phobos_checkpoint_ui 1.4.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: de969b2a08a156833a4566dfe6948d613dcc6048
-  data.tar.gz: cb9f5a959c79c6d9643b03e86dbc4c7aa7cab43c
+SHA256:
+  metadata.gz: 2b800ac0051d06dab6cdbfa9952c8b1872c1050e738ddfcded8acc6ea91fa2ea
+  data.tar.gz: 147fdf458655134354020a018ea16c7445efb79d67057a0f283820d2d165ffe0
 SHA512:
-  metadata.gz: 2441f2bfed38efe079115e7f406473096d8373d4d99da6e7fd4e0ba4a8a9d3d9c3a1e7a705ffc3ab3f7373683db2d164569a2e530d9300fb91aab60b22be19bf
-  data.tar.gz: 2f92115f04d9ff44f5ba2f444afe2b8966863812511f6d6b47680642ee079a73ed56b1a798c8cc1ff39e33894a172c978b66baaf437d4993bc1650c4a34c0dfd
+  metadata.gz: cdee496466a821c553a0078c73a2938f0095df3f7073d2cdf46dd53eb328299b6e5cfeca1c16568c46cf8d83a751f1304cf1f34b5d6112708553fe9673810f7b
+  data.tar.gz: 5bdbc9915de2cf72b2838978c6b33540455dadc3bd6d3f92a3be723e1279677144b93f94440942612fa9d687a42b7f52918716e48db0ab3d81888dfbaad48c3d

data/.dockerignore

@@ -0,0 +1,12 @@
+.idea
+.DS_Store
+.dockerignore
+.gitignore
+.travis.yml
+Gemfile.lock
+Dockerfile
+log/
+coverage/
+spec/examples.txt
+pkg/
+frontend/node_modules

data/.travis.yml

@@ -0,0 +1,37 @@
+sudo: required
+language: ruby
+rvm:
+  - 2.5.1
+  - 2.4.4
+  - 2.3.7
+
+services:
+  - docker
+
+env:
+  global:
+    - CC_TEST_REPORTER_ID=26a517d263807d03ee1a05ef17d6dd73ca65131216f113e85171ba1bf5622114
+
+before_install:
+  - env
+  - docker-compose --version
+  - docker --version
+  - docker-compose config
+  - docker-compose build backend
+  - docker-compose build frontend
+
+before_script:
+  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+  - chmod +x ./cc-test-reporter
+  - if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then ./cc-test-reporter before-build || echo "Skipping CC coverage before-build"; fi
+  - mkdir coverage/
+  - touch ./coverage/.resultset.json
+
+script:
+  - docker-compose run --rm backend rspec
+  - docker-compose run --rm frontend npm run test:unit
+
+after_script:
+  - cat ./coverage/.resultset.json | sed "s|/opt/phobos_checkpoint_ui|$PWD|" > ./coverage/.newresultset.json
+  - cp ./coverage/.newresultset.json ./coverage/.resultset.json
+  - if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT || echo "Skipping CC coverage after-build"; fi

data/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 2.0.0 (2018-06-26)
+
+- [added] Customizable logging middleware
+- [added] Configurable SAML support
+- [added] Customizable SAML handler
+
 ## 1.4.1 (2017-03-23)
 
 - [bugfix] Update dependency on phobos_db_checkpoint to support newer api (events without retry)

data/Dockerfile.backend

@@ -0,0 +1,16 @@
+FROM ruby:2.4.1-alpine
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache bash git openssh build-base
+
+RUN gem install bundler -v 1.16.0
+
+WORKDIR /opt/phobos_checkpoint_ui
+
+ADD Gemfile Gemfile
+ADD phobos_checkpoint_ui.gemspec phobos_checkpoint_ui.gemspec
+ADD lib/phobos_checkpoint_ui/version.rb lib/phobos_checkpoint_ui/version.rb
+
+RUN bundle install
+
+ADD . .

data/Dockerfile.frontend

@@ -0,0 +1,7 @@
+FROM node:6
+
+WORKDIR /opt/phobos_checkpoint_ui
+
+ADD frontend/ .
+
+RUN npm install

data/README.md

@@ -25,11 +25,11 @@ Or install it yourself as:
 
 ## Usage
 
-1) Add `require 'phobos_checkpoint_ui/tasks'` to your __Rakefile__
+1.  Add `require 'phobos_checkpoint_ui/tasks'` to your **Rakefile**
 
-2) Run `rake phobos_checkpoint_ui:copy_assets`, this will copy the precompile assets to `./public`
+2.  Run `rake phobos_checkpoint_ui:copy_assets`, this will copy the precompile assets to `./public`
 
-3) Create/update `config.ru` and add:
+3.  Create/update `config.ru` and add:
 
 ```ruby
 require 'phobos_checkpoint_ui'
@@ -39,25 +39,83 @@ require 'phobos_checkpoint_ui'
 # ...
 
 # run PhobosDBCheckpoint::EventsAPI
-run PhobosCheckpointUI::App.new(PhobosDBCheckpoint::EventsAPI)
+run PhobosCheckpointUI::App.new(api_app: PhobosDBCheckpoint::EventsAPI)
 ```
 
-It is possible to configure some aspects of the app, `App.new` accepts a hash with options to be delivered to the front-end. The fron-end is prepared to receive the following options:
+It is possible to configure some aspects of the app, `App.new` accepts a hash with options to be delivered to the front-end. The front-end is prepared to receive the following options:
 
-* `logo` - Path of image to be used as a logo (can be something inside `/public`)
-* `title` - App title
-* `env_label` - Special label display the environment
+- `logo` - Path of image to be used as a logo (can be something inside `/public`)
+- `title` - App title
+- `env_label` - Special label display the environment
 
 Example:
 
 ```ruby
-run PhobosCheckpointUI::App.new(PhobosDBCheckpoint::EventsAPI, {
-  logo: '/assets/logo.png',
-  title: 'Checkpoint',
-  env_label: 'production'
-})
+run PhobosCheckpointUI::App.new(
+  api_app: PhobosDBCheckpoint::EventsAPI,
+  configs: {
+    logo: '/assets/logo.png',
+    title: 'Checkpoint',
+    env_label: 'production'
+  })
 ```
 
+### SAML
+
+If configured, Checkpoint UI will support authentication and authorisation with IDP (SAML).
+
+#### Configuration
+
+```yml
+session_secret: the_session_secret
+saml_config:
+  issuer: the_issuer
+  idp_cert_fingerprint: the_idp_cert_fingerprint
+  assertion_consumer_service_url: the_assertion_consumer_service_url
+  idp_sso_target_url: the_idp_sso_target_url
+  idp_logout_url: the_idp_logout_url
+```
+
+If `saml_config` is not provided the Events API will be open for anyone to access.
+
+PhobosCheckpointUI ships with a default SamlHandler that does not handle authorization, being authenticated is enough. It also sets the same default username for all users. If you want to tweak this, you can customize it (see below)
+
+#### Customizing the SAML handler
+
+If authenticating with IDP is not enough, and you want more control over authorization, you can customize this with your own SamlHandler.
+
+Example:
+
+```ruby
+class MySamlHandler < PhobosCheckpointUI::SamlHandler
+  def self.authorized?(user_json)
+    # my custom check
+  end
+end
+
+run PhobosCheckpointUI::App.new(
+  api_app: PhobosDBCheckpoint::EventsAPI,
+  saml_handler: MySamlHandler
+)
+```
+
+If `saml_handler` is not specified, `PhobosCheckpointUI::SamlHandler` will be used instead which returns some default values without looking at IDP payload.
+
+### Logging
+
+Logging middleware can be injected via the `logging_middleware` option.
+
+Example:
+
+```ruby
+run PhobosCheckpointUI::App.new(
+  api_app: PhobosDBCheckpoint::EventsAPI,
+  logger_middleware: MyLoggerMiddleware
+)
+```
+
+The logger middleware will inject itself as rack middleware. If not specified, `Rack::NullLogger` will be used (no logging).
+
 ## Development
 
 The front-end is written with `React` and `Redux`, ensure that you have `nodejs` version >= 6.3 installed.

data/config/checkpoint_ui.yml

@@ -0,0 +1,7 @@
+session_secret: the_secret
+saml:
+  issuer: the_issuer
+  idp_cert_fingerprint: the_idp_cert_fingerprint
+  assertion_consumer_service_url: the_assertion_consumer_service_url
+  idp_sso_target_url: the_idp_sso_target_url
+  idp_logout_url: the_idp_logout_url

data/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '2'
+services:
+  backend:
+    build:
+      context: .
+      dockerfile: Dockerfile.backend
+    command: rspec
+    network_mode: host
+    volumes:
+      - ./coverage:/opt/phobos_checkpoint_ui/coverage
+  frontend:
+    build:
+      context: .
+      dockerfile: Dockerfile.frontend
+    command: npm run test:unit

data/frontend/package.json

@@ -10,7 +10,7 @@
   "scripts": {
     "test": "npm run test:lint && npm run test:unit",
     "build": "sagui build",
-    "develop": "sagui develop --port 3000",
+    "develop": "sagui develop --port 3001",
     "dist": "cross-env NODE_ENV=production sagui build --optimize",
     "start": "npm run develop",
     "test:coverage": "npm run test:unit -- --coverage",
@@ -27,7 +27,7 @@
     "karma-babel-preprocessor": "6.0.1",
     "mappersmith": "0.13.3",
     "material-ui": "0.15.4",
-    "moment": "2.15.1",
+    "moment": "2.22.2",
     "react": "15.3.2",
     "react-addons-test-utils": "15.3.2",
     "react-dom": "15.3.2",

data/frontend/sagui.config.js

@@ -4,9 +4,10 @@
  */
 const { join } = require('path')
 const env = process.env.NODE_ENV
-const output = (env === 'production')
-  ? { publicPath: '/assets/', path: join(__dirname, '../assets') }
-  : { publicPath: '/' }
+const output =
+  env === 'production'
+    ? { publicPath: '/assets/', path: join(__dirname, '../assets') }
+    : { publicPath: '/' }
 
 module.exports = {
   pages: ['index'],
@@ -35,16 +36,20 @@ module.exports = {
 
   develop: {
     proxy: {
+      '/auth/*': {
+        target: 'http://localhost:3000',
+        secure: false
+      },
       '/api/v1/*': {
-        target: 'http://localhost:9292',
+        target: 'http://localhost:3000',
         secure: false
       },
       '/configs': {
-        target: 'http://localhost:9292',
+        target: 'http://localhost:3000',
         secure: false
       },
       '/assets/*': {
-        target: 'http://localhost:9292',
+        target: 'http://localhost:3000',
         secure: false
       }
     }

data/lib/phobos_checkpoint_ui.rb

@@ -3,10 +3,36 @@ require 'rack'
 require 'sinatra'
 require 'phobos_db_checkpoint'
 require 'phobos_db_checkpoint/events_api'
-
+require 'phobos_checkpoint_ui/saml_handler'
 require 'phobos_checkpoint_ui/version'
-require 'phobos_checkpoint_ui/static_app'
-require 'phobos_checkpoint_ui/app'
 
 module PhobosCheckpointUI
+  class << self
+    def config
+      @config || {}
+    end
+
+    def use_saml?
+      self.config.dig(:saml).present?
+    end
+
+    def configure(path='config/checkpoint_ui.yml')
+      @config = read_config(path)
+    end
+
+    def read_config(path)
+      return {} unless File.exists? path
+      
+      YAML.load(
+        ERB.new(
+          File.read(
+            File.expand_path(path)
+          )
+        ).result
+      ).deep_symbolize_keys
+    end
+  end
 end
+
+require 'phobos_checkpoint_ui/static_app'
+require 'phobos_checkpoint_ui/app'

data/lib/phobos_checkpoint_ui/app.rb

@@ -1,11 +1,25 @@
 module PhobosCheckpointUI
   module App
-    def self.new(api_app, configs = {})
-      StaticApp.configs = configs
+    def self.new(api_app:,
+                 config: {},
+                 saml_handler: PhobosCheckpointUI::SamlHandler,
+                 logger_middleware: nil
+                )
+
+      StaticApp.configs = config
+
+      if logger_middleware.present?
+        middleware_klass = logger_middleware.dig(:class)
+        raise ':class key missing in :logger_middleware parameter' unless middleware_klass
+
+        StaticApp.use(middleware_klass, logger_middleware.dig(:opts) || {})
+      else
+        StaticApp.use(Rack::NullLogger)
+      end
+
       Rack::URLMap.new(
-        '/' => StaticApp,
-        '/ping' => Proc.new { |env| ['200', { 'Content-Type' => 'text/plain' }, ['PONG']] },
-        '/api' => api_app
+        '/' => StaticApp.new(api_app, saml_handler),
+        '/ping' => Proc.new { |env| ['200', { 'Content-Type' => 'text/plain' }, ['PONG']] }
       )
     end
   end

data/lib/phobos_checkpoint_ui/saml_handler.rb

@@ -0,0 +1,21 @@
+module PhobosCheckpointUI
+  class SamlHandler
+    def initialize(data)
+      @data = data
+    end
+
+    def self.authorized?(user_json)
+      true
+    end
+
+    def self.username(user_json)
+      return 'unknown_user' unless user_json
+
+      JSON(user_json).dig('username')
+    end
+
+    def user
+      { username: 'checkpoint_ui_user' }
+    end
+  end
+end

data/lib/phobos_checkpoint_ui/static_app.rb

@@ -4,16 +4,127 @@ module PhobosCheckpointUI
       attr_accessor :configs
     end
 
-    set :logging, nil
-    set :public_folder, -> { File.join(Dir.pwd, 'public') }
+    def initialize(app = nil, saml_handler = SamlHandler)
+      super()
+      @app = app
+      @saml_handler = saml_handler
+      @template_cache = Tilt::Cache.new
+      yield self if block_given?
+    end
+
+    SESSION_KEY = '_phobos_checkpoint_ui'
+    NO_AUTH = %w(
+      /ping
+      /auth/saml
+      /auth/failure
+      /auth/saml/callback
+    ).freeze
+
+    set(:logging, false)
+    set(:show_exceptions, false)
+    set(:public_folder, -> { File.join(Dir.pwd, 'public') })
+
+    configure do
+      PhobosCheckpointUI.configure
+
+      if PhobosCheckpointUI.use_saml?
+        require 'omniauth'
+        require 'omniauth-saml'
+        require 'sinatra/cookies'
+
+        set(:sessions, key: SESSION_KEY, expire_after: 1_800) # 30 min in seconds
+        set(:session_secret, PhobosCheckpointUI.config.dig(:session_secret))
+
+        use OmniAuth::Strategies::SAML, PhobosCheckpointUI.config.dig(:saml)
+        helpers Sinatra::Cookies
+      end
+    end
+
+    before do
+      cache_control :no_cache
+
+      if PhobosCheckpointUI.use_saml?
+        request.env['REMOTE_USER'] = @saml_handler.username(session[:user])
+
+        return if no_auth_path?
+
+        if api_request?
+          return reply_unauthorized if !signed_in?
+          return reply_forbidden unless @saml_handler.authorized?(session[:user])
+        end
+
+        return reply_redirect_to_login if !signed_in?
+      end
+    end
 
     get '/configs' do
       content_type :json
       self.class.configs.to_json
     end
 
+    if PhobosCheckpointUI.use_saml?
+      post '/auth/saml/callback' do
+        origin         = cookies.delete(:origin)
+        session[:user] = @saml_handler.new(omniauth_data).user.to_json
+        redirect to(origin || '/')
+      end
+
+      get '/logout' do
+        session[:user] = nil
+        redirect to(PhobosCheckpointUI.config.dig(:saml, :idp_logout_url))
+      end
+
+      get '/api/session' do
+        content_type :json
+
+        { user: JSON(session[:user]) }.to_json
+      end
+    end
+
+    get '/api/*' do
+      env['PATH_INFO'] = env['PATH_INFO'].sub(/^\/api/, '')
+      status, headers, body = app.call(env)
+      @response.status = status
+      @response.body = body
+      @response.headers.merge! headers
+      nil
+    end
+
     get '/*' do
       send_file File.join(settings.public_folder, 'index.html')
     end
+
+    private
+
+    def no_auth_path?
+      NO_AUTH.include?(request.path)
+    end
+
+    def api_request?
+      !!(request.path_info =~ %r{^/api})
+    end
+
+    def reply_unauthorized
+      content_type :json
+      halt 401, { error: 'Unauthorized' }.to_json
+    end
+
+    def reply_forbidden
+      content_type :json
+      halt 403, { error: 'Forbidden' }.to_json
+    end
+
+    def reply_redirect_to_login
+      cookies[:origin] = request.fullpath
+      redirect to('/auth/saml')
+    end
+
+    def signed_in?
+      !session[:user].nil?
+    end
+
+    def omniauth_data
+      request.env['omniauth.auth']
+    end
   end
 end

data/lib/phobos_checkpoint_ui/version.rb

@@ -1,3 +1,3 @@
 module PhobosCheckpointUI
-  VERSION = '1.4.1'
+  VERSION = '2.0.0'
 end

data/phobos_checkpoint_ui.gemspec

@@ -42,13 +42,16 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_development_dependency 'bundler', '~> 1.12'
-  spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'pry-byebug'
   spec.add_development_dependency 'rack-test'
   spec.add_development_dependency 'rspec_junit_formatter', '0.2.2'
+  spec.add_development_dependency 'simplecov'
 
   spec.add_dependency 'rake'
   spec.add_dependency 'sinatra'
   spec.add_dependency 'phobos_db_checkpoint', '~> 3.0'
+  spec.add_dependency 'omniauth'
+  spec.add_dependency 'omniauth-saml'
+  spec.add_dependency 'sinatra-contrib'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: phobos_checkpoint_ui
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Túlio Ornelas
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-23 00:00:00.000000000 Z
+date: 2018-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -29,20 +29,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.12'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -99,6 +85,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.2.2
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -141,6 +141,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra-contrib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Phobos Checkpoint UI is a GUI for phobos checkpoint API, it is compatible
   with https://github.com/klarna/phobos_db_checkpoint
 email:
@@ -156,9 +198,13 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".dockerignore"
 - ".gitignore"
 - ".rspec"
+- ".travis.yml"
 - CHANGELOG.md
+- Dockerfile.backend
+- Dockerfile.frontend
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -172,7 +218,8 @@ files:
 - assets/index.html
 - bin/console
 - bin/setup
-- circle.yml
+- config/checkpoint_ui.yml
+- docker-compose.yml
 - frontend/.babelrc
 - frontend/.editorconfig
 - frontend/.eslintignore
@@ -300,6 +347,7 @@ files:
 - frontend/src/views/style.js
 - lib/phobos_checkpoint_ui.rb
 - lib/phobos_checkpoint_ui/app.rb
+- lib/phobos_checkpoint_ui/saml_handler.rb
 - lib/phobos_checkpoint_ui/static_app.rb
 - lib/phobos_checkpoint_ui/tasks.rb
 - lib/phobos_checkpoint_ui/version.rb
@@ -327,7 +375,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Phobos Checkpoint UI is a GUI for phobos checkpoint API

data/circle.yml

@@ -1,29 +0,0 @@
-machine:
-  pre:
-    - curl -sSL https://s3.amazonaws.com/circle-downloads/install-circleci-docker.sh | bash -s -- 1.10.0
-  services:
-    - docker
-  environment:
-    LOG_LEVEL: DEBUG
-    CI: true
-  ruby:
-    version: 2.3.1
-  node:
-    version: 6.3.0
-
-# Ignores circle ci default database setup
-database:
-  override:
-    - echo "overrides circle CI commands"
-
-dependencies:
-  pre:
-    - docker -v
-    - gem install bundler -v 1.9.5
-    - bundle install
-    - cd frontend; npm install
-
-test:
-  override:
-    - bundle exec rspec -r rspec_junit_formatter --format RspecJunitFormatter -o $CIRCLE_TEST_REPORTS/rspec/unit.xml
-    - cd frontend; npm run test:unit