osso 0.0.6.alpha → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +2 -2
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/automerge.yml +19 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +13 -10
- data/lib/osso.rb +0 -1
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/routes/admin.rb +1 -1
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +1 -1
- metadata +13 -7
- data/lib/osso/helpers/auth.rb +0 -94
- data/lib/osso/helpers/helpers.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed87e1642f9d6b504f2b6642d50f694f5fb63d82c49deb9088aa0d6964f876f5
|
|
4
|
+
data.tar.gz: 20e3006e7367070fd0bc67d72ee7c55fe9c1948a31a58baad439561d41b698f3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b3301fe48bf416b152b174bdbfb6180084849f3f9fc2bd50d6382a31dece3dd7c556a47e54bd73b677ac69225ea645c98a9bfca9484425944c09f2b6f5ea8cbd
|
|
7
|
+
data.tar.gz: 7d40c2972213a5981abcf4d5213ff4f2518a4f5ea320bdad2b866e48ae64dfcc422d7c42679dc35429d4091c196f05e1ed84a45f8d14541e8032aeaa4caf336c
|
data/.buildkite/pipeline.yml
CHANGED
|
@@ -19,8 +19,8 @@ steps:
|
|
|
19
19
|
prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
|
|
20
20
|
|
|
21
21
|
- block: ":rubygems: Publish :red_button:"
|
|
22
|
-
|
|
22
|
+
if: build.tag != null
|
|
23
23
|
|
|
24
24
|
- name: "Push :rubygems:"
|
|
25
25
|
commands: "./bin/publish"
|
|
26
|
-
|
|
26
|
+
if: build.tag != null
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
name: auto-merge
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
|
|
6
|
+
jobs:
|
|
7
|
+
auto-approve:
|
|
8
|
+
runs-on: ubuntu-latest
|
|
9
|
+
steps:
|
|
10
|
+
- uses: actions/checkout@v2
|
|
11
|
+
- uses: ahmadnassri/action-dependabot-auto-merge@v2
|
|
12
|
+
with:
|
|
13
|
+
target: minor
|
|
14
|
+
github-token: ${{ secrets.TOKEN }}
|
|
15
|
+
- uses: hmarr/auto-approve-action@v2.0.0
|
|
16
|
+
if: github.actor == 'dependabot[bot]'
|
|
17
|
+
with:
|
|
18
|
+
github-token: "${{ secrets.TOKEN }}"
|
|
19
|
+
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -15,7 +15,7 @@ PATH
|
|
|
15
15
|
rake
|
|
16
16
|
rodauth (~> 2.6.0)
|
|
17
17
|
sequel (~> 5.37.0)
|
|
18
|
-
sequel-activerecord_connection (
|
|
18
|
+
sequel-activerecord_connection (>= 0.3, < 2.0)
|
|
19
19
|
sinatra
|
|
20
20
|
sinatra-activerecord
|
|
21
21
|
sinatra-contrib
|
|
@@ -37,6 +37,8 @@ GEM
|
|
|
37
37
|
addressable (2.7.0)
|
|
38
38
|
public_suffix (>= 2.0.2, < 5.0)
|
|
39
39
|
aes_key_wrap (1.1.0)
|
|
40
|
+
after_commit_everywhere (0.1.5)
|
|
41
|
+
activerecord (>= 4.2)
|
|
40
42
|
annotate (3.1.1)
|
|
41
43
|
activerecord (>= 3.2, < 7.0)
|
|
42
44
|
rake (>= 10.4, < 14.0)
|
|
@@ -55,7 +57,7 @@ GEM
|
|
|
55
57
|
docile (1.3.2)
|
|
56
58
|
factory_bot (6.1.0)
|
|
57
59
|
activesupport (>= 5.0.0)
|
|
58
|
-
faker (2.
|
|
60
|
+
faker (2.15.0)
|
|
59
61
|
i18n (>= 1.6, < 2)
|
|
60
62
|
graphql (1.11.6)
|
|
61
63
|
hashdiff (1.0.1)
|
|
@@ -88,7 +90,7 @@ GEM
|
|
|
88
90
|
omniauth-saml (1.10.3)
|
|
89
91
|
omniauth (~> 1.3, >= 1.3.2)
|
|
90
92
|
ruby-saml (~> 1.9)
|
|
91
|
-
parallel (1.
|
|
93
|
+
parallel (1.20.1)
|
|
92
94
|
parser (2.7.2.0)
|
|
93
95
|
ast (~> 2.4.1)
|
|
94
96
|
pg (1.2.3)
|
|
@@ -131,24 +133,25 @@ GEM
|
|
|
131
133
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
132
134
|
rspec-support (~> 3.9.0)
|
|
133
135
|
rspec-support (3.9.4)
|
|
134
|
-
rubocop (1.1
|
|
136
|
+
rubocop (1.4.1)
|
|
135
137
|
parallel (~> 1.10)
|
|
136
138
|
parser (>= 2.7.1.5)
|
|
137
139
|
rainbow (>= 2.2.2, < 4.0)
|
|
138
140
|
regexp_parser (>= 1.8)
|
|
139
141
|
rexml
|
|
140
|
-
rubocop-ast (>= 1.
|
|
142
|
+
rubocop-ast (>= 1.1.1)
|
|
141
143
|
ruby-progressbar (~> 1.7)
|
|
142
144
|
unicode-display_width (>= 1.4.0, < 2.0)
|
|
143
|
-
rubocop-ast (1.
|
|
145
|
+
rubocop-ast (1.2.0)
|
|
144
146
|
parser (>= 2.7.1.5)
|
|
145
147
|
ruby-progressbar (1.10.1)
|
|
146
148
|
ruby-saml (1.11.0)
|
|
147
149
|
nokogiri (>= 1.5.10)
|
|
148
150
|
ruby2_keywords (0.0.2)
|
|
149
151
|
sequel (5.37.0)
|
|
150
|
-
sequel-activerecord_connection (
|
|
152
|
+
sequel-activerecord_connection (1.2.0)
|
|
151
153
|
activerecord (>= 4.2, < 7)
|
|
154
|
+
after_commit_everywhere (~> 0.1.5)
|
|
152
155
|
sequel (~> 5.16)
|
|
153
156
|
simplecov (0.17.0)
|
|
154
157
|
docile (~> 1.1)
|
|
@@ -171,10 +174,10 @@ GEM
|
|
|
171
174
|
tilt (~> 2.0)
|
|
172
175
|
thread_safe (0.3.6)
|
|
173
176
|
tilt (2.0.10)
|
|
174
|
-
tzinfo (1.2.
|
|
177
|
+
tzinfo (1.2.8)
|
|
175
178
|
thread_safe (~> 0.1)
|
|
176
179
|
unicode-display_width (1.7.0)
|
|
177
|
-
webmock (3.
|
|
180
|
+
webmock (3.10.0)
|
|
178
181
|
addressable (>= 2.3.6)
|
|
179
182
|
crack (>= 0.3.2)
|
|
180
183
|
hashdiff (>= 0.4.0, < 2.0.0)
|
|
@@ -196,7 +199,7 @@ DEPENDENCIES
|
|
|
196
199
|
rspec (~> 3.2)
|
|
197
200
|
rubocop
|
|
198
201
|
simplecov (= 0.17)
|
|
199
|
-
webmock (~> 3.
|
|
202
|
+
webmock (~> 3.10)
|
|
200
203
|
|
|
201
204
|
BUNDLED WITH
|
|
202
205
|
2.1.4
|
data/lib/osso.rb
CHANGED
data/lib/osso/lib/app_config.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Osso
|
|
|
7
7
|
def self.included(klass)
|
|
8
8
|
klass.class_eval do
|
|
9
9
|
use Rack::JSONBodyParser
|
|
10
|
-
use Rack::Session::Cookie, secret: ENV
|
|
10
|
+
use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
|
|
11
11
|
|
|
12
12
|
error ActiveRecord::RecordNotFound do
|
|
13
13
|
status 404
|
data/lib/osso/routes/admin.rb
CHANGED
|
@@ -8,7 +8,7 @@ DEFAULT_VIEWS_DIR = File.join(File.expand_path(Bundler.root), 'views/rodauth')
|
|
|
8
8
|
module Osso
|
|
9
9
|
class Admin < Roda
|
|
10
10
|
DB = Sequel.postgres(extensions: :activerecord_connection)
|
|
11
|
-
use Rack::Session::Cookie, secret: ENV
|
|
11
|
+
use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
|
|
12
12
|
|
|
13
13
|
plugin :middleware
|
|
14
14
|
plugin :render, engine: 'erb', views: ENV['RODAUTH_VIEWS'] || DEFAULT_VIEWS_DIR
|
data/lib/osso/version.rb
CHANGED
data/osso-rb.gemspec
CHANGED
|
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.add_runtime_dependency 'rake'
|
|
29
29
|
spec.add_runtime_dependency 'rodauth', '~> 2.6.0'
|
|
30
30
|
spec.add_runtime_dependency 'sequel', '~> 5.37.0'
|
|
31
|
-
spec.add_runtime_dependency 'sequel-activerecord_connection', '
|
|
31
|
+
spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
|
|
32
32
|
spec.add_runtime_dependency 'sinatra'
|
|
33
33
|
spec.add_runtime_dependency 'sinatra-activerecord'
|
|
34
34
|
spec.add_runtime_dependency 'sinatra-contrib'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: osso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.6
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Bauch
|
|
@@ -196,16 +196,22 @@ dependencies:
|
|
|
196
196
|
name: sequel-activerecord_connection
|
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
|
198
198
|
requirements:
|
|
199
|
-
- - "
|
|
199
|
+
- - ">="
|
|
200
200
|
- !ruby/object:Gem::Version
|
|
201
201
|
version: '0.3'
|
|
202
|
+
- - "<"
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: '2.0'
|
|
202
205
|
type: :runtime
|
|
203
206
|
prerelease: false
|
|
204
207
|
version_requirements: !ruby/object:Gem::Requirement
|
|
205
208
|
requirements:
|
|
206
|
-
- - "
|
|
209
|
+
- - ">="
|
|
207
210
|
- !ruby/object:Gem::Version
|
|
208
211
|
version: '0.3'
|
|
212
|
+
- - "<"
|
|
213
|
+
- !ruby/object:Gem::Version
|
|
214
|
+
version: '2.0'
|
|
209
215
|
- !ruby/object:Gem::Dependency
|
|
210
216
|
name: sinatra
|
|
211
217
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -305,6 +311,8 @@ files:
|
|
|
305
311
|
- ".buildkite/hooks/pre-command"
|
|
306
312
|
- ".buildkite/pipeline.yml"
|
|
307
313
|
- ".buildkite/template.yml"
|
|
314
|
+
- ".github/dependabot.yml"
|
|
315
|
+
- ".github/workflows/automerge.yml"
|
|
308
316
|
- ".gitignore"
|
|
309
317
|
- ".rspec"
|
|
310
318
|
- ".rubocop.yml"
|
|
@@ -392,8 +400,6 @@ files:
|
|
|
392
400
|
- lib/osso/graphql/types/oauth_client.rb
|
|
393
401
|
- lib/osso/graphql/types/redirect_uri.rb
|
|
394
402
|
- lib/osso/graphql/types/redirect_uri_input.rb
|
|
395
|
-
- lib/osso/helpers/auth.rb
|
|
396
|
-
- lib/osso/helpers/helpers.rb
|
|
397
403
|
- lib/osso/lib/app_config.rb
|
|
398
404
|
- lib/osso/lib/oauth2_token.rb
|
|
399
405
|
- lib/osso/lib/route_map.rb
|
|
@@ -467,9 +473,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
467
473
|
version: 2.3.0
|
|
468
474
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
469
475
|
requirements:
|
|
470
|
-
- - "
|
|
476
|
+
- - ">="
|
|
471
477
|
- !ruby/object:Gem::Version
|
|
472
|
-
version:
|
|
478
|
+
version: '0'
|
|
473
479
|
requirements: []
|
|
474
480
|
rubygems_version: 3.0.3
|
|
475
481
|
signing_key:
|
data/lib/osso/helpers/auth.rb
DELETED
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Osso
|
|
4
|
-
module Helpers
|
|
5
|
-
module Auth
|
|
6
|
-
END_USER_SCOPE = 'end-user'
|
|
7
|
-
INTERNAL_SCOPE = 'internal'
|
|
8
|
-
ADMIN_SCOPE = 'admin'
|
|
9
|
-
|
|
10
|
-
attr_accessor :current_user
|
|
11
|
-
|
|
12
|
-
def token_protected!
|
|
13
|
-
decode(token)
|
|
14
|
-
rescue JWT::DecodeError
|
|
15
|
-
halt 401
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def enterprise_protected!(domain = nil)
|
|
19
|
-
return if admin_authorized?
|
|
20
|
-
return if internal_authorized?
|
|
21
|
-
return if enterprise_authorized?(domain)
|
|
22
|
-
|
|
23
|
-
halt 401 if request.post?
|
|
24
|
-
|
|
25
|
-
redirect ENV['JWT_URL']
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def internal_protected!
|
|
29
|
-
return if admin_authorized?
|
|
30
|
-
return if internal_authorized?
|
|
31
|
-
|
|
32
|
-
redirect ENV['JWT_URL']
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def admin_protected!
|
|
36
|
-
return true if admin_authorized?
|
|
37
|
-
|
|
38
|
-
redirect ENV['JWT_URL']
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
private
|
|
42
|
-
|
|
43
|
-
def enterprise_authorized?(domain)
|
|
44
|
-
decode(token)
|
|
45
|
-
|
|
46
|
-
@current_user[:scope] == END_USER_SCOPE &&
|
|
47
|
-
@current_user[:email].split('@')[1] == domain
|
|
48
|
-
rescue JWT::DecodeError
|
|
49
|
-
false
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
def internal_authorized?
|
|
53
|
-
decode(token)
|
|
54
|
-
|
|
55
|
-
@current_user[:scope] == INTERNAL_SCOPE
|
|
56
|
-
rescue JWT::DecodeError
|
|
57
|
-
false
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def admin_authorized?
|
|
61
|
-
decode(token)
|
|
62
|
-
|
|
63
|
-
@current_user[:scope] == ADMIN_SCOPE
|
|
64
|
-
rescue JWT::DecodeError
|
|
65
|
-
false
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
def token
|
|
69
|
-
session['admin_token'] || request.env['HTTP_AUTHORIZATION'] || request.params['admin_token']
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
def chomp_token
|
|
73
|
-
return unless request['admin_token'].present?
|
|
74
|
-
|
|
75
|
-
session['admin_token'] = request['admin_token']
|
|
76
|
-
|
|
77
|
-
return if request.post?
|
|
78
|
-
|
|
79
|
-
redirect request.path
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
def decode(token)
|
|
83
|
-
payload, _args = JWT.decode(
|
|
84
|
-
token,
|
|
85
|
-
ENV['JWT_HMAC_SECRET'],
|
|
86
|
-
true,
|
|
87
|
-
{ algorithm: 'HS256' },
|
|
88
|
-
)
|
|
89
|
-
|
|
90
|
-
@current_user = payload.symbolize_keys
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
end
|
|
94
|
-
end
|