rbsso 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 996a190fc1fa080d95879c4ea3394e775d7702c4
4
- data.tar.gz: 9952ff5c4043e76c7bb7676e0548294732a10459
3
+ metadata.gz: 20a13f10826dbcca961f89065f7813b021b30752
4
+ data.tar.gz: 38cb04d71b45bfe194a25044f7ca871a7edbc7da
5
5
  SHA512:
6
- metadata.gz: f21e9d6425249836f09d683899bb9b95a96f5a8d0f1f20e0b3d0cfb51d0715522720d336622d3573848f2073c2fadf8975a92773928f65f5ce558f5f9d97deac
7
- data.tar.gz: 132676840c808b18a78788561a867f045f41ee25659836b3faaf316b363c62a3631846836d1ccbbf6f7f0cf6167e95ff89fb2b706c934d5387c4e94c8965a635
6
+ metadata.gz: a50eb1a6b08d678e656e3beef4185b6c35cc64556768aa455385550902f6a027d83b3fb3c41f008fee05bfb8d0e6baef47ce08782f446b8f5abd7dec3bfbe7c8
7
+ data.tar.gz: 1b22eff992387af15a847d1c23c622fc477bf67322ec83b4fbb0b70cfed6f28688e26f62787c96307bcbde64994118088f702c39bcc0f25da0f02fb97ac450e6
@@ -1,6 +1,6 @@
1
1
  module RbSSO
2
2
  class Authentication
3
- VERSION = 3
3
+ VERSION = 4
4
4
 
5
5
  class VersionMismatch < ArgumentError
6
6
  def initialize(version)
@@ -8,20 +8,22 @@ module RbSSO
8
8
  end
9
9
  end
10
10
 
11
- attr_reader :user, :service, :domain, :groups, :expires
11
+ attr_reader :user, :service, :domain, :groups, :nonce, :expires
12
12
 
13
- def initialize(user:, service:, domain:, groups: [], ttl: 3600, expires: nil)
13
+ def initialize(user:, service:, domain:, groups: [], nonce: nil, ttl: 3600, expires: nil)
14
14
  @user, @service, @domain, @groups = user, service, domain, groups
15
+ @nonce = nonce
15
16
  @expires = expires || (Time.now + ttl).to_i
16
17
  end
17
18
 
18
19
  def self.parse(string)
19
- version, user, service, domain, expires, groups = string.split '|'
20
+ version, user, service, domain, expires, nonce, groups = string.split '|'
20
21
  check_version(version)
21
22
  new user: user,
22
23
  service: service,
23
24
  domain: domain,
24
25
  expires: expires.to_i,
26
+ nonce: nonce,
25
27
  groups: (groups || '').split(',')
26
28
  end
27
29
 
@@ -34,7 +36,7 @@ module RbSSO
34
36
  end
35
37
 
36
38
  def content
37
- [VERSION, user, service, domain, expires.to_s, groups.join(',')]
39
+ [VERSION, user, service, domain, expires.to_s, nonce, groups.join(',')]
38
40
  end
39
41
 
40
42
  def ==(other)
@@ -42,7 +44,8 @@ module RbSSO
42
44
  service == other.service &&
43
45
  domain == other.domain &&
44
46
  groups == other.groups &&
45
- expires == other.expires
47
+ expires == other.expires &&
48
+ nonce == other.nonce
46
49
  end
47
50
 
48
51
  def expired?
data/lib/rbsso/client.rb CHANGED
@@ -16,6 +16,12 @@ module RbSSO
16
16
  end
17
17
  end
18
18
 
19
+ class NonceMismatch < RuntimeError
20
+ def initialize(expected, was)
21
+ super "Ticket nonce '#{was}' differs from session nonce '#{expected}'."
22
+ end
23
+ end
24
+
19
25
  def initialize(service, key)
20
26
  if !key || key !~ /[0-9a-f]{64}/i
21
27
  raise ArgumentError, "key MUST be 32 bytes, hex encoded string, was: #{key}"
@@ -25,11 +31,12 @@ module RbSSO
25
31
  @verify_key = key
26
32
  end
27
33
 
28
- def open(ticket_string)
34
+ def open(ticket_string, nonce: nil)
29
35
  ticket = RbSSO::Ticket.open ticket_string, verify_key
30
36
  auth = RbSSO::Authentication.parse ticket.content
31
37
  raise TicketExpired.new(auth.expires) if auth.expired?
32
38
  raise WrongService.new(service, auth.service) if auth.service != service
39
+ raise NonceMismatch.new(nonce, auth.nonce) if auth.nonce != nonce
33
40
  auth.to_info
34
41
  end
35
42
 
data/lib/rbsso/server.rb CHANGED
@@ -13,10 +13,11 @@ module RbSSO
13
13
  @key = RbNaCl::SigningKey.new seed_binary
14
14
  end
15
15
 
16
- def ticket(user, service, domain)
16
+ def ticket(user:, service:, domain:, nonce: nil)
17
17
  auth = RbSSO::Authentication.new user: user,
18
18
  service: service,
19
- domain: domain
19
+ domain: domain,
20
+ nonce: nonce
20
21
  ticket = RbSSO::Ticket.sign auth, key
21
22
  return ticket.to_base64
22
23
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rbsso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Azul
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-13 00:00:00.000000000 Z
11
+ date: 2017-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rbnacl