queue_it 1.1.5 → 1.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/queue_it.rb +1 -1
- data/lib/queue_it/api/event.rb +7 -7
- data/lib/queue_it/extract_queue_number.rb +45 -0
- data/lib/queue_it/queueable.rb +13 -9
- data/lib/queue_it/url_builder.rb +2 -2
- data/lib/queue_it/version.rb +1 -1
- data/spec/queue_it/api/event_spec.rb +1 -1
- data/spec/queue_it/extract_queue_number_spec.rb +62 -0
- metadata +6 -4
- data/lib/queue_it/known_user_checker.rb +0 -60
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 587c18b540a06d28dee61fffa7ad6edba32dbd61
|
4
|
+
data.tar.gz: a658b21277dac5846d7d65a211f38a92e890d115
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b1c61dc1c06bcd8856d390a97153146bc4e9cffd03a9715b7cee7c0c7dec9cf1d734094df2eb149dfcb0375e020f54454d758401faac2fab8df18bbe4116440d
|
7
|
+
data.tar.gz: 60251cb3097573560e11d35af2d6499d7b9546f7712154c4b9ea3aa765bb3b6dfab9fc3c387919193c69fda24f6a0ae8ea339a066f294c2825e891190b857de6
|
data/CHANGELOG.md
CHANGED
data/lib/queue_it.rb
CHANGED
data/lib/queue_it/api/event.rb
CHANGED
@@ -48,23 +48,23 @@ module QueueIt
|
|
48
48
|
MICROSOFT_TIME_ZONE_INDEX_VALUES = {
|
49
49
|
"Europe/Helsinki" => "FLE Standard Time",
|
50
50
|
"Helsinki" => "FLE Standard Time",
|
51
|
-
|
51
|
+
|
52
52
|
"Europe/London" => "GMT Standard Time",
|
53
53
|
"London" => "GMT Standard Time",
|
54
54
|
"Edinburgh" => "GMT Standard Time",
|
55
|
-
|
55
|
+
|
56
56
|
"Europe/Dublin" => "GMT Standard Time",
|
57
57
|
"Dublin" => "GMT Standard Time",
|
58
|
-
|
58
|
+
|
59
59
|
"Europe/Copenhagen" => "Romance Standard Time",
|
60
60
|
"Copenhagen" => "Romance Standard Time",
|
61
|
-
|
61
|
+
|
62
62
|
"Europe/Paris" => "Romance Standard Time",
|
63
63
|
"Paris" => "Romance Standard Time",
|
64
|
-
|
64
|
+
|
65
65
|
"Europe/Stockholm" => "W. Europe Standard Time",
|
66
66
|
"Stockholm" => "W. Europe Standard Time",
|
67
|
-
|
67
|
+
|
68
68
|
"Europe/Rome" => "W. Europe Standard Time",
|
69
69
|
"Rome" => "W. Europe Standard Time",
|
70
70
|
}.freeze
|
@@ -113,7 +113,7 @@ module QueueIt
|
|
113
113
|
"AfterEventRedirectPage" => "",
|
114
114
|
"UseSSL" => "Auto",
|
115
115
|
"JavaScriptSupportEnabled" => "False",
|
116
|
-
"TargetUrlSupportEnabled" => "
|
116
|
+
"TargetUrlSupportEnabled" => "True",
|
117
117
|
"SafetyNetMode" => "Disabled",
|
118
118
|
"KnowUserSecurity" => "MD5Hash",
|
119
119
|
"KnowUserSecretKey" => know_user_secret_key,
|
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'digest/md5'
|
2
|
+
|
3
|
+
module QueueIt
|
4
|
+
class ExtractQueueNumber
|
5
|
+
def call(secret_key:, request_url:, request_params:)
|
6
|
+
encrypted_place_in_queue = request_params['p']
|
7
|
+
expected_hash = request_params['h']
|
8
|
+
|
9
|
+
raise QueueIt::MissingArgsGiven.new if queue_it_params_missing?(request_params)
|
10
|
+
|
11
|
+
if verify_md5_hash?(request_url, expected_hash, secret_key)
|
12
|
+
return decrypted_place_in_queue(encrypted_place_in_queue)
|
13
|
+
else
|
14
|
+
raise QueueIt::NotAuthorized.new
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def queue_it_params_missing?(params)
|
21
|
+
queue_id = params['q'] # A QuID, the user’s queue ID
|
22
|
+
encrypted_place_in_queue = params['p'] # A text, an encrypted version of the user’s queue number
|
23
|
+
expected_hash = params['h'] # An integer calculated hash
|
24
|
+
timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
|
25
|
+
|
26
|
+
[queue_id, encrypted_place_in_queue, timestamp, expected_hash].any?(&:nil?)
|
27
|
+
end
|
28
|
+
|
29
|
+
# uses one char of each string at a given starting point
|
30
|
+
# given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
|
31
|
+
def decrypted_place_in_queue(encrypted_place_in_queue)
|
32
|
+
return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
|
33
|
+
encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
|
34
|
+
encrypted_place_in_queue[ 9..9 ]
|
35
|
+
end
|
36
|
+
|
37
|
+
# TODO add timestamp check
|
38
|
+
def verify_md5_hash?(url, expected_hash, secret_key)
|
39
|
+
url_no_hash = "#{url[ 0..-33 ]}#{secret_key}"
|
40
|
+
actual_hash = Digest::MD5.hexdigest(url_no_hash)
|
41
|
+
|
42
|
+
return (expected_hash == actual_hash)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
data/lib/queue_it/queueable.rb
CHANGED
@@ -1,14 +1,17 @@
|
|
1
|
+
require 'queue_it/url_builder'
|
2
|
+
|
1
3
|
module QueueIt
|
2
4
|
module Queueable
|
3
5
|
extend ActiveSupport::Concern
|
4
6
|
|
5
7
|
included do
|
6
|
-
def protect_with_queue!(known_user_secret_key, event_id, customer_id)
|
8
|
+
def protect_with_queue!(known_user_secret_key, event_id, customer_id, redirect_url: nil)
|
7
9
|
create_or_verify_queue_it_session(known_user_secret_key,
|
8
10
|
event_id,
|
9
11
|
customer_id,
|
10
|
-
request.
|
11
|
-
params
|
12
|
+
request.original_url,
|
13
|
+
params,
|
14
|
+
redirect_url)
|
12
15
|
end
|
13
16
|
|
14
17
|
def queue_it_queue_id(event_id)
|
@@ -32,13 +35,16 @@ module QueueIt
|
|
32
35
|
|
33
36
|
private
|
34
37
|
|
35
|
-
def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params)
|
38
|
+
def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params, current_tickets_url)
|
36
39
|
# If there exists a session, we return. This needs to be refactored when we start to look at the timestamp parameter
|
37
40
|
return if session[queue_it_session_variable(event_id)].present?
|
38
41
|
|
39
42
|
begin
|
40
|
-
|
41
|
-
|
43
|
+
queue_number = QueueIt::ExtractQueueNumber.new.(
|
44
|
+
secret_key: secret_key,
|
45
|
+
request_url: request_url,
|
46
|
+
request_params: params)
|
47
|
+
session[queue_it_session_variable(event_id)] = queue_number
|
42
48
|
|
43
49
|
# If the request URL contains queue_it params we remove them and redirect
|
44
50
|
# this is done to mask the params we use to create and verify the queue_it session
|
@@ -46,7 +52,7 @@ module QueueIt
|
|
46
52
|
redirect_to QueueIt::UrlBuilder.clean_url(request_url) and return
|
47
53
|
end
|
48
54
|
rescue QueueIt::MissingArgsGiven
|
49
|
-
queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id)
|
55
|
+
queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id, current_tickets_url)
|
50
56
|
destroy_all_queue_it_sessions
|
51
57
|
render("queue_it/enter_queue", layout: false, locals: { queue_it_url: queue_url }) and return
|
52
58
|
rescue QueueIt::NotAuthorized
|
@@ -55,8 +61,6 @@ module QueueIt
|
|
55
61
|
render("queue_it/cheating_queue", layout: false, locals: { queue_it_url: queue_cancel_url }) and return
|
56
62
|
end
|
57
63
|
end
|
58
|
-
|
59
64
|
end
|
60
|
-
|
61
65
|
end
|
62
66
|
end
|
data/lib/queue_it/url_builder.rb
CHANGED
@@ -2,8 +2,8 @@ require 'addressable/uri'
|
|
2
2
|
|
3
3
|
module QueueIt
|
4
4
|
class UrlBuilder
|
5
|
-
def self.build_queue_url(customer_id, event_id)
|
6
|
-
"http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}"
|
5
|
+
def self.build_queue_url(customer_id, event_id, redirect_url)
|
6
|
+
"http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}&t=#{CGI.escape(redirect_url)}"
|
7
7
|
end
|
8
8
|
|
9
9
|
def self.build_cancel_url(customer_id, event_id, queue_id = nil)
|
data/lib/queue_it/version.rb
CHANGED
@@ -148,7 +148,7 @@ module QueueIt
|
|
148
148
|
"AfterEventRedirectPage" => "",
|
149
149
|
"UseSSL" => "Auto",
|
150
150
|
"JavaScriptSupportEnabled" => "False",
|
151
|
-
"TargetUrlSupportEnabled" => "
|
151
|
+
"TargetUrlSupportEnabled" => "True",
|
152
152
|
"SafetyNetMode" => "Disabled",
|
153
153
|
"KnowUserSecurity" => "MD5Hash",
|
154
154
|
"KnowUserSecretKey" => know_user_secret_key,
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'queue_it'
|
2
|
+
|
3
|
+
module QueueIt
|
4
|
+
RSpec.describe ExtractQueueNumber do
|
5
|
+
let(:secret_key) { "1c9950a7-f716-432e-b5fa-b148d00480db" }
|
6
|
+
let(:service) { ExtractQueueNumber.new }
|
7
|
+
|
8
|
+
specify "happy path" do
|
9
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
10
|
+
|
11
|
+
result = service.(
|
12
|
+
secret_key: secret_key,
|
13
|
+
request_url: url,
|
14
|
+
request_params: parse_params(url))
|
15
|
+
expect(result).not_to be_empty
|
16
|
+
end
|
17
|
+
|
18
|
+
specify do
|
19
|
+
url = "https://example.com/some/path"
|
20
|
+
|
21
|
+
expect do
|
22
|
+
service.(secret_key: secret_key, request_url: url, request_params: {})
|
23
|
+
end.to raise_error(MissingArgsGiven)
|
24
|
+
end
|
25
|
+
|
26
|
+
specify "queue id param is required" do
|
27
|
+
url = "https://example.com/some/path?p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
28
|
+
|
29
|
+
expect do
|
30
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
31
|
+
end.to raise_error(MissingArgsGiven)
|
32
|
+
end
|
33
|
+
|
34
|
+
specify "timestamp param is required" do
|
35
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
36
|
+
|
37
|
+
expect do
|
38
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
39
|
+
end.to raise_error(MissingArgsGiven)
|
40
|
+
end
|
41
|
+
|
42
|
+
specify "encrypted place in queue param is required" do
|
43
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
44
|
+
|
45
|
+
expect do
|
46
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
47
|
+
end.to raise_error(MissingArgsGiven)
|
48
|
+
end
|
49
|
+
|
50
|
+
specify "hash is required" do
|
51
|
+
url = "https://example.com/some/path?q=2647345b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue"
|
52
|
+
|
53
|
+
expect do
|
54
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
55
|
+
end.to raise_error(MissingArgsGiven)
|
56
|
+
end
|
57
|
+
|
58
|
+
def parse_params(url)
|
59
|
+
CGI.parse(URI.parse(url).query).each_with_object({}) {|(k,v),o| o[k] = v.first }
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: queue_it
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Billetto
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-03-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -114,7 +114,7 @@ files:
|
|
114
114
|
- lib/queue_it/api/client.rb
|
115
115
|
- lib/queue_it/api/error.rb
|
116
116
|
- lib/queue_it/api/event.rb
|
117
|
-
- lib/queue_it/
|
117
|
+
- lib/queue_it/extract_queue_number.rb
|
118
118
|
- lib/queue_it/queueable.rb
|
119
119
|
- lib/queue_it/railtie.rb
|
120
120
|
- lib/queue_it/url_builder.rb
|
@@ -122,6 +122,7 @@ files:
|
|
122
122
|
- queue_it.gemspec
|
123
123
|
- spec/queue_it/api/client_spec.rb
|
124
124
|
- spec/queue_it/api/event_spec.rb
|
125
|
+
- spec/queue_it/extract_queue_number_spec.rb
|
125
126
|
homepage: https://github.com/gfish/queue_it
|
126
127
|
licenses:
|
127
128
|
- GNU/GPLv3
|
@@ -142,10 +143,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
142
143
|
version: '0'
|
143
144
|
requirements: []
|
144
145
|
rubyforge_project:
|
145
|
-
rubygems_version: 2.
|
146
|
+
rubygems_version: 2.5.1
|
146
147
|
signing_key:
|
147
148
|
specification_version: 4
|
148
149
|
summary: Gem to handle the implementation of http://queue-it.net
|
149
150
|
test_files:
|
150
151
|
- spec/queue_it/api/client_spec.rb
|
151
152
|
- spec/queue_it/api/event_spec.rb
|
153
|
+
- spec/queue_it/extract_queue_number_spec.rb
|
@@ -1,60 +0,0 @@
|
|
1
|
-
require 'digest/md5'
|
2
|
-
require "queue_it/url_builder"
|
3
|
-
|
4
|
-
module QueueIt
|
5
|
-
class KnownUserChecker
|
6
|
-
|
7
|
-
attr_accessor :shared_event_key, :event_id, :customer_id
|
8
|
-
|
9
|
-
def initialize(shared_event_key, event_id, customer_id)
|
10
|
-
self.shared_event_key = shared_event_key
|
11
|
-
self.event_id = event_id
|
12
|
-
self.customer_id = customer_id
|
13
|
-
end
|
14
|
-
|
15
|
-
# This is bound to Rails!
|
16
|
-
def create_or_verify_queue_it_session!(url, params)
|
17
|
-
queue_id = params['q' ] # A QuID, the user’s queue ID
|
18
|
-
encrypted_place_in_queue = params['p' ] # A text, an encrypted version of the user’s queue number
|
19
|
-
expected_hash = params['h' ] # An integer calculated hash
|
20
|
-
timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
|
21
|
-
|
22
|
-
verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
23
|
-
end
|
24
|
-
|
25
|
-
def verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
26
|
-
if verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
27
|
-
decrypted_place_in_queue(encrypted_place_in_queue)
|
28
|
-
else
|
29
|
-
raise QueueIt::NotAuthorized.new
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
# uses one char of each string at a given starting point
|
36
|
-
# given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
|
37
|
-
def decrypted_place_in_queue(encrypted_place_in_queue)
|
38
|
-
return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
|
39
|
-
encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
|
40
|
-
encrypted_place_in_queue[ 9..9 ]
|
41
|
-
end
|
42
|
-
|
43
|
-
# TODO add timestamp check
|
44
|
-
def verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
45
|
-
raise QueueIt::MissingArgsGiven.new if [ url, queue_id, encrypted_place_in_queue, timestamp, expected_hash ].any?( &:nil? )
|
46
|
-
|
47
|
-
url_no_hash = "#{ url[ 0..-33 ] }#{ shared_event_key }" # Remove hash value and add SharedEventKey
|
48
|
-
actual_hash = Digest::MD5.hexdigest( utf8_encode( url_no_hash ) )
|
49
|
-
|
50
|
-
return false unless expected_hash == actual_hash
|
51
|
-
true
|
52
|
-
end
|
53
|
-
|
54
|
-
def utf8_encode(s)
|
55
|
-
s.encode('UTF-8', 'UTF-8')
|
56
|
-
s
|
57
|
-
end
|
58
|
-
|
59
|
-
end
|
60
|
-
end
|