RubyGems - oauth2_hmac_rails - Versions diffs - 0.1.0 - Mend

oauth2_hmac_rails 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/Rakefile +28 -0
data/app/controllers/oauth2_hmac_rails/application_controller.rb +4 -0
data/app/controllers/oauth2_hmac_rails/concerns/helper.rb +92 -0
data/app/models/oauth2_hmac_rails/client.rb +9 -0
data/app/models/oauth2_hmac_rails/concerns/auto_id.rb +19 -0
data/app/models/oauth2_hmac_rails/mac_request.rb +5 -0
data/config/locales/en.yml +8 -0
data/config/routes.rb +2 -0
data/db/migrate/20151116093517_create_oauth2_hmac_rails_clients.rb +13 -0
data/db/migrate/20151116093601_create_oauth2_hmac_rails_mac_requests.rb +23 -0
data/lib/oauth2_hmac_rails.rb +4 -0
data/lib/oauth2_hmac_rails/engine.rb +10 -0
data/lib/oauth2_hmac_rails/version.rb +3 -0
data/lib/tasks/oauth2_hmac_rails_tasks.rake +4 -0
metadata +143 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4bd7cd3a18431250766d52ff1e3ba568d9c594f1
+  data.tar.gz: 4090b3dc9fda27742c250af149b2cf480471810f
+SHA512:
+  metadata.gz: b46700be8f8a16574b4c747ef90da88b8fc1d094af3dd757845bbb8b9ef11016d59d62e1baef5b0f206effb91d7a9eb57b41f94f1b03ef318d50bf5ca0752b5e
+  data.tar.gz: 42aee3e43862e007050b14da9e75a37caffd7e653480583d1dfa44587d0c746789bc91df829c932b6a920dc5462ec3b5af38e5e85fbff747ea176da631b34474

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2015 Mustafa TURAN
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile ADDED Viewed

@@ -0,0 +1,28 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Oauth2HmacRails'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+load 'rails/tasks/statistics.rake'
+Bundler::GemHelper.install_tasks
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+require "rspec/core/rake_task"

data/app/controllers/oauth2_hmac_rails/application_controller.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Oauth2HmacRails
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/oauth2_hmac_rails/concerns/helper.rb ADDED Viewed

@@ -0,0 +1,92 @@
+require 'oauth2_hmac_header'
+module Oauth2HmacRails
+  module Concerns
+    module Helper
+      extend ActiveSupport::Concern
+      included do
+        AUTHORIZATION_DEFAULT_HEADER_KEY = 'Authorization'
+        attr_accessor :client_authorization_header_key
+        attr_reader :current_client
+        def client_authorization_header_key
+          AUTHORIZATION_DEFAULT_HEADER_KEY
+        end
+        def authorize!
+          begin
+            client_id, ts, nonce, ext, mac = ::Oauth2HmacHeader::AuthorizationHeader.parse(client_authorization_header)
+          rescue KeyError => e
+            return unauthorized I18n.t("oauth2_hmac_rails.missing_hmac_key", details: e)
+          end
+          # get client data
+          begin
+            @current_client = Client.find(client_id)
+          rescue ActiveRecord::RecordNotFound
+            return unauthorized I18n.t("oauth2_hmac_rails.client_not_found", client_id: client_id)
+          end
+          # validate signature
+          begin
+            validity_flag = ::Oauth2HmacHeader::AuthorizationHeader.is_valid?(
+              mac,
+              @current_client.mac_algorithm,
+              @current_client.mac_key,
+              ts,
+              nonce,
+              request.method,
+              request.path,
+              request.host,
+              request.port,
+              ext
+            )
+            return unauthorized I18n.t("oauth2_hmac_rails.invalid_signature", mac: mac, client_id: client_id) unless validity_flag
+            return unauthorized I18n.t("oauth2_hmac_rails.request_timeout_for_client_signature", mac: mac, client_id: client_id) if (ts.to_i + @current_client.mac_request_expires_in) < Time.now.to_i # request timeout
+          rescue
+            return unauthorized I18n.t("oauth2_hmac_rails.unauthorized")
+          end
+          # add valid request to db for preventing replay attacks and api analytics
+          create_mac_request(client_id, ts, nonce, ext, mac)
+        end
+        private
+        def client_authorization_header
+          request.headers[client_authorization_header_key].to_s
+        end
+        def unauthorized(reason)
+          logger.info "#{self.class.name} / #{reason}"
+          attach_unauthorized_header
+          render(json: { error: reason }, status: :unauthorized) and return false
+        end
+        def attach_unauthorized_header
+          response.headers['WWW-Authenticate'] = 'MAC'
+        end
+        def create_mac_request(client_id, ts, nonce, ext, mac)
+          begin
+            MacRequest.create(
+              ip: request.ip,
+              method: request.method,
+              uri: request.path,
+              host: request.host,
+              port: request.port,
+              client_id: client_id,
+              ts: ts,
+              nonce: nonce,
+              ext: ext.to_s,
+              mac: mac,
+              uts: Time.now.to_i
+            )
+          rescue ActiveRecord::RecordNotUnique => e
+            return unauthorized I18n.t("oauth2_hmac_rails.replay_attack")
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/oauth2_hmac_rails/client.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'attr_encrypted'
+module Oauth2HmacRails
+  class Client < ActiveRecord::Base
+    include ::Oauth2HmacRails::Concerns::AutoId
+    attr_encrypted :mac_key, key: Rails.application.secrets.secret_key_base, encode: true
+    serialize :settings, OpenStruct
+  end
+end

data/app/models/oauth2_hmac_rails/concerns/auto_id.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Oauth2HmacRails
+  module Concerns
+    module AutoId
+      extend ActiveSupport::Concern
+      included do
+        self.primary_key = 'id'
+        before_create :generate_id
+        def generate_id
+          (self.id = SecureRandom.uuid.gsub('-', '')) if self.id.nil?
+        end
+      end
+      class_methods do
+      end
+    end
+  end
+end

data/app/models/oauth2_hmac_rails/mac_request.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Oauth2HmacRails
+  class MacRequest < ActiveRecord::Base
+    include ::Oauth2HmacRails::Concerns::AutoId
+  end
+end

data/config/locales/en.yml ADDED Viewed

@@ -0,0 +1,8 @@
+en:
+  oauth2_hmac_rails:
+    missing_hmac_key: "MISSING_HMAC_KEY: %{details}"
+    client_not_found: "CLIENT_NOT_FOUND: %{client_id}"
+    invalid_signature: "INVALID_SIGNATURE: %{mac} for client id %{client_id}"
+    request_timeout_for_client_signature: "REQUEST_TIMEOUT_FOR_CLIENT_SIGNATURE: #{mac} for client id #{client_id}"
+    unauthorized: "UNAUTHORIZED"
+    replay_attack: "REPLAY_ATTACK"

data/config/routes.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ Oauth2HmacRails::Engine.routes.draw do
2	+ end

data/db/migrate/20151116093517_create_oauth2_hmac_rails_clients.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class CreateOauth2HmacRailsClients < ActiveRecord::Migration
+  def change
+    create_table :oauth2_hmac_rails_clients, id: false do |t|
+      t.column      :id, 'CHAR(32)'
+      t.text        :encrypted_mac_key, null: false
+      t.string      :mac_algorithm, default: 'hmac-sha-256'
+      t.integer     :mac_request_expires_in, default: 3
+      t.text        :settings
+      t.timestamps null: false
+    end
+    add_index :oauth2_hmac_rails_clients, :id, unique: true, using: :btree
+  end
+end

data/db/migrate/20151116093601_create_oauth2_hmac_rails_mac_requests.rb ADDED Viewed

@@ -0,0 +1,23 @@
+class CreateOauth2HmacRailsMacRequests < ActiveRecord::Migration
+  def change
+    create_table :oauth2_hmac_rails_mac_requests, id: false do |t|
+      t.string      :id, 'CHAR(32)' # uuid
+      t.column      :client_id, 'CHAR(32)' # uuid
+      t.string      :ip, limit: 64 # client ip
+      t.string      :method, limit: 8 # get, post, put, etc...
+      t.string      :uri # request path
+      t.string      :host, limit: 128 # hostname
+      t.string      :port, limit: 8 # port
+      t.string      :ts, null: false, limit: 10 # timestamp
+      t.string      :nonce, null: false # timestamp + random str
+      t.string      :ext, default: '', null: false # generally md5(request_body)
+      t.string      :mac, null: false # mac signature
+      t.string      :uts, null: false, limit: 10 # created at in unixtime format
+      t.string      :status, null: true
+    end
+    add_index :oauth2_hmac_rails_mac_requests, :id, unique: true, using: :btree
+    add_index :oauth2_hmac_rails_mac_requests, :client_id
+    add_index :oauth2_hmac_rails_mac_requests, [ :mac, :nonce, :ext ], unique: true
+  end
+end

data/lib/oauth2_hmac_rails.rb ADDED Viewed

@@ -0,0 +1,4 @@
+require "oauth2_hmac_rails/engine"
+module Oauth2HmacRails
+end

data/lib/oauth2_hmac_rails/engine.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module Oauth2HmacRails
+  class Engine < ::Rails::Engine
+    isolate_namespace Oauth2HmacRails
+    config.generators do |g|
+      g.test_framework :rspec
+      g.fixture_replacement :factory_girl, dir: 'spec/factories'
+    end
+  end
+end

data/lib/oauth2_hmac_rails/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Oauth2HmacRails
+  VERSION = '0.1.0'
+end

data/lib/tasks/oauth2_hmac_rails_tasks.rake ADDED Viewed

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :oauth2_hmac_rails do
+#   # Task goes here
+# end

metadata ADDED Viewed

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: oauth2_hmac_rails
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mustafa TURAN
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-11-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.5
+- !ruby/object:Gem::Dependency
+  name: oauth2_hmac_header
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+- !ruby/object:Gem::Dependency
+  name: attr_encrypted
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+description: Authorization server 'Rails Engine' for Oauth2 HMac Draft 01.
+email:
+- mustafaturan.net@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- Rakefile
+- app/controllers/oauth2_hmac_rails/application_controller.rb
+- app/controllers/oauth2_hmac_rails/concerns/helper.rb
+- app/models/oauth2_hmac_rails/client.rb
+- app/models/oauth2_hmac_rails/concerns/auto_id.rb
+- app/models/oauth2_hmac_rails/mac_request.rb
+- config/locales/en.yml
+- config/routes.rb
+- db/migrate/20151116093517_create_oauth2_hmac_rails_clients.rb
+- db/migrate/20151116093601_create_oauth2_hmac_rails_mac_requests.rb
+- lib/oauth2_hmac_rails.rb
+- lib/oauth2_hmac_rails/engine.rb
+- lib/oauth2_hmac_rails/version.rb
+- lib/tasks/oauth2_hmac_rails_tasks.rake
+homepage: https://github.com/mustafaturan/oauth2_hmac_rails
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5.1
+signing_key:
+specification_version: 4
+summary: Authorization server 'Rails Engine' for Oauth2 HMac Draft 01.
+test_files: []