oversip-mod-callsign 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NThlYWM3NmQxYWFhNWQ0ODQ2ZmIxZjQ1ODJjOTYwMmExYjIyNjQ3MA==
+  data.tar.gz: !binary |-
+    M2NkMTVkNjg1OGI1ODM4NDUzZjM2ZmEzOTIzZWFmZTBlYWU3MDU4Zg==
+SHA512:
+  metadata.gz: !binary |-
+    ODIwMGUwNGJkODU1NmIxOTkxMDE5M2NhMTk3ZjYwZGYyN2EwMTVkMjE4NTBl
+    MjY2M2U1MjE1MmY5NjZlZGRkMmJlYmJlODM3NGRiZmIzZTY4NTllOTE4Nzc0
+    YWE2NTc5MjMzOGYwNzFlNzhhMzRlOTY4ZjQyNDBiOTUwYTQyMjI=
+  data.tar.gz: !binary |-
+    MjIzNTlhYWMyNzk4NDIzYTVjMWY0NGYxZTJmZWZkYjI0ZjJkMzAxYzQzZWI3
+    ZWJlY2U1OTQwYzA3NjA5ZTNmNjU5M2I4ZTgxMzAzZjIxOTgzYzIwMTJiYzMw
+    ODZmNGQ3YzQyNjY1YjZlOTE0NDU5YzVmMWM2MDQwMjJkMGEzODI=

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Bandwidth.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+oversip-mod-callsign
+==========================
+
+`oversip-mod-callsign` facilitates authentication and assertion of users that provide a Callsign credential.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'oversip-mod-callsign'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install oversip-mod-callsign
+
+## Usage
+At the top of your `server.rb` file:
+
+```ruby
+require 'oversip-mod-callsign'
+```
+
+## API

data/lib/oversip-mod-callsign.rb

@@ -0,0 +1,65 @@
+require 'em-http-request'
+require 'fiber'
+require 'json'
+
+require 'oversip-mod-callsign/token'
+require 'oversip-mod-callsign/token_cache'
+require 'oversip-mod-callsign/client'
+
+module OverSIP
+  module Modules
+    module Callsign
+      extend ::OverSIP::Logger
+
+      @log_id = "Callsign Module"
+
+      class << self
+        def config
+          @config ||= {}
+        end
+
+        def configure properties
+          %w[ 
+            callsign_client_id callsign_client_secret authorized_callsign_tenants authorized_callsign_scopes
+          ].each do |property|
+            config[property] = properties[property] || raise(OverSIP::ConfigurationError.new("Missing required Callsign configuration property: #{property}"))
+          end
+
+          @token_cache = TokenCache.new config['callsign_token_ttl']
+          @client = Client.new config['callsign_client_id'], config['callsign_client_secret']
+        end
+
+        def token_cache
+          @token_cache
+        end
+
+        def assert_callsign_identity(request)
+          x_callsign_token = request.header_top 'X-Callsign-Token'
+          token = token_cache.get(x_callsign_token) || @client.describe_token(x_callsign_token)
+
+          return false unless token && authorized_token?(token)
+
+          sip_identity = token.identity.identifier
+
+          log_system_debug "user asserted, adding P-Asserted-Identity '#{sip_identity}' for '#{request.log_id}'" if $oversip_debug
+          request.set_header 'P-Asserted-Identity', '<' << sip_identity << '>'
+
+          true
+        end
+
+        def authorized_token?(token)
+          token_client_id = token.client_id
+          token_scopes = token.scope.split(' ')
+
+          # (unauthorized) token is not associated with an authorized tenant
+          return false unless config['authorized_callsign_tenants'].include? token_client_id
+
+          # (unauthorized) token was not issued an authorized scope
+          return false unless (config['authorized_callsign_scopes'] & token_scopes).size > 0
+
+          true
+        end
+      end
+    end
+  end
+end

data/lib/oversip-mod-callsign/client.rb

@@ -0,0 +1,56 @@
+require 'eventmachine'
+require 'fiber'
+require 'em-http-request'
+require 'base64'
+
+require 'oversip-mod-callsign/token'
+
+module OverSIP
+  module Modules
+    module Callsign
+      class Client
+        def describe_token(access_token)
+          url = [
+              @base_url,
+              'tokens',
+              access_token
+          ].join('/')
+
+          request = if ::Fiber.current != OverSIP.root_fiber
+            send_request :get, url
+          else
+            ::Fiber.new do
+              send_request :get, url
+            end.resume
+          end
+
+          status = request.response_header.status
+          if status == 200
+            Token.from_json request.response
+          else
+            log_info request.response
+            nil
+          end
+        end
+
+        def initialize client_id, client_secret
+          @base_url = 'https://callsign.bwincubator.com/v1'
+          @client_id = client_id
+          @client_secret = client_secret
+        end
+
+      private
+
+        def send_request(method, url)
+          fiber = Fiber.current
+          credentials = Base64.strict_encode64 [@client_id, @client_secret].join(':')
+          http = EventMachine::HttpRequest.new(url).__send__ method.to_sym, :head => { 'Authorization' => ['Basic', credentials].join(' ') }
+          http.callback { fiber.resume(http) }
+          http.errback { fiber.resume(http) }
+
+          Fiber.yield
+        end
+      end
+    end
+  end
+end

data/lib/oversip-mod-callsign/identity.rb

@@ -0,0 +1,21 @@
+module OverSIP
+  module Modules
+    module Callsign
+      class Identity
+        attr_accessor :identifier
+        attr_accessor :type
+
+        def initialize(identifier, type)
+          @identifier = identifier
+          @type = type
+        end
+
+        def self.parse(input)
+          result, identifier, type = /^(.*):(\w+)$/.match(input).to_a.flatten
+          raise("Unable to parse identity: #{input}") if result.nil?
+          Identity.new identifier, type
+        end
+      end
+    end
+  end
+end

data/lib/oversip-mod-callsign/token.rb

@@ -0,0 +1,38 @@
+require 'json'
+
+require 'oversip-mod-callsign/identity'
+
+module OverSIP
+  module Modules
+    module Callsign
+      class Token
+        attr_accessor :access_token
+        attr_accessor :client_id
+        attr_accessor :identity
+        attr_accessor :scope
+        attr_accessor :revision
+        attr_accessor :expires_in
+        attr_accessor :token_type
+
+        def scopes
+          @scopes ||= @scope.split ' '
+        end
+
+        def initialize(access_token, client_id, identity, scope, revision, expires_in, token_type)
+          @access_token = access_token
+          @client_id = client_id
+          @identity = Identity.parse identity
+          @scope = scope
+          @revision = revision
+          @expires_in = expires_in
+          @token_type = token_type
+        end
+
+        def self.from_json(json_string)
+          json = JSON.parse(json_string)
+          Token.new json['access_token'], json['client_id'], json['identity'], json['scope'], json['revision'], json['expires_in'], json['token_type']
+        end
+      end
+    end
+  end
+end

data/lib/oversip-mod-callsign/token_cache.rb

@@ -0,0 +1,23 @@
+require 'eventmachine'
+
+module OverSIP
+  module Modules
+    module Callsign
+      class TokenCache
+        def get(token)
+          @cache[token]
+        end
+
+        def set(token, data)
+          @cache[token] = data
+          EventMachine.add_timer(@token_ttl) { @cache.delete(token) }
+        end
+
+        def initialize(token_ttl=10)
+          @cache = {}
+          @token_ttl = token_ttl
+        end
+      end
+    end
+  end
+end

data/lib/oversip-mod-callsign/version.rb

@@ -0,0 +1,7 @@
+module OverSIP
+  module Modules
+    module Callsign
+      VERSION = '0.1.0'
+    end
+  end
+end

metadata

@@ -0,0 +1,108 @@
+--- !ruby/object:Gem::Specification
+name: oversip-mod-callsign
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tyler Cross
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: oversip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.7
+- !ruby/object:Gem::Dependency
+  name: em-http-request
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.2
+description: 
+email:
+- tcross@bandwidth.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/oversip-mod-callsign.rb
+- lib/oversip-mod-callsign/client.rb
+- lib/oversip-mod-callsign/identity.rb
+- lib/oversip-mod-callsign/token.rb
+- lib/oversip-mod-callsign/token_cache.rb
+- lib/oversip-mod-callsign/version.rb
+homepage: https://github.com/inetCatapult/oversip-mod-callsign.
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.3
+signing_key: 
+specification_version: 4
+summary: Callsign user assertion for OverSIP
+test_files: []