riddl 0.99.256 → 0.99.257

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ruby/riddl/utils/oauth2-univie.rb +5 -0
  3. data/lib/ruby/riddl/utils/oauth2-univie.rb.orig +166 -0
  4. data/lib/ruby/riddl/utils/oauth2-univie.rb.rej +10 -0
  5. data/riddl.gemspec +1 -1
  6. metadata +10 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 234355d07a1365d8c3edad0985f8fbed5c1020b1
4
- data.tar.gz: eeedfe05639e119ff574ecaef299e4fe792786aa
3
+ metadata.gz: 32d893d88c9f303cb71b2ad369e45cf7581c177c
4
+ data.tar.gz: 9a2ea9a6ae45aa961fff86a5a4fcf58cdc71d0ad
5
5
  SHA512:
6
- metadata.gz: 8746dda65d1ecfb226db477340b060ca803392ddf40d1228299c39a670afdd6fb004bb579ed1cfeab379c9d7dbfc2af06a4688405de26132d713eb4e149095fa
7
- data.tar.gz: fccc19fdd4ca57f9673ece1c9a071c85d1188fc52a3b9c76461424232b3d08fe06590e5738d88fcf30c4bbc640ec7217d5241bb10874ed4b6fce1fb274bb552f
6
+ metadata.gz: 43a615f7a29b7a1240a5a38ec8ef73c26d113e468474edcf11b148637fd7fdb82968a205edf353d1a694c707205357fe39cfdef5ed1602dab4036bbf4ee12a86
7
+ data.tar.gz: 38cdd3f4eaa23b0d18adfb983f255ec017a5c2f365d05452a3a481eef5c5992cf215b498d4457dc98bbae2eec28881c64710b106e092fbffc30fd9c30aaaaffe
data/lib/ruby/riddl/utils/oauth2-univie.rb CHANGED
@@ -50,6 +50,11 @@ module Riddl
50
50
  end
51
51
 
52
52
  @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
53
+ else
54
+ @status = 403
55
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
56
+ :error => 'No authorization provided.'
57
+ }.to_json)
53
58
  end
54
59
 
55
60
  @p
data/lib/ruby/riddl/utils/oauth2-univie.rb.orig ADDED
@@ -0,0 +1,166 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
2
+
3
+ module Riddl
4
+ module Utils
5
+ module OAuth2
6
+
7
+ module UnivieBearer
8
+ class CheckAuth < Riddl::Implementation
9
+ def response
10
+ client_id = @a[0]
11
+ client_secret = @a[1]
12
+ access_tokens = @a[2]
13
+ if @h['AUTHORIZATION']
14
+ token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
15
+
16
+ data, _, signature = token.rpartition '.'
17
+ expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
18
+
19
+ if !access_tokens.key? token
20
+ @status = 403
21
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
22
+ :error => 'Unknown token'
23
+ }.to_json)
24
+ elsif signature != expected_sign
25
+ @status = 403
26
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
27
+ :error => 'Invalid token, you bad boy'
28
+ }.to_json)
29
+ end
30
+
31
+ header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
32
+ payload_claims = JSON::parse payload_claims
33
+
34
+ if header_claims != Riddl::Utils::OAuth2::Helper::header
35
+ @status = 401
36
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
37
+ :error => 'Invalid header claims'
38
+ }.to_json)
39
+ elsif payload_claims['exp'] <= Time.now.to_i
40
+ @status = 403
41
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
42
+ :error => 'Expired token'
43
+ }.to_json)
44
+ elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
45
+ # XXX: ein token für mehrere clients gültig? lookup?
46
+ @status = 403
47
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
48
+ :error => 'Token is not valid for this application'
49
+ }.to_json)
50
+ end
51
+
52
+ @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
53
+ end
54
+
55
+ @p
56
+ end
57
+ end
58
+ end
59
+
60
+ module UnivieApp
61
+ def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, codes, adur, rdur)
62
+ Proc.new do
63
+ run UnivieBearer::CheckAuth, client_id, client_secret, access_tokens if get 'check'
64
+ on resource 'verify' do
65
+ run VerifyIdentity, access_tokens, refresh_tokens, codes, client_id, client_secret, adur, rdur if post 'verify_in'
66
+ end
67
+ on resource 'token' do
68
+ run RefreshToken, access_tokens, refresh_tokens, client_id, client_secret, adur, rdur if post 'refresh_token_in'
69
+ end
70
+ on resource 'revoke' do
71
+ run RevokeFlow, access_tokens, refresh_tokens, codes if delete 'revoke_in'
72
+ end
73
+ end
74
+ end
75
+
76
+ class VerifyIdentity < Riddl::Implementation
77
+ def response
78
+ code = Base64::urlsafe_decode64 @p[0].value
79
+ access_tokens = @a[0]
80
+ refresh_tokens = @a[1]
81
+ codes = @a[2]
82
+ client_id = @a[3]
83
+ client_secret = @a[4]
84
+ adur = @a[5]
85
+ rdur = @a[6]
86
+ client_pass = "#{client_id}:#{client_secret}"
87
+
88
+ user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2) rescue [nil,nil]
89
+ if user_id.nil?
90
+ @status = 403
91
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
92
+ :error => 'Code invalid. Client_id or client_secret not suitable for decryption.'
93
+ }.to_json)
94
+ else
95
+ token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
96
+ codes.set(code, refresh_token, rdur)
97
+ access_tokens.set(token, user_id, rdur) # not adur, to identify expired access tokens
98
+ refresh_tokens.set(refresh_token, token, rdur)
99
+
100
+ json_response = {
101
+ :access_token => token,
102
+ :refresh_token => refresh_token,
103
+ :code => Base64.urlsafe_encode64(decrypted),
104
+ :user_id => user_id
105
+ }.to_json
106
+
107
+ Riddl::Parameter::Complex.new('data', 'application/json', json_response)
108
+ end
109
+ end
110
+ end
111
+
112
+ class RevokeFlow < Riddl::Implementation
113
+ def response
114
+ code = Base64::urlsafe_decode64 @p[0].value
115
+ access_tokens = @a[0]
116
+ refresh_tokens = @a[1]
117
+ codes = @a[2]
118
+
119
+ rt = codes.delete(code)
120
+ at = refresh_tokens.delete(rt)
121
+ access_tokens.delete(at)
122
+ end
123
+ end
124
+
125
+ class RefreshToken < Riddl::Implementation
126
+ def response
127
+ refresh_token = @p[1].value
128
+ access_tokens = @a[0]
129
+ refresh_tokens = @a[1]
130
+ client_id = @a[2]
131
+ client_secret = @a[3]
132
+ adur = @a[4]
133
+ rdur = @a[5]
134
+
135
+ token, _ = refresh_token.split '.'
136
+ token_data = JSON::parse(Base64::urlsafe_decode64 token)
137
+
138
+ if token_data['iss'] != client_id
139
+ @status = 401
140
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
141
+ :error => 'Token must be refreshed by issuer.'
142
+ }.to_json)
143
+ elsif !refresh_tokens.key?(refresh_token) || token_data['exp'] <= Time.now.to_i
144
+ @status = 403
145
+ puts "i dont know #{refresh_token}", "#{refresh_tokens.get(refresh_token)}"
146
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
147
+ :error => 'Invalid refresh token.'
148
+ }.to_json)
149
+ end
150
+
151
+ old_token = refresh_tokens.get(refresh_token)
152
+ user = access_tokens.delete old_token
153
+
154
+ token = Riddl::Utils::OAuth2::Helper::generate_access_token(client_id, client_id + ':' + client_secret, adur)
155
+
156
+ access_tokens.set(token,user,rdur) # not adur, to identify expired access tokens
157
+ refresh_tokens.set(refresh_token, token)
158
+
159
+ Riddl::Parameter::Complex.new('data', 'application/json', { :token => token }.to_json)
160
+ end
161
+ end
162
+ end
163
+
164
+ end
165
+ end
166
+ end
data/lib/ruby/riddl/utils/oauth2-univie.rb.rej ADDED
@@ -0,0 +1,10 @@
1
+ *** /dev/null
2
+ --- /dev/null
3
+ ***************
4
+ *** 53,57
5
+ - else
6
+ - @status = 403
7
+ - return Riddl::Parameter::Complex.new('data', 'application/json', {
8
+ - :error => 'No authorization provided.'
9
+ - }.to_json)
10
+ --- 0 -----
data/riddl.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "riddl"
3
- s.version = "0.99.256"
3
+ s.version = "0.99.257"
4
4
  s.platform = Gem::Platform::RUBY
5
5
  s.license = "LGPL-3.0"
6
6
  s.summary = "restful interface description and declaration language: tools and client/server libs"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: riddl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.99.256
4
+ version: 0.99.257
5
5
  platform: ruby
6
6
  authors:
7
7
  - Juergen 'eTM' Mangler
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: tools
12
12
  cert_chain: []
13
- date: 2017-12-01 00:00:00.000000000 Z
13
+ date: 2018-01-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: xml-smart
@@ -442,6 +442,8 @@ files:
442
442
  - lib/ruby/riddl/utils/notifications_producer.rb
443
443
  - lib/ruby/riddl/utils/oauth2-helper.rb
444
444
  - lib/ruby/riddl/utils/oauth2-univie.rb
445
+ - lib/ruby/riddl/utils/oauth2-univie.rb.orig
446
+ - lib/ruby/riddl/utils/oauth2-univie.rb.rej
445
447
  - lib/ruby/riddl/utils/properties.rb
446
448
  - lib/ruby/riddl/utils/turtle.rb
447
449
  - lib/ruby/riddl/utils/xmlserve.rb
@@ -512,18 +514,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
512
514
  version: '0'
513
515
  requirements: []
514
516
  rubyforge_project:
515
- rubygems_version: 2.6.6
517
+ rubygems_version: 2.5.2
516
518
  signing_key:
517
519
  specification_version: 4
518
520
  summary: 'restful interface description and declaration language: tools and client/server
519
521
  libs'
520
522
  test_files:
521
- - test/tc_properties.rb
522
- - test/tc_declaration-hybrid.rb
523
- - test/tc_declaration-local.rb
523
+ - test/tc_websocket.rb
524
+ - test/tc_producer.rb
524
525
  - test/tc_helloworld.rb
526
+ - test/tc_declaration-local.rb
527
+ - test/tc_properties.rb
525
528
  - test/tc_library.rb
529
+ - test/tc_declaration-hybrid.rb
526
530
  - test/tc_declaration-distributed.rb
527
- - test/tc_websocket.rb
528
- - test/tc_producer.rb
529
531
  - test/smartrunner.rb