rbsso 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rbsso/authentication.rb +9 -6
- data/lib/rbsso/client.rb +8 -1
- data/lib/rbsso/server.rb +3 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 20a13f10826dbcca961f89065f7813b021b30752
|
|
4
|
+
data.tar.gz: 38cb04d71b45bfe194a25044f7ca871a7edbc7da
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a50eb1a6b08d678e656e3beef4185b6c35cc64556768aa455385550902f6a027d83b3fb3c41f008fee05bfb8d0e6baef47ce08782f446b8f5abd7dec3bfbe7c8
|
|
7
|
+
data.tar.gz: 1b22eff992387af15a847d1c23c622fc477bf67322ec83b4fbb0b70cfed6f28688e26f62787c96307bcbde64994118088f702c39bcc0f25da0f02fb97ac450e6
|
data/lib/rbsso/authentication.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module RbSSO
|
|
2
2
|
class Authentication
|
|
3
|
-
VERSION =
|
|
3
|
+
VERSION = 4
|
|
4
4
|
|
|
5
5
|
class VersionMismatch < ArgumentError
|
|
6
6
|
def initialize(version)
|
|
@@ -8,20 +8,22 @@ module RbSSO
|
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
attr_reader :user, :service, :domain, :groups, :expires
|
|
11
|
+
attr_reader :user, :service, :domain, :groups, :nonce, :expires
|
|
12
12
|
|
|
13
|
-
def initialize(user:, service:, domain:, groups: [], ttl: 3600, expires: nil)
|
|
13
|
+
def initialize(user:, service:, domain:, groups: [], nonce: nil, ttl: 3600, expires: nil)
|
|
14
14
|
@user, @service, @domain, @groups = user, service, domain, groups
|
|
15
|
+
@nonce = nonce
|
|
15
16
|
@expires = expires || (Time.now + ttl).to_i
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def self.parse(string)
|
|
19
|
-
version, user, service, domain, expires, groups = string.split '|'
|
|
20
|
+
version, user, service, domain, expires, nonce, groups = string.split '|'
|
|
20
21
|
check_version(version)
|
|
21
22
|
new user: user,
|
|
22
23
|
service: service,
|
|
23
24
|
domain: domain,
|
|
24
25
|
expires: expires.to_i,
|
|
26
|
+
nonce: nonce,
|
|
25
27
|
groups: (groups || '').split(',')
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -34,7 +36,7 @@ module RbSSO
|
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
def content
|
|
37
|
-
[VERSION, user, service, domain, expires.to_s, groups.join(',')]
|
|
39
|
+
[VERSION, user, service, domain, expires.to_s, nonce, groups.join(',')]
|
|
38
40
|
end
|
|
39
41
|
|
|
40
42
|
def ==(other)
|
|
@@ -42,7 +44,8 @@ module RbSSO
|
|
|
42
44
|
service == other.service &&
|
|
43
45
|
domain == other.domain &&
|
|
44
46
|
groups == other.groups &&
|
|
45
|
-
expires == other.expires
|
|
47
|
+
expires == other.expires &&
|
|
48
|
+
nonce == other.nonce
|
|
46
49
|
end
|
|
47
50
|
|
|
48
51
|
def expired?
|
data/lib/rbsso/client.rb
CHANGED
|
@@ -16,6 +16,12 @@ module RbSSO
|
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
class NonceMismatch < RuntimeError
|
|
20
|
+
def initialize(expected, was)
|
|
21
|
+
super "Ticket nonce '#{was}' differs from session nonce '#{expected}'."
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
19
25
|
def initialize(service, key)
|
|
20
26
|
if !key || key !~ /[0-9a-f]{64}/i
|
|
21
27
|
raise ArgumentError, "key MUST be 32 bytes, hex encoded string, was: #{key}"
|
|
@@ -25,11 +31,12 @@ module RbSSO
|
|
|
25
31
|
@verify_key = key
|
|
26
32
|
end
|
|
27
33
|
|
|
28
|
-
def open(ticket_string)
|
|
34
|
+
def open(ticket_string, nonce: nil)
|
|
29
35
|
ticket = RbSSO::Ticket.open ticket_string, verify_key
|
|
30
36
|
auth = RbSSO::Authentication.parse ticket.content
|
|
31
37
|
raise TicketExpired.new(auth.expires) if auth.expired?
|
|
32
38
|
raise WrongService.new(service, auth.service) if auth.service != service
|
|
39
|
+
raise NonceMismatch.new(nonce, auth.nonce) if auth.nonce != nonce
|
|
33
40
|
auth.to_info
|
|
34
41
|
end
|
|
35
42
|
|
data/lib/rbsso/server.rb
CHANGED
|
@@ -13,10 +13,11 @@ module RbSSO
|
|
|
13
13
|
@key = RbNaCl::SigningKey.new seed_binary
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
def ticket(user
|
|
16
|
+
def ticket(user:, service:, domain:, nonce: nil)
|
|
17
17
|
auth = RbSSO::Authentication.new user: user,
|
|
18
18
|
service: service,
|
|
19
|
-
domain: domain
|
|
19
|
+
domain: domain,
|
|
20
|
+
nonce: nonce
|
|
20
21
|
ticket = RbSSO::Ticket.sign auth, key
|
|
21
22
|
return ticket.to_base64
|
|
22
23
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rbsso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Azul
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-01-
|
|
11
|
+
date: 2017-01-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rbnacl
|