rack-pubcookie 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +3 -2
- data/lib/rack/pubcookie.rb +27 -5
- data/lib/rack/pubcookie/aes.rb +1 -1
- data/lib/rack/pubcookie/auth.rb +56 -57
- data/lib/rack/pubcookie/des.rb +1 -1
- data/lib/rack/pubcookie/version.rb +2 -2
- data/spec/rack/{pubcookie/auth_spec.rb → pubcookie_spec.rb} +9 -7
- metadata +5 -6
- data/lib/rack/pubcookie/fake.rb +0 -22
data/README.md
CHANGED
@@ -30,8 +30,9 @@ Once these six pieces have been obtained, you can then use it like this:
|
|
30
30
|
# This is located in config.ru
|
31
31
|
require 'rack/pubcookie'
|
32
32
|
|
33
|
-
use Rack::Pubcookie
|
34
|
-
@
|
33
|
+
use Rack::Pubcookie, :login_server => @login_server, :host_name => @hostname,
|
34
|
+
:appid => @appid, :keyfile_path => @keyfile_path,
|
35
|
+
:granting_cert => @granting_certificate_path
|
35
36
|
|
36
37
|
# @login_server => 'login.example.com[:port]' (port optional)
|
37
38
|
# @hostname => 'myapp.example.com[:port]' (port optional)
|
data/lib/rack/pubcookie.rb
CHANGED
@@ -1,11 +1,33 @@
|
|
1
1
|
require 'rack'
|
2
2
|
|
3
|
+
require 'rack/pubcookie/version'
|
4
|
+
require 'rack/pubcookie/auth'
|
5
|
+
|
3
6
|
module Rack
|
4
|
-
|
5
|
-
|
7
|
+
class Pubcookie
|
8
|
+
|
9
|
+
include Auth
|
10
|
+
|
11
|
+
def initialize app, options
|
12
|
+
@app = app
|
13
|
+
self.pubcookie_options = options
|
14
|
+
end
|
15
|
+
|
16
|
+
def call env
|
17
|
+
request = Rack::Request.new env
|
18
|
+
|
19
|
+
if request.path == '/auth/pubcookie'
|
20
|
+
response = Rack::Response.new login_page_html
|
21
|
+
else
|
22
|
+
request.env['REMOTE_USER'] = extract_username request
|
23
|
+
status, headers, body = @app.call(request.env)
|
24
|
+
response = Rack::Response.new body, status, headers
|
25
|
+
|
26
|
+
set_pubcookie! request, response
|
27
|
+
end
|
28
|
+
|
29
|
+
response.finish
|
30
|
+
end
|
6
31
|
|
7
|
-
autoload :Auth, 'rack/pubcookie/auth'
|
8
|
-
autoload :AES, 'rack/pubcookie/aes'
|
9
|
-
autoload :DES, 'rack/pubcookie/des'
|
10
32
|
end
|
11
33
|
end
|
data/lib/rack/pubcookie/aes.rb
CHANGED
data/lib/rack/pubcookie/auth.rb
CHANGED
@@ -2,49 +2,42 @@ require 'rack/utils'
|
|
2
2
|
require 'openssl'
|
3
3
|
require 'base64'
|
4
4
|
|
5
|
+
require 'rack/pubcookie/aes'
|
6
|
+
require 'rack/pubcookie/des'
|
7
|
+
|
5
8
|
module Rack
|
6
|
-
|
7
|
-
|
9
|
+
class Pubcookie
|
10
|
+
module Auth
|
8
11
|
|
9
12
|
include AES
|
10
13
|
include DES
|
11
14
|
|
12
|
-
def
|
13
|
-
|
14
|
-
@
|
15
|
-
@
|
16
|
-
@
|
17
|
-
@
|
18
|
-
|
19
|
-
@
|
15
|
+
def pubcookie_options= options
|
16
|
+
@login_server = options[:login_server]
|
17
|
+
@host = options[:host]
|
18
|
+
@appid = options[:appid]
|
19
|
+
@keyfile = options[:keyfile]
|
20
|
+
@granting_cert = options[:granting_cert]
|
21
|
+
|
22
|
+
if @login_server.nil? || @host.nil? || @appid.nil? || @keyfile.nil? ||
|
23
|
+
@granting_cert.nil?
|
24
|
+
raise 'Need all of :login_server, :host, :appid, :keyfile, and :granting_cert specified to use pubcookie!'
|
25
|
+
end
|
26
|
+
|
27
|
+
@granting = OpenSSL::X509::Certificate.new(::File.read(@granting_cert))
|
20
28
|
::File.open(@keyfile, 'rb'){ |f| @key = f.read.bytes.to_a }
|
21
29
|
|
22
|
-
@options
|
23
|
-
@options[:expires_after] = 24 * 3600 # 24 hrs
|
30
|
+
@expires_after ||= options[:expires_after] || 24 * 3600 # 24 hrs
|
24
31
|
end
|
25
32
|
|
26
|
-
def
|
27
|
-
request
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
else
|
32
|
-
request.env['REMOTE_USER'] = extract_username request
|
33
|
-
status, headers, body = @app.call(request.env)
|
34
|
-
response = Rack::Response.new body, status, headers
|
35
|
-
|
36
|
-
if !request.params['pubcookie_g'].nil? &&
|
37
|
-
request.params['pubcookie_g'] != request.cookies['pubcookie_g']
|
38
|
-
response.set_cookie 'pubcookie_g', :path => '/', :secure => true,
|
39
|
-
:value => request.params['pubcookie_g']
|
40
|
-
end
|
33
|
+
def set_pubcookie! request, response
|
34
|
+
if !request.params['pubcookie_g'].nil? &&
|
35
|
+
request.params['pubcookie_g'] != request.cookies['pubcookie_g']
|
36
|
+
response.set_cookie 'pubcookie_g', :path => '/', :secure => true,
|
37
|
+
:value => request.params['pubcookie_g']
|
41
38
|
end
|
42
|
-
|
43
|
-
response.finish
|
44
39
|
end
|
45
40
|
|
46
|
-
protected
|
47
|
-
|
48
41
|
def extract_username request
|
49
42
|
# If coments below refer to a URL, they mean this one:
|
50
43
|
# http://svn.cac.washington.edu/viewvc/pubcookie/trunk/src/pubcookie.h?view=markup
|
@@ -73,38 +66,13 @@ module Rack
|
|
73
66
|
create_ts = Time.at create_ts
|
74
67
|
last_ts = Time.at last_ts
|
75
68
|
|
76
|
-
if Time.now < create_ts + @
|
69
|
+
if Time.now < create_ts + @expires_after && appid == @appid
|
77
70
|
user
|
78
71
|
else
|
79
72
|
nil
|
80
73
|
end
|
81
74
|
end
|
82
75
|
|
83
|
-
# For a better description on what each of these values are, go to
|
84
|
-
# https://wiki.doit.wisc.edu/confluence/display/WEBISO/Pubcookie+Granting+Request+Interface
|
85
|
-
def request_login_arguments
|
86
|
-
args = {
|
87
|
-
:one => @host, # FQDN of our host
|
88
|
-
:two => @appid, # Our AppID for pubcookie
|
89
|
-
:three => 1, # ?
|
90
|
-
:four => 'a5', # Version/encryption?
|
91
|
-
:five => 'GET', # method, even though we lie?
|
92
|
-
:six => @host, # our host domain name
|
93
|
-
:seven => '/auth/pubcookie/callback', # Where to return
|
94
|
-
:eight => '', # ?
|
95
|
-
:nine => 1, # Probably should be different...
|
96
|
-
:hostname => @host, # Pubcookie needs it 3 times...
|
97
|
-
:referer => '(null)', # Just don't bother
|
98
|
-
:sess_re => 0, # Don't force re-authentication
|
99
|
-
:pre_sess_tok => Kernel.rand(2000000), # Just a random 32bit number
|
100
|
-
:flag => 0, # ?
|
101
|
-
:file => '' # ?
|
102
|
-
}
|
103
|
-
|
104
|
-
args[:seven] = Base64.encode64(args[:seven]).chomp
|
105
|
-
args
|
106
|
-
end
|
107
|
-
|
108
76
|
def login_page_html
|
109
77
|
query = request_login_arguments.to_a.map{ |k, v|
|
110
78
|
"#{k}=#{Rack::Utils.escape v}"
|
@@ -133,6 +101,37 @@ module Rack
|
|
133
101
|
HTML
|
134
102
|
end
|
135
103
|
|
104
|
+
def callback_path
|
105
|
+
'/auth/pubcookie/callback'
|
106
|
+
end
|
107
|
+
|
108
|
+
protected
|
109
|
+
|
110
|
+
# For a better description on what each of these values are, go to
|
111
|
+
# https://wiki.doit.wisc.edu/confluence/display/WEBISO/Pubcookie+Granting+Request+Interface
|
112
|
+
def request_login_arguments
|
113
|
+
args = {
|
114
|
+
:one => @host, # FQDN of our host
|
115
|
+
:two => @appid, # Our AppID for pubcookie
|
116
|
+
:three => 1, # ?
|
117
|
+
:four => 'a5', # Version/encryption, yet ignored...
|
118
|
+
:five => 'GET', # method, even though we lie...
|
119
|
+
:six => @host, # our host domain name
|
120
|
+
:seven => callback_path, # Where to return
|
121
|
+
:eight => '', # ?
|
122
|
+
:nine => 1, # Probably should be different...
|
123
|
+
:hostname => @host, # Again, our FQDN
|
124
|
+
:referer => '(null)', # Doesn't matter if no referer
|
125
|
+
:sess_re => 0, # Don't force re-authentication
|
126
|
+
:pre_sess_tok => Kernel.rand(2000000), # Just a random 32bit number
|
127
|
+
:flag => 0, # ?
|
128
|
+
:file => '' # ?
|
129
|
+
}
|
130
|
+
|
131
|
+
args[:seven] = Base64.encode64(args[:seven]).chomp
|
132
|
+
args
|
133
|
+
end
|
134
|
+
|
136
135
|
end
|
137
136
|
end
|
138
137
|
end
|
data/lib/rack/pubcookie/des.rb
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe Rack::Pubcookie
|
3
|
+
describe Rack::Pubcookie do
|
4
4
|
|
5
5
|
include Rack::Test::Methods
|
6
6
|
|
7
7
|
def app
|
8
8
|
Rack::Builder.new {
|
9
|
-
use Rack::Pubcookie
|
10
|
-
|
11
|
-
Rack::Test.fixture_path + '/
|
9
|
+
use Rack::Pubcookie, :login_server => 'example.com',
|
10
|
+
:host => 'myhost.com', :appid => 'testappid',
|
11
|
+
:keyfile => Rack::Test.fixture_path + '/test.com',
|
12
|
+
:granting_cert => Rack::Test.fixture_path + '/granting.crt'
|
12
13
|
run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['llama']] }
|
13
14
|
}.to_app
|
14
15
|
end
|
@@ -113,9 +114,10 @@ describe Rack::Pubcookie::Auth do
|
|
113
114
|
describe "an invalid signature" do
|
114
115
|
def app
|
115
116
|
Rack::Builder.new {
|
116
|
-
use Rack::Pubcookie
|
117
|
-
|
118
|
-
Rack::Test.fixture_path + '/
|
117
|
+
use Rack::Pubcookie, :login_server => 'example.com',
|
118
|
+
:host => 'myhost.com', :appid => 'testappid',
|
119
|
+
:keyfile => Rack::Test.fixture_path + '/test.com',
|
120
|
+
:granting_cert => Rack::Test.fixture_path + '/invalid.crt'
|
119
121
|
run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['llama']] }
|
120
122
|
}.to_app
|
121
123
|
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 0.0.
|
8
|
+
- 3
|
9
|
+
version: 0.0.3
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Alex Crichton
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date:
|
17
|
+
date: 2011-01-19 00:00:00 -05:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -84,13 +84,12 @@ files:
|
|
84
84
|
- lib/rack/pubcookie/aes.rb
|
85
85
|
- lib/rack/pubcookie/auth.rb
|
86
86
|
- lib/rack/pubcookie/des.rb
|
87
|
-
- lib/rack/pubcookie/fake.rb
|
88
87
|
- lib/rack/pubcookie/version.rb
|
89
88
|
- README.md
|
90
89
|
- spec/fixtures/granting.crt
|
91
90
|
- spec/fixtures/invalid.crt
|
92
91
|
- spec/fixtures/test.com
|
93
|
-
- spec/rack/
|
92
|
+
- spec/rack/pubcookie_spec.rb
|
94
93
|
- spec/spec_helper.rb
|
95
94
|
has_rdoc: true
|
96
95
|
homepage: http://github.com/alexcrichton/rack-pubcookie
|
@@ -128,5 +127,5 @@ test_files:
|
|
128
127
|
- spec/fixtures/granting.crt
|
129
128
|
- spec/fixtures/invalid.crt
|
130
129
|
- spec/fixtures/test.com
|
131
|
-
- spec/rack/
|
130
|
+
- spec/rack/pubcookie_spec.rb
|
132
131
|
- spec/spec_helper.rb
|
data/lib/rack/pubcookie/fake.rb
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module Pubcookie
|
3
|
-
|
4
|
-
# This Rack interface is meant to be used in development. It mocks out
|
5
|
-
# pubcookie authentication by always setting the REMOTE_USER variable to
|
6
|
-
# a specific username given to the constructor.
|
7
|
-
#
|
8
|
-
# This is not meant to be used in production obviously...
|
9
|
-
class Fake
|
10
|
-
|
11
|
-
def initialize app, username
|
12
|
-
@app, @username = app, username
|
13
|
-
end
|
14
|
-
|
15
|
-
def call env
|
16
|
-
env['REMOTE_USER'] = @username
|
17
|
-
@app.call env
|
18
|
-
end
|
19
|
-
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|