticate
+        username = params[:username]
+        password = params[:password]
+        domain   = params[:domain]
+
+        unless username
+            if auth
+                username, password, domain = credentials_from_Basic(auth).map do |s|
+                    s.empty? ? nil : s unless s.nil?
+                end
+            end
+        end
+
+        unless username && password
+            halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
+        end
+
+        jwt_algo = settings.jwt_encoding_algorithm
+        jwt_sec  = @app.secret jwt_algo
+
+        unless jwt_sec
+            log :critical, 'failed to obtain secret for algorithm \'', jwt_algo, '\''
+            error 500, 'Oops! Something went wrong!'
+        end
+
+        cr = razor_requester_credentials_options(
+            :basic,
+            [ username, password, domain ],
+            auth_test_mode:  settings.auth_test_mode,
+        )
+
+        options = {
+            auth_test_mode:  settings.auth_test_mode,
+            auth_scheme:     auth_scheme,
+            razor_requester: settings.razor_requester,
+            message_map:     settings.message_map,
+        }
+
+        session_id, user_id, user_name = open_session cr, **options
+
+        jwt = JWT_from_credentials(
+            session_id,
+            user_id,
+            password,
+            jwt_algo,
+            jwt_sec
+        )
+
+        log :informational, "User '#{user_id}' has been logged in"
+
+        status 200
+
+        if request.accept? 'text/plain'
+
+            content_type 'text/plain'
+            return "authorisation-token: #{jwt}"
+        elsif request.accept?('text/xml')
+
+            content_type 'application/xml'
+            return %Q{<?xml version="1.0"?><authorisation-token>#{jwt}</authorisation-token>}
+        elsif request.accept?('application/xml')
+
+            content_type 'application/xml'
+            return %Q{<?xml version="1.0"?><authorisation-token>#{jwt}</authorisation-token>}
+        elsif request.accept? 'application/json'
+
+            content_type 'application/json'
+            return { 'authorisation-token' => jwt }.to_json
+        else
+
+            log :violation, 'Invalid accept type'
+            halt 500, {}, 'Oops! Something went wrong!'
+        end
+    end
+
+end # class JWTLogin
+
+
+# ##########################################################
+# module
+
+end # module Login
+end # module RouteVerbAdaptors
+end # module Applications
+end # module Cassini
+end # module RazorRisk
+
+# ############################## end of file ############################# #
+
+

data/lib/razor_risk/cassini/applications/route_verb_adaptors/login/jwt_logout.rb

@@ -0,0 +1,149 @@
+# encoding: UTF-8
+
+# ######################################################################## #
+#
+#  Copyright (c) 2019 Razor Risk Technologies Pty Limited. All rights reserved.
+#
+# ######################################################################## #
+
+# ##########################################################
+# requires
+
+require 'razor_risk/cassini/applications/rest_framework/verb_handler'
+require 'razor_risk/cassini/applications/route_verb_adaptors/utils/close_session'
+require 'razor_risk/cassini/authorisation'
+require 'razor_risk/cassini/header_functions'
+require 'razor_risk/cassini/util/conversion_util'
+
+require 'razor_risk/razor/connectivity/entity_connectors/exceptions'
+
+require 'razor_risk/core/diagnostics/logger'
+
+require 'pantheios'
+
+
+# ##########################################################
+# module
+
+module RazorRisk
+module Cassini
+module Applications
+module RouteVerbAdaptors
+module Login
+
+
+# ##########################################################
+# JWTLogout
+
+# Handler for JSON Web Token Authentication Logout.
+class JWTLogout < RESTFramework::VerbHandler
+
+    # ##########################################################
+    # includes
+
+    include ::RazorRisk::Cassini::Applications::RouteVerbAdaptors::Utils
+    include ::RazorRisk::Cassini::Authorisation::SecurityModelHelpers
+    include ::RazorRisk::Cassini::Authorisation::HeaderHelpers
+    include ::RazorRisk::Cassini::HeaderFunctions
+    include ::RazorRisk::Cassini::Util::ConversionUtil
+
+    include ::RazorRisk::Razor::Connectivity::EntityConnectors::Exceptions
+    include ::RazorRisk::Razor::Connectivity::Razor3::EntityConnectors
+
+    include ::Pantheios
+
+    include ::RazorRisk::Core::Diagnostics::Logger
+
+
+    # ##########################################################
+    # constants
+
+    private
+    HTTP_AUTHORIZATION = ::RazorRisk::Cassini::Constants::HTTP_AUTHORIZATION
+
+    public
+    # Supported Content Types.
+    HTTP_ACCEPTS     = %w{
+        application/xml
+        application/json
+        text/xml
+    }
+    # Supported HTTP Verb .
+    HTTP_VERB        = :post
+    # Supported query parameters.
+    QUERY_PARAMETERS = %w{}
+    # Supported route variables.
+    ROUTE_VARIABLES  = %w{}
+
+
+    # ##########################################################
+    # handler
+
+    # Handles a JWT logout request which will close a Razor Session.
+    #
+    # @param env [::Hash] The Rack request environment (@see
+    #   Rack::Request#env).
+    # @param params [::Hash] Validated query parameters (@see
+    #   ValidateQueryParametersHelper#validate_query_parameters)
+    # @param request [::Sinatra::Request] The request to be handled.
+    # @param response [::Sinatra::Response] The response object that will be
+    #   used for the HTTP response.
+    def handle env, params, request, response
+
+        trace(
+            ParamNames[ :env, :params, :request, :response ],
+            env, params, request, response
+        )
+
+        auth_scheme = settings.authentication_scheme
+        auth        = env[HTTP_AUTHORIZATION]
+
+        unless auth
+            halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
+        end
+
+        jwt_algo   = settings.jwt_encoding_algorithm
+        jwt_sec    = @app.secret jwt_algo
+
+        unless jwt_sec
+            log :critical, 'failed to obtain secret for algorithm \'', jwt_algo, '\''
+            error 500, 'Oops! Something went wrong!'
+        end
+
+        begin
+            session_id, user_id, _ = credentials_from_JWT(auth, jwt_sec)
+        rescue ::JWT::DecodeError
+            halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
+        end
+
+        unless session_id
+            halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
+        end
+
+        log :informational, "User '#{user_id}' has been logged out"
+
+        options    = {
+            razor_requester: settings.razor_requester,
+            message_map:     settings.message_map,
+        }
+
+        close_session session_id, **options
+
+        status 204
+    end
+
+end # class JWTLogout
+
+
+# ##########################################################
+# module
+
+end # module Login
+end # module RouteVerbAdaptors
+end # module Applications
+end # module Cassini
+end # module RazorRisk
+
+# ############################## end of file ############################# #
+
+

data/lib/razor_risk/cassini/applications/route_verb_adaptors/login.rb

@@ -0,0 +1,20 @@
+# encoding: utf-8
+
+# ##########################################################################
+#
+# Copyright (c) 2019 Razor Risk Technologies Pty Limited. All rights reserved.
+#
+# ##########################################################################
+
+# ##########################################################
+# requires
+
+require 'razor_risk/cassini/applications/route_verb_adaptors/login/auth_only_login'
+require 'razor_risk/cassini/applications/route_verb_adaptors/login/basic_login'
+require 'razor_risk/cassini/applications/route_verb_adaptors/login/jwt_login'
+require 'razor_risk/cassini/applications/route_verb_adaptors/login/jwt_logout'
+
+
+# ############################## end of file ############################# #
+
+

data/lib/razor_risk/cassini/applications/route_verb_adaptors/utils/call_system_status.rb

@@ -0,0 +1,85 @@
+# encoding: utf-8
+
+# ##########################################################################
+#
+# Copyright (c) 2019 Razor Risk Technologies Pty Limited. All rights reserved.
+#
+# ##########################################################################
+
+# ##########################################################################
+# requires
+
+require 'razor_risk/razor/connectivity/entity_connectors/exceptions'
+require 'razor_risk/razor/connectivity/razor_3/entity_connectors/system_status_connector'
+
+require 'razor_risk/core/diagnostics/logger'
+
+require 'pantheios'
+
+
+# ##########################################################################
+# module
+
+module RazorRisk
+module Cassini
+module Applications
+module RouteVerbAdaptors
+module Utils
+
+# ##########################################################
+# inludes
+
+include ::RazorRisk::Razor::Connectivity::Razor3::EntityConnectors
+include ::RazorRisk::Razor::Connectivity::Razor3
+
+include ::Pantheios
+
+include ::RazorRisk::Core::Diagnostics::Logger
+
+# ##########################################################
+# Call System Status
+
+# Executes as Razor System Status request. Will halt the request if the
+# provided credentials are invalid with a 403 status.
+#
+# @param cr [Hash] A hash of credentials.
+#
+# @option options [#send_request] :razor_requester The Razor Requester to be
+#   used to send requests to the Razor application.
+# @option options [Hash] :message_map The message map used to route razor
+#   requests.
+def call_system_status cr, **options
+
+    trace ParamNames[ :cr, :options ], cr, options
+
+    ssc = SystemStatusConnector.new(
+        options[:razor_requester],
+        message_map: options[:message_map],
+        credentials: cr
+    )
+
+    begin
+        qr = ssc.get indicate_result_by: :qualified_result
+    rescue RazorRequester::InvalidCredentialsException
+        halt 403, {}, 'Invalid credentials'
+    rescue => x
+        log :violation, "unexpected exception (#{x.class}): '#{x.message}': #{x.backtrace}"
+        raise
+    end
+
+    halt 500, {}, 'Oops! Something went wrong!' unless qr.succeeded?
+end
+
+
+# ##########################################################
+# module
+
+end # module Utils
+end # module RouteVerbAdaptors
+end # module Applications
+end # module Cassini
+end # module RazorRisk
+
+# ############################## end of file ############################# #
+
+

data/lib/razor_risk/cassini/applications/route_verb_adaptors/utils/close_session.rb

@@ -0,0 +1,87 @@
+# encoding: utf-8
+
+# ##########################################################################
+#
+# Copyright (c) 2019 Razor Risk Technologies Pty Limited. All rights reserved.
+#
+# ##########################################################################
+
+# ##########################################################################
+# requires
+
+require 'razor_risk/razor/connectivity/entity_connectors/exceptions'
+require 'razor_risk/razor/connectivity/razor_3/entity_connectors/system_status_connector'
+
+require 'razor_risk/core/diagnostics/logger'
+
+require 'pantheios'
+require 'xqsr3/quality/parameter_checking'
+
+
+# ##########################################################################
+# module
+
+module RazorRisk
+module Cassini
+module Applications
+module RouteVerbAdaptors
+module Utils
+
+# ##########################################################
+# inludes
+
+include ::RazorRisk::Razor::Connectivity::Razor3::EntityConnectors
+include ::RazorRisk::Razor::Connectivity::Razor3
+
+include ::RazorRisk::Core::Diagnostics::Logger
+
+include ::Pantheios
+include ::Xqsr3::Quality::ParameterChecking
+
+
+# ##########################################################
+# Open Session
+
+# Closes a Razor Session.
+#
+# @param session_id [String] The session ID to close.
+#
+# @option options [#send_request] :razor_requester The Razor Requester to be
+#   used to send requests to the Razor application.
+# @option options [Hash] :message_map The message map used to route razor
+#   requests.
+def close_session session_id, **options
+
+    trace ParamNames[ :session_id, :options ], session_id, options
+
+    check_parameter session_id, 'session_id'
+
+    ec = SessionsConnector.new(
+        options[:razor_requester],
+        message_map: options[:message_map],
+        credentials: { session_id: session_id }
+    )
+
+    begin
+        ec.close_session session_id, indicate_result_by: :qualified_result
+    rescue => x
+        log :violation, "unexpected exception (#{x.class}): '#{x.message}': #{x.backtrace}"
+        raise
+    end
+
+    nil
+end
+
+
+# ##########################################################
+# module
+
+end # module Utils
+end # module RouteVerbAdaptors
+end # module Applications
+end # module Cassini
+end # module RazorRisk
+
+# ############################## end of file ############################# #
+
+