riddl 0.99.256 → 0.99.257
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/ruby/riddl/utils/oauth2-univie.rb +5 -0
- data/lib/ruby/riddl/utils/oauth2-univie.rb.orig +166 -0
- data/lib/ruby/riddl/utils/oauth2-univie.rb.rej +10 -0
- data/riddl.gemspec +1 -1
- metadata +10 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 32d893d88c9f303cb71b2ad369e45cf7581c177c
|
4
|
+
data.tar.gz: 9a2ea9a6ae45aa961fff86a5a4fcf58cdc71d0ad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 43a615f7a29b7a1240a5a38ec8ef73c26d113e468474edcf11b148637fd7fdb82968a205edf353d1a694c707205357fe39cfdef5ed1602dab4036bbf4ee12a86
|
7
|
+
data.tar.gz: 38cdd3f4eaa23b0d18adfb983f255ec017a5c2f365d05452a3a481eef5c5992cf215b498d4457dc98bbae2eec28881c64710b106e092fbffc30fd9c30aaaaffe
|
@@ -50,6 +50,11 @@ module Riddl
|
|
50
50
|
end
|
51
51
|
|
52
52
|
@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
|
53
|
+
else
|
54
|
+
@status = 403
|
55
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
56
|
+
:error => 'No authorization provided.'
|
57
|
+
}.to_json)
|
53
58
|
end
|
54
59
|
|
55
60
|
@p
|
@@ -0,0 +1,166 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
|
2
|
+
|
3
|
+
module Riddl
|
4
|
+
module Utils
|
5
|
+
module OAuth2
|
6
|
+
|
7
|
+
module UnivieBearer
|
8
|
+
class CheckAuth < Riddl::Implementation
|
9
|
+
def response
|
10
|
+
client_id = @a[0]
|
11
|
+
client_secret = @a[1]
|
12
|
+
access_tokens = @a[2]
|
13
|
+
if @h['AUTHORIZATION']
|
14
|
+
token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
|
15
|
+
|
16
|
+
data, _, signature = token.rpartition '.'
|
17
|
+
expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
|
18
|
+
|
19
|
+
if !access_tokens.key? token
|
20
|
+
@status = 403
|
21
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
22
|
+
:error => 'Unknown token'
|
23
|
+
}.to_json)
|
24
|
+
elsif signature != expected_sign
|
25
|
+
@status = 403
|
26
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
27
|
+
:error => 'Invalid token, you bad boy'
|
28
|
+
}.to_json)
|
29
|
+
end
|
30
|
+
|
31
|
+
header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
|
32
|
+
payload_claims = JSON::parse payload_claims
|
33
|
+
|
34
|
+
if header_claims != Riddl::Utils::OAuth2::Helper::header
|
35
|
+
@status = 401
|
36
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
37
|
+
:error => 'Invalid header claims'
|
38
|
+
}.to_json)
|
39
|
+
elsif payload_claims['exp'] <= Time.now.to_i
|
40
|
+
@status = 403
|
41
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
42
|
+
:error => 'Expired token'
|
43
|
+
}.to_json)
|
44
|
+
elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
|
45
|
+
# XXX: ein token für mehrere clients gültig? lookup?
|
46
|
+
@status = 403
|
47
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
48
|
+
:error => 'Token is not valid for this application'
|
49
|
+
}.to_json)
|
50
|
+
end
|
51
|
+
|
52
|
+
@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
|
53
|
+
end
|
54
|
+
|
55
|
+
@p
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
module UnivieApp
|
61
|
+
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, codes, adur, rdur)
|
62
|
+
Proc.new do
|
63
|
+
run UnivieBearer::CheckAuth, client_id, client_secret, access_tokens if get 'check'
|
64
|
+
on resource 'verify' do
|
65
|
+
run VerifyIdentity, access_tokens, refresh_tokens, codes, client_id, client_secret, adur, rdur if post 'verify_in'
|
66
|
+
end
|
67
|
+
on resource 'token' do
|
68
|
+
run RefreshToken, access_tokens, refresh_tokens, client_id, client_secret, adur, rdur if post 'refresh_token_in'
|
69
|
+
end
|
70
|
+
on resource 'revoke' do
|
71
|
+
run RevokeFlow, access_tokens, refresh_tokens, codes if delete 'revoke_in'
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
class VerifyIdentity < Riddl::Implementation
|
77
|
+
def response
|
78
|
+
code = Base64::urlsafe_decode64 @p[0].value
|
79
|
+
access_tokens = @a[0]
|
80
|
+
refresh_tokens = @a[1]
|
81
|
+
codes = @a[2]
|
82
|
+
client_id = @a[3]
|
83
|
+
client_secret = @a[4]
|
84
|
+
adur = @a[5]
|
85
|
+
rdur = @a[6]
|
86
|
+
client_pass = "#{client_id}:#{client_secret}"
|
87
|
+
|
88
|
+
user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2) rescue [nil,nil]
|
89
|
+
if user_id.nil?
|
90
|
+
@status = 403
|
91
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
92
|
+
:error => 'Code invalid. Client_id or client_secret not suitable for decryption.'
|
93
|
+
}.to_json)
|
94
|
+
else
|
95
|
+
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
|
96
|
+
codes.set(code, refresh_token, rdur)
|
97
|
+
access_tokens.set(token, user_id, rdur) # not adur, to identify expired access tokens
|
98
|
+
refresh_tokens.set(refresh_token, token, rdur)
|
99
|
+
|
100
|
+
json_response = {
|
101
|
+
:access_token => token,
|
102
|
+
:refresh_token => refresh_token,
|
103
|
+
:code => Base64.urlsafe_encode64(decrypted),
|
104
|
+
:user_id => user_id
|
105
|
+
}.to_json
|
106
|
+
|
107
|
+
Riddl::Parameter::Complex.new('data', 'application/json', json_response)
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
class RevokeFlow < Riddl::Implementation
|
113
|
+
def response
|
114
|
+
code = Base64::urlsafe_decode64 @p[0].value
|
115
|
+
access_tokens = @a[0]
|
116
|
+
refresh_tokens = @a[1]
|
117
|
+
codes = @a[2]
|
118
|
+
|
119
|
+
rt = codes.delete(code)
|
120
|
+
at = refresh_tokens.delete(rt)
|
121
|
+
access_tokens.delete(at)
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
class RefreshToken < Riddl::Implementation
|
126
|
+
def response
|
127
|
+
refresh_token = @p[1].value
|
128
|
+
access_tokens = @a[0]
|
129
|
+
refresh_tokens = @a[1]
|
130
|
+
client_id = @a[2]
|
131
|
+
client_secret = @a[3]
|
132
|
+
adur = @a[4]
|
133
|
+
rdur = @a[5]
|
134
|
+
|
135
|
+
token, _ = refresh_token.split '.'
|
136
|
+
token_data = JSON::parse(Base64::urlsafe_decode64 token)
|
137
|
+
|
138
|
+
if token_data['iss'] != client_id
|
139
|
+
@status = 401
|
140
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
141
|
+
:error => 'Token must be refreshed by issuer.'
|
142
|
+
}.to_json)
|
143
|
+
elsif !refresh_tokens.key?(refresh_token) || token_data['exp'] <= Time.now.to_i
|
144
|
+
@status = 403
|
145
|
+
puts "i dont know #{refresh_token}", "#{refresh_tokens.get(refresh_token)}"
|
146
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
147
|
+
:error => 'Invalid refresh token.'
|
148
|
+
}.to_json)
|
149
|
+
end
|
150
|
+
|
151
|
+
old_token = refresh_tokens.get(refresh_token)
|
152
|
+
user = access_tokens.delete old_token
|
153
|
+
|
154
|
+
token = Riddl::Utils::OAuth2::Helper::generate_access_token(client_id, client_id + ':' + client_secret, adur)
|
155
|
+
|
156
|
+
access_tokens.set(token,user,rdur) # not adur, to identify expired access tokens
|
157
|
+
refresh_tokens.set(refresh_token, token)
|
158
|
+
|
159
|
+
Riddl::Parameter::Complex.new('data', 'application/json', { :token => token }.to_json)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
end
|
165
|
+
end
|
166
|
+
end
|
data/riddl.gemspec
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: riddl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.99.
|
4
|
+
version: 0.99.257
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Juergen 'eTM' Mangler
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: tools
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2018-01-10 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: xml-smart
|
@@ -442,6 +442,8 @@ files:
|
|
442
442
|
- lib/ruby/riddl/utils/notifications_producer.rb
|
443
443
|
- lib/ruby/riddl/utils/oauth2-helper.rb
|
444
444
|
- lib/ruby/riddl/utils/oauth2-univie.rb
|
445
|
+
- lib/ruby/riddl/utils/oauth2-univie.rb.orig
|
446
|
+
- lib/ruby/riddl/utils/oauth2-univie.rb.rej
|
445
447
|
- lib/ruby/riddl/utils/properties.rb
|
446
448
|
- lib/ruby/riddl/utils/turtle.rb
|
447
449
|
- lib/ruby/riddl/utils/xmlserve.rb
|
@@ -512,18 +514,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
512
514
|
version: '0'
|
513
515
|
requirements: []
|
514
516
|
rubyforge_project:
|
515
|
-
rubygems_version: 2.
|
517
|
+
rubygems_version: 2.5.2
|
516
518
|
signing_key:
|
517
519
|
specification_version: 4
|
518
520
|
summary: 'restful interface description and declaration language: tools and client/server
|
519
521
|
libs'
|
520
522
|
test_files:
|
521
|
-
- test/
|
522
|
-
- test/
|
523
|
-
- test/tc_declaration-local.rb
|
523
|
+
- test/tc_websocket.rb
|
524
|
+
- test/tc_producer.rb
|
524
525
|
- test/tc_helloworld.rb
|
526
|
+
- test/tc_declaration-local.rb
|
527
|
+
- test/tc_properties.rb
|
525
528
|
- test/tc_library.rb
|
529
|
+
- test/tc_declaration-hybrid.rb
|
526
530
|
- test/tc_declaration-distributed.rb
|
527
|
-
- test/tc_websocket.rb
|
528
|
-
- test/tc_producer.rb
|
529
531
|
- test/smartrunner.rb
|