riddl 0.99.208 → 0.99.209
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHORS +3 -0
- data/lib/ruby/riddl/ns/common-patterns/oauth2-univie-app/1.0/app.xml +37 -0
- data/lib/ruby/riddl/utils/oauth2-helper.rb +136 -0
- data/lib/ruby/riddl/utils/oauth2-univie-app.rb +75 -0
- data/ns/common-patterns/oauth2-univie-app/1.0/app.xml +37 -0
- data/riddl.gemspec +3 -2
- metadata +9 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a09958851c3d72d1bd539ccc1b8e236917f2c3b
|
|
4
|
+
data.tar.gz: 328c47ad7802b4516a059c61f531535d96baf80d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b302daa4b3ef2505b64f63d8ec7fb9093b8f95b0245e38a9da43d166076bf0036509cce5ee7d2c60ae025e34dbcb4bda3540baac28b7128b07e01c9371c203ef
|
|
7
|
+
data.tar.gz: 3de64c01df01dac35e258f16e4ee60f3bb0a415d725b59ab71e06c94b1228d194e3989faba49394e3daac80efb51c28557f55e9f0335189fc683a4318e24d3be
|
data/AUTHORS
CHANGED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<description datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" xmlns="http://riddl.org/ns/description/1.0" xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
2
|
+
|
|
3
|
+
<message name="verify_in">
|
|
4
|
+
<parameter name="code" type="string"/>
|
|
5
|
+
</message>
|
|
6
|
+
|
|
7
|
+
<message name="verify_out">
|
|
8
|
+
<parameter name="data" mimetype="application/json"/>
|
|
9
|
+
</message>
|
|
10
|
+
|
|
11
|
+
<message name="refresh_token_in">
|
|
12
|
+
<parameter name="grant_type" fixed="refresh_token"/>
|
|
13
|
+
<!-- <parameter name="client_id" type="string"/> -->
|
|
14
|
+
<parameter name="refresh_token" type="string"/>
|
|
15
|
+
</message>
|
|
16
|
+
|
|
17
|
+
<message name="refresh_token_out">
|
|
18
|
+
<parameter name="data" mimetype="application/json"/>
|
|
19
|
+
</message>
|
|
20
|
+
|
|
21
|
+
<message name="revoke_in">
|
|
22
|
+
<parameter name="token" type="string"/>
|
|
23
|
+
</message>
|
|
24
|
+
|
|
25
|
+
<resource>
|
|
26
|
+
<resource relative="verify">
|
|
27
|
+
<post in="verify_in" out="verify_out"/>
|
|
28
|
+
</resource>
|
|
29
|
+
<resource relative="token">
|
|
30
|
+
<post in="refresh_token_in" out="refresh_token_out"/>
|
|
31
|
+
</resource>
|
|
32
|
+
<resource relative="revoke">
|
|
33
|
+
<get in="revoke_in"/>
|
|
34
|
+
</resource>
|
|
35
|
+
</resource>
|
|
36
|
+
|
|
37
|
+
</description>
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
require 'base64'
|
|
3
|
+
require 'securerandom'
|
|
4
|
+
require 'json'
|
|
5
|
+
|
|
6
|
+
module Riddl
|
|
7
|
+
module Utils
|
|
8
|
+
module OAuth2
|
|
9
|
+
|
|
10
|
+
module Helper
|
|
11
|
+
class Tokens #{{{
|
|
12
|
+
def initialize(tfile)
|
|
13
|
+
@tfile = tfile
|
|
14
|
+
@changed = changed
|
|
15
|
+
read
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def [](name)
|
|
19
|
+
read if changed != @changed
|
|
20
|
+
@tokens[name]
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def method_missing(name,*opts)
|
|
24
|
+
@tokens.send(name,*opts)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def []=(name,value)
|
|
28
|
+
@tokens[name] = value
|
|
29
|
+
write
|
|
30
|
+
nil
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def changed
|
|
34
|
+
if File.exists?(@tfile)
|
|
35
|
+
File.stat(@tfile).mtime
|
|
36
|
+
else
|
|
37
|
+
@tokens = {}
|
|
38
|
+
write
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def write
|
|
43
|
+
File.write(@tfile, JSON::pretty_generate(@tokens)) rescue {}
|
|
44
|
+
@changed = changed
|
|
45
|
+
end
|
|
46
|
+
private :write
|
|
47
|
+
|
|
48
|
+
def read
|
|
49
|
+
@tokens = JSON::parse(File.read(@tfile)) rescue {}
|
|
50
|
+
end
|
|
51
|
+
private :read
|
|
52
|
+
|
|
53
|
+
def delete(token)
|
|
54
|
+
deleted = @tokens.delete(token)
|
|
55
|
+
write
|
|
56
|
+
deleted
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def delete_by_user(user_id)
|
|
60
|
+
deleted = @tokens.delete_if { |_, v| v == user_id }
|
|
61
|
+
write
|
|
62
|
+
deleted
|
|
63
|
+
end
|
|
64
|
+
end #}}}
|
|
65
|
+
|
|
66
|
+
def self::header #{{{
|
|
67
|
+
{
|
|
68
|
+
:alg => 'HS256',
|
|
69
|
+
:typ => 'JWT'
|
|
70
|
+
}.to_json
|
|
71
|
+
end #}}}
|
|
72
|
+
|
|
73
|
+
def self::nonce
|
|
74
|
+
SecureRandom::hex(32)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def self::payload(client_id) #{{{
|
|
78
|
+
{
|
|
79
|
+
:iss => client_id,
|
|
80
|
+
:sub => nonce,
|
|
81
|
+
:aud => client_id,
|
|
82
|
+
:exp => Time.now.to_i + 3600
|
|
83
|
+
}.to_json
|
|
84
|
+
end #}}}
|
|
85
|
+
|
|
86
|
+
def self::sign(secret, what) #{{{
|
|
87
|
+
Base64::urlsafe_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, what)
|
|
88
|
+
end #}}}
|
|
89
|
+
|
|
90
|
+
def self::make_access_token(client_id, secret)# {{{
|
|
91
|
+
h = Base64::urlsafe_encode64 header
|
|
92
|
+
p = Base64::urlsafe_encode64 payload(client_id)
|
|
93
|
+
s = sign(secret, "#{h}.#{p}")
|
|
94
|
+
"#{h}.#{p}.#{s}"
|
|
95
|
+
end# }}}
|
|
96
|
+
def self::make_refresh_token(client_id, secret) # {{{
|
|
97
|
+
token = Base64::urlsafe_encode64({
|
|
98
|
+
:iss => client_id,
|
|
99
|
+
:sub => nonce,
|
|
100
|
+
:exp => Time.now.to_i + 7.884e6
|
|
101
|
+
}.to_json)
|
|
102
|
+
"#{token}.#{sign(secret,token)}"
|
|
103
|
+
end# }}}
|
|
104
|
+
def self::generate_optimistic_token(client_id, secret) #{{{
|
|
105
|
+
t = make_access_token(client_id, secret)
|
|
106
|
+
r = make_refresh_token(client_id, secret)
|
|
107
|
+
[t, r]
|
|
108
|
+
end #}}}
|
|
109
|
+
|
|
110
|
+
def self::decrypt_with_shared_secret(data, secret) #{{{
|
|
111
|
+
# extract initialization vector from encrypted data for further shenanigans
|
|
112
|
+
iv, encr = data[0...16], data[16..-1]
|
|
113
|
+
|
|
114
|
+
decipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
|
|
115
|
+
decipher.decrypt
|
|
116
|
+
|
|
117
|
+
decipher.key = Digest::SHA256.hexdigest secret
|
|
118
|
+
decipher.iv = iv
|
|
119
|
+
|
|
120
|
+
decipher.update(encr) + decipher.final rescue nil
|
|
121
|
+
end #}}}
|
|
122
|
+
def self::encrypt_with_shared_secret(data, secret) #{{{
|
|
123
|
+
cipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
|
|
124
|
+
cipher.encrypt
|
|
125
|
+
|
|
126
|
+
key = Digest::SHA256.hexdigest secret
|
|
127
|
+
iv = cipher.random_iv
|
|
128
|
+
cipher.key = key
|
|
129
|
+
cipher.iv = iv
|
|
130
|
+
|
|
131
|
+
Base64::urlsafe_encode64(iv + cipher.update(data) + cipher.final) rescue nil
|
|
132
|
+
end #}}}
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
|
|
2
|
+
|
|
3
|
+
module Riddl
|
|
4
|
+
module Utils
|
|
5
|
+
module OAuth2
|
|
6
|
+
|
|
7
|
+
module UnivieApp
|
|
8
|
+
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens)
|
|
9
|
+
unless access_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && refresh_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && client_id.is_a?(String) && client_secret.is_a?(String)
|
|
10
|
+
raise "client_id, client_secret or token storage not available."
|
|
11
|
+
end
|
|
12
|
+
Proc.new do
|
|
13
|
+
on resource 'verify' do
|
|
14
|
+
run VerifyIdentity, access_tokens, refresh_tokens, client_id, client_secret if post 'verify_in'
|
|
15
|
+
end
|
|
16
|
+
on resource 'token' do
|
|
17
|
+
run RefreshToken, access_tokens, refresh_tokens if post 'refresh_token_in'
|
|
18
|
+
end
|
|
19
|
+
on resource 'revoke' do
|
|
20
|
+
run RevokeTokenFlow, access_tokens, refresh_tokens if get 'revoke_token_in'
|
|
21
|
+
run RevokeUserFlow, access_tokens, refresh_tokens if get 'revoke_user_in'
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
class VerifyIdentity < Riddl::Implementation
|
|
27
|
+
def response
|
|
28
|
+
code = Base64::urlsafe_decode64 @p[0].value
|
|
29
|
+
access_tokens = @a[0]
|
|
30
|
+
refresh_tokens = @a[1]
|
|
31
|
+
client_id = @a[2]
|
|
32
|
+
client_secret = @a[3]
|
|
33
|
+
|
|
34
|
+
client_pass = "#{client_id}:#{client_secret}"
|
|
35
|
+
user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2)
|
|
36
|
+
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass)
|
|
37
|
+
access_tokens[token] = user_id
|
|
38
|
+
refresh_tokens[refresh_token] = token
|
|
39
|
+
|
|
40
|
+
json_response = {
|
|
41
|
+
:access_token => token,
|
|
42
|
+
:refresh_token => refresh_token,
|
|
43
|
+
:code => Base64.urlsafe_encode64(decrypted)
|
|
44
|
+
}.to_json
|
|
45
|
+
|
|
46
|
+
Riddl::Parameter::Complex.new('data', 'application/json', json_response)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
class RevokeTokenFlow < Riddl::Implementation
|
|
51
|
+
def response
|
|
52
|
+
token = @p[0].value
|
|
53
|
+
access_tokens = @a[0]
|
|
54
|
+
refresh_tokens = @a[1]
|
|
55
|
+
|
|
56
|
+
access_tokens.delete(token)
|
|
57
|
+
refresh_tokens.delete_by_token(token)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
class RevokeUserFlow < Riddl::Implementation
|
|
62
|
+
def response
|
|
63
|
+
user_id = @p[0].value
|
|
64
|
+
access_tokens = @a[0]
|
|
65
|
+
refresh_tokens = @a[1]
|
|
66
|
+
|
|
67
|
+
token = access_tokens.delete_by_user user_id
|
|
68
|
+
refresh_tokens.delete_by_token token
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<description datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" xmlns="http://riddl.org/ns/description/1.0" xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
2
|
+
|
|
3
|
+
<message name="verify_in">
|
|
4
|
+
<parameter name="code" type="string"/>
|
|
5
|
+
</message>
|
|
6
|
+
|
|
7
|
+
<message name="verify_out">
|
|
8
|
+
<parameter name="data" mimetype="application/json"/>
|
|
9
|
+
</message>
|
|
10
|
+
|
|
11
|
+
<message name="refresh_token_in">
|
|
12
|
+
<parameter name="grant_type" fixed="refresh_token"/>
|
|
13
|
+
<!-- <parameter name="client_id" type="string"/> -->
|
|
14
|
+
<parameter name="refresh_token" type="string"/>
|
|
15
|
+
</message>
|
|
16
|
+
|
|
17
|
+
<message name="refresh_token_out">
|
|
18
|
+
<parameter name="data" mimetype="application/json"/>
|
|
19
|
+
</message>
|
|
20
|
+
|
|
21
|
+
<message name="revoke_in">
|
|
22
|
+
<parameter name="token" type="string"/>
|
|
23
|
+
</message>
|
|
24
|
+
|
|
25
|
+
<resource>
|
|
26
|
+
<resource relative="verify">
|
|
27
|
+
<post in="verify_in" out="verify_out"/>
|
|
28
|
+
</resource>
|
|
29
|
+
<resource relative="token">
|
|
30
|
+
<post in="refresh_token_in" out="refresh_token_out"/>
|
|
31
|
+
</resource>
|
|
32
|
+
<resource relative="revoke">
|
|
33
|
+
<get in="revoke_in"/>
|
|
34
|
+
</resource>
|
|
35
|
+
</resource>
|
|
36
|
+
|
|
37
|
+
</description>
|
data/riddl.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "riddl"
|
|
3
|
-
s.version = "0.99.
|
|
3
|
+
s.version = "0.99.209"
|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
|
5
5
|
s.license = "LGPL-3"
|
|
6
6
|
s.summary = "restful interface description and declaration language: tools and client/server libs"
|
|
@@ -16,7 +16,8 @@ Gem::Specification.new do |s|
|
|
|
16
16
|
s.test_files = Dir['test/tc_*.rb','test/smartrunner.rb']
|
|
17
17
|
|
|
18
18
|
|
|
19
|
-
s.
|
|
19
|
+
s.email = 'juergen.mangler@gmail.com'
|
|
20
|
+
s.authors = ['Juergen \'eTM\' Mangler','Florian Stertz','Sonja Biedermann']
|
|
20
21
|
s.email = 'juergen.mangler@gmail.com'
|
|
21
22
|
s.homepage = 'http://www.wst.univie.ac.at/communities/riddl/'
|
|
22
23
|
|
metadata
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: riddl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.99.
|
|
4
|
+
version: 0.99.209
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
- Juergen eTM Mangler
|
|
7
|
+
- Juergen 'eTM' Mangler
|
|
8
|
+
- Florian Stertz
|
|
9
|
+
- Sonja Biedermann
|
|
8
10
|
autorequire:
|
|
9
11
|
bindir: tools
|
|
10
12
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
13
|
+
date: 2016-04-27 00:00:00.000000000 Z
|
|
12
14
|
dependencies:
|
|
13
15
|
- !ruby/object:Gem::Dependency
|
|
14
16
|
name: xml-smart
|
|
@@ -394,6 +396,7 @@ files:
|
|
|
394
396
|
- lib/ruby/riddl/ns/common-patterns/downloadify/1.0/downloadify.xml
|
|
395
397
|
- lib/ruby/riddl/ns/common-patterns/notifications-consumer/1.0/consumer.xml
|
|
396
398
|
- lib/ruby/riddl/ns/common-patterns/notifications-producer/1.0/producer.xml
|
|
399
|
+
- lib/ruby/riddl/ns/common-patterns/oauth2-univie-app/1.0/app.xml
|
|
397
400
|
- lib/ruby/riddl/ns/common-patterns/properties/1.0/properties.schema.schema
|
|
398
401
|
- lib/ruby/riddl/ns/common-patterns/properties/1.0/properties.schema.xsl
|
|
399
402
|
- lib/ruby/riddl/ns/common-patterns/properties/1.0/properties.xml
|
|
@@ -426,6 +429,8 @@ files:
|
|
|
426
429
|
- lib/ruby/riddl/utils/erbserve.rb
|
|
427
430
|
- lib/ruby/riddl/utils/fileserve.rb
|
|
428
431
|
- lib/ruby/riddl/utils/notifications_producer.rb
|
|
432
|
+
- lib/ruby/riddl/utils/oauth2-helper.rb
|
|
433
|
+
- lib/ruby/riddl/utils/oauth2-univie-app.rb
|
|
429
434
|
- lib/ruby/riddl/utils/properties.rb
|
|
430
435
|
- lib/ruby/riddl/utils/turtle.rb
|
|
431
436
|
- lib/ruby/riddl/utils/xmlserve.rb
|
|
@@ -447,6 +452,7 @@ files:
|
|
|
447
452
|
- ns/common-patterns/downloadify/1.0/downloadify.xml
|
|
448
453
|
- ns/common-patterns/notifications-consumer/1.0/consumer.xml
|
|
449
454
|
- ns/common-patterns/notifications-producer/1.0/producer.xml
|
|
455
|
+
- ns/common-patterns/oauth2-univie-app/1.0/app.xml
|
|
450
456
|
- ns/common-patterns/properties/1.0/properties.schema.schema
|
|
451
457
|
- ns/common-patterns/properties/1.0/properties.schema.xsl
|
|
452
458
|
- ns/common-patterns/properties/1.0/properties.xml
|