mumukit-login 1.0.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e9469b5574895337bee449aca6ffb6a5be57ee70
-  data.tar.gz: f2bc55e4e42e7c7d0b8925400b8ceb16387acd1b
+  metadata.gz: 3678ef51cc61d88246d5a1818182167602ae3c25
+  data.tar.gz: fc66ab10f742d4b78e3c1722c311d55d79c2cc17
 SHA512:
-  metadata.gz: cc7eaf5d94e79e2bb5a1f76659507e9e43bcb44c9b35536e1c1ae340a6503d025b267b3023168b1273a05c92b3d83ff434052d1b6d364203e97236c207808c59
-  data.tar.gz: 8e7c0fdb09272ddff505c397fc37b65ebffa1e1d45d390970a88a88ca21f9f66c0f8ac3e5c752cf67c32cb87e4184e09631e4d364afa22fe49301f01b8169ddf
+  metadata.gz: d0713e822bd8489d7bc867bc59bcbebe54c89b78a7c2ae908b23fbfa9e300e43e41e85c208d947e8da023e07a389d21048b4f77e7639872ed4a1bfd699a655d9
+  data.tar.gz: bfc5368cf2f9a2019d789cddc63ac199f4dcce260d1acfecf906a1a4cace493d8d97f8e3edc13fc054ce18b20736d297541b92258a15540c499470090de7a4aa

data/lib/mumukit/login.rb

@@ -6,6 +6,7 @@ require 'omniauth-auth0'
 require 'omniauth-saml'
 
 require 'mumukit/core'
+require 'mumukit/auth'
 
 module Mumukit::Login
   def self.configure
@@ -15,6 +16,11 @@ module Mumukit::Login
 
   def self.defaults
     struct.tap do |config|
+      config.mucookie_domain = ENV['MUMUKI_COOKIES_DOMAIN'] || ENV['MUMUKI_MUCOOKIE_DOMAIN']
+      config.mucookie_secret_key = ENV['SECRET_KEY_BASE'] || ENV['MUMUKI_MUCOOKIE_SECRET_KEY']
+      config.mucookie_secret_salt = ENV['MUMUKI_MUCOOKIE_SECRET_SALT'] || 'mucookie secret salt'
+      config.mucookie_sign_salt = ENV['MUMUKI_MUCOOKIE_SIGN_KEY'] || 'mucookie sign salt'
+
       config.provider = Mumukit::Login::Provider.from_env
       config.saml = struct base_url: ENV['MUMUKI_SAML_BASE_URL'],
                            idp_sso_target_url: ENV['MUMUKI_SAML_IDP_SSO_TARGET_URL'],
@@ -34,9 +40,10 @@ module Mumukit::Login
 end
 
 require_relative './login/controller'
-require_relative './login/current_user_store'
+require_relative './login/shared_session'
 require_relative './login/form'
 require_relative './login/framework'
+require_relative './login/mucookie'
 require_relative './login/origin_redirector'
 require_relative './login/profile'
 require_relative './login/provider'
@@ -82,3 +89,8 @@ module Mumukit::Login
     Mumukit::Login.config.provider
   end
 end
+
+Mumukit::Auth.configure do |config|
+  config.clients.mucookie = {id: ENV['MUMUKI_MUCOOKIE_CLIENT_ID'],
+                             secret: ENV['MUMUKI_MUCOOKIE_SECRET']}
+end

data/lib/mumukit/login/controller.rb

@@ -4,14 +4,30 @@ class Mumukit::Login::Controller
     @native = native
   end
 
-  def current_user_store
+  def shared_session
     if env['HTTP_AUTHORIZATION']
-      Mumukit::Login::JWTCurrentUserStore.new self
+      Mumukit::Login::TokenSharedSession.new env
     else
-      Mumukit::Login::SessionCurrentUserStore.new self
+      Mumukit::Login::MucookieSharedSession.new mucookie
     end
   end
 
+  def mucookie
+    @mucookie ||= Mumukit::Login::Mucookie.new self
+  end
+
+  def url_for(path)
+    URI.join(request.base_url, path).to_s
+  end
+
+  def request
+    Rack::Request.new(env)
+  end
+
+  def session
+    request.session
+  end
+
   def env
     @framework.env @native
   end
@@ -24,15 +40,15 @@ class Mumukit::Login::Controller
     @framework.render_html!(html, @native)
   end
 
-  def url_for(path)
-    URI.join(request.base_url, path).to_s
+  def write_cookie!(key, value)
+    @framework.write_cookie! key, value, @native
   end
 
-  def request
-    Rack::Request.new(env)
+  def read_cookie(key)
+    @framework.read_cookie key, @native
   end
 
-  def session
-    request.session
+  def delete_cookie!(key, domain)
+    @framework.delete_cookie! key, domain, @native
   end
-end
+end

data/lib/mumukit/login/framework/rails.rb

@@ -1,9 +1,26 @@
 module Mumukit::Login::Framework::Rails
-
   def self.env(rails_controller)
     rails_controller.request.env
   end
 
+  def self.write_cookie!(key, value, rails_controller)
+    rails_controller.instance_eval do
+      cookies[key] = value
+    end
+  end
+
+  def self.delete_cookie!(key, domain, rails_controller)
+    rails_controller.instance_eval do
+      cookies.delete key, domain: domain
+    end
+  end
+
+  def self.read_cookie(key, rails_controller)
+    rails_controller.instance_eval do
+      cookies[key]
+    end
+  end
+
   def self.redirect!(path, rails_controller)
     rails_controller.redirect_to path
   end

data/lib/mumukit/login/framework/sinatra.rb

@@ -1,9 +1,20 @@
 module Mumukit::Login::Framework::Sinatra
-
   def self.env(sinatra_handler)
     sinatra_handler.request.env
   end
 
+  def self.write_cookie!(key, value, sinatra_handler)
+    sinatra_handler.response.set_cookie key, value
+  end
+
+  def self.delete_cookie!(key, domain, sinatra_handler)
+    sinatra_handler.response.delete_cookie key, domain: domain
+  end
+
+  def self.read_cookie(key, sinatra_handler)
+    sinatra_handler.request.cookies[key]
+  end
+
   def self.redirect!(path, sinatra_handler)
     sinatra_handler.redirect path
   end

data/lib/mumukit/login/helpers/authentication_helpers.rb

@@ -16,7 +16,7 @@ module Mumukit::Login::AuthenticationHelpers
 
   # default
   def current_user_uid
-    mumukit_controller.current_user_store.get_uid
+    mumukit_controller.shared_session.uid
   end
 
   # default

data/lib/mumukit/login/helpers/login_controller_helpers.rb

@@ -1,9 +1,9 @@
 module Mumukit::Login::LoginControllerHelpers
 
   def login_current_user!
-    origin_redirector.save_location!
+    origin_redirector.save_after_login_location!
     if current_user?
-      origin_redirector.redirect!
+      origin_redirector.redirect_after_login!
     else
       login_provider.request_authentication! mumukit_controller, login_settings
     end
@@ -13,25 +13,28 @@ module Mumukit::Login::LoginControllerHelpers
     profile = Mumukit::Login::Profile.from_omniauth(mumukit_controller.env['omniauth.auth'])
     user = Mumukit::Login.config.user_class.for_profile profile
     save_current_user_session! user
-    origin_redirector.redirect!
+    origin_redirector.redirect_after_login!
   end
 
   def logout_current_user!
     destroy_current_user_session!
-    mumukit_controller.redirect! login_provider.logout_redirection_path
+    origin_redirector.redirect_after_logout!
   end
 
   private
 
   # default
   def destroy_current_user_session!
-    mumukit_controller.current_user_store.clear!
+    mumukit_controller.session.clear
+    mumukit_controller.shared_session.clear!
   end
 
   # default
   def save_current_user_session!(user)
-    mumukit_controller.current_user_store.set! user.uid,
-                                               user_name: user.name,
-                                               user_image_url: user.image_url
+    mumukit_controller.shared_session.tap do |it|
+      it.uid = user.uid
+      it.profile = {user_name: user.name,
+                    user_image_url: user.image_url}
+    end
   end
 end

data/lib/mumukit/login/mucookie.rb

@@ -0,0 +1,80 @@
+require 'active_support/key_generator'
+
+class Mumukit::Login::Mucookie
+  def initialize(controller)
+    @controller = controller
+  end
+
+  def write!(key, value, options={})
+    @controller.write_cookie! cookie_name(key),
+                              value: value.to_s,
+                              path: '/',
+                              domain: Mumukit::Login.config.mucookie_domain,
+                              httponly: !!options[:httponly]
+  end
+
+  def encrypt_and_write!(key, value, options={})
+    write! key, Encryptor.encrypt(value), options
+  end
+
+  def encode_and_write!(key, value, options={})
+    write! key, Base64.encode64(value), options
+  end
+
+  def read(key)
+    @controller.read_cookie cookie_name(key)
+  end
+
+  def decrypt_and_read(key)
+    Encryptor.decrypt read(key)
+  end
+
+  def decode_and_read(key)
+    Base64.decode64 read(key)
+  end
+
+  def delete!(key)
+    @controller.delete_cookie! cookie_name(key), Mumukit::Login.config.mucookie_domain
+  end
+
+  private
+
+  def cookie_name(key)
+    "mucookie_#{key}"
+  end
+
+  module Encryptor
+    def self.key_generator
+      @key_generator ||= begin
+        secret_key = Mumukit::Login.config.mucookie_secret_key
+
+        raise 'missing Mumukit::Login.config.mucookie_secret_key' unless secret_key
+
+        ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key, iterations: 1000))
+      end
+    end
+
+    def self.encryptor
+      @encryptor ||= begin
+        mucookie_secret_salt = Mumukit::Login.config.mucookie_secret_salt
+        mucookie_sign_salt = Mumukit::Login.config.mucookie_sign_salt
+
+        raise 'missing Mumukit::Login.config.mucookie_secret_salt' unless mucookie_secret_salt
+        raise 'missing Mumukit::Login.config.mucookie_sign_salt' unless mucookie_sign_salt
+
+        secret = key_generator.generate_key(mucookie_secret_salt)
+        signature = key_generator.generate_key(mucookie_sign_salt)
+        ActiveSupport::MessageEncryptor.new(secret, signature)
+      end
+    end
+
+    def self.encrypt(value)
+      encryptor.encrypt_and_sign value
+    end
+
+    def self.decrypt(value)
+      value.try { |it| encryptor.decrypt_and_verify it }
+    end
+  end
+
+end

data/lib/mumukit/login/origin_redirector.rb

@@ -3,19 +3,23 @@ class Mumukit::Login::OriginRedirector
     @controller = controller
   end
 
-  def redirect!
+  def redirect_after_login!
     location = @controller.session[:redirect_after_login]
     @controller.session[:redirect_after_login] = nil
     @controller.redirect!(location || '/')
   end
 
-  def save_location!
-    @controller.session[:redirect_after_login] = Addressable::URI.heuristic_parse(origin).path
+  def redirect_after_logout!
+    @controller.redirect! origin
+  end
+
+  def save_after_login_location!
+    @controller.session[:redirect_after_login] = origin
   end
 
   private
 
   def origin
-    @controller.request.params['origin'] || '/'
+    Addressable::URI.heuristic_parse(@controller.request.params['origin'] || '/').to_s
   end
 end

data/lib/mumukit/login/provider.rb

@@ -1,8 +1,6 @@
 module Mumukit::Login::Provider
   def self.from_env
-    parse_login_provider(login_provider_string).tap do |provider|
-      puts "[Mumukit::Login] Using #{provider} as login provider"
-    end
+    parse_login_provider(login_provider_string)
   end
 
   def self.login_provider_string

data/lib/mumukit/login/shared_session.rb

@@ -0,0 +1,2 @@
+require_relative './shared_session/mucookie_shared_session'
+require_relative './shared_session/token_shared_session'

data/lib/mumukit/login/shared_session/mucookie_shared_session.rb

@@ -0,0 +1,44 @@
+require 'base64'
+
+class Mumukit::Login::MucookieSharedSession
+
+  def initialize(mucookie)
+    @mucookie = mucookie
+  end
+
+  def uid
+    @mucookie.decrypt_and_read :session
+  end
+
+  def uid=(uid)
+    @mucookie.encrypt_and_write! :session, uid, httponly: true
+  end
+
+  def profile
+    JSON.parse @mucookie.decode_and_read(:profile)
+  end
+
+  def profile=(profile)
+    @mucookie.encode_and_write! :profile, profile.to_json
+  end
+
+  def current_organization_name=(organization_name)
+    @mucookie.write! :organization, organization_name
+  end
+
+  def clear!
+    @mucookie.delete! :profile
+    @mucookie.delete! :organization
+    @mucookie.delete! :session
+  end
+
+  private
+
+  def decode_session(uid)
+  end
+
+  def decode_token(uid)
+    Mumukit::Auth::Token.encode uid, {exp: Mumukit::Login.config.session_duration.days.from_now}, encoding_client
+  end
+
+end

data/lib/mumukit/login/shared_session/token_shared_session.rb

@@ -0,0 +1,23 @@
+class Mumukit::Login::TokenSharedSession
+  def initialize(env)
+    @env = env
+  end
+
+  def uid
+    token.uid
+  end
+
+  %w(uid= profile= current_organization_name= clear!).each do |it|
+    define_method it do
+      raise 'JWT tokens are read-only'
+    end
+  end
+
+  def token
+    @token ||= Mumukit::Auth::Token.decode_header(authorization_header).tap(&:verify_client!)
+  end
+
+  def authorization_header
+    @env['HTTP_AUTHORIZATION']
+  end
+end

data/lib/mumukit/login/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Login
-    VERSION = "1.0.0"
+    VERSION = "1.2.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-login
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-09 00:00:00.000000000 Z
+date: 2017-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -164,6 +164,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: mumukit-auth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
 description: 
 email:
 - franco@mumuki.org
@@ -173,7 +187,6 @@ extra_rdoc_files: []
 files:
 - lib/mumukit/login.rb
 - lib/mumukit/login/controller.rb
-- lib/mumukit/login/current_user_store.rb
 - lib/mumukit/login/form.rb
 - lib/mumukit/login/framework.rb
 - lib/mumukit/login/framework/rails.rb
@@ -183,6 +196,7 @@ files:
 - lib/mumukit/login/helpers/authorization_helpers.rb
 - lib/mumukit/login/helpers/login_controller_helpers.rb
 - lib/mumukit/login/helpers/user_permissions_helpers.rb
+- lib/mumukit/login/mucookie.rb
 - lib/mumukit/login/origin_redirector.rb
 - lib/mumukit/login/profile.rb
 - lib/mumukit/login/provider.rb
@@ -191,6 +205,9 @@ files:
 - lib/mumukit/login/provider/developer.rb
 - lib/mumukit/login/provider/saml.rb
 - lib/mumukit/login/settings.rb
+- lib/mumukit/login/shared_session.rb
+- lib/mumukit/login/shared_session/mucookie_shared_session.rb
+- lib/mumukit/login/shared_session/token_shared_session.rb
 - lib/mumukit/login/version.rb
 homepage: http://github.com/mumuki/mumukit-login
 licenses:
@@ -212,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Library for login mumuki requests

data/lib/mumukit/login/current_user_store.rb

@@ -1,44 +0,0 @@
-class Mumukit::Login::SessionCurrentUserStore
-  def initialize(controller)
-    @controller = controller
-  end
-
-  def get_uid
-    @controller.session[:user_uid]
-  end
-
-  def clear!
-    @controller.session[:user_uid] = nil
-  end
-
-  def set!(uid, values)
-    @controller.session[:user_uid] = uid
-    values.each { |k, v| @controller.session[k] = v }
-  end
-end
-
-class Mumukit::Login::JWTCurrentUserStore
-  def initialize(controller)
-    @controller = controller
-  end
-
-  def get_uid
-    token.uid
-  end
-
-  def clear!
-    raise 'JWT tokens are read-only'
-  end
-
-  def set!(*)
-    raise 'JWT tokens are read-only'
-  end
-
-  def token
-    @token ||= Mumukit::Auth::Token.decode_header(authorization_header).tap(&:verify_client!)
-  end
-
-  def authorization_header
-    @controller.env['HTTP_AUTHORIZATION']
-  end
-end