riddl 0.99.208 → 0.99.209
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHORS +3 -0
- data/lib/ruby/riddl/ns/common-patterns/oauth2-univie-app/1.0/app.xml +37 -0
- data/lib/ruby/riddl/utils/oauth2-helper.rb +136 -0
- data/lib/ruby/riddl/utils/oauth2-univie-app.rb +75 -0
- data/ns/common-patterns/oauth2-univie-app/1.0/app.xml +37 -0
- data/riddl.gemspec +3 -2
- metadata +9 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a09958851c3d72d1bd539ccc1b8e236917f2c3b
|
|
4
|
+
data.tar.gz: 328c47ad7802b4516a059c61f531535d96baf80d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b302daa4b3ef2505b64f63d8ec7fb9093b8f95b0245e38a9da43d166076bf0036509cce5ee7d2c60ae025e34dbcb4bda3540baac28b7128b07e01c9371c203ef
|
|
7
|
+
data.tar.gz: 3de64c01df01dac35e258f16e4ee60f3bb0a415d725b59ab71e06c94b1228d194e3989faba49394e3daac80efb51c28557f55e9f0335189fc683a4318e24d3be
|
data/AUTHORS
CHANGED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<description datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" xmlns="http://riddl.org/ns/description/1.0" xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
2
|
+
|
|
3
|
+
<message name="verify_in">
|
|
4
|
+
<parameter name="code" type="string"/>
|
|
5
|
+
</message>
|
|
6
|
+
|
|
7
|
+
<message name="verify_out">
|
|
8
|
+
<parameter name="data" mimetype="application/json"/>
|
|
9
|
+
</message>
|
|
10
|
+
|
|
11
|
+
<message name="refresh_token_in">
|
|
12
|
+
<parameter name="grant_type" fixed="refresh_token"/>
|
|
13
|
+
<!-- <parameter name="client_id" type="string"/> -->
|
|
14
|
+
<parameter name="refresh_token" type="string"/>
|
|
15
|
+
</message>
|
|
16
|
+
|
|
17
|
+
<message name="refresh_token_out">
|
|
18
|
+
<parameter name="data" mimetype="application/json"/>
|
|
19
|
+
</message>
|
|
20
|
+
|
|
21
|
+
<message name="revoke_in">
|
|
22
|
+
<parameter name="token" type="string"/>
|
|
23
|
+
</message>
|
|
24
|
+
|
|
25
|
+
<resource>
|
|
26
|
+
<resource relative="verify">
|
|
27
|
+
<post in="verify_in" out="verify_out"/>
|
|
28
|
+
</resource>
|
|
29
|
+
<resource relative="token">
|
|
30
|
+
<post in="refresh_token_in" out="refresh_token_out"/>
|
|
31
|
+
</resource>
|
|
32
|
+
<resource relative="revoke">
|
|
33
|
+
<get in="revoke_in"/>
|
|
34
|
+
</resource>
|
|
35
|
+
</resource>
|
|
36
|
+
|
|
37
|
+
</description>
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
require 'base64'
|
|
3
|
+
require 'securerandom'
|
|
4
|
+
require 'json'
|
|
5
|
+
|
|
6
|
+
module Riddl
|
|
7
|
+
module Utils
|
|
8
|
+
module OAuth2
|
|
9
|
+
|
|
10
|
+
module Helper
|
|
11
|
+
class Tokens #{{{
|
|
12
|
+
def initialize(tfile)
|
|
13
|
+
@tfile = tfile
|
|
14
|
+
@changed = changed
|
|
15
|
+
read
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def [](name)
|
|
19
|
+
read if changed != @changed
|
|
20
|
+
@tokens[name]
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def method_missing(name,*opts)
|
|
24
|
+
@tokens.send(name,*opts)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def []=(name,value)
|
|
28
|
+
@tokens[name] = value
|
|
29
|
+
write
|
|
30
|
+
nil
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def changed
|
|
34
|
+
if File.exists?(@tfile)
|
|
35
|
+
File.stat(@tfile).mtime
|
|
36
|
+
else
|
|
37
|
+
@tokens = {}
|
|
38
|
+
write
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def write
|
|
43
|
+
File.write(@tfile, JSON::pretty_generate(@tokens)) rescue {}
|
|
44
|
+
@changed = changed
|
|
45
|
+
end
|
|
46
|
+
private :write
|
|
47
|
+
|
|
48
|
+
def read
|
|
49
|
+
@tokens = JSON::parse(File.read(@tfile)) rescue {}
|
|
50
|
+
end
|
|
51
|
+
private :read
|
|
52
|
+
|
|
53
|
+
def delete(token)
|
|
54
|
+
deleted = @tokens.delete(token)
|
|
55
|
+
write
|
|
56
|
+
deleted
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def delete_by_user(user_id)
|
|
60
|
+
deleted = @tokens.delete_if { |_, v| v == user_id }
|
|
61
|
+
write
|
|
62
|
+
deleted
|
|
63
|
+
end
|
|
64
|
+
end #}}}
|
|
65
|
+
|
|
66
|
+
def self::header #{{{
|
|
67
|
+
{
|
|
68
|
+
:alg => 'HS256',
|
|
69
|
+
:typ => 'JWT'
|
|
70
|
+
}.to_json
|
|
71
|
+
end #}}}
|
|
72
|
+
|
|
73
|
+
def self::nonce
|
|
74
|
+
SecureRandom::hex(32)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def self::payload(client_id) #{{{
|
|
78
|
+
{
|
|
79
|
+
:iss => client_id,
|
|
80
|
+
:sub => nonce,
|
|
81
|
+
:aud => client_id,
|
|
82
|
+
:exp => Time.now.to_i + 3600
|
|
83
|
+
}.to_json
|
|
84
|
+
end #}}}
|
|
85
|
+
|
|
86
|
+
def self::sign(secret, what) #{{{
|
|
87
|
+
Base64::urlsafe_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, what)
|
|
88
|
+
end #}}}
|
|
89
|
+
|
|
90
|
+
def self::make_access_token(client_id, secret)# {{{
|
|
91
|
+
h = Base64::urlsafe_encode64 header
|
|
92
|
+
p = Base64::urlsafe_encode64 payload(client_id)
|
|
93
|
+
s = sign(secret, "#{h}.#{p}")
|
|
94
|
+
"#{h}.#{p}.#{s}"
|
|
95
|
+
end# }}}
|
|
96
|
+
def self::make_refresh_token(client_id, secret) # {{{
|
|
97
|
+
token = Base64::urlsafe_encode64({
|
|
98
|
+
:iss => client_id,
|
|
99
|
+
:sub => nonce,
|
|
100
|
+
:exp => Time.now.to_i + 7.884e6
|
|
101
|
+
}.to_json)
|
|
102
|
+
"#{token}.#{sign(secret,token)}"
|
|
103
|
+
end# }}}
|
|
104
|
+
def self::generate_optimistic_token(client_id, secret) #{{{
|
|
105
|
+
t = make_access_token(client_id, secret)
|
|
106
|
+
r = make_refresh_token(client_id, secret)
|
|
107
|
+
[t, r]
|
|
108
|
+
end #}}}
|
|
109
|
+
|
|
110
|
+
def self::decrypt_with_shared_secret(data, secret) #{{{
|
|
111
|
+
# extract initialization vector from encrypted data for further shenanigans
|
|
112
|
+
iv, encr = data[0...16], data[16..-1]
|
|
113
|
+
|
|
114
|
+
decipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
|
|
115
|
+
decipher.decrypt
|
|
116
|
+
|
|
117
|
+
decipher.key = Digest::SHA256.hexdigest secret
|
|
118
|
+
decipher.iv = iv
|
|
119
|
+
|
|
120
|
+
decipher.update(encr) + decipher.final rescue nil
|
|
121
|
+
end #}}}
|
|
122
|
+
def self::encrypt_with_shared_secret(data, secret) #{{{
|
|
123
|
+
cipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
|
|
124
|
+
cipher.encrypt
|
|
125
|
+
|
|
126
|
+
key = Digest::SHA256.hexdigest secret
|
|
127
|
+
iv = cipher.random_iv
|
|
128
|
+
cipher.key = key
|
|
129
|
+
cipher.iv = iv
|
|
130
|
+
|
|
131
|
+
Base64::urlsafe_encode64(iv + cipher.update(data) + cipher.final) rescue nil
|
|
132
|
+
end #}}}
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
|
|
2
|
+
|
|
3
|
+
module Riddl
|
|
4
|
+
module Utils
|
|
5
|
+
module OAuth2
|
|
6
|
+
|
|
7
|
+
module UnivieApp
|
|
8
|
+
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens)
|
|
9
|
+
unless access_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && refresh_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && client_id.is_a?(String) && client_secret.is_a?(String)
|
|
10
|
+
raise "client_id, client_secret or token storage not available."
|
|
11
|
+
end
|
|
12
|
+
Proc.new do
|
|
13
|
+
on resource 'verify' do
|
|
14
|
+
run VerifyIdentity, access_tokens, refresh_tokens, client_id, client_secret if post 'verify_in'
|
|
15
|
+
end
|
|
16
|
+
on resource 'token' do
|
|
17
|
+
run RefreshToken, access_tokens, refresh_tokens if post 'refresh_token_in'
|
|
18
|
+
end
|
|
19
|
+
on resource 'revoke' do
|
|
20
|
+
run RevokeTokenFlow, access_tokens, refresh_tokens if get 'revoke_token_in'
|
|
21
|
+
run RevokeUserFlow, access_tokens, refresh_tokens if get 'revoke_user_in'
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
class VerifyIdentity < Riddl::Implementation
|
|
27
|
+
def response
|
|
28
|
+
code = Base64::urlsafe_decode64 @p[0].value
|
|
29
|
+
access_tokens = @a[0]
|
|
30
|
+
refresh_tokens = @a[1]
|
|
31
|
+
client_id = @a[2]
|
|
32
|
+
client_secret = @a[3]
|
|
33
|
+
|
|
34
|
+
client_pass = "#{client_id}:#{client_secret}"
|
|
35
|
+
user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2)
|
|
36
|
+
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass)
|
|
37
|
+
access_tokens[token] = user_id
|
|
38
|
+
refresh_tokens[refresh_token] = token
|
|
39
|
+
|
|
40
|
+
json_response = {
|
|
41
|
+
:access_token => token,
|
|
42
|
+
:refresh_token => refresh_token,
|
|
43
|
+
:code => Base64.urlsafe_encode64(decrypted)
|
|
44
|
+
}.to_json
|
|
45
|
+
|
|
46
|
+
Riddl::Parameter::Complex.new('data', 'application/json', json_response)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
class RevokeTokenFlow < Riddl::Implementation
|
|
51
|
+
def response
|
|
52
|
+
token = @p[0].value
|
|
53
|
+
access_tokens = @a[0]
|
|
54
|
+
refresh_tokens = @a[1]
|
|
55
|
+
|
|
56
|
+
access_tokens.delete(token)
|
|
57
|
+
refresh_tokens.delete_by_token(token)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
class RevokeUserFlow < Riddl::Implementation
|
|
62
|
+
def response
|
|
63
|
+
user_id = @p[0].value
|
|
64
|
+
access_tokens = @a[0]
|
|
65
|
+
refresh_tokens = @a[1]
|
|
66
|
+
|
|
67
|
+
token = access_tokens.delete_by_user user_id
|
|
68
|
+
refresh_tokens.delete_by_token token
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<description datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" xmlns="http://riddl.org/ns/description/1.0" xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
2
|
+
|
|
3
|
+
<message name="verify_in">
|
|
4
|
+
<parameter name="code" type="string"/>
|
|
5
|
+
</message>
|
|
6
|
+
|
|
7
|
+
<message name="verify_out">
|
|
8
|
+
<parameter name="data" mimetype="application/json"/>
|
|
9
|
+
</message>
|
|
10
|
+
|
|
11
|
+
<message name="refresh_token_in">
|
|
12
|
+
<parameter name="grant_type" fixed="refresh_token"/>
|
|
13
|
+
<!-- <parameter name="client_id" type="string"/> -->
|
|
14
|
+
<parameter name="refresh_token" type="string"/>
|
|
15
|
+
</message>
|
|
16
|
+
|
|
17
|
+
<message name="refresh_token_out">
|
|
18
|
+
<parameter name="data" mimetype="application/json"/>
|
|
19
|
+
</message>
|
|
20
|
+
|
|
21
|
+
<message name="revoke_in">
|
|
22
|
+
<parameter name="token" type="string"/>
|
|
23
|
+
</message>
|
|
24
|
+
|
|
25
|
+
<resource>
|
|
26
|
+
<resource relative="verify">
|
|
27
|
+
<post in="verify_in" out="verify_out"/>
|
|
28
|
+
</resource>
|
|
29
|
+
<resource relative="token">
|
|
30
|
+
<post in="refresh_token_in" out="refresh_token_out"/>
|
|
31
|
+
</resource>
|
|
32
|
+
<resource relative="revoke">
|
|
33
|
+
<get in="revoke_in"/>
|
|
34
|
+
</resource>
|
|
35
|
+
</resource>
|
|
36
|
+
|
|
37
|
+
</description>
|
data/riddl.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "riddl"
|
|
3
|
-
s.version = "0.99.
|
|
3
|
+
s.version = "0.99.209"
|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
|
5
5
|
s.license = "LGPL-3"
|
|
6
6
|
s.summary = "restful interface description and declaration language: tools and client/server libs"
|
|
@@ -16,7 +16,8 @@ Gem::Specification.new do |s|
|
|
|
16
16
|
s.test_files = Dir['test/tc_*.rb','test/smartrunner.rb']
|
|
17
17
|
|
|
18
18
|
|
|
19
|
-
s.
|
|
19
|
+
s.email = 'juergen.mangler@gmail.com'
|
|
20
|
+
s.authors = ['Juergen \'eTM\' Mangler','Florian Stertz','Sonja Biedermann']
|
|
20
21
|
s.email = 'juergen.mangler@gmail.com'
|
|
21
22
|
s.homepage = 'http://www.wst.univie.ac.at/communities/riddl/'
|
|
22
23
|
|
metadata
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: riddl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.99.
|
|
4
|
+
version: 0.99.209
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
- Juergen eTM Mangler
|
|
7
|
+
- Juergen 'eTM' Mangler
|
|
8
|
+
- Florian Stertz
|
|
9
|
+
- Sonja Biedermann
|
|
8
10
|
autorequire:
|
|
9
11
|
bindir: tools
|
|
10
12
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
13
|
+
date: 2016-04-27 00:00:00.000000000 Z
|
|
12
14
|
dependencies:
|
|
13
15
|
- !ruby/object:Gem::Dependency
|
|
14
16
|
name: xml-smart
|
|
@@ -394,6 +396,7 @@ files:
|
|
|
394
396
|
- lib/ruby/riddl/ns/common-patterns/downloadify/1.0/downloadify.xml
|
|
395
397
|
- lib/ruby/riddl/ns/common-patterns/notifications-consumer/1.0/consumer.xml
|
|
396
398
|
- lib/ruby/riddl/ns/common-patterns/notifications-producer/1.0/producer.xml
|
|
399
|
+
- lib/ruby/riddl/ns/common-patterns/oauth2-univie-app/1.0/app.xml
|
|
397
400
|
- lib/ruby/riddl/ns/common-patterns/properties/1.0/properties.schema.schema
|
|
398
401
|
- lib/ruby/riddl/ns/common-patterns/properties/1.0/properties.schema.xsl
|
|
399
402
|
- lib/ruby/riddl/ns/common-patterns/properties/1.0/properties.xml
|
|
@@ -426,6 +429,8 @@ files:
|
|
|
426
429
|
- lib/ruby/riddl/utils/erbserve.rb
|
|
427
430
|
- lib/ruby/riddl/utils/fileserve.rb
|
|
428
431
|
- lib/ruby/riddl/utils/notifications_producer.rb
|
|
432
|
+
- lib/ruby/riddl/utils/oauth2-helper.rb
|
|
433
|
+
- lib/ruby/riddl/utils/oauth2-univie-app.rb
|
|
429
434
|
- lib/ruby/riddl/utils/properties.rb
|
|
430
435
|
- lib/ruby/riddl/utils/turtle.rb
|
|
431
436
|
- lib/ruby/riddl/utils/xmlserve.rb
|
|
@@ -447,6 +452,7 @@ files:
|
|
|
447
452
|
- ns/common-patterns/downloadify/1.0/downloadify.xml
|
|
448
453
|
- ns/common-patterns/notifications-consumer/1.0/consumer.xml
|
|
449
454
|
- ns/common-patterns/notifications-producer/1.0/producer.xml
|
|
455
|
+
- ns/common-patterns/oauth2-univie-app/1.0/app.xml
|
|
450
456
|
- ns/common-patterns/properties/1.0/properties.schema.schema
|
|
451
457
|
- ns/common-patterns/properties/1.0/properties.schema.xsl
|
|
452
458
|
- ns/common-patterns/properties/1.0/properties.xml
|