oauth2_proxy_authentication 0.0.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 278ce6d918f64afb1121aa9e1f2f0acbcce80824
4
+ data.tar.gz: d0f399c5b596cec593dd66bd8f99afcd077fd2ec
5
+ SHA512:
6
+ metadata.gz: 929cc47ace48e42e7c94fd4591f21075b9372cee7efa372b6c61e4a3e67050d84f058fbaea49a41c581e11e66301e5a5cf059b5f971e8df1b1a6b799726bb6b6
7
+ data.tar.gz: 91083ca7264de9f44e0efff771ca74b5b17de292a69c7542492654a0bbde38977565c76a0fbc2101cdfcd6c29c3ec22fe4c0a8d0ce5c7b5e697f3857e66c8d34
@@ -0,0 +1,15 @@
1
+ ## Welcome!
2
+
3
+ We're so glad you're thinking about contributing to an 18F open source project! If you're unsure or afraid of anything, just ask or submit the issue or pull request anyways. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contribution, and don't want a wall of rules to get in the way of that.
4
+
5
+ Before contributing, we encourage you to read our CONTRIBUTING policy (you are here), our LICENSE, and our README, all of which should be in this repository. If you have any questions, or want to read more about our underlying policies, you can consult the 18F Open Source Policy GitHub repository at https://github.com/18f/open-source-policy, or just shoot us an email/official government letterhead note to [18f@gsa.gov](mailto:18f@gsa.gov).
6
+
7
+ ## Public domain
8
+
9
+ This project is in the public domain within the United States, and
10
+ copyright and related rights in the work worldwide are waived through
11
+ the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
12
+
13
+ All contributions to this project will be released under the CC0
14
+ dedication. By submitting a pull request, you are agreeing to comply
15
+ with this waiver of copyright interest.
@@ -0,0 +1,31 @@
1
+ As a work of the United States Government, this project is in the
2
+ public domain within the United States.
3
+
4
+ Additionally, we waive copyright and related rights in the work
5
+ worldwide through the CC0 1.0 Universal public domain dedication.
6
+
7
+ ## CC0 1.0 Universal Summary
8
+
9
+ This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
10
+
11
+ ### No Copyright
12
+
13
+ The person who associated a work with this deed has dedicated the work to
14
+ the public domain by waiving all of his or her rights to the work worldwide
15
+ under copyright law, including all related and neighboring rights, to the
16
+ extent allowed by law.
17
+
18
+ You can copy, modify, distribute and perform the work, even for commercial
19
+ purposes, all without asking permission.
20
+
21
+ ### Other Information
22
+
23
+ In no way are the patent or trademark rights of any person affected by CC0,
24
+ nor are the rights that other persons may have in the work or in how the
25
+ work is used, such as publicity or privacy rights.
26
+
27
+ Unless expressly stated otherwise, the person who associated a work with
28
+ this deed makes no warranties about the work, and disclaims liability for
29
+ all uses of the work, to the fullest extent permitted by applicable law.
30
+ When using or citing the work, you should not imply endorsement by the
31
+ author or the affirmer.
@@ -0,0 +1,45 @@
1
+ # `oauth2_proxy_authentication` gem
2
+
3
+ **NOTE: This gem will not work until after bitly/oauth2_proxy#147 is integrated.**
4
+
5
+ Authenticates requests from
6
+ [bitly/oauth2_proxy](https://github.com/bitly/oauth2_proxy) based on a
7
+ shared-secret HMAC signature of the request.
8
+
9
+ ## Installation
10
+
11
+ If you're using [Bundler](http://bundler.io) in your project, add the
12
+ following to your `Gemfile`:
13
+
14
+ ```ruby
15
+ gem 'oauth2_proxy_authentication'
16
+ ```
17
+
18
+ If you're not using Bundler, start.
19
+
20
+ ## Usage
21
+
22
+ Inject something resembling the following code fragment into your request
23
+ handling logic as the first thing that happens before the request body is
24
+ parsed, where `secret_key` is the shared secret between your application and
25
+ the running instance of `bitly/oauth2_proxy`:
26
+
27
+ ```ruby
28
+ def my_handler(request)
29
+ result, header_signature, computed_signature = (
30
+ Oauth2ProxyAuthentication.validate_request(request, secret_key))
31
+ if result != Oauth2ProxyAuthentication::MATCH
32
+ # Cancel the request, optionally logging the values above.
33
+ end
34
+ end
35
+ ```
36
+
37
+ ## Public domain
38
+
39
+ This project is in the worldwide [public domain](LICENSE.md). As stated in [CONTRIBUTING](CONTRIBUTING.md):
40
+
41
+ > This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
42
+ >
43
+ > All contributions to this project will be released under the CC0
44
+ >dedication. By submitting a pull request, you are agreeing to comply
45
+ >with this waiver of copyright interest.
@@ -0,0 +1,2 @@
1
+ require_relative 'oauth2_proxy_authentication/signature'
2
+ require_relative 'oauth2_proxy_authentication/version'
@@ -0,0 +1,54 @@
1
+ require 'base64'
2
+ require 'openssl'
3
+
4
+ module Oauth2ProxyAuthentication
5
+ HEADERS = %w(
6
+ Content-Length
7
+ Content-Md5
8
+ Content-Type
9
+ Date
10
+ Authorization
11
+ X-Forwarded-User
12
+ X-Forwarded-Email
13
+ X-Forwarded-Access-Token
14
+ Cookie
15
+ Gap-Auth
16
+ )
17
+
18
+ NO_SIGNATURE = 1
19
+ INVALID_FORMAT = 2
20
+ UNSUPPORTED_ALGORITHM = 3
21
+ MATCH = 4
22
+ MISMATCH = 5
23
+
24
+ def self.signed_headers(request)
25
+ HEADERS.map { |name| request[name] || '' }
26
+ end
27
+
28
+ def self.string_to_sign(req)
29
+ [req.method, signed_headers(req).join("\n"), req.uri.path].join("\n")
30
+ end
31
+
32
+ def self.request_signature(request, digest, secret_key)
33
+ hmac = OpenSSL::HMAC.new secret_key, digest
34
+ hmac << string_to_sign(request) << (request.body || '')
35
+ digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest)
36
+ end
37
+
38
+ def self.parse_digest(name)
39
+ OpenSSL::Digest.new name
40
+ rescue
41
+ nil
42
+ end
43
+
44
+ def self.validate_request(request, key)
45
+ header = request['Gap-Signature']
46
+ return NO_SIGNATURE unless header
47
+ components = header.split ' '
48
+ return INVALID_FORMAT, header unless components.size == 2
49
+ digest = parse_digest components.first
50
+ return UNSUPPORTED_ALGORITHM, header unless digest
51
+ computed = request_signature(request, digest, key)
52
+ [(header == computed) ? MATCH : MISMATCH, header, computed]
53
+ end
54
+ end
@@ -0,0 +1,3 @@
1
+ module Oauth2ProxyAuthentication
2
+ VERSION = '0.0.0'
3
+ end
metadata ADDED
@@ -0,0 +1,163 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: oauth2_proxy_authentication
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Mike Bland
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-10-01 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.10'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.10'
27
+ - !ruby/object:Gem::Dependency
28
+ name: go_script
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.1'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.1'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.4'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.4'
55
+ - !ruby/object:Gem::Dependency
56
+ name: minitest
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: codeclimate-test-reporter
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: coveralls
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: about_yml
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ description: Authenticates requests proxied by a bitly/oauth2_proxy server using shared-secret
126
+ HMAC request signatures.
127
+ email:
128
+ - michael.bland@gsa.gov
129
+ executables: []
130
+ extensions: []
131
+ extra_rdoc_files: []
132
+ files:
133
+ - CONTRIBUTING.md
134
+ - LICENSE.md
135
+ - README.md
136
+ - lib/oauth2_proxy_authentication.rb
137
+ - lib/oauth2_proxy_authentication/signature.rb
138
+ - lib/oauth2_proxy_authentication/version.rb
139
+ homepage: https://github.com/18F/oauth2_proxy_authentication_gem
140
+ licenses:
141
+ - CC0
142
+ metadata: {}
143
+ post_install_message:
144
+ rdoc_options: []
145
+ require_paths:
146
+ - lib
147
+ required_ruby_version: !ruby/object:Gem::Requirement
148
+ requirements:
149
+ - - ">="
150
+ - !ruby/object:Gem::Version
151
+ version: '0'
152
+ required_rubygems_version: !ruby/object:Gem::Requirement
153
+ requirements:
154
+ - - ">="
155
+ - !ruby/object:Gem::Version
156
+ version: '0'
157
+ requirements: []
158
+ rubyforge_project:
159
+ rubygems_version: 2.4.5.1
160
+ signing_key:
161
+ specification_version: 4
162
+ summary: Authenticates requests from bitly/oauth2_proxy
163
+ test_files: []