rbsso 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/rbsso.rb +2 -0
- data/lib/rbsso/client.rb +25 -0
- data/lib/rbsso/content.rb +41 -0
- data/lib/rbsso/server.rb +29 -0
- data/lib/rbsso/ticket.rb +26 -0
- metadata +99 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 75980e68e3d92bcfc59318aa7cdd6b36cc543ca6
|
|
4
|
+
data.tar.gz: bd94e5d7917823d74151cf238afaa2e92ca72a5a
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: f8572edfafd1de42e05e74c642225c648213bcb4e2d4223b4eecd58d598bffefa08e7c8f0cf49bf73d9b53577508bfb5dc550da06a5f708f872de6d328a15736
|
|
7
|
+
data.tar.gz: a06367346e63c690e1777cd8746d31f2da22612ec1d2ea8ce7253fd0f618e04eb97c6b46167a125999e73dc4abc1970d04959dd67f4d1b1672888aa72dc749c3
|
data/lib/rbsso.rb
ADDED
data/lib/rbsso/client.rb
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require 'rbnacl'
|
|
2
|
+
require 'rbsso/ticket'
|
|
3
|
+
require 'rbsso/content'
|
|
4
|
+
|
|
5
|
+
module RbSSO
|
|
6
|
+
class Client
|
|
7
|
+
|
|
8
|
+
def initialize(key)
|
|
9
|
+
if !key || key !~ /[0-9a-f]{64}/i
|
|
10
|
+
raise ArgumentError, "key MUST be 32 bytes, hex encoded string, was: #{key}"
|
|
11
|
+
end
|
|
12
|
+
key = RbNaCl::VerifyKey.new [key].pack('H*')
|
|
13
|
+
@verify_key = key
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def open(ticket_string)
|
|
17
|
+
ticket = RbSSO::Ticket.open ticket_string, verify_key
|
|
18
|
+
content = RbSSO::Content.parse ticket.content
|
|
19
|
+
content.to_info
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
protected
|
|
23
|
+
attr_reader :verify_key
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
module RbSSO
|
|
2
|
+
class Content
|
|
3
|
+
VERSION = 3
|
|
4
|
+
|
|
5
|
+
attr_reader :user, :service, :domain, :groups, :expires
|
|
6
|
+
|
|
7
|
+
def initialize(user:, service:, domain:, groups: [], ttl: 3600, expires: nil)
|
|
8
|
+
@user, @service, @domain, @groups = user, service, domain, groups
|
|
9
|
+
@expires = expires || (Time.now + ttl).to_i
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.parse(string)
|
|
13
|
+
version, user, service, domain, expires, groups = string.split '|'
|
|
14
|
+
groups ||= ''
|
|
15
|
+
groups = groups.split ','
|
|
16
|
+
expires = expires.to_i
|
|
17
|
+
new user: user, service: service, domain: domain, expires: expires, groups: groups
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def to_s
|
|
21
|
+
content.join '|'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def to_info
|
|
25
|
+
{ name: user, email: user + '@' + domain }
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def content
|
|
29
|
+
[VERSION, user, service, domain, expires.to_s, groups.join(',')]
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def ==(other)
|
|
33
|
+
user == other.user &&
|
|
34
|
+
service == other.service &&
|
|
35
|
+
domain == other.domain &&
|
|
36
|
+
groups == other.groups &&
|
|
37
|
+
expires == other.expires
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
end
|
|
41
|
+
end
|
data/lib/rbsso/server.rb
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
require 'rbsso/content'
|
|
2
|
+
require 'rbsso/ticket'
|
|
3
|
+
|
|
4
|
+
module RbSSO
|
|
5
|
+
class Server
|
|
6
|
+
|
|
7
|
+
def initialize(secret)
|
|
8
|
+
if !secret || secret !~ /[0-9a-f]{64}/i
|
|
9
|
+
raise ArgumentError, "seed MUST be 32 bytes, hex encoded string"
|
|
10
|
+
end
|
|
11
|
+
seed_binary = [secret].pack('H*')
|
|
12
|
+
@key = RbNaCl::SigningKey.new seed_binary
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def ticket(user, service, domain)
|
|
16
|
+
content = RbSSO::Content.new user: user, service: service, domain: domain
|
|
17
|
+
ticket = RbSSO::Ticket.sign content, key
|
|
18
|
+
return ticket.to_base64
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def verify_key
|
|
22
|
+
key.verify_key.to_s.unpack('H*').first
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
protected
|
|
26
|
+
|
|
27
|
+
attr_reader :key
|
|
28
|
+
end
|
|
29
|
+
end
|
data/lib/rbsso/ticket.rb
ADDED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
require 'base64'
|
|
2
|
+
|
|
3
|
+
module RbSSO
|
|
4
|
+
class Ticket
|
|
5
|
+
attr_reader :content, :signature
|
|
6
|
+
|
|
7
|
+
def self.sign(content, key)
|
|
8
|
+
new content.to_s, key.sign(content.to_s), key.verify_key
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def self.open(encoded, verify_key)
|
|
12
|
+
decoded = Base64.urlsafe_decode64 encoded
|
|
13
|
+
new decoded[64..-1], decoded[0..63], verify_key
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def initialize(content, signature, verify_key)
|
|
17
|
+
verify_key.verify(signature, content)
|
|
18
|
+
@content = content
|
|
19
|
+
@signature = signature
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def to_base64
|
|
23
|
+
Base64.urlsafe_encode64(signature + content)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: rbsso
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Azul
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-01-12 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rbnacl
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 3.4.0
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '5.0'
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: 3.4.0
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '5.0'
|
|
33
|
+
- !ruby/object:Gem::Dependency
|
|
34
|
+
name: rake
|
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - "~>"
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '12.0'
|
|
40
|
+
type: :development
|
|
41
|
+
prerelease: false
|
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - "~>"
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '12.0'
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: minitest
|
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - "~>"
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '5.0'
|
|
54
|
+
type: :development
|
|
55
|
+
prerelease: false
|
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - "~>"
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '5.0'
|
|
61
|
+
description: |
|
|
62
|
+
This is a ruby version based on libsodium of "ai sso"(https://git.autistici.org/ai/sso).
|
|
63
|
+
|
|
64
|
+
We'll provide an omniauth strategy. It could also be used in bonafide server to sign sso tickets to be consumed by soledad server.
|
|
65
|
+
email: azul@riseup.net
|
|
66
|
+
executables: []
|
|
67
|
+
extensions: []
|
|
68
|
+
extra_rdoc_files: []
|
|
69
|
+
files:
|
|
70
|
+
- lib/rbsso.rb
|
|
71
|
+
- lib/rbsso/client.rb
|
|
72
|
+
- lib/rbsso/content.rb
|
|
73
|
+
- lib/rbsso/server.rb
|
|
74
|
+
- lib/rbsso/ticket.rb
|
|
75
|
+
homepage: https://0xacab.org/azul/rbsso
|
|
76
|
+
licenses:
|
|
77
|
+
- MIT
|
|
78
|
+
metadata: {}
|
|
79
|
+
post_install_message:
|
|
80
|
+
rdoc_options: []
|
|
81
|
+
require_paths:
|
|
82
|
+
- lib
|
|
83
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
84
|
+
requirements:
|
|
85
|
+
- - ">="
|
|
86
|
+
- !ruby/object:Gem::Version
|
|
87
|
+
version: '0'
|
|
88
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
89
|
+
requirements:
|
|
90
|
+
- - ">="
|
|
91
|
+
- !ruby/object:Gem::Version
|
|
92
|
+
version: '0'
|
|
93
|
+
requirements: []
|
|
94
|
+
rubyforge_project:
|
|
95
|
+
rubygems_version: 2.5.1
|
|
96
|
+
signing_key:
|
|
97
|
+
specification_version: 4
|
|
98
|
+
summary: Ruby implementation for ai's libsso
|
|
99
|
+
test_files: []
|