rack-simple-auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/README.md +35 -0
  2. data/lib/rack-simple-auth.rb +38 -0
  3. metadata +63 -0
data/README.md ADDED
@@ -0,0 +1,35 @@
1
+ # Rack::SimpleAuth
2
+
3
+ A dead simple rack middleware for cookie authentication. This middleware enhances an existing auth solution by providing access to multiple apps (which may have their own authentication code) from a single cookie. This was originally created to prevent access to a set of staging apps. We use our own key/secret and cookie here so that the staging apps can maintain their own cookie secrets and authentication solutions.
4
+
5
+ ### Usage
6
+
7
+ For rails, create an initializer file with something like:
8
+
9
+ MyApp::Application.config.middleware.use Rack::SimpleAuth,
10
+ key: 'your_cookie_key', # required
11
+ secret: 'my_long_secret', # required
12
+ login_url: 'http://url_where_user_will_be_redirected_to_authenticate.com', # required
13
+ authenticated_with: Proc.new { |value| true } # optional: must return a boolean
14
+
15
+ By default, the middleware doesn't actually check the value of the cookie, only that the correct key exists and hasn't been tampered with. You can add more complex rules by passing the `authenticated_with` option with a proc that takes the cookie value as its only argument.
16
+
17
+ For example:
18
+
19
+ # assuming you had a User model and the cookie value is a user_id
20
+ authenticated_with: Proc.new { |value| user = User.find(value) && user.admin? }
21
+
22
+ ### How it Works
23
+
24
+ The middleware relies on you creating a custom cookie with your own authentication code. Your authentication cookie code can decide which domain this cookie applies to, allowing you to create a universal access token for all apps on a particular subdomain.
25
+
26
+ Example cookie code:
27
+
28
+ # called after a user has authenticated
29
+ def save_auth_cookie
30
+ packed_data = [my_cookie_data.to_s].pack('m*')
31
+ hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, YOUR_SECRET, packed_data)
32
+ cookies[YOUR_KEY] = { domain: '.yourdomain.com', value: "#{packed_data}--#{hmac}" }
33
+ end
34
+
35
+ If cookie authentication fails in the middleware, it will redirect the user to the url provided in the `login_url` option. The middleware will also send the requested url in the return_to param so that you may redirect the user back to the requested url once they have authenticated.
data/lib/rack-simple-auth.rb ADDED
@@ -0,0 +1,38 @@
1
+ require 'rack'
2
+ require 'rack/request'
3
+
4
+ module Rack
5
+ class SimpleAuth
6
+ def initialize(app, options = {})
7
+ @app = app
8
+ @key = options[:key]
9
+ @secret = options[:secret]
10
+ @login_url = options[:login_url]
11
+ @authenticated_with = options[:authenticated_with] || Proc.new { |value| true }
12
+ end
13
+
14
+ def call(env)
15
+ request = Request.new(env)
16
+ if authenticated? request.cookies
17
+ @app.call(env)
18
+ else
19
+ [302, {'Location' => "#{@login_url}?return_to=#{request.url}"}, ['You must be logged in to see this.']]
20
+ end
21
+ end
22
+
23
+ def authenticated?(cookies)
24
+ if data = cookies[@key]
25
+ packed_data, digest = data.split('--')
26
+ hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @secret, packed_data)
27
+ begin
28
+ # false if tampering going on
29
+ digest == hmac && @authenticated_with.call(packed_data.unpack("m*").first)
30
+ rescue
31
+ false
32
+ end
33
+ else
34
+ false
35
+ end
36
+ end
37
+ end
38
+ end
metadata ADDED
@@ -0,0 +1,63 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-simple-auth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Rob Law
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-02-08 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ description: A middleware the prevents access to a rack app without the proper cookie.
31
+ email: rob@robmadethis.com
32
+ executables: []
33
+ extensions: []
34
+ extra_rdoc_files: []
35
+ files:
36
+ - lib/rack-simple-auth.rb
37
+ - README.md
38
+ homepage: http://robmadethis.com
39
+ licenses:
40
+ - MIT
41
+ post_install_message:
42
+ rdoc_options: []
43
+ require_paths:
44
+ - lib
45
+ required_ruby_version: !ruby/object:Gem::Requirement
46
+ none: false
47
+ requirements:
48
+ - - ! '>='
49
+ - !ruby/object:Gem::Version
50
+ version: 1.9.2
51
+ required_rubygems_version: !ruby/object:Gem::Requirement
52
+ none: false
53
+ requirements:
54
+ - - ! '>='
55
+ - !ruby/object:Gem::Version
56
+ version: '0'
57
+ requirements: []
58
+ rubyforge_project:
59
+ rubygems_version: 1.8.24
60
+ signing_key:
61
+ specification_version: 3
62
+ summary: A rack middleware for cookie authentication.
63
+ test_files: []