rack-ninja_auth 0.5.2 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/examples/gmail.rb +2 -1
- data/examples/routes.rb +3 -2
- data/lib/rack/ninja_auth.rb +20 -13
- data/lib/rack/ninja_auth/version.rb +1 -1
- data/rack-ninja_auth.gemspec +0 -1
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1768ee1ddc4807f1809a686655382f01aa9b809e
|
|
4
|
+
data.tar.gz: 11590bc1312c37a39fe49529bc93f01180802c49
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5f61354e0351ed53d807d0e12113ed864406bba7f20387d5ecf5f92ac7a65b0908bc30c438747d974868699e69ce167a953e2acf67a656f233cbbb5219558d9f
|
|
7
|
+
data.tar.gz: c8fd786923419675a8ca21dfba15b280ccc0bdecd543345b07878773e81ce67f4027b3f4dec7df3e2c66587580d4ea34e35dc48336288aff48fdedeb44b26c8f
|
data/README.md
CHANGED
|
@@ -4,13 +4,13 @@ Require authentication via google for your application without passing any auth
|
|
|
4
4
|
|
|
5
5
|
## Example
|
|
6
6
|
|
|
7
|
-
Add this as middleware to your rack application, then execute with `NINJA_GOOGLE_CLIENT_ID
|
|
7
|
+
Add this as middleware to your rack application so that a rack session is already available, then execute with `NINJA_GOOGLE_CLIENT_ID` AND `NINJA_GOOGLE_CLIENT_SECRET` environment variables set.
|
|
8
8
|
|
|
9
9
|
```ruby
|
|
10
10
|
require 'sinatra'
|
|
11
11
|
require 'rack/ninja_auth'
|
|
12
12
|
|
|
13
|
-
use Rack::NinjaAuth::Middleware, /@gmail.com$/
|
|
13
|
+
use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/
|
|
14
14
|
|
|
15
15
|
get '/' do
|
|
16
16
|
"This is secure without authorisation with a google account with an email ending in @gmail.com"
|
data/examples/gmail.rb
CHANGED
|
@@ -13,8 +13,9 @@ $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
|
|
|
13
13
|
require 'sinatra'
|
|
14
14
|
require 'rack/ninja_auth'
|
|
15
15
|
|
|
16
|
+
use Rack::Session::Cookie, secret: 'change_me'
|
|
16
17
|
use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/
|
|
17
|
-
# use Rack::NinjaAuth::Middleware, /@gmail\./, './file/to/deliver/if/email/does/not/match.html'
|
|
18
|
+
# use Rack::NinjaAuth::Middleware, email_matcher: /@gmail\./, not_allowed_file: './file/to/deliver/if/email/does/not/match.html'
|
|
18
19
|
|
|
19
20
|
get '/secured' do
|
|
20
21
|
"You hit the secured app"
|
data/examples/routes.rb
CHANGED
|
@@ -4,15 +4,16 @@ $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
|
|
|
4
4
|
# ```
|
|
5
5
|
# NINJA_GOOGLE_CLIENT_ID=<Your google client id>
|
|
6
6
|
# NINJA_GOOGLE_CLIENT_SECRET=<Your google client secret>
|
|
7
|
-
# ruby
|
|
7
|
+
# ruby routes.rb
|
|
8
8
|
# ```
|
|
9
9
|
#
|
|
10
10
|
# Now you can visit `http://127.0.0.1:4567/secured` and will only access it if you validate with a google
|
|
11
|
-
# account that has an `@gmail.com` email address.
|
|
11
|
+
# account that has an `@gmail.com` email address. `http://127.0.0.1:4567/` be available, even without authenticating.
|
|
12
12
|
|
|
13
13
|
require 'sinatra'
|
|
14
14
|
require 'rack/ninja_auth'
|
|
15
15
|
|
|
16
|
+
use Rack::Session::Cookie, secret: 'change_me'
|
|
16
17
|
use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/, secured_routes: %r{^/secured}
|
|
17
18
|
|
|
18
19
|
get '/secured' do
|
data/lib/rack/ninja_auth.rb
CHANGED
|
@@ -1,18 +1,15 @@
|
|
|
1
1
|
require 'rack/ninja_auth/version'
|
|
2
2
|
require 'sinatra/base'
|
|
3
3
|
require 'omniauth/google_oauth2'
|
|
4
|
-
require 'rack/session/redis'
|
|
5
4
|
require 'rack/accept'
|
|
6
5
|
|
|
7
6
|
module Rack
|
|
8
7
|
module NinjaAuth
|
|
9
8
|
class Middleware < Sinatra::Base
|
|
10
9
|
use Rack::Accept
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
expire_after: 2592000,
|
|
15
|
-
redis_server: ENV['NINJA_REDIS_URL'] || 'redis://127.0.0.1:6379/0/rack:ninja_auth'
|
|
10
|
+
|
|
11
|
+
SESSION_KEY = 'rack-ninja_auth'
|
|
12
|
+
SALT_BYTES = 16
|
|
16
13
|
|
|
17
14
|
use OmniAuth::Builder do
|
|
18
15
|
provider :google_oauth2, ENV["NINJA_GOOGLE_CLIENT_ID"], ENV["NINJA_GOOGLE_CLIENT_SECRET"]
|
|
@@ -29,7 +26,7 @@ module Rack
|
|
|
29
26
|
|
|
30
27
|
before do
|
|
31
28
|
@hit_real_app = false
|
|
32
|
-
if is_authenticated? ||
|
|
29
|
+
if !is_internal_request? && (is_authenticated? || is_unprotected_request?)
|
|
33
30
|
res = @main_app.call(request.env)
|
|
34
31
|
@hit_real_app = true
|
|
35
32
|
headers res[1]
|
|
@@ -39,8 +36,8 @@ module Rack
|
|
|
39
36
|
|
|
40
37
|
get '/auth/google_oauth2/callback' do
|
|
41
38
|
email = request.env["omniauth.auth"].info.email rescue nil
|
|
42
|
-
if email
|
|
43
|
-
|
|
39
|
+
if allowable_email?(email)
|
|
40
|
+
authenticate!(email: email)
|
|
44
41
|
redirect '/'
|
|
45
42
|
else
|
|
46
43
|
redirect '/auth/failure'
|
|
@@ -54,22 +51,32 @@ module Rack
|
|
|
54
51
|
after do
|
|
55
52
|
if !@hit_real_app && status == 404
|
|
56
53
|
halt(403) unless env['rack-accept.request'].media_type?('text/html')
|
|
54
|
+
headers['X-Cascade'] = 'stop'
|
|
57
55
|
redirect '/auth/google_oauth2'
|
|
58
56
|
end
|
|
59
57
|
end
|
|
60
58
|
|
|
61
59
|
private
|
|
62
60
|
|
|
61
|
+
def authenticate!(email:)
|
|
62
|
+
session[SESSION_KEY] = { email: email }
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def allowable_email?(email)
|
|
66
|
+
email.respond_to?(:match) && email.match(@email_matcher)
|
|
67
|
+
end
|
|
68
|
+
|
|
63
69
|
def is_authenticated?
|
|
64
|
-
|
|
70
|
+
fields = session[SESSION_KEY] || {}
|
|
71
|
+
allowable_email?(fields[:email])
|
|
65
72
|
end
|
|
66
73
|
|
|
67
|
-
def
|
|
68
|
-
env['PATH_INFO'].match(@secured_route_matcher)
|
|
74
|
+
def is_unprotected_request?
|
|
75
|
+
!env['PATH_INFO'].match(@secured_route_matcher)
|
|
69
76
|
end
|
|
70
77
|
|
|
71
78
|
def is_internal_request?
|
|
72
|
-
env['REQUEST_URI']
|
|
79
|
+
!!env['REQUEST_URI'].match(%r{^/auth/})
|
|
73
80
|
end
|
|
74
81
|
end
|
|
75
82
|
end
|
data/rack-ninja_auth.gemspec
CHANGED
|
@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
|
|
22
22
|
spec.add_dependency "sinatra", "~> 1.4"
|
|
23
23
|
spec.add_dependency "omniauth-google-oauth2", "~> 0.2"
|
|
24
|
-
spec.add_dependency "redis-rack", "~> 1.4"
|
|
25
24
|
spec.add_dependency "rack-accept", "~> 0.4"
|
|
26
25
|
|
|
27
26
|
spec.add_development_dependency "bundler", "~> 1.10"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-ninja_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- JP Hastings-Spital
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
11
|
+
date: 2016-04-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sinatra
|
|
@@ -38,20 +38,6 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0.2'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: redis-rack
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - "~>"
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '1.4'
|
|
48
|
-
type: :runtime
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - "~>"
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '1.4'
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
42
|
name: rack-accept
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|