rbsso 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rbsso/authentication.rb +9 -6
- data/lib/rbsso/client.rb +8 -1
- data/lib/rbsso/server.rb +3 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 20a13f10826dbcca961f89065f7813b021b30752
|
4
|
+
data.tar.gz: 38cb04d71b45bfe194a25044f7ca871a7edbc7da
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a50eb1a6b08d678e656e3beef4185b6c35cc64556768aa455385550902f6a027d83b3fb3c41f008fee05bfb8d0e6baef47ce08782f446b8f5abd7dec3bfbe7c8
|
7
|
+
data.tar.gz: 1b22eff992387af15a847d1c23c622fc477bf67322ec83b4fbb0b70cfed6f28688e26f62787c96307bcbde64994118088f702c39bcc0f25da0f02fb97ac450e6
|
data/lib/rbsso/authentication.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
module RbSSO
|
2
2
|
class Authentication
|
3
|
-
VERSION =
|
3
|
+
VERSION = 4
|
4
4
|
|
5
5
|
class VersionMismatch < ArgumentError
|
6
6
|
def initialize(version)
|
@@ -8,20 +8,22 @@ module RbSSO
|
|
8
8
|
end
|
9
9
|
end
|
10
10
|
|
11
|
-
attr_reader :user, :service, :domain, :groups, :expires
|
11
|
+
attr_reader :user, :service, :domain, :groups, :nonce, :expires
|
12
12
|
|
13
|
-
def initialize(user:, service:, domain:, groups: [], ttl: 3600, expires: nil)
|
13
|
+
def initialize(user:, service:, domain:, groups: [], nonce: nil, ttl: 3600, expires: nil)
|
14
14
|
@user, @service, @domain, @groups = user, service, domain, groups
|
15
|
+
@nonce = nonce
|
15
16
|
@expires = expires || (Time.now + ttl).to_i
|
16
17
|
end
|
17
18
|
|
18
19
|
def self.parse(string)
|
19
|
-
version, user, service, domain, expires, groups = string.split '|'
|
20
|
+
version, user, service, domain, expires, nonce, groups = string.split '|'
|
20
21
|
check_version(version)
|
21
22
|
new user: user,
|
22
23
|
service: service,
|
23
24
|
domain: domain,
|
24
25
|
expires: expires.to_i,
|
26
|
+
nonce: nonce,
|
25
27
|
groups: (groups || '').split(',')
|
26
28
|
end
|
27
29
|
|
@@ -34,7 +36,7 @@ module RbSSO
|
|
34
36
|
end
|
35
37
|
|
36
38
|
def content
|
37
|
-
[VERSION, user, service, domain, expires.to_s, groups.join(',')]
|
39
|
+
[VERSION, user, service, domain, expires.to_s, nonce, groups.join(',')]
|
38
40
|
end
|
39
41
|
|
40
42
|
def ==(other)
|
@@ -42,7 +44,8 @@ module RbSSO
|
|
42
44
|
service == other.service &&
|
43
45
|
domain == other.domain &&
|
44
46
|
groups == other.groups &&
|
45
|
-
expires == other.expires
|
47
|
+
expires == other.expires &&
|
48
|
+
nonce == other.nonce
|
46
49
|
end
|
47
50
|
|
48
51
|
def expired?
|
data/lib/rbsso/client.rb
CHANGED
@@ -16,6 +16,12 @@ module RbSSO
|
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
+
class NonceMismatch < RuntimeError
|
20
|
+
def initialize(expected, was)
|
21
|
+
super "Ticket nonce '#{was}' differs from session nonce '#{expected}'."
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
19
25
|
def initialize(service, key)
|
20
26
|
if !key || key !~ /[0-9a-f]{64}/i
|
21
27
|
raise ArgumentError, "key MUST be 32 bytes, hex encoded string, was: #{key}"
|
@@ -25,11 +31,12 @@ module RbSSO
|
|
25
31
|
@verify_key = key
|
26
32
|
end
|
27
33
|
|
28
|
-
def open(ticket_string)
|
34
|
+
def open(ticket_string, nonce: nil)
|
29
35
|
ticket = RbSSO::Ticket.open ticket_string, verify_key
|
30
36
|
auth = RbSSO::Authentication.parse ticket.content
|
31
37
|
raise TicketExpired.new(auth.expires) if auth.expired?
|
32
38
|
raise WrongService.new(service, auth.service) if auth.service != service
|
39
|
+
raise NonceMismatch.new(nonce, auth.nonce) if auth.nonce != nonce
|
33
40
|
auth.to_info
|
34
41
|
end
|
35
42
|
|
data/lib/rbsso/server.rb
CHANGED
@@ -13,10 +13,11 @@ module RbSSO
|
|
13
13
|
@key = RbNaCl::SigningKey.new seed_binary
|
14
14
|
end
|
15
15
|
|
16
|
-
def ticket(user
|
16
|
+
def ticket(user:, service:, domain:, nonce: nil)
|
17
17
|
auth = RbSSO::Authentication.new user: user,
|
18
18
|
service: service,
|
19
|
-
domain: domain
|
19
|
+
domain: domain,
|
20
|
+
nonce: nonce
|
20
21
|
ticket = RbSSO::Ticket.sign auth, key
|
21
22
|
return ticket.to_base64
|
22
23
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rbsso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Azul
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-01-
|
11
|
+
date: 2017-01-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rbnacl
|