quick_auth 0.0.10
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +6 -0
- data/Gemfile +4 -0
- data/Rakefile +1 -0
- data/lib/quick_auth.rb +7 -0
- data/lib/quick_auth/authentic.rb +84 -0
- data/lib/quick_auth/authentication.rb +137 -0
- data/lib/quick_auth/version.rb +3 -0
- data/quick_auth.gemspec +24 -0
- metadata +73 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
data/lib/quick_auth.rb
ADDED
@@ -0,0 +1,84 @@
|
|
1
|
+
require 'digest/sha1'
|
2
|
+
|
3
|
+
module QuickAuth
|
4
|
+
module Authentic
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
|
7
|
+
RegEmailName = '[\w\.%\+\-]+'
|
8
|
+
RegDomainHead = '(?:[A-Z0-9\-]+\.)+'
|
9
|
+
RegDomainTLD = '(?:[A-Z]{2}|com|org|edu|net|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
|
10
|
+
RegEmailOk = /\A#{RegEmailName}@#{RegDomainHead}#{RegDomainTLD}\z/i
|
11
|
+
PasswordRequired = Proc.new { |u| u.password_required? }
|
12
|
+
|
13
|
+
included do
|
14
|
+
#validates_length_of :em, :within => 6..100
|
15
|
+
#validates_format_of :em, :with => RegEmailOk
|
16
|
+
#validates_presence_of :password, :if => PasswordRequired
|
17
|
+
validates_confirmation_of :password, :if => PasswordRequired, :allow_nil => true
|
18
|
+
validates_length_of :password, :minimum => 6, :if => PasswordRequired, :allow_nil => false, :message => "Your password must be at least 6 characters"
|
19
|
+
end
|
20
|
+
|
21
|
+
module ClassMethods
|
22
|
+
def find_using_perishable_token(token)
|
23
|
+
u = self.first(:conditions => {:phtk => token, :phtke.gt => Time.now})
|
24
|
+
end
|
25
|
+
|
26
|
+
def quick_auth_mongo_keys!
|
27
|
+
key :crp, String # crypted password
|
28
|
+
key :pws, String # password salt
|
29
|
+
key :pstk, String # persistant token
|
30
|
+
key :phtk, String # perishable token
|
31
|
+
key :phtke, Time # perishable token expiration
|
32
|
+
|
33
|
+
attr_alias :crypted_password, :crp
|
34
|
+
attr_alias :password_salt, :pws
|
35
|
+
attr_alias :persistent_token, :pstk
|
36
|
+
attr_alias :perishable_token, :phtk
|
37
|
+
attr_alias :perishable_token_exp, :phtke
|
38
|
+
end
|
39
|
+
|
40
|
+
def digest(password, salt)
|
41
|
+
dig = [password, salt].flatten.join('')
|
42
|
+
20.times { dig = Digest::SHA512.hexdigest(dig) }
|
43
|
+
dig
|
44
|
+
end
|
45
|
+
|
46
|
+
def friendly_token
|
47
|
+
# use base64url as defined by RFC4648
|
48
|
+
SecureRandom.base64(15).tr('+/=', '').strip.delete("\n")
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
|
53
|
+
module InstanceMethods
|
54
|
+
|
55
|
+
def authenticated?(pw)
|
56
|
+
self.crypted_password == self.class.digest(pw, self.password_salt) ? true : false
|
57
|
+
end
|
58
|
+
|
59
|
+
def password
|
60
|
+
@password
|
61
|
+
end
|
62
|
+
|
63
|
+
def password=(value)
|
64
|
+
if value.present?
|
65
|
+
@password = value
|
66
|
+
self.password_salt = self.class.friendly_token
|
67
|
+
self.crypted_password = self.class.digest(value, self.password_salt)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
def password_required?
|
72
|
+
crypted_password.blank?
|
73
|
+
end
|
74
|
+
|
75
|
+
def reset_perishable_token!
|
76
|
+
self.perishable_token_exp = 1.day.from_now
|
77
|
+
self.perishable_token = self.class.friendly_token
|
78
|
+
save!
|
79
|
+
end
|
80
|
+
|
81
|
+
end
|
82
|
+
|
83
|
+
end
|
84
|
+
end
|
@@ -0,0 +1,137 @@
|
|
1
|
+
module QuickAuth
|
2
|
+
module Authentication
|
3
|
+
|
4
|
+
protected
|
5
|
+
# Inclusion hook to make #current_user and #signed_in?
|
6
|
+
# available as ActionView helper methods.
|
7
|
+
|
8
|
+
class << self
|
9
|
+
def included(base)
|
10
|
+
base.send :helper_method, :current_user, :signed_in?, :authorized? if base.respond_to? :helper_method
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
# Returns true or false if the user is signed in.
|
15
|
+
# Preloads @current_user with the user model if they're signed in.
|
16
|
+
def signed_in?
|
17
|
+
!!current_user
|
18
|
+
end
|
19
|
+
|
20
|
+
# Accesses the current user from the session.
|
21
|
+
# Future calls avoid the database because nil is not equal to false.
|
22
|
+
def current_user
|
23
|
+
@current_user ||= (sign_in_from_session || sign_in_from_basic_auth) unless @current_user == false
|
24
|
+
end
|
25
|
+
|
26
|
+
# Store the given user id in the session.
|
27
|
+
def current_user=(new_user)
|
28
|
+
session[:user_id] = new_user ? new_user.id : nil
|
29
|
+
@current_user = new_user || false
|
30
|
+
end
|
31
|
+
|
32
|
+
# Check if the user is authorized
|
33
|
+
#
|
34
|
+
# Override this method in your controllers if you want to restrict access
|
35
|
+
# to only a few actions or if you want to check if the user
|
36
|
+
# has the correct rights.
|
37
|
+
#
|
38
|
+
# Example:
|
39
|
+
#
|
40
|
+
# # only allow nonbobs
|
41
|
+
# def authorized?
|
42
|
+
# current_user.name != "bob"
|
43
|
+
# end
|
44
|
+
#
|
45
|
+
def authorized?(action=nil, resource=nil, *args)
|
46
|
+
signed_in?
|
47
|
+
end
|
48
|
+
|
49
|
+
# Filter method to enforce a sign_in requirement.
|
50
|
+
#
|
51
|
+
# To require sign_ins for all actions, use this in your controllers:
|
52
|
+
#
|
53
|
+
# before_filter :sign_in_required
|
54
|
+
#
|
55
|
+
# To require sign_ins for specific actions, use this in your controllers:
|
56
|
+
#
|
57
|
+
# before_filter :sign_in_required, :only => [ :edit, :update ]
|
58
|
+
#
|
59
|
+
# To skip this in a subclassed controller:
|
60
|
+
#
|
61
|
+
# skip_before_filter :sign_in_required
|
62
|
+
#
|
63
|
+
def authenticate
|
64
|
+
authorized? || access_denied
|
65
|
+
end
|
66
|
+
|
67
|
+
# Redirect as appropriate when an access request fails.
|
68
|
+
#
|
69
|
+
# The default action is to redirect to the sign_in screen.
|
70
|
+
#
|
71
|
+
# Override this method in your controllers if you want to have special
|
72
|
+
# behavior in case the user is not authorized
|
73
|
+
# to access the requested action. For example, a popup window might
|
74
|
+
# simply close itself.
|
75
|
+
def access_denied
|
76
|
+
respond_to do |format|
|
77
|
+
format.html do
|
78
|
+
store_location
|
79
|
+
redirect_to new_session_path
|
80
|
+
end
|
81
|
+
# format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
|
82
|
+
# you may want to change format.any to e.g. format.any(:js, :xml)
|
83
|
+
format.any do
|
84
|
+
request_http_basic_authentication 'Web Password'
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
# Store the URI of the current request in the session.
|
90
|
+
#
|
91
|
+
# We can return to this location by calling #redirect_back_or_default.
|
92
|
+
def store_location
|
93
|
+
session[:return_to] = request.request_uri
|
94
|
+
end
|
95
|
+
|
96
|
+
# Redirect to the URI stored by the most recent store_location call or
|
97
|
+
# to the passed default. Set an appropriately modified
|
98
|
+
# after_filter :store_location, :only => [:index, :new, :show, :edit]
|
99
|
+
# for any controller you want to be bounce-backable.
|
100
|
+
def redirect_back_or_default(default)
|
101
|
+
redirect_to(session[:return_to] || default)
|
102
|
+
session[:return_to] = nil
|
103
|
+
end
|
104
|
+
|
105
|
+
# Called from #current_user. First attempt to sign_in by the user id stored in the session.
|
106
|
+
def sign_in_from_session
|
107
|
+
if session[:user_id]
|
108
|
+
self.current_user = User.find_by_id(session[:user_id])
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
# Called from #current_user. Now, attempt to sign_in by basic authentication information.
|
113
|
+
def sign_in_from_basic_auth
|
114
|
+
authenticate_with_http_basic do |email, password|
|
115
|
+
self.current_user = User.authenticate(email, password)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
# This is ususally what you want; resetting the session willy-nilly wreaks
|
120
|
+
# havoc with forgery protection, and is only strictly necessary on sign_in.
|
121
|
+
# However, **all session state variables should be unset here**.
|
122
|
+
def sign_out_keeping_session!
|
123
|
+
# Kill server-side auth cookie
|
124
|
+
@current_user = false # not signed in, and don't do it for me
|
125
|
+
session[:user_id] = nil # keeps the session but kill our variable
|
126
|
+
# explicitly kill any other session variables you set
|
127
|
+
end
|
128
|
+
|
129
|
+
# The session should only be reset at the tail end of a form POST --
|
130
|
+
# otherwise the request forgery protection fails. It's only really necessary
|
131
|
+
# when you cross quarantine (signed-out to signed-in).
|
132
|
+
def sign_out_killing_session!
|
133
|
+
sign_out_keeping_session!
|
134
|
+
reset_session
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
data/quick_auth.gemspec
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "quick_auth/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "quick_auth"
|
7
|
+
s.version = QuickAuth::VERSION
|
8
|
+
s.authors = ["Alan Graham"]
|
9
|
+
s.email = ["alangraham5@gmail.com"]
|
10
|
+
s.homepage = ""
|
11
|
+
s.summary = %q{Gem for backend authorization}
|
12
|
+
s.description = %q{Gem for backend authorization}
|
13
|
+
|
14
|
+
s.rubyforge_project = "quick_auth"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
|
21
|
+
# specify any dependencies here; for example:
|
22
|
+
# s.add_development_dependency "rspec"
|
23
|
+
# s.add_runtime_dependency "rest-client"
|
24
|
+
end
|
metadata
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: quick_auth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 11
|
5
|
+
prerelease:
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
- 10
|
10
|
+
version: 0.0.10
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Alan Graham
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2012-03-20 00:00:00 Z
|
19
|
+
dependencies: []
|
20
|
+
|
21
|
+
description: Gem for backend authorization
|
22
|
+
email:
|
23
|
+
- alangraham5@gmail.com
|
24
|
+
executables: []
|
25
|
+
|
26
|
+
extensions: []
|
27
|
+
|
28
|
+
extra_rdoc_files: []
|
29
|
+
|
30
|
+
files:
|
31
|
+
- .gitignore
|
32
|
+
- Gemfile
|
33
|
+
- Rakefile
|
34
|
+
- lib/quick_auth.rb
|
35
|
+
- lib/quick_auth/authentic.rb
|
36
|
+
- lib/quick_auth/authentication.rb
|
37
|
+
- lib/quick_auth/version.rb
|
38
|
+
- quick_auth.gemspec
|
39
|
+
homepage: ""
|
40
|
+
licenses: []
|
41
|
+
|
42
|
+
post_install_message:
|
43
|
+
rdoc_options: []
|
44
|
+
|
45
|
+
require_paths:
|
46
|
+
- lib
|
47
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
48
|
+
none: false
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
hash: 3
|
53
|
+
segments:
|
54
|
+
- 0
|
55
|
+
version: "0"
|
56
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
hash: 3
|
62
|
+
segments:
|
63
|
+
- 0
|
64
|
+
version: "0"
|
65
|
+
requirements: []
|
66
|
+
|
67
|
+
rubyforge_project: quick_auth
|
68
|
+
rubygems_version: 1.8.17
|
69
|
+
signing_key:
|
70
|
+
specification_version: 3
|
71
|
+
summary: Gem for backend authorization
|
72
|
+
test_files: []
|
73
|
+
|