restful_authentication 1.1.6

data/lib/authentication/by_cookie_token.rb

@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+module Authentication
+  module ByCookieToken
+    # Stuff directives into including module 
+    def self.included(recipient)
+      recipient.extend(ModelClassMethods)
+      recipient.class_eval do
+        include ModelInstanceMethods
+      end
+    end
+
+    #
+    # Class Methods
+    #
+    module ModelClassMethods
+    end # class methods
+
+    #
+    # Instance Methods
+    #
+    module ModelInstanceMethods
+      def remember_token?
+        (!remember_token.blank?) && 
+          remember_token_expires_at && (Time.now.utc < remember_token_expires_at.utc)
+      end
+
+      # These create and unset the fields required for remembering users between browser closes
+      def remember_me
+        remember_me_for 2.weeks
+      end
+
+      def remember_me_for(time)
+        remember_me_until time.from_now.utc
+      end
+
+      def remember_me_until(time)
+        self.remember_token_expires_at = time
+        self.remember_token            = self.class.make_token
+        save(false)
+      end
+
+      # refresh token (keeping same expires_at) if it exists
+      def refresh_token
+        if remember_token?
+          self.remember_token = self.class.make_token 
+          save(false)      
+        end
+      end
+
+      # 
+      # Deletes the server-side record of the authentication token.  The
+      # client-side (browser cookie) and server-side (this remember_token) must
+      # always be deleted together.
+      #
+      def forget_me
+        self.remember_token_expires_at = nil
+        self.remember_token            = nil
+        save(false)
+      end
+    end # instance methods
+  end
+
+  module ByCookieTokenController
+    # Stuff directives into including module 
+    def self.included( recipient )
+      recipient.extend( ControllerClassMethods )
+      recipient.class_eval do
+        include ControllerInstanceMethods
+      end
+    end
+
+    #
+    # Class Methods
+    #
+    module ControllerClassMethods
+    end # class methods
+    
+    module ControllerInstanceMethods
+    end # instance methods
+  end
+end
+

data/lib/authentication/by_password.rb

@@ -0,0 +1,64 @@
+module Authentication
+  module ByPassword
+    # Stuff directives into including module
+    def self.included(recipient)
+      recipient.extend(ModelClassMethods)
+      recipient.class_eval do
+        include ModelInstanceMethods
+        
+        # Virtual attribute for the unencrypted password
+        attr_accessor :password
+        validates_presence_of     :password,                   :if => :password_required?
+        validates_presence_of     :password_confirmation,      :if => :password_required?
+        validates_confirmation_of :password,                   :if => :password_required?
+        validates_length_of       :password, :within => 6..40, :if => :password_required?
+        before_save :encrypt_password
+      end
+    end # #included directives
+
+    #
+    # Class Methods
+    #
+    module ModelClassMethods
+      # This provides a modest increased defense against a dictionary attack if
+      # your db were ever compromised, but will invalidate existing passwords.
+      # See the README and the file config/initializers/site_keys.rb
+      #
+      # It may not be obvious, but if you set REST_AUTH_SITE_KEY to nil and
+      # REST_AUTH_DIGEST_STRETCHES to 1 you'll have backwards compatibility with
+      # older versions of restful-authentication.
+      def password_digest(password, salt)
+        digest = REST_AUTH_SITE_KEY
+        REST_AUTH_DIGEST_STRETCHES.times do
+          digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY)
+        end
+        digest
+      end      
+    end # class methods
+
+    #
+    # Instance Methods
+    #
+    module ModelInstanceMethods
+      
+      # Encrypts the password with the user salt
+      def encrypt(password)
+        self.class.password_digest(password, salt)
+      end
+      
+      def authenticated?(password)
+        crypted_password == encrypt(password)
+      end
+      
+      # before filter 
+      def encrypt_password
+        return if password.blank?
+        self.salt = self.class.make_token if new_record?
+        self.crypted_password = encrypt(password)
+      end
+      def password_required?
+        crypted_password.blank? || !password.blank?
+      end
+    end # instance methods
+  end
+end

data/lib/authorization.rb

@@ -0,0 +1,14 @@
+module Authorization
+  def self.included(recipient)
+    recipient.extend(ModelClassMethods)
+    recipient.class_eval do
+      include ModelInstanceMethods
+    end
+  end
+
+  module ModelClassMethods
+  end # class methods
+
+  module ModelInstanceMethods
+  end # instance methods
+end

data/lib/authorization/aasm_roles.rb

@@ -0,0 +1,64 @@
+module Authorization
+  module AasmRoles
+    unless Object.constants.include? "STATEFUL_ROLES_CONSTANTS_DEFINED"
+      STATEFUL_ROLES_CONSTANTS_DEFINED = true # sorry for the C idiom
+    end
+    
+    def self.included( recipient )
+      recipient.extend( StatefulRolesClassMethods )
+      recipient.class_eval do
+        include StatefulRolesInstanceMethods
+        include AASM
+        
+        aasm_column :state
+        aasm_initial_state :initial => :pending
+        aasm_state :passive
+        aasm_state :pending, :enter => :make_activation_code
+        aasm_state :active,  :enter => :do_activate
+        aasm_state :suspended
+        aasm_state :deleted, :enter => :do_delete
+
+        aasm_event :register do
+          transitions :from => :passive, :to => :pending, :guard => Proc.new {|u| !(u.crypted_password.blank? && u.password.blank?) }
+        end
+        
+        aasm_event :activate do
+          transitions :from => :pending, :to => :active 
+        end
+        
+        aasm_event :suspend do
+          transitions :from => [:passive, :pending, :active], :to => :suspended
+        end
+        
+        aasm_event :delete do
+          transitions :from => [:passive, :pending, :active, :suspended], :to => :deleted
+        end
+
+        aasm_event :unsuspend do
+          transitions :from => :suspended, :to => :active,  :guard => Proc.new {|u| !u.activated_at.blank? }
+          transitions :from => :suspended, :to => :pending, :guard => Proc.new {|u| !u.activation_code.blank? }
+          transitions :from => :suspended, :to => :passive
+        end
+      end
+    end
+
+    module StatefulRolesClassMethods
+    end # class methods
+
+    module StatefulRolesInstanceMethods
+      # Returns true if the user has just been activated.
+      def recently_activated?
+        @activated
+      end
+      def do_delete
+        self.deleted_at = Time.now.utc
+      end
+
+      def do_activate
+        @activated = true
+        self.activated_at = Time.now.utc
+        self.deleted_at = self.activation_code = nil
+      end
+    end # instance methods
+  end
+end

data/lib/authorization/stateful_roles.rb

@@ -0,0 +1,64 @@
+module Authorization
+  module StatefulRoles
+    unless Object.constants.include? "STATEFUL_ROLES_CONSTANTS_DEFINED"
+      STATEFUL_ROLES_CONSTANTS_DEFINED = true # sorry for the C idiom
+    end
+    
+    def self.included( recipient )
+      recipient.extend( StatefulRolesClassMethods )
+      recipient.class_eval do
+        include AASM
+        include StatefulRolesInstanceMethods
+        
+        aasm_column :state
+        aasm_initial_state :pending
+        aasm_state  :passive
+        aasm_state  :pending, :enter => :make_activation_code
+        aasm_state  :active,  :enter => :do_activate
+        aasm_state  :suspended
+        aasm_state  :deleted, :enter => :do_delete
+
+        aasm_event :register do
+          transitions :from => :passive, :to => :pending, :guard => Proc.new {|u| !(u.crypted_password.blank? && u.password.blank?) }
+        end
+        
+        aasm_event :activate do
+          transitions :from => :pending, :to => :active 
+        end
+        
+        aasm_event :suspend do
+          transitions :from => [:passive, :pending, :active], :to => :suspended
+        end
+        
+        aasm_event :delete do
+          transitions :from => [:passive, :pending, :active, :suspended], :to => :deleted
+        end
+
+        aasm_event :unsuspend do
+          transitions :from => :suspended, :to => :active,  :guard => Proc.new {|u| !u.activated_at.blank? }
+          transitions :from => :suspended, :to => :pending, :guard => Proc.new {|u| !u.activation_code.blank? }
+          transitions :from => :suspended, :to => :passive
+        end
+      end
+    end
+
+    module StatefulRolesClassMethods
+    end # class methods
+
+    module StatefulRolesInstanceMethods
+      # Returns true if the user has just been activated.
+      def recently_activated?
+        @activated
+      end
+      def do_delete
+        self.deleted_at = Time.now.utc
+      end
+
+      def do_activate
+        @activated = true
+        self.activated_at = Time.now.utc
+        self.deleted_at = self.activation_code = nil
+      end
+    end # instance methods
+  end
+end

data/lib/restful_authentication.rb

@@ -0,0 +1,6 @@
+require File.join(File.dirname(__FILE__), "authentication")
+require File.join(File.dirname(__FILE__), "authentication", "by_password")
+require File.join(File.dirname(__FILE__), "authentication", "by_cookie_token")
+require File.join(File.dirname(__FILE__), "authorization")
+require File.join(File.dirname(__FILE__), "authorization", "aasm_roles")
+require File.join(File.dirname(__FILE__), "authorization", "stateful_roles")

data/lib/trustification.rb

@@ -0,0 +1,14 @@
+module Trustification
+  def self.included(recipient)
+    recipient.extend(ModelClassMethods)
+    recipient.class_eval do
+      include ModelInstanceMethods
+    end
+  end
+
+  module ModelClassMethods
+  end # class methods
+
+  module ModelInstanceMethods
+  end # instance methods
+end

data/lib/trustification/email_validation.rb

@@ -0,0 +1,20 @@
+module Trustification
+  module EmailValidation
+    unless Object.constants.include? "CONSTANTS_DEFINED"
+      CONSTANTS_DEFINED = true # sorry for the C idiom
+    end
+    
+    def self.included(recipient)
+      recipient.extend(ClassMethods)
+      recipient.class_eval do
+        include InstanceMethods
+      end
+    end
+
+    module ClassMethods
+    end # class methods
+
+    module InstanceMethods
+    end # instance methods
+  end
+end

data/notes/AccessControl.txt

@@ -0,0 +1,2 @@
+
+See the notes in [[Authorization]]

data/notes/Authentication.txt

@@ -0,0 +1,5 @@
+Guides to best practices:
+* "The OWASP Guide to Building Secure Web Applications":http://www.owasp.org/index.php/Category:OWASP_Guide_Project
+** specifically, of course, the chapter on Authentication.
+* "Secure Programming for Linux and Unix HOWTO":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html
+* "Authentication and Identification,":http://www.downes.ca/post/12 by Stephen Downes **Highly Recommended**

data/notes/Authorization.txt

@@ -0,0 +1,154 @@
+h2. Authorization
+
+"Best Practices for Authorization":http://www.owasp.org/index.php/Guide_to_Authorization
+# auth system should deny by default
+# Principle of least privilege (fine-grain)
+# each non-anonymous entry point have an access control check
+# authorization check at or near the beginning of code implementing sensitive activities
+# Ensure that Model code checks to ensure that the requesting user should have access to the protected resource.
+# Reauthorization for high value activities or after idle out
+# If custom code is required to perform authorization functions, consider
+  fail-safe authentication and exception handling – ensure that if an exception
+  is thrown, the user is logged out or at least prevented from accessing the
+  protected resource or function.
+# Well written applications centralize access control routines, so if any bugs
+  are found, they can be fixed once and the results apply throughout the
+  application immediately.
+
+h2. Authorization in a trust context
+
+* [http://en.wikipedia.org/wiki/Authorization]
+* remember: goal is **prediction** not **control**
+
+h2. Patterns for Policy definition / Authorization / access control
+
+*Reference Monitor (SecPatt p256)
+** Set of authorization rules
+** Actor, Action, Resource => Monitor+(rules) => ctrlr
+* Role based:
+   subj, role, right. action, resource
+  RBAC, access is controlled at the system level, outside of the user's control
+* Filter based
+  User x Controller x Action x Params --
+* Object based
+  model security delegation
+* Access Control Matrix http://en.wikipedia.org/wiki/Access_Control_Matrix
+* CommandProcessor pattern (DSL approach)
+* DENY FROM ... / ALLOW FROM ... approach
+* Capability based control: bundle together the designation of an object and the permission to access that object
+  ie. I can name it if and only if I am allowed to get at it.
+
+h2. Notes from "Security patterns":http://www.amazon.com/Security-Patterns-Integrating-Engineering-Software/dp/0470858842
+by M Schumacher ("website for book":http://www.securitypatterns.org/)
+
+Reference Monitor (SecPatt p256)
+ * Set of authorization rules
+ * Actor, Action, Resource  => Monitor+(rules) => ctrlr
+
+= Full access with Errors (SecPatt p305)
+
+* Users should not be able to view data or perform operations for which they
+  have no permissions.
+* Hiding an available and accessible function is inappropriate, because users
+  must be able to see what they can do.
+* The visual appeal and usability of a graphical user interface (GUI) can be de-
+  graded by varying layouts depending on the (current) access rights of a
+  user. For example, blank space might appear for some users where others see
+  options they can access, or sequence and number of menu items might differ,
+  depending on the current user’s rights, and thus ‘blind’ operation of the menu
+  by an expe- rienced user is no longer possible.
+* Showing currently unavailable functions can tease users to into upgrading
+  their access rights, for example by paying for the access or buying a license
+  after us- ing a demo version.
+* Trial and error are ineffective means of learning which functions are
+  accessible.  Invoking an operation only to learn that it doesn’t work with
+  your access rights is confusing.
+* The privilege grouping of the typical user community might not be known at the
+  design time of the GUI, and it might change over time, for example through
+  organizational or business process changes, so that providing a few special
+  modes of the GUI depending on the corresponding user roles is inappropriate.
+* Checking whether a function is allowed by a user is most efficient, robust and
+  secure, if done by the function itself—at least the code performing the checks
+  is then closely related to the code performing the subsequent operation
+  afterwards.
+
+h2. Outcomes / Obligations
+
+-- forbid
+-- ask for trust escalation (eg log in, prove_as_human, validate_email, are_you_sure, send_me_ten_cents)
+-- drag ass
+-- permit
+
+-- reinterpret past actions based on future evolution of trust
+-- prioritize changesets based on trust.
+
+
+h2. Notes from "Core Security Patterns":http://www.coresecuritypatterns.com/patterns.htm website
+
+# Authentication Enforcer 	who the hell are you
+# Intercepting Validator	Is your request well-formed
+# Authorization Enforcer  	Are you allowed to do that
+# Secure Logger 		Know what's happening/happened
+#
+
+h2. notes from "XACML":http://www.nsitonline.in/hemant/stuff/xacml/XACML%20Tutorial%20with%20a%20Use%20Case%20Scenario%20for%20Academic%20Institutions.htm
+
+PolicySets [Policy Combining Algorithm]
+Policy [Rule Combining Algorithm] (defines access to particular resources.)
+# Target
+## Subject Attributes
+## Resource Attributes
+## Action Attributes
+## Environment Attributes
+# Rule [Effect]		Identify various conditions or cases under which a policy may become applicable
+## Subject Attributes	user who has made an access request
+## Resource Attributes	object to which access is requested
+## Action Attributes	action the subject wants to take on the resource
+## Environment Attributes	request environment (time of day, ip, etc)
+## Conditions
+# Obligations
+
+Roles    -- student, janitor, dean, stranger, ...
+Branches -- Departments, etc.
+
+* Examine applicable rules until you get an outcome, failure or passes thru (in which case rejected)
+* Rule combining Algorithms
+
+* Obligations -- things to do once requests have been denied or permitted
+
+Reference Monitor (SecPatt p256)
+ * Set of authorization rules
+ * Actor, Action, Resource  --> Monitor+(rules) --> ctrlr
+
+#
+# ask for permissions on arbitrary (subject, action, resource)
+  * roles
+# get filtered object based on action (:public_info, :admin_info, etc.)
+# attach a rule to a (subject|role, action, resource) triple
+  "subject should have role R"
+  "subject should have role R on resource X"
+  "should meet the
+
+* Role supervisor:
+  * adds, defines, removes roles.  no policy -- just attaches roles to users
+
+* Policy
+  answers "can Actor do Action to Resource"
+  * Rules
+  * Rule resolution
+  * outcome, obligations.
+  policy definitions can come from many places, go to policy mgr.
+* Hall monitor
+  enforces policy (before filters)
+* Policy observers
+  handle policy obligations
+
+* Athentication   --  identification, really: securely attach visitor to identity
+* Validation      -- qualify trust
+* Access control  -- define policy
+** Roles
+** Acc. matrix
+* Authorization	-- enforce policy (reference monitor ; filter chain)
+* Obligations
+**  Audit 	-- (observer)
+