rack-pubcookie 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +3 -2
- data/lib/rack/pubcookie.rb +27 -5
- data/lib/rack/pubcookie/aes.rb +1 -1
- data/lib/rack/pubcookie/auth.rb +56 -57
- data/lib/rack/pubcookie/des.rb +1 -1
- data/lib/rack/pubcookie/version.rb +2 -2
- data/spec/rack/{pubcookie/auth_spec.rb → pubcookie_spec.rb} +9 -7
- metadata +5 -6
- data/lib/rack/pubcookie/fake.rb +0 -22
data/README.md
CHANGED
@@ -30,8 +30,9 @@ Once these six pieces have been obtained, you can then use it like this:
|
|
30
30
|
# This is located in config.ru
|
31
31
|
require 'rack/pubcookie'
|
32
32
|
|
33
|
-
use Rack::Pubcookie
|
34
|
-
@
|
33
|
+
use Rack::Pubcookie, :login_server => @login_server, :host_name => @hostname,
|
34
|
+
:appid => @appid, :keyfile_path => @keyfile_path,
|
35
|
+
:granting_cert => @granting_certificate_path
|
35
36
|
|
36
37
|
# @login_server => 'login.example.com[:port]' (port optional)
|
37
38
|
# @hostname => 'myapp.example.com[:port]' (port optional)
|
data/lib/rack/pubcookie.rb
CHANGED
@@ -1,11 +1,33 @@
|
|
1
1
|
require 'rack'
|
2
2
|
|
3
|
+
require 'rack/pubcookie/version'
|
4
|
+
require 'rack/pubcookie/auth'
|
5
|
+
|
3
6
|
module Rack
|
4
|
-
|
5
|
-
|
7
|
+
class Pubcookie
|
8
|
+
|
9
|
+
include Auth
|
10
|
+
|
11
|
+
def initialize app, options
|
12
|
+
@app = app
|
13
|
+
self.pubcookie_options = options
|
14
|
+
end
|
15
|
+
|
16
|
+
def call env
|
17
|
+
request = Rack::Request.new env
|
18
|
+
|
19
|
+
if request.path == '/auth/pubcookie'
|
20
|
+
response = Rack::Response.new login_page_html
|
21
|
+
else
|
22
|
+
request.env['REMOTE_USER'] = extract_username request
|
23
|
+
status, headers, body = @app.call(request.env)
|
24
|
+
response = Rack::Response.new body, status, headers
|
25
|
+
|
26
|
+
set_pubcookie! request, response
|
27
|
+
end
|
28
|
+
|
29
|
+
response.finish
|
30
|
+
end
|
6
31
|
|
7
|
-
autoload :Auth, 'rack/pubcookie/auth'
|
8
|
-
autoload :AES, 'rack/pubcookie/aes'
|
9
|
-
autoload :DES, 'rack/pubcookie/des'
|
10
32
|
end
|
11
33
|
end
|
data/lib/rack/pubcookie/aes.rb
CHANGED
data/lib/rack/pubcookie/auth.rb
CHANGED
@@ -2,49 +2,42 @@ require 'rack/utils'
|
|
2
2
|
require 'openssl'
|
3
3
|
require 'base64'
|
4
4
|
|
5
|
+
require 'rack/pubcookie/aes'
|
6
|
+
require 'rack/pubcookie/des'
|
7
|
+
|
5
8
|
module Rack
|
6
|
-
|
7
|
-
|
9
|
+
class Pubcookie
|
10
|
+
module Auth
|
8
11
|
|
9
12
|
include AES
|
10
13
|
include DES
|
11
14
|
|
12
|
-
def
|
13
|
-
|
14
|
-
@
|
15
|
-
@
|
16
|
-
@
|
17
|
-
@
|
18
|
-
|
19
|
-
@
|
15
|
+
def pubcookie_options= options
|
16
|
+
@login_server = options[:login_server]
|
17
|
+
@host = options[:host]
|
18
|
+
@appid = options[:appid]
|
19
|
+
@keyfile = options[:keyfile]
|
20
|
+
@granting_cert = options[:granting_cert]
|
21
|
+
|
22
|
+
if @login_server.nil? || @host.nil? || @appid.nil? || @keyfile.nil? ||
|
23
|
+
@granting_cert.nil?
|
24
|
+
raise 'Need all of :login_server, :host, :appid, :keyfile, and :granting_cert specified to use pubcookie!'
|
25
|
+
end
|
26
|
+
|
27
|
+
@granting = OpenSSL::X509::Certificate.new(::File.read(@granting_cert))
|
20
28
|
::File.open(@keyfile, 'rb'){ |f| @key = f.read.bytes.to_a }
|
21
29
|
|
22
|
-
@options
|
23
|
-
@options[:expires_after] = 24 * 3600 # 24 hrs
|
30
|
+
@expires_after ||= options[:expires_after] || 24 * 3600 # 24 hrs
|
24
31
|
end
|
25
32
|
|
26
|
-
def
|
27
|
-
request
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
else
|
32
|
-
request.env['REMOTE_USER'] = extract_username request
|
33
|
-
status, headers, body = @app.call(request.env)
|
34
|
-
response = Rack::Response.new body, status, headers
|
35
|
-
|
36
|
-
if !request.params['pubcookie_g'].nil? &&
|
37
|
-
request.params['pubcookie_g'] != request.cookies['pubcookie_g']
|
38
|
-
response.set_cookie 'pubcookie_g', :path => '/', :secure => true,
|
39
|
-
:value => request.params['pubcookie_g']
|
40
|
-
end
|
33
|
+
def set_pubcookie! request, response
|
34
|
+
if !request.params['pubcookie_g'].nil? &&
|
35
|
+
request.params['pubcookie_g'] != request.cookies['pubcookie_g']
|
36
|
+
response.set_cookie 'pubcookie_g', :path => '/', :secure => true,
|
37
|
+
:value => request.params['pubcookie_g']
|
41
38
|
end
|
42
|
-
|
43
|
-
response.finish
|
44
39
|
end
|
45
40
|
|
46
|
-
protected
|
47
|
-
|
48
41
|
def extract_username request
|
49
42
|
# If coments below refer to a URL, they mean this one:
|
50
43
|
# http://svn.cac.washington.edu/viewvc/pubcookie/trunk/src/pubcookie.h?view=markup
|
@@ -73,38 +66,13 @@ module Rack
|
|
73
66
|
create_ts = Time.at create_ts
|
74
67
|
last_ts = Time.at last_ts
|
75
68
|
|
76
|
-
if Time.now < create_ts + @
|
69
|
+
if Time.now < create_ts + @expires_after && appid == @appid
|
77
70
|
user
|
78
71
|
else
|
79
72
|
nil
|
80
73
|
end
|
81
74
|
end
|
82
75
|
|
83
|
-
# For a better description on what each of these values are, go to
|
84
|
-
# https://wiki.doit.wisc.edu/confluence/display/WEBISO/Pubcookie+Granting+Request+Interface
|
85
|
-
def request_login_arguments
|
86
|
-
args = {
|
87
|
-
:one => @host, # FQDN of our host
|
88
|
-
:two => @appid, # Our AppID for pubcookie
|
89
|
-
:three => 1, # ?
|
90
|
-
:four => 'a5', # Version/encryption?
|
91
|
-
:five => 'GET', # method, even though we lie?
|
92
|
-
:six => @host, # our host domain name
|
93
|
-
:seven => '/auth/pubcookie/callback', # Where to return
|
94
|
-
:eight => '', # ?
|
95
|
-
:nine => 1, # Probably should be different...
|
96
|
-
:hostname => @host, # Pubcookie needs it 3 times...
|
97
|
-
:referer => '(null)', # Just don't bother
|
98
|
-
:sess_re => 0, # Don't force re-authentication
|
99
|
-
:pre_sess_tok => Kernel.rand(2000000), # Just a random 32bit number
|
100
|
-
:flag => 0, # ?
|
101
|
-
:file => '' # ?
|
102
|
-
}
|
103
|
-
|
104
|
-
args[:seven] = Base64.encode64(args[:seven]).chomp
|
105
|
-
args
|
106
|
-
end
|
107
|
-
|
108
76
|
def login_page_html
|
109
77
|
query = request_login_arguments.to_a.map{ |k, v|
|
110
78
|
"#{k}=#{Rack::Utils.escape v}"
|
@@ -133,6 +101,37 @@ module Rack
|
|
133
101
|
HTML
|
134
102
|
end
|
135
103
|
|
104
|
+
def callback_path
|
105
|
+
'/auth/pubcookie/callback'
|
106
|
+
end
|
107
|
+
|
108
|
+
protected
|
109
|
+
|
110
|
+
# For a better description on what each of these values are, go to
|
111
|
+
# https://wiki.doit.wisc.edu/confluence/display/WEBISO/Pubcookie+Granting+Request+Interface
|
112
|
+
def request_login_arguments
|
113
|
+
args = {
|
114
|
+
:one => @host, # FQDN of our host
|
115
|
+
:two => @appid, # Our AppID for pubcookie
|
116
|
+
:three => 1, # ?
|
117
|
+
:four => 'a5', # Version/encryption, yet ignored...
|
118
|
+
:five => 'GET', # method, even though we lie...
|
119
|
+
:six => @host, # our host domain name
|
120
|
+
:seven => callback_path, # Where to return
|
121
|
+
:eight => '', # ?
|
122
|
+
:nine => 1, # Probably should be different...
|
123
|
+
:hostname => @host, # Again, our FQDN
|
124
|
+
:referer => '(null)', # Doesn't matter if no referer
|
125
|
+
:sess_re => 0, # Don't force re-authentication
|
126
|
+
:pre_sess_tok => Kernel.rand(2000000), # Just a random 32bit number
|
127
|
+
:flag => 0, # ?
|
128
|
+
:file => '' # ?
|
129
|
+
}
|
130
|
+
|
131
|
+
args[:seven] = Base64.encode64(args[:seven]).chomp
|
132
|
+
args
|
133
|
+
end
|
134
|
+
|
136
135
|
end
|
137
136
|
end
|
138
137
|
end
|
data/lib/rack/pubcookie/des.rb
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe Rack::Pubcookie
|
3
|
+
describe Rack::Pubcookie do
|
4
4
|
|
5
5
|
include Rack::Test::Methods
|
6
6
|
|
7
7
|
def app
|
8
8
|
Rack::Builder.new {
|
9
|
-
use Rack::Pubcookie
|
10
|
-
|
11
|
-
Rack::Test.fixture_path + '/
|
9
|
+
use Rack::Pubcookie, :login_server => 'example.com',
|
10
|
+
:host => 'myhost.com', :appid => 'testappid',
|
11
|
+
:keyfile => Rack::Test.fixture_path + '/test.com',
|
12
|
+
:granting_cert => Rack::Test.fixture_path + '/granting.crt'
|
12
13
|
run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['llama']] }
|
13
14
|
}.to_app
|
14
15
|
end
|
@@ -113,9 +114,10 @@ describe Rack::Pubcookie::Auth do
|
|
113
114
|
describe "an invalid signature" do
|
114
115
|
def app
|
115
116
|
Rack::Builder.new {
|
116
|
-
use Rack::Pubcookie
|
117
|
-
|
118
|
-
Rack::Test.fixture_path + '/
|
117
|
+
use Rack::Pubcookie, :login_server => 'example.com',
|
118
|
+
:host => 'myhost.com', :appid => 'testappid',
|
119
|
+
:keyfile => Rack::Test.fixture_path + '/test.com',
|
120
|
+
:granting_cert => Rack::Test.fixture_path + '/invalid.crt'
|
119
121
|
run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['llama']] }
|
120
122
|
}.to_app
|
121
123
|
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 0.0.
|
8
|
+
- 3
|
9
|
+
version: 0.0.3
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Alex Crichton
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date:
|
17
|
+
date: 2011-01-19 00:00:00 -05:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -84,13 +84,12 @@ files:
|
|
84
84
|
- lib/rack/pubcookie/aes.rb
|
85
85
|
- lib/rack/pubcookie/auth.rb
|
86
86
|
- lib/rack/pubcookie/des.rb
|
87
|
-
- lib/rack/pubcookie/fake.rb
|
88
87
|
- lib/rack/pubcookie/version.rb
|
89
88
|
- README.md
|
90
89
|
- spec/fixtures/granting.crt
|
91
90
|
- spec/fixtures/invalid.crt
|
92
91
|
- spec/fixtures/test.com
|
93
|
-
- spec/rack/
|
92
|
+
- spec/rack/pubcookie_spec.rb
|
94
93
|
- spec/spec_helper.rb
|
95
94
|
has_rdoc: true
|
96
95
|
homepage: http://github.com/alexcrichton/rack-pubcookie
|
@@ -128,5 +127,5 @@ test_files:
|
|
128
127
|
- spec/fixtures/granting.crt
|
129
128
|
- spec/fixtures/invalid.crt
|
130
129
|
- spec/fixtures/test.com
|
131
|
-
- spec/rack/
|
130
|
+
- spec/rack/pubcookie_spec.rb
|
132
131
|
- spec/spec_helper.rb
|
data/lib/rack/pubcookie/fake.rb
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module Pubcookie
|
3
|
-
|
4
|
-
# This Rack interface is meant to be used in development. It mocks out
|
5
|
-
# pubcookie authentication by always setting the REMOTE_USER variable to
|
6
|
-
# a specific username given to the constructor.
|
7
|
-
#
|
8
|
-
# This is not meant to be used in production obviously...
|
9
|
-
class Fake
|
10
|
-
|
11
|
-
def initialize app, username
|
12
|
-
@app, @username = app, username
|
13
|
-
end
|
14
|
-
|
15
|
-
def call env
|
16
|
-
env['REMOTE_USER'] = @username
|
17
|
-
@app.call env
|
18
|
-
end
|
19
|
-
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|