rack-ninja_auth 0.5.2 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/examples/gmail.rb +2 -1
- data/examples/routes.rb +3 -2
- data/lib/rack/ninja_auth.rb +20 -13
- data/lib/rack/ninja_auth/version.rb +1 -1
- data/rack-ninja_auth.gemspec +0 -1
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1768ee1ddc4807f1809a686655382f01aa9b809e
|
|
4
|
+
data.tar.gz: 11590bc1312c37a39fe49529bc93f01180802c49
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5f61354e0351ed53d807d0e12113ed864406bba7f20387d5ecf5f92ac7a65b0908bc30c438747d974868699e69ce167a953e2acf67a656f233cbbb5219558d9f
|
|
7
|
+
data.tar.gz: c8fd786923419675a8ca21dfba15b280ccc0bdecd543345b07878773e81ce67f4027b3f4dec7df3e2c66587580d4ea34e35dc48336288aff48fdedeb44b26c8f
|
data/README.md
CHANGED
|
@@ -4,13 +4,13 @@ Require authentication via google for your application without passing any auth
|
|
|
4
4
|
|
|
5
5
|
## Example
|
|
6
6
|
|
|
7
|
-
Add this as middleware to your rack application, then execute with `NINJA_GOOGLE_CLIENT_ID
|
|
7
|
+
Add this as middleware to your rack application so that a rack session is already available, then execute with `NINJA_GOOGLE_CLIENT_ID` AND `NINJA_GOOGLE_CLIENT_SECRET` environment variables set.
|
|
8
8
|
|
|
9
9
|
```ruby
|
|
10
10
|
require 'sinatra'
|
|
11
11
|
require 'rack/ninja_auth'
|
|
12
12
|
|
|
13
|
-
use Rack::NinjaAuth::Middleware, /@gmail.com$/
|
|
13
|
+
use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/
|
|
14
14
|
|
|
15
15
|
get '/' do
|
|
16
16
|
"This is secure without authorisation with a google account with an email ending in @gmail.com"
|
data/examples/gmail.rb
CHANGED
|
@@ -13,8 +13,9 @@ $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
|
|
|
13
13
|
require 'sinatra'
|
|
14
14
|
require 'rack/ninja_auth'
|
|
15
15
|
|
|
16
|
+
use Rack::Session::Cookie, secret: 'change_me'
|
|
16
17
|
use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/
|
|
17
|
-
# use Rack::NinjaAuth::Middleware, /@gmail\./, './file/to/deliver/if/email/does/not/match.html'
|
|
18
|
+
# use Rack::NinjaAuth::Middleware, email_matcher: /@gmail\./, not_allowed_file: './file/to/deliver/if/email/does/not/match.html'
|
|
18
19
|
|
|
19
20
|
get '/secured' do
|
|
20
21
|
"You hit the secured app"
|
data/examples/routes.rb
CHANGED
|
@@ -4,15 +4,16 @@ $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
|
|
|
4
4
|
# ```
|
|
5
5
|
# NINJA_GOOGLE_CLIENT_ID=<Your google client id>
|
|
6
6
|
# NINJA_GOOGLE_CLIENT_SECRET=<Your google client secret>
|
|
7
|
-
# ruby
|
|
7
|
+
# ruby routes.rb
|
|
8
8
|
# ```
|
|
9
9
|
#
|
|
10
10
|
# Now you can visit `http://127.0.0.1:4567/secured` and will only access it if you validate with a google
|
|
11
|
-
# account that has an `@gmail.com` email address.
|
|
11
|
+
# account that has an `@gmail.com` email address. `http://127.0.0.1:4567/` be available, even without authenticating.
|
|
12
12
|
|
|
13
13
|
require 'sinatra'
|
|
14
14
|
require 'rack/ninja_auth'
|
|
15
15
|
|
|
16
|
+
use Rack::Session::Cookie, secret: 'change_me'
|
|
16
17
|
use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/, secured_routes: %r{^/secured}
|
|
17
18
|
|
|
18
19
|
get '/secured' do
|
data/lib/rack/ninja_auth.rb
CHANGED
|
@@ -1,18 +1,15 @@
|
|
|
1
1
|
require 'rack/ninja_auth/version'
|
|
2
2
|
require 'sinatra/base'
|
|
3
3
|
require 'omniauth/google_oauth2'
|
|
4
|
-
require 'rack/session/redis'
|
|
5
4
|
require 'rack/accept'
|
|
6
5
|
|
|
7
6
|
module Rack
|
|
8
7
|
module NinjaAuth
|
|
9
8
|
class Middleware < Sinatra::Base
|
|
10
9
|
use Rack::Accept
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
expire_after: 2592000,
|
|
15
|
-
redis_server: ENV['NINJA_REDIS_URL'] || 'redis://127.0.0.1:6379/0/rack:ninja_auth'
|
|
10
|
+
|
|
11
|
+
SESSION_KEY = 'rack-ninja_auth'
|
|
12
|
+
SALT_BYTES = 16
|
|
16
13
|
|
|
17
14
|
use OmniAuth::Builder do
|
|
18
15
|
provider :google_oauth2, ENV["NINJA_GOOGLE_CLIENT_ID"], ENV["NINJA_GOOGLE_CLIENT_SECRET"]
|
|
@@ -29,7 +26,7 @@ module Rack
|
|
|
29
26
|
|
|
30
27
|
before do
|
|
31
28
|
@hit_real_app = false
|
|
32
|
-
if is_authenticated? ||
|
|
29
|
+
if !is_internal_request? && (is_authenticated? || is_unprotected_request?)
|
|
33
30
|
res = @main_app.call(request.env)
|
|
34
31
|
@hit_real_app = true
|
|
35
32
|
headers res[1]
|
|
@@ -39,8 +36,8 @@ module Rack
|
|
|
39
36
|
|
|
40
37
|
get '/auth/google_oauth2/callback' do
|
|
41
38
|
email = request.env["omniauth.auth"].info.email rescue nil
|
|
42
|
-
if email
|
|
43
|
-
|
|
39
|
+
if allowable_email?(email)
|
|
40
|
+
authenticate!(email: email)
|
|
44
41
|
redirect '/'
|
|
45
42
|
else
|
|
46
43
|
redirect '/auth/failure'
|
|
@@ -54,22 +51,32 @@ module Rack
|
|
|
54
51
|
after do
|
|
55
52
|
if !@hit_real_app && status == 404
|
|
56
53
|
halt(403) unless env['rack-accept.request'].media_type?('text/html')
|
|
54
|
+
headers['X-Cascade'] = 'stop'
|
|
57
55
|
redirect '/auth/google_oauth2'
|
|
58
56
|
end
|
|
59
57
|
end
|
|
60
58
|
|
|
61
59
|
private
|
|
62
60
|
|
|
61
|
+
def authenticate!(email:)
|
|
62
|
+
session[SESSION_KEY] = { email: email }
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def allowable_email?(email)
|
|
66
|
+
email.respond_to?(:match) && email.match(@email_matcher)
|
|
67
|
+
end
|
|
68
|
+
|
|
63
69
|
def is_authenticated?
|
|
64
|
-
|
|
70
|
+
fields = session[SESSION_KEY] || {}
|
|
71
|
+
allowable_email?(fields[:email])
|
|
65
72
|
end
|
|
66
73
|
|
|
67
|
-
def
|
|
68
|
-
env['PATH_INFO'].match(@secured_route_matcher)
|
|
74
|
+
def is_unprotected_request?
|
|
75
|
+
!env['PATH_INFO'].match(@secured_route_matcher)
|
|
69
76
|
end
|
|
70
77
|
|
|
71
78
|
def is_internal_request?
|
|
72
|
-
env['REQUEST_URI']
|
|
79
|
+
!!env['REQUEST_URI'].match(%r{^/auth/})
|
|
73
80
|
end
|
|
74
81
|
end
|
|
75
82
|
end
|
data/rack-ninja_auth.gemspec
CHANGED
|
@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
|
|
22
22
|
spec.add_dependency "sinatra", "~> 1.4"
|
|
23
23
|
spec.add_dependency "omniauth-google-oauth2", "~> 0.2"
|
|
24
|
-
spec.add_dependency "redis-rack", "~> 1.4"
|
|
25
24
|
spec.add_dependency "rack-accept", "~> 0.4"
|
|
26
25
|
|
|
27
26
|
spec.add_development_dependency "bundler", "~> 1.10"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-ninja_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- JP Hastings-Spital
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
11
|
+
date: 2016-04-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sinatra
|
|
@@ -38,20 +38,6 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0.2'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: redis-rack
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - "~>"
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '1.4'
|
|
48
|
-
type: :runtime
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - "~>"
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '1.4'
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
42
|
name: rack-accept
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|