osso 0.0.6.alpha → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +2 -2
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/automerge.yml +19 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +13 -10
- data/lib/osso.rb +0 -1
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/routes/admin.rb +1 -1
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +1 -1
- metadata +13 -7
- data/lib/osso/helpers/auth.rb +0 -94
- data/lib/osso/helpers/helpers.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed87e1642f9d6b504f2b6642d50f694f5fb63d82c49deb9088aa0d6964f876f5
|
|
4
|
+
data.tar.gz: 20e3006e7367070fd0bc67d72ee7c55fe9c1948a31a58baad439561d41b698f3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b3301fe48bf416b152b174bdbfb6180084849f3f9fc2bd50d6382a31dece3dd7c556a47e54bd73b677ac69225ea645c98a9bfca9484425944c09f2b6f5ea8cbd
|
|
7
|
+
data.tar.gz: 7d40c2972213a5981abcf4d5213ff4f2518a4f5ea320bdad2b866e48ae64dfcc422d7c42679dc35429d4091c196f05e1ed84a45f8d14541e8032aeaa4caf336c
|
data/.buildkite/pipeline.yml
CHANGED
|
@@ -19,8 +19,8 @@ steps:
|
|
|
19
19
|
prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
|
|
20
20
|
|
|
21
21
|
- block: ":rubygems: Publish :red_button:"
|
|
22
|
-
|
|
22
|
+
if: build.tag != null
|
|
23
23
|
|
|
24
24
|
- name: "Push :rubygems:"
|
|
25
25
|
commands: "./bin/publish"
|
|
26
|
-
|
|
26
|
+
if: build.tag != null
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
name: auto-merge
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
|
|
6
|
+
jobs:
|
|
7
|
+
auto-approve:
|
|
8
|
+
runs-on: ubuntu-latest
|
|
9
|
+
steps:
|
|
10
|
+
- uses: actions/checkout@v2
|
|
11
|
+
- uses: ahmadnassri/action-dependabot-auto-merge@v2
|
|
12
|
+
with:
|
|
13
|
+
target: minor
|
|
14
|
+
github-token: ${{ secrets.TOKEN }}
|
|
15
|
+
- uses: hmarr/auto-approve-action@v2.0.0
|
|
16
|
+
if: github.actor == 'dependabot[bot]'
|
|
17
|
+
with:
|
|
18
|
+
github-token: "${{ secrets.TOKEN }}"
|
|
19
|
+
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -15,7 +15,7 @@ PATH
|
|
|
15
15
|
rake
|
|
16
16
|
rodauth (~> 2.6.0)
|
|
17
17
|
sequel (~> 5.37.0)
|
|
18
|
-
sequel-activerecord_connection (
|
|
18
|
+
sequel-activerecord_connection (>= 0.3, < 2.0)
|
|
19
19
|
sinatra
|
|
20
20
|
sinatra-activerecord
|
|
21
21
|
sinatra-contrib
|
|
@@ -37,6 +37,8 @@ GEM
|
|
|
37
37
|
addressable (2.7.0)
|
|
38
38
|
public_suffix (>= 2.0.2, < 5.0)
|
|
39
39
|
aes_key_wrap (1.1.0)
|
|
40
|
+
after_commit_everywhere (0.1.5)
|
|
41
|
+
activerecord (>= 4.2)
|
|
40
42
|
annotate (3.1.1)
|
|
41
43
|
activerecord (>= 3.2, < 7.0)
|
|
42
44
|
rake (>= 10.4, < 14.0)
|
|
@@ -55,7 +57,7 @@ GEM
|
|
|
55
57
|
docile (1.3.2)
|
|
56
58
|
factory_bot (6.1.0)
|
|
57
59
|
activesupport (>= 5.0.0)
|
|
58
|
-
faker (2.
|
|
60
|
+
faker (2.15.0)
|
|
59
61
|
i18n (>= 1.6, < 2)
|
|
60
62
|
graphql (1.11.6)
|
|
61
63
|
hashdiff (1.0.1)
|
|
@@ -88,7 +90,7 @@ GEM
|
|
|
88
90
|
omniauth-saml (1.10.3)
|
|
89
91
|
omniauth (~> 1.3, >= 1.3.2)
|
|
90
92
|
ruby-saml (~> 1.9)
|
|
91
|
-
parallel (1.
|
|
93
|
+
parallel (1.20.1)
|
|
92
94
|
parser (2.7.2.0)
|
|
93
95
|
ast (~> 2.4.1)
|
|
94
96
|
pg (1.2.3)
|
|
@@ -131,24 +133,25 @@ GEM
|
|
|
131
133
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
132
134
|
rspec-support (~> 3.9.0)
|
|
133
135
|
rspec-support (3.9.4)
|
|
134
|
-
rubocop (1.1
|
|
136
|
+
rubocop (1.4.1)
|
|
135
137
|
parallel (~> 1.10)
|
|
136
138
|
parser (>= 2.7.1.5)
|
|
137
139
|
rainbow (>= 2.2.2, < 4.0)
|
|
138
140
|
regexp_parser (>= 1.8)
|
|
139
141
|
rexml
|
|
140
|
-
rubocop-ast (>= 1.
|
|
142
|
+
rubocop-ast (>= 1.1.1)
|
|
141
143
|
ruby-progressbar (~> 1.7)
|
|
142
144
|
unicode-display_width (>= 1.4.0, < 2.0)
|
|
143
|
-
rubocop-ast (1.
|
|
145
|
+
rubocop-ast (1.2.0)
|
|
144
146
|
parser (>= 2.7.1.5)
|
|
145
147
|
ruby-progressbar (1.10.1)
|
|
146
148
|
ruby-saml (1.11.0)
|
|
147
149
|
nokogiri (>= 1.5.10)
|
|
148
150
|
ruby2_keywords (0.0.2)
|
|
149
151
|
sequel (5.37.0)
|
|
150
|
-
sequel-activerecord_connection (
|
|
152
|
+
sequel-activerecord_connection (1.2.0)
|
|
151
153
|
activerecord (>= 4.2, < 7)
|
|
154
|
+
after_commit_everywhere (~> 0.1.5)
|
|
152
155
|
sequel (~> 5.16)
|
|
153
156
|
simplecov (0.17.0)
|
|
154
157
|
docile (~> 1.1)
|
|
@@ -171,10 +174,10 @@ GEM
|
|
|
171
174
|
tilt (~> 2.0)
|
|
172
175
|
thread_safe (0.3.6)
|
|
173
176
|
tilt (2.0.10)
|
|
174
|
-
tzinfo (1.2.
|
|
177
|
+
tzinfo (1.2.8)
|
|
175
178
|
thread_safe (~> 0.1)
|
|
176
179
|
unicode-display_width (1.7.0)
|
|
177
|
-
webmock (3.
|
|
180
|
+
webmock (3.10.0)
|
|
178
181
|
addressable (>= 2.3.6)
|
|
179
182
|
crack (>= 0.3.2)
|
|
180
183
|
hashdiff (>= 0.4.0, < 2.0.0)
|
|
@@ -196,7 +199,7 @@ DEPENDENCIES
|
|
|
196
199
|
rspec (~> 3.2)
|
|
197
200
|
rubocop
|
|
198
201
|
simplecov (= 0.17)
|
|
199
|
-
webmock (~> 3.
|
|
202
|
+
webmock (~> 3.10)
|
|
200
203
|
|
|
201
204
|
BUNDLED WITH
|
|
202
205
|
2.1.4
|
data/lib/osso.rb
CHANGED
data/lib/osso/lib/app_config.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Osso
|
|
|
7
7
|
def self.included(klass)
|
|
8
8
|
klass.class_eval do
|
|
9
9
|
use Rack::JSONBodyParser
|
|
10
|
-
use Rack::Session::Cookie, secret: ENV
|
|
10
|
+
use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
|
|
11
11
|
|
|
12
12
|
error ActiveRecord::RecordNotFound do
|
|
13
13
|
status 404
|
data/lib/osso/routes/admin.rb
CHANGED
|
@@ -8,7 +8,7 @@ DEFAULT_VIEWS_DIR = File.join(File.expand_path(Bundler.root), 'views/rodauth')
|
|
|
8
8
|
module Osso
|
|
9
9
|
class Admin < Roda
|
|
10
10
|
DB = Sequel.postgres(extensions: :activerecord_connection)
|
|
11
|
-
use Rack::Session::Cookie, secret: ENV
|
|
11
|
+
use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
|
|
12
12
|
|
|
13
13
|
plugin :middleware
|
|
14
14
|
plugin :render, engine: 'erb', views: ENV['RODAUTH_VIEWS'] || DEFAULT_VIEWS_DIR
|
data/lib/osso/version.rb
CHANGED
data/osso-rb.gemspec
CHANGED
|
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.add_runtime_dependency 'rake'
|
|
29
29
|
spec.add_runtime_dependency 'rodauth', '~> 2.6.0'
|
|
30
30
|
spec.add_runtime_dependency 'sequel', '~> 5.37.0'
|
|
31
|
-
spec.add_runtime_dependency 'sequel-activerecord_connection', '
|
|
31
|
+
spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
|
|
32
32
|
spec.add_runtime_dependency 'sinatra'
|
|
33
33
|
spec.add_runtime_dependency 'sinatra-activerecord'
|
|
34
34
|
spec.add_runtime_dependency 'sinatra-contrib'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: osso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.6
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Bauch
|
|
@@ -196,16 +196,22 @@ dependencies:
|
|
|
196
196
|
name: sequel-activerecord_connection
|
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
|
198
198
|
requirements:
|
|
199
|
-
- - "
|
|
199
|
+
- - ">="
|
|
200
200
|
- !ruby/object:Gem::Version
|
|
201
201
|
version: '0.3'
|
|
202
|
+
- - "<"
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: '2.0'
|
|
202
205
|
type: :runtime
|
|
203
206
|
prerelease: false
|
|
204
207
|
version_requirements: !ruby/object:Gem::Requirement
|
|
205
208
|
requirements:
|
|
206
|
-
- - "
|
|
209
|
+
- - ">="
|
|
207
210
|
- !ruby/object:Gem::Version
|
|
208
211
|
version: '0.3'
|
|
212
|
+
- - "<"
|
|
213
|
+
- !ruby/object:Gem::Version
|
|
214
|
+
version: '2.0'
|
|
209
215
|
- !ruby/object:Gem::Dependency
|
|
210
216
|
name: sinatra
|
|
211
217
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -305,6 +311,8 @@ files:
|
|
|
305
311
|
- ".buildkite/hooks/pre-command"
|
|
306
312
|
- ".buildkite/pipeline.yml"
|
|
307
313
|
- ".buildkite/template.yml"
|
|
314
|
+
- ".github/dependabot.yml"
|
|
315
|
+
- ".github/workflows/automerge.yml"
|
|
308
316
|
- ".gitignore"
|
|
309
317
|
- ".rspec"
|
|
310
318
|
- ".rubocop.yml"
|
|
@@ -392,8 +400,6 @@ files:
|
|
|
392
400
|
- lib/osso/graphql/types/oauth_client.rb
|
|
393
401
|
- lib/osso/graphql/types/redirect_uri.rb
|
|
394
402
|
- lib/osso/graphql/types/redirect_uri_input.rb
|
|
395
|
-
- lib/osso/helpers/auth.rb
|
|
396
|
-
- lib/osso/helpers/helpers.rb
|
|
397
403
|
- lib/osso/lib/app_config.rb
|
|
398
404
|
- lib/osso/lib/oauth2_token.rb
|
|
399
405
|
- lib/osso/lib/route_map.rb
|
|
@@ -467,9 +473,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
467
473
|
version: 2.3.0
|
|
468
474
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
469
475
|
requirements:
|
|
470
|
-
- - "
|
|
476
|
+
- - ">="
|
|
471
477
|
- !ruby/object:Gem::Version
|
|
472
|
-
version:
|
|
478
|
+
version: '0'
|
|
473
479
|
requirements: []
|
|
474
480
|
rubygems_version: 3.0.3
|
|
475
481
|
signing_key:
|
data/lib/osso/helpers/auth.rb
DELETED
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Osso
|
|
4
|
-
module Helpers
|
|
5
|
-
module Auth
|
|
6
|
-
END_USER_SCOPE = 'end-user'
|
|
7
|
-
INTERNAL_SCOPE = 'internal'
|
|
8
|
-
ADMIN_SCOPE = 'admin'
|
|
9
|
-
|
|
10
|
-
attr_accessor :current_user
|
|
11
|
-
|
|
12
|
-
def token_protected!
|
|
13
|
-
decode(token)
|
|
14
|
-
rescue JWT::DecodeError
|
|
15
|
-
halt 401
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def enterprise_protected!(domain = nil)
|
|
19
|
-
return if admin_authorized?
|
|
20
|
-
return if internal_authorized?
|
|
21
|
-
return if enterprise_authorized?(domain)
|
|
22
|
-
|
|
23
|
-
halt 401 if request.post?
|
|
24
|
-
|
|
25
|
-
redirect ENV['JWT_URL']
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def internal_protected!
|
|
29
|
-
return if admin_authorized?
|
|
30
|
-
return if internal_authorized?
|
|
31
|
-
|
|
32
|
-
redirect ENV['JWT_URL']
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def admin_protected!
|
|
36
|
-
return true if admin_authorized?
|
|
37
|
-
|
|
38
|
-
redirect ENV['JWT_URL']
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
private
|
|
42
|
-
|
|
43
|
-
def enterprise_authorized?(domain)
|
|
44
|
-
decode(token)
|
|
45
|
-
|
|
46
|
-
@current_user[:scope] == END_USER_SCOPE &&
|
|
47
|
-
@current_user[:email].split('@')[1] == domain
|
|
48
|
-
rescue JWT::DecodeError
|
|
49
|
-
false
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
def internal_authorized?
|
|
53
|
-
decode(token)
|
|
54
|
-
|
|
55
|
-
@current_user[:scope] == INTERNAL_SCOPE
|
|
56
|
-
rescue JWT::DecodeError
|
|
57
|
-
false
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def admin_authorized?
|
|
61
|
-
decode(token)
|
|
62
|
-
|
|
63
|
-
@current_user[:scope] == ADMIN_SCOPE
|
|
64
|
-
rescue JWT::DecodeError
|
|
65
|
-
false
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
def token
|
|
69
|
-
session['admin_token'] || request.env['HTTP_AUTHORIZATION'] || request.params['admin_token']
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
def chomp_token
|
|
73
|
-
return unless request['admin_token'].present?
|
|
74
|
-
|
|
75
|
-
session['admin_token'] = request['admin_token']
|
|
76
|
-
|
|
77
|
-
return if request.post?
|
|
78
|
-
|
|
79
|
-
redirect request.path
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
def decode(token)
|
|
83
|
-
payload, _args = JWT.decode(
|
|
84
|
-
token,
|
|
85
|
-
ENV['JWT_HMAC_SECRET'],
|
|
86
|
-
true,
|
|
87
|
-
{ algorithm: 'HS256' },
|
|
88
|
-
)
|
|
89
|
-
|
|
90
|
-
@current_user = payload.symbolize_keys
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
end
|
|
94
|
-
end
|