queue_it 1.1.5 → 1.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/queue_it.rb +1 -1
- data/lib/queue_it/api/event.rb +7 -7
- data/lib/queue_it/extract_queue_number.rb +45 -0
- data/lib/queue_it/queueable.rb +13 -9
- data/lib/queue_it/url_builder.rb +2 -2
- data/lib/queue_it/version.rb +1 -1
- data/spec/queue_it/api/event_spec.rb +1 -1
- data/spec/queue_it/extract_queue_number_spec.rb +62 -0
- metadata +6 -4
- data/lib/queue_it/known_user_checker.rb +0 -60
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 587c18b540a06d28dee61fffa7ad6edba32dbd61
|
4
|
+
data.tar.gz: a658b21277dac5846d7d65a211f38a92e890d115
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b1c61dc1c06bcd8856d390a97153146bc4e9cffd03a9715b7cee7c0c7dec9cf1d734094df2eb149dfcb0375e020f54454d758401faac2fab8df18bbe4116440d
|
7
|
+
data.tar.gz: 60251cb3097573560e11d35af2d6499d7b9546f7712154c4b9ea3aa765bb3b6dfab9fc3c387919193c69fda24f6a0ae8ea339a066f294c2825e891190b857de6
|
data/CHANGELOG.md
CHANGED
data/lib/queue_it.rb
CHANGED
data/lib/queue_it/api/event.rb
CHANGED
@@ -48,23 +48,23 @@ module QueueIt
|
|
48
48
|
MICROSOFT_TIME_ZONE_INDEX_VALUES = {
|
49
49
|
"Europe/Helsinki" => "FLE Standard Time",
|
50
50
|
"Helsinki" => "FLE Standard Time",
|
51
|
-
|
51
|
+
|
52
52
|
"Europe/London" => "GMT Standard Time",
|
53
53
|
"London" => "GMT Standard Time",
|
54
54
|
"Edinburgh" => "GMT Standard Time",
|
55
|
-
|
55
|
+
|
56
56
|
"Europe/Dublin" => "GMT Standard Time",
|
57
57
|
"Dublin" => "GMT Standard Time",
|
58
|
-
|
58
|
+
|
59
59
|
"Europe/Copenhagen" => "Romance Standard Time",
|
60
60
|
"Copenhagen" => "Romance Standard Time",
|
61
|
-
|
61
|
+
|
62
62
|
"Europe/Paris" => "Romance Standard Time",
|
63
63
|
"Paris" => "Romance Standard Time",
|
64
|
-
|
64
|
+
|
65
65
|
"Europe/Stockholm" => "W. Europe Standard Time",
|
66
66
|
"Stockholm" => "W. Europe Standard Time",
|
67
|
-
|
67
|
+
|
68
68
|
"Europe/Rome" => "W. Europe Standard Time",
|
69
69
|
"Rome" => "W. Europe Standard Time",
|
70
70
|
}.freeze
|
@@ -113,7 +113,7 @@ module QueueIt
|
|
113
113
|
"AfterEventRedirectPage" => "",
|
114
114
|
"UseSSL" => "Auto",
|
115
115
|
"JavaScriptSupportEnabled" => "False",
|
116
|
-
"TargetUrlSupportEnabled" => "
|
116
|
+
"TargetUrlSupportEnabled" => "True",
|
117
117
|
"SafetyNetMode" => "Disabled",
|
118
118
|
"KnowUserSecurity" => "MD5Hash",
|
119
119
|
"KnowUserSecretKey" => know_user_secret_key,
|
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'digest/md5'
|
2
|
+
|
3
|
+
module QueueIt
|
4
|
+
class ExtractQueueNumber
|
5
|
+
def call(secret_key:, request_url:, request_params:)
|
6
|
+
encrypted_place_in_queue = request_params['p']
|
7
|
+
expected_hash = request_params['h']
|
8
|
+
|
9
|
+
raise QueueIt::MissingArgsGiven.new if queue_it_params_missing?(request_params)
|
10
|
+
|
11
|
+
if verify_md5_hash?(request_url, expected_hash, secret_key)
|
12
|
+
return decrypted_place_in_queue(encrypted_place_in_queue)
|
13
|
+
else
|
14
|
+
raise QueueIt::NotAuthorized.new
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def queue_it_params_missing?(params)
|
21
|
+
queue_id = params['q'] # A QuID, the user’s queue ID
|
22
|
+
encrypted_place_in_queue = params['p'] # A text, an encrypted version of the user’s queue number
|
23
|
+
expected_hash = params['h'] # An integer calculated hash
|
24
|
+
timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
|
25
|
+
|
26
|
+
[queue_id, encrypted_place_in_queue, timestamp, expected_hash].any?(&:nil?)
|
27
|
+
end
|
28
|
+
|
29
|
+
# uses one char of each string at a given starting point
|
30
|
+
# given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
|
31
|
+
def decrypted_place_in_queue(encrypted_place_in_queue)
|
32
|
+
return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
|
33
|
+
encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
|
34
|
+
encrypted_place_in_queue[ 9..9 ]
|
35
|
+
end
|
36
|
+
|
37
|
+
# TODO add timestamp check
|
38
|
+
def verify_md5_hash?(url, expected_hash, secret_key)
|
39
|
+
url_no_hash = "#{url[ 0..-33 ]}#{secret_key}"
|
40
|
+
actual_hash = Digest::MD5.hexdigest(url_no_hash)
|
41
|
+
|
42
|
+
return (expected_hash == actual_hash)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
data/lib/queue_it/queueable.rb
CHANGED
@@ -1,14 +1,17 @@
|
|
1
|
+
require 'queue_it/url_builder'
|
2
|
+
|
1
3
|
module QueueIt
|
2
4
|
module Queueable
|
3
5
|
extend ActiveSupport::Concern
|
4
6
|
|
5
7
|
included do
|
6
|
-
def protect_with_queue!(known_user_secret_key, event_id, customer_id)
|
8
|
+
def protect_with_queue!(known_user_secret_key, event_id, customer_id, redirect_url: nil)
|
7
9
|
create_or_verify_queue_it_session(known_user_secret_key,
|
8
10
|
event_id,
|
9
11
|
customer_id,
|
10
|
-
request.
|
11
|
-
params
|
12
|
+
request.original_url,
|
13
|
+
params,
|
14
|
+
redirect_url)
|
12
15
|
end
|
13
16
|
|
14
17
|
def queue_it_queue_id(event_id)
|
@@ -32,13 +35,16 @@ module QueueIt
|
|
32
35
|
|
33
36
|
private
|
34
37
|
|
35
|
-
def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params)
|
38
|
+
def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params, current_tickets_url)
|
36
39
|
# If there exists a session, we return. This needs to be refactored when we start to look at the timestamp parameter
|
37
40
|
return if session[queue_it_session_variable(event_id)].present?
|
38
41
|
|
39
42
|
begin
|
40
|
-
|
41
|
-
|
43
|
+
queue_number = QueueIt::ExtractQueueNumber.new.(
|
44
|
+
secret_key: secret_key,
|
45
|
+
request_url: request_url,
|
46
|
+
request_params: params)
|
47
|
+
session[queue_it_session_variable(event_id)] = queue_number
|
42
48
|
|
43
49
|
# If the request URL contains queue_it params we remove them and redirect
|
44
50
|
# this is done to mask the params we use to create and verify the queue_it session
|
@@ -46,7 +52,7 @@ module QueueIt
|
|
46
52
|
redirect_to QueueIt::UrlBuilder.clean_url(request_url) and return
|
47
53
|
end
|
48
54
|
rescue QueueIt::MissingArgsGiven
|
49
|
-
queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id)
|
55
|
+
queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id, current_tickets_url)
|
50
56
|
destroy_all_queue_it_sessions
|
51
57
|
render("queue_it/enter_queue", layout: false, locals: { queue_it_url: queue_url }) and return
|
52
58
|
rescue QueueIt::NotAuthorized
|
@@ -55,8 +61,6 @@ module QueueIt
|
|
55
61
|
render("queue_it/cheating_queue", layout: false, locals: { queue_it_url: queue_cancel_url }) and return
|
56
62
|
end
|
57
63
|
end
|
58
|
-
|
59
64
|
end
|
60
|
-
|
61
65
|
end
|
62
66
|
end
|
data/lib/queue_it/url_builder.rb
CHANGED
@@ -2,8 +2,8 @@ require 'addressable/uri'
|
|
2
2
|
|
3
3
|
module QueueIt
|
4
4
|
class UrlBuilder
|
5
|
-
def self.build_queue_url(customer_id, event_id)
|
6
|
-
"http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}"
|
5
|
+
def self.build_queue_url(customer_id, event_id, redirect_url)
|
6
|
+
"http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}&t=#{CGI.escape(redirect_url)}"
|
7
7
|
end
|
8
8
|
|
9
9
|
def self.build_cancel_url(customer_id, event_id, queue_id = nil)
|
data/lib/queue_it/version.rb
CHANGED
@@ -148,7 +148,7 @@ module QueueIt
|
|
148
148
|
"AfterEventRedirectPage" => "",
|
149
149
|
"UseSSL" => "Auto",
|
150
150
|
"JavaScriptSupportEnabled" => "False",
|
151
|
-
"TargetUrlSupportEnabled" => "
|
151
|
+
"TargetUrlSupportEnabled" => "True",
|
152
152
|
"SafetyNetMode" => "Disabled",
|
153
153
|
"KnowUserSecurity" => "MD5Hash",
|
154
154
|
"KnowUserSecretKey" => know_user_secret_key,
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'queue_it'
|
2
|
+
|
3
|
+
module QueueIt
|
4
|
+
RSpec.describe ExtractQueueNumber do
|
5
|
+
let(:secret_key) { "1c9950a7-f716-432e-b5fa-b148d00480db" }
|
6
|
+
let(:service) { ExtractQueueNumber.new }
|
7
|
+
|
8
|
+
specify "happy path" do
|
9
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
10
|
+
|
11
|
+
result = service.(
|
12
|
+
secret_key: secret_key,
|
13
|
+
request_url: url,
|
14
|
+
request_params: parse_params(url))
|
15
|
+
expect(result).not_to be_empty
|
16
|
+
end
|
17
|
+
|
18
|
+
specify do
|
19
|
+
url = "https://example.com/some/path"
|
20
|
+
|
21
|
+
expect do
|
22
|
+
service.(secret_key: secret_key, request_url: url, request_params: {})
|
23
|
+
end.to raise_error(MissingArgsGiven)
|
24
|
+
end
|
25
|
+
|
26
|
+
specify "queue id param is required" do
|
27
|
+
url = "https://example.com/some/path?p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
28
|
+
|
29
|
+
expect do
|
30
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
31
|
+
end.to raise_error(MissingArgsGiven)
|
32
|
+
end
|
33
|
+
|
34
|
+
specify "timestamp param is required" do
|
35
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
36
|
+
|
37
|
+
expect do
|
38
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
39
|
+
end.to raise_error(MissingArgsGiven)
|
40
|
+
end
|
41
|
+
|
42
|
+
specify "encrypted place in queue param is required" do
|
43
|
+
url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
|
44
|
+
|
45
|
+
expect do
|
46
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
47
|
+
end.to raise_error(MissingArgsGiven)
|
48
|
+
end
|
49
|
+
|
50
|
+
specify "hash is required" do
|
51
|
+
url = "https://example.com/some/path?q=2647345b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue"
|
52
|
+
|
53
|
+
expect do
|
54
|
+
service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
|
55
|
+
end.to raise_error(MissingArgsGiven)
|
56
|
+
end
|
57
|
+
|
58
|
+
def parse_params(url)
|
59
|
+
CGI.parse(URI.parse(url).query).each_with_object({}) {|(k,v),o| o[k] = v.first }
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: queue_it
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Billetto
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-03-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -114,7 +114,7 @@ files:
|
|
114
114
|
- lib/queue_it/api/client.rb
|
115
115
|
- lib/queue_it/api/error.rb
|
116
116
|
- lib/queue_it/api/event.rb
|
117
|
-
- lib/queue_it/
|
117
|
+
- lib/queue_it/extract_queue_number.rb
|
118
118
|
- lib/queue_it/queueable.rb
|
119
119
|
- lib/queue_it/railtie.rb
|
120
120
|
- lib/queue_it/url_builder.rb
|
@@ -122,6 +122,7 @@ files:
|
|
122
122
|
- queue_it.gemspec
|
123
123
|
- spec/queue_it/api/client_spec.rb
|
124
124
|
- spec/queue_it/api/event_spec.rb
|
125
|
+
- spec/queue_it/extract_queue_number_spec.rb
|
125
126
|
homepage: https://github.com/gfish/queue_it
|
126
127
|
licenses:
|
127
128
|
- GNU/GPLv3
|
@@ -142,10 +143,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
142
143
|
version: '0'
|
143
144
|
requirements: []
|
144
145
|
rubyforge_project:
|
145
|
-
rubygems_version: 2.
|
146
|
+
rubygems_version: 2.5.1
|
146
147
|
signing_key:
|
147
148
|
specification_version: 4
|
148
149
|
summary: Gem to handle the implementation of http://queue-it.net
|
149
150
|
test_files:
|
150
151
|
- spec/queue_it/api/client_spec.rb
|
151
152
|
- spec/queue_it/api/event_spec.rb
|
153
|
+
- spec/queue_it/extract_queue_number_spec.rb
|
@@ -1,60 +0,0 @@
|
|
1
|
-
require 'digest/md5'
|
2
|
-
require "queue_it/url_builder"
|
3
|
-
|
4
|
-
module QueueIt
|
5
|
-
class KnownUserChecker
|
6
|
-
|
7
|
-
attr_accessor :shared_event_key, :event_id, :customer_id
|
8
|
-
|
9
|
-
def initialize(shared_event_key, event_id, customer_id)
|
10
|
-
self.shared_event_key = shared_event_key
|
11
|
-
self.event_id = event_id
|
12
|
-
self.customer_id = customer_id
|
13
|
-
end
|
14
|
-
|
15
|
-
# This is bound to Rails!
|
16
|
-
def create_or_verify_queue_it_session!(url, params)
|
17
|
-
queue_id = params['q' ] # A QuID, the user’s queue ID
|
18
|
-
encrypted_place_in_queue = params['p' ] # A text, an encrypted version of the user’s queue number
|
19
|
-
expected_hash = params['h' ] # An integer calculated hash
|
20
|
-
timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
|
21
|
-
|
22
|
-
verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
23
|
-
end
|
24
|
-
|
25
|
-
def verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
26
|
-
if verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
27
|
-
decrypted_place_in_queue(encrypted_place_in_queue)
|
28
|
-
else
|
29
|
-
raise QueueIt::NotAuthorized.new
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
# uses one char of each string at a given starting point
|
36
|
-
# given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
|
37
|
-
def decrypted_place_in_queue(encrypted_place_in_queue)
|
38
|
-
return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
|
39
|
-
encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
|
40
|
-
encrypted_place_in_queue[ 9..9 ]
|
41
|
-
end
|
42
|
-
|
43
|
-
# TODO add timestamp check
|
44
|
-
def verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
|
45
|
-
raise QueueIt::MissingArgsGiven.new if [ url, queue_id, encrypted_place_in_queue, timestamp, expected_hash ].any?( &:nil? )
|
46
|
-
|
47
|
-
url_no_hash = "#{ url[ 0..-33 ] }#{ shared_event_key }" # Remove hash value and add SharedEventKey
|
48
|
-
actual_hash = Digest::MD5.hexdigest( utf8_encode( url_no_hash ) )
|
49
|
-
|
50
|
-
return false unless expected_hash == actual_hash
|
51
|
-
true
|
52
|
-
end
|
53
|
-
|
54
|
-
def utf8_encode(s)
|
55
|
-
s.encode('UTF-8', 'UTF-8')
|
56
|
-
s
|
57
|
-
end
|
58
|
-
|
59
|
-
end
|
60
|
-
end
|