rack-ninja_auth 0.5.2 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cfc4021fdd66c583d85baee880d13fd5fdace6c4
4
- data.tar.gz: 390eeac41894a3e9c7ed2556d8475d059447a6b2
3
+ metadata.gz: 1768ee1ddc4807f1809a686655382f01aa9b809e
4
+ data.tar.gz: 11590bc1312c37a39fe49529bc93f01180802c49
5
5
  SHA512:
6
- metadata.gz: 592533dbf35bc2b2e6df24702f94ca9c8dda05e6df935cac53ad17114b0045e01f14ab841e22d5301d015d22cfb6885b1380534451fc65801224382b660d8754
7
- data.tar.gz: d275a906c794f819ac76fca074cac984e87ca2f9bbaf8bec3eec4c70634205823391ccf2f45eb18b7a6a7988949d08038fb698335995560cb9adc46b43b76177
6
+ metadata.gz: 5f61354e0351ed53d807d0e12113ed864406bba7f20387d5ecf5f92ac7a65b0908bc30c438747d974868699e69ce167a953e2acf67a656f233cbbb5219558d9f
7
+ data.tar.gz: c8fd786923419675a8ca21dfba15b280ccc0bdecd543345b07878773e81ce67f4027b3f4dec7df3e2c66587580d4ea34e35dc48336288aff48fdedeb44b26c8f
data/README.md CHANGED
@@ -4,13 +4,13 @@ Require authentication via google for your application without passing any auth
4
4
 
5
5
  ## Example
6
6
 
7
- Add this as middleware to your rack application, then execute with `NINJA_GOOGLE_CLIENT_ID`, `NINJA_GOOGLE_CLIENT_SECRET` and `NINJA_REDIS_URL` environment variables set.
7
+ Add this as middleware to your rack application so that a rack session is already available, then execute with `NINJA_GOOGLE_CLIENT_ID` AND `NINJA_GOOGLE_CLIENT_SECRET` environment variables set.
8
8
 
9
9
  ```ruby
10
10
  require 'sinatra'
11
11
  require 'rack/ninja_auth'
12
12
 
13
- use Rack::NinjaAuth::Middleware, /@gmail.com$/
13
+ use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/
14
14
 
15
15
  get '/' do
16
16
  "This is secure without authorisation with a google account with an email ending in @gmail.com"
data/examples/gmail.rb CHANGED
@@ -13,8 +13,9 @@ $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
13
13
  require 'sinatra'
14
14
  require 'rack/ninja_auth'
15
15
 
16
+ use Rack::Session::Cookie, secret: 'change_me'
16
17
  use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/
17
- # use Rack::NinjaAuth::Middleware, /@gmail\./, './file/to/deliver/if/email/does/not/match.html'
18
+ # use Rack::NinjaAuth::Middleware, email_matcher: /@gmail\./, not_allowed_file: './file/to/deliver/if/email/does/not/match.html'
18
19
 
19
20
  get '/secured' do
20
21
  "You hit the secured app"
data/examples/routes.rb CHANGED
@@ -4,15 +4,16 @@ $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
4
4
  # ```
5
5
  # NINJA_GOOGLE_CLIENT_ID=<Your google client id>
6
6
  # NINJA_GOOGLE_CLIENT_SECRET=<Your google client secret>
7
- # ruby gmail.rb
7
+ # ruby routes.rb
8
8
  # ```
9
9
  #
10
10
  # Now you can visit `http://127.0.0.1:4567/secured` and will only access it if you validate with a google
11
- # account that has an `@gmail.com` email address.
11
+ # account that has an `@gmail.com` email address. `http://127.0.0.1:4567/` be available, even without authenticating.
12
12
 
13
13
  require 'sinatra'
14
14
  require 'rack/ninja_auth'
15
15
 
16
+ use Rack::Session::Cookie, secret: 'change_me'
16
17
  use Rack::NinjaAuth::Middleware, email_matcher: /@gmail.com$/, secured_routes: %r{^/secured}
17
18
 
18
19
  get '/secured' do
@@ -1,18 +1,15 @@
1
1
  require 'rack/ninja_auth/version'
2
2
  require 'sinatra/base'
3
3
  require 'omniauth/google_oauth2'
4
- require 'rack/session/redis'
5
4
  require 'rack/accept'
6
5
 
7
6
  module Rack
8
7
  module NinjaAuth
9
8
  class Middleware < Sinatra::Base
10
9
  use Rack::Accept
11
- use Rack::Session::Redis,
12
- path: '/',
13
- key: 'rack.ninja_auth',
14
- expire_after: 2592000,
15
- redis_server: ENV['NINJA_REDIS_URL'] || 'redis://127.0.0.1:6379/0/rack:ninja_auth'
10
+
11
+ SESSION_KEY = 'rack-ninja_auth'
12
+ SALT_BYTES = 16
16
13
 
17
14
  use OmniAuth::Builder do
18
15
  provider :google_oauth2, ENV["NINJA_GOOGLE_CLIENT_ID"], ENV["NINJA_GOOGLE_CLIENT_SECRET"]
@@ -29,7 +26,7 @@ module Rack
29
26
 
30
27
  before do
31
28
  @hit_real_app = false
32
- if is_authenticated? || !is_protected_request?
29
+ if !is_internal_request? && (is_authenticated? || is_unprotected_request?)
33
30
  res = @main_app.call(request.env)
34
31
  @hit_real_app = true
35
32
  headers res[1]
@@ -39,8 +36,8 @@ module Rack
39
36
 
40
37
  get '/auth/google_oauth2/callback' do
41
38
  email = request.env["omniauth.auth"].info.email rescue nil
42
- if email && email.match(@email_matcher)
43
- session[:user] = email
39
+ if allowable_email?(email)
40
+ authenticate!(email: email)
44
41
  redirect '/'
45
42
  else
46
43
  redirect '/auth/failure'
@@ -54,22 +51,32 @@ module Rack
54
51
  after do
55
52
  if !@hit_real_app && status == 404
56
53
  halt(403) unless env['rack-accept.request'].media_type?('text/html')
54
+ headers['X-Cascade'] = 'stop'
57
55
  redirect '/auth/google_oauth2'
58
56
  end
59
57
  end
60
58
 
61
59
  private
62
60
 
61
+ def authenticate!(email:)
62
+ session[SESSION_KEY] = { email: email }
63
+ end
64
+
65
+ def allowable_email?(email)
66
+ email.respond_to?(:match) && email.match(@email_matcher)
67
+ end
68
+
63
69
  def is_authenticated?
64
- !session[:user].nil?
70
+ fields = session[SESSION_KEY] || {}
71
+ allowable_email?(fields[:email])
65
72
  end
66
73
 
67
- def is_protected_request?
68
- env['PATH_INFO'].match(@secured_route_matcher)
74
+ def is_unprotected_request?
75
+ !env['PATH_INFO'].match(@secured_route_matcher)
69
76
  end
70
77
 
71
78
  def is_internal_request?
72
- env['REQUEST_URI'] =~ %r{^/auth/}
79
+ !!env['REQUEST_URI'].match(%r{^/auth/})
73
80
  end
74
81
  end
75
82
  end
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module NinjaAuth
3
- VERSION = "0.5.2"
3
+ VERSION = "0.6.2"
4
4
  end
5
5
  end
@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
21
21
 
22
22
  spec.add_dependency "sinatra", "~> 1.4"
23
23
  spec.add_dependency "omniauth-google-oauth2", "~> 0.2"
24
- spec.add_dependency "redis-rack", "~> 1.4"
25
24
  spec.add_dependency "rack-accept", "~> 0.4"
26
25
 
27
26
  spec.add_development_dependency "bundler", "~> 1.10"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-ninja_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.2
4
+ version: 0.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - JP Hastings-Spital
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-05 00:00:00.000000000 Z
11
+ date: 2016-04-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sinatra
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0.2'
41
- - !ruby/object:Gem::Dependency
42
- name: redis-rack
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - "~>"
46
- - !ruby/object:Gem::Version
47
- version: '1.4'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - "~>"
53
- - !ruby/object:Gem::Version
54
- version: '1.4'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rack-accept
57
43
  requirement: !ruby/object:Gem::Requirement