obscured-doorman 0.4.0

data/lib/obscured-doorman/strategies/password.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'haml'
+
+module Obscured
+  module Doorman
+    module Strategies
+      class Password < Warden::Strategies::Base
+        include Haml::Helpers
+
+        def valid?
+          params['user'] &&
+            params['user']['username'] &&
+            params['user']['password']
+        end
+
+        def authenticate!
+          fail!(Doorman::MESSAGES[:login_bad_credentials]) unless valid?
+
+          user = User.authenticate(
+            params['user']['username'],
+            params['user']['password']
+          )
+
+          if user.nil?
+            fail!(Doorman::MESSAGES[:login_bad_credentials])
+          elsif Doorman.configuration[:confirmation] && !user.confirmed
+            user.confirm
+
+            fail!(Doorman::MESSAGES[:login_not_confirmed])
+          else
+            success!(user)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/obscured-doorman/strategies/remember_me.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    module Strategies
+      class RememberMeStrategy < Warden::Strategies::Base
+        def valid?
+          !env['rack.cookies'][Doorman.configuration.remember_cookie].nil?
+        end
+
+        def authenticate!
+          token = env['rack.cookies'][Doorman.configuration.remember_cookie]
+          return unless token
+
+          token = Token.where(token: token).first
+          user = token&.user
+          env['rack.cookies'].delete(Doorman.configuration.remember_cookie) && return if user.nil?
+          success!(user)
+        end
+      end
+
+      module RememberMe
+        def self.registered(app)
+          app.use Rack::Cookies
+
+          Warden::Strategies.add(:remember_me, Strategies::RememberMeStrategy)
+
+          app.before do
+            warden.authenticate(:remember_me)
+          end
+
+          Warden::Manager.after_authentication do |user, auth, _opts|
+            if auth.winning_strategy.is_a?(Strategies::RememberMeStrategy) ||
+               (auth.winning_strategy.is_a?(Strategies::Password) && auth.params['user']['remember_me'])
+
+              token = user.tokens.where(type: :remember).first
+              user.remember_me! # new token
+              auth.env['rack.cookies'][Doorman.configuration.remember_cookie] = {
+                value: token.token,
+                expires: (Time.now + Doorman.configuration.remember_for.days.seconds),
+                path: '/'
+              }
+            end
+          end
+
+          Warden::Manager.before_logout do |user, auth, _opts|
+            user&.forget_me! if user
+            auth.env['rack.cookies'].delete(Doorman.configuration.remember_cookie)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/obscured-doorman/utilities/roles.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    module Roles
+      SYSTEM = :system
+      ADMIN = :admin
+      VIEWER = :viewer
+    end
+  end
+end

data/lib/obscured-doorman/utilities/types.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    module Types
+      SYSTEM = :system
+      ADMIN = :admin
+      CONSOLE = :console
+      SCRIPT = :script
+      SETUP = :setup
+      HEROKU = :heroku
+    end
+  end
+end

data/lib/obscured-doorman/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    VERSION = "0.4.0".freeze
+  end
+end

data/obscured-doorman.gemspec

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'obscured-doorman/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = 'obscured-doorman'
+  gem.version       = Obscured::Doorman::VERSION
+  gem.authors       = ['Erik Hennerfors']
+  gem.email         = ['erik.hennerfors@obscured.se']
+  gem.description   = "Doorman is a front of Warden used by Obscured and it's applications"
+  gem.summary       = "Doorman is a front of Warden used by Obscured and it's applications"
+  gem.homepage      = 'https://github.com/gonace/Obscured.Doorman.git'
+
+  gem.required_ruby_version = '>= 2'
+
+  gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ['lib']
+
+  gem.add_dependency 'bcrypt'
+  gem.add_dependency 'geocoder'
+  gem.add_dependency 'haml'
+  gem.add_dependency 'mail'
+  gem.add_dependency 'mongoid'
+  gem.add_dependency 'rack'
+  gem.add_dependency 'rack-contrib'
+  gem.add_dependency 'rest-client'
+  gem.add_dependency 'sinatra'
+  gem.add_dependency 'sinatra-contrib'
+  gem.add_dependency 'sinatra-flash'
+  gem.add_dependency 'sinatra-partial'
+  gem.add_dependency 'warden'
+
+  gem.add_development_dependency 'dotenv'
+  gem.add_development_dependency 'factory_bot'
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'simplecov'
+end

data/spec/config/mongoid.yml

@@ -0,0 +1,11 @@
+spec:
+  options:
+    raise_not_found_error: false
+  clients:
+    default:
+      database: doorman_testing
+      hosts:
+        - localhost:27017
+      options:
+        max_pool_size: 100
+        min_pool_size: 5

data/spec/doorman_spec.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+require_relative 'setup'
+
+
+describe Obscured::Doorman::Base do
+  include Rack::Test::Methods
+
+  def app
+    Obscured::Doorman::Spec::App
+  end
+
+  let!(:email) { 'homer.simpson@obscured.se' }
+  let!(:password) { 'Password123' }
+  let!(:user) { FactoryBot.create(:user, username: email) }
+
+  describe 'login' do
+    def do_login(overrides = {})
+      cmd = {}
+      cmd[:user] = {}
+      cmd[:user][:username] = overrides[:username] if overrides[:username]
+      cmd[:user][:password] = overrides[:password] if overrides[:password]
+      post '/doorman/login', cmd
+    end
+
+    context 'successful' do
+      before(:each) do
+        do_login(username: email, password: password)
+      end
+
+      it 'redirects user to front page (/home)' do
+        expect(last_response.status).to eq(302)
+        expect(last_response).to be_redirect
+        expect(last_response.location).to eq('http://example.org/home')
+        follow_redirect!
+        expect(last_response.body).to eq('Hello World!')
+      end
+
+      it 'returns session info' do
+        get '/session'
+
+        expect(last_response.status).to eq(200)
+      end
+
+      it 'returns user info' do
+        get '/user'
+
+        expect(last_response.status).to eq(200)
+      end
+    end
+
+    context 'unsuccessful' do
+      context 'wrong password' do
+        before(:each) do
+          do_login(username: email, password: 'foo/bar')
+        end
+
+        it 'redirects back to login if authentication failed' do
+          expect(last_response.status).to eq(302)
+          follow_redirect!
+          expect(last_response.location).to eq('http://example.org/doorman/login')
+        end
+
+        it 'does not return user info' do
+          get '/user'
+
+          expect(last_response.status).to eq(403)
+        end
+
+        it 'does not return user info' do
+          get '/user/xml'
+
+          expect(last_response.status).to eq(403)
+        end
+      end
+
+      context 'user not confirmed' do
+        before(:each) do
+          Obscured::Doorman.configuration[:confirmation] = true
+          do_login(username: email, password: password)
+        end
+
+        after(:each) do
+          Obscured::Doorman.configuration[:confirmation] = false
+        end
+
+        it 'redirects back to login when authentication failed due to confirmation not completed' do
+          expect(last_response.status).to eq(302)
+          follow_redirect!
+          expect(last_response.location).to eq('http://example.org/doorman/login')
+        end
+      end
+    end
+  end
+
+  describe 'logout' do
+    def do_login(overrides = {})
+      cmd = {}
+      cmd[:user] = {}
+      cmd[:user][:username] = overrides[:username] if overrides[:username]
+      cmd[:user][:password] = overrides[:password] if overrides[:password]
+      post '/doorman/login', cmd
+    end
+
+    context 'successful' do
+      before(:each) do
+        do_login(username: email, password: password)
+      end
+
+      it 'logs out the user' do
+        get '/logout'
+
+        expect(last_response.status).to eq(200)
+      end
+    end
+  end
+
+  describe 'register' do
+    def do_register(overrides = {})
+      cmd = {}
+      cmd[:user] = {}
+      cmd[:user][:username] = overrides[:username] if overrides[:username]
+      cmd[:user][:password] = overrides[:password] if overrides[:password]
+      post '/doorman/register', cmd
+    end
+
+    context 'successful' do
+      before(:each) do
+        do_register(username: 'lisa.simpson@obscured.se', password: "#{password}#!")
+      end
+
+      it 'redirects user to front page (/home)' do
+        expect(last_response.status).to eq(302)
+        expect(last_response).to be_redirect
+        expect(last_response.location).to eq('http://example.org/home')
+
+        follow_redirect!
+
+        expect(last_response.body).to eq('Hello World!')
+      end
+    end
+  end
+
+  describe 'confirm' do
+    def do_confirm(token)
+      get "/doorman/confirm/#{token}"
+    end
+
+    let!(:token) { FactoryBot.create(:token, type: :confirm, user: user) }
+
+    context 'successful' do
+      before(:each) do
+        do_confirm(token.token)
+
+        user.reload
+      end
+
+      it 'confirms user and removes token' do
+        expect(last_response.status).to eq(302)
+        expect(user.tokens.where(type: :confirm).count).to eq(0)
+      end
+    end
+  end
+
+  describe 'forget' do
+    def do_forgot(overrides = {})
+      cmd = {}
+      cmd[:user] = {}
+      cmd[:user][:username] = overrides[:username] if overrides[:username]
+      post '/doorman/forgot', cmd
+    end
+
+    let(:token) { user.tokens.where(type: :password).first }
+
+    context 'successful' do
+      before(:each) do
+        do_forgot(username: user.username)
+        user.reload
+      end
+
+      it 'confirms user and removes token' do
+        expect(last_response.status).to eq(302)
+        expect(user.tokens.where(type: :password).count).to eq(1)
+      end
+    end
+  end
+
+  describe 'reset' do
+    def do_reset(overrides = {})
+      cmd = {}
+      cmd[:user] = {}
+      cmd[:user][:username] = overrides[:username] if overrides[:username]
+      cmd[:user][:token] = overrides[:token] if overrides[:token]
+      post '/doorman/reset', cmd
+    end
+  end
+
+  describe 'configuration' do
+    it 'should return default configuration' do
+      expect(Obscured::Doorman.default_configuration).to_not be(nil)
+    end
+  end
+end

data/spec/errors_spec.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'setup'
+
+describe Obscured::Doorman::Error do
+  let!(:error) { Obscured::Doorman::Error .new(:already_exists, what: 'foo/bar') }
+
+  it 'initializes' do
+    expect(error.message).to eq('foo/bar')
+  end
+end

data/spec/factories/token_factory.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :token, class: Obscured::Doorman::Token do
+    type { :password }
+    token { Digest::SHA1.hexdigest('--homer.simpsons@obscured.se--') }
+  end
+end

data/spec/factories/user_factory.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :user, class: Obscured::Doorman::User do
+    username { 'homer.simpson@obscured.se' }
+    password { BCrypt::Password.create('Password123') }
+    first_name { 'Homer' }
+    last_name { 'Simpson' }
+    mobile { '+467855568' }
+    role { :admin }
+  end
+end

data/spec/helpers/application_helper.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    module Spec
+      class App < Sinatra::Base
+        helpers Obscured::Doorman::Helpers
+        register Sinatra::Flash
+
+        use Rack::Session::Cookie,
+            key: 'rack.session',
+            path: '/',
+            secret: 'rspec_secret'
+        use Obscured::Doorman::Middleware
+
+        Obscured::Doorman::Middleware.set :views, "#{File.dirname(__FILE__)}/../views/doorman"
+
+        get '/home' do
+          authorize!
+
+          'Hello World!'
+        end
+
+        get '/session' do
+          authenticate
+
+          { session: session_info, user: user }.to_json
+        end
+
+        get '/user' do
+          authorized?
+          content_type :json
+
+          { user: user }.to_json
+        end
+
+        get '/user/xml' do
+          authorized?(:xml)
+          content_type :xml
+
+          { user: user }.to_xml
+        end
+
+        get '/logout' do
+          authorized?
+
+          logout
+        end
+      end
+    end
+  end
+end