riddl 0.99.219 → 0.99.220
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/ruby/riddl/utils/oauth2-helper.rb +29 -23
- data/lib/ruby/riddl/utils/oauth2-univie.rb +20 -22
- data/riddl.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ce47165e288d9448eecdc4ceff488af317a1458f
|
4
|
+
data.tar.gz: 16e22cc288618e8c91e4f01dea79c316321e57f4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a4cccae7cfedfe0c4e76139c73a5b130961b11050a0bb10434f0048131159a0878b968899f42d38a7bf65c1678482be28d6e237b9432cd656e4052b4e5ba9ecc
|
7
|
+
data.tar.gz: 533e699f9267e98379440f9a13bf0379aeed2f847360388df3998083398fcd7d0ad9e517b2c60ea5d7685c324edc3719381aed6c3752d53b7fba36ca33819e04
|
@@ -15,16 +15,16 @@ module Riddl
|
|
15
15
|
read
|
16
16
|
end
|
17
17
|
|
18
|
-
def
|
18
|
+
def get(name,valuem,dur)
|
19
19
|
read if changed != @changed
|
20
20
|
@tokens[name]
|
21
21
|
end
|
22
22
|
|
23
|
-
def
|
24
|
-
@tokens.
|
23
|
+
def key?(key)
|
24
|
+
@tokens.key?(key)
|
25
25
|
end
|
26
26
|
|
27
|
-
def
|
27
|
+
def set(name,value,dur)
|
28
28
|
@tokens[name] = value
|
29
29
|
write
|
30
30
|
nil
|
@@ -38,6 +38,7 @@ module Riddl
|
|
38
38
|
write
|
39
39
|
end
|
40
40
|
end
|
41
|
+
private :changed
|
41
42
|
|
42
43
|
def write
|
43
44
|
EM.defer {
|
@@ -72,40 +73,45 @@ module Riddl
|
|
72
73
|
}.to_json
|
73
74
|
end #}}}
|
74
75
|
|
75
|
-
def self::
|
76
|
-
SecureRandom::hex(32)
|
77
|
-
end
|
78
|
-
|
79
|
-
def self::payload(client_id) #{{{
|
76
|
+
def self::access_payload(client_id, dur) #{{{
|
80
77
|
{
|
81
78
|
:iss => client_id,
|
82
79
|
:sub => nonce,
|
83
80
|
:aud => client_id,
|
84
|
-
:exp => Time.now.to_i +
|
81
|
+
:exp => Time.now.to_i + dur
|
85
82
|
}.to_json
|
86
83
|
end #}}}
|
87
84
|
|
85
|
+
def self::refresh_payload(client_id, dur) #{{{
|
86
|
+
{
|
87
|
+
:iss => client_id,
|
88
|
+
:sub => nonce,
|
89
|
+
:exp => Time.now.to_i + dur
|
90
|
+
}.to_json
|
91
|
+
end #}}}
|
92
|
+
|
93
|
+
def self::nonce #{{{
|
94
|
+
SecureRandom::hex(32)
|
95
|
+
end #}}}
|
96
|
+
|
88
97
|
def self::sign(secret, what) #{{{
|
89
98
|
Base64::urlsafe_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, what)
|
90
99
|
end #}}}
|
91
100
|
|
92
|
-
def self::
|
101
|
+
def self::generate_access_token(client_id, secret, dur)# {{{
|
93
102
|
h = Base64::urlsafe_encode64 header
|
94
|
-
p = Base64::urlsafe_encode64
|
103
|
+
p = Base64::urlsafe_encode64 access_payload(client_id,dur)
|
95
104
|
s = sign(secret, "#{h}.#{p}")
|
96
105
|
"#{h}.#{p}.#{s}"
|
97
106
|
end# }}}
|
98
|
-
def self::
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
:exp => Time.now.to_i + 7.884e6
|
103
|
-
}.to_json)
|
104
|
-
"#{token}.#{sign(secret,token)}"
|
107
|
+
def self::generate_refresh_token(client_id, secret, dur) # {{{
|
108
|
+
p = Base64::urlsafe_encode64 refresh_payload(client_id,dur)
|
109
|
+
s = sign(secret, p)
|
110
|
+
"#{p}.#{s}"
|
105
111
|
end# }}}
|
106
|
-
def self::generate_optimistic_token(client_id, secret) #{{{
|
107
|
-
t =
|
108
|
-
r =
|
112
|
+
def self::generate_optimistic_token(client_id, secret, adur, rdur) #{{{
|
113
|
+
t = generate_access_token(client_id, secret, adur)
|
114
|
+
r = generate_refresh_token(client_id, secret, rdur)
|
109
115
|
[t, r]
|
110
116
|
end #}}}
|
111
117
|
|
@@ -130,7 +136,7 @@ module Riddl
|
|
130
136
|
cipher.key = key
|
131
137
|
cipher.iv = iv
|
132
138
|
|
133
|
-
|
139
|
+
Base64::urlsafe_encode64(iv + cipher.update(data) + cipher.final) rescue nil
|
134
140
|
end #}}}
|
135
141
|
end
|
136
142
|
end
|
@@ -6,9 +6,6 @@ module Riddl
|
|
6
6
|
|
7
7
|
module UnivieBearer
|
8
8
|
def self::implementation(client_id, client_secret, access_tokens)
|
9
|
-
unless access_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && client_id.is_a?(String) && client_secret.is_a?(String)
|
10
|
-
raise "client_id, client_secret or token storage not available."
|
11
|
-
end
|
12
9
|
Proc.new do
|
13
10
|
run CheckAuth, client_id, client_secret, access_tokens if get
|
14
11
|
end
|
@@ -67,16 +64,13 @@ module Riddl
|
|
67
64
|
end
|
68
65
|
|
69
66
|
module UnivieApp
|
70
|
-
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens)
|
71
|
-
unless access_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && refresh_tokens.is_a?(Riddl::Utils::OAuth2::Helper::Tokens) && client_id.is_a?(String) && client_secret.is_a?(String)
|
72
|
-
raise "client_id, client_secret or token storage not available."
|
73
|
-
end
|
67
|
+
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, adur, rdur)
|
74
68
|
Proc.new do
|
75
69
|
on resource 'verify' do
|
76
|
-
run VerifyIdentity, access_tokens, refresh_tokens, client_id, client_secret if post 'verify_in'
|
70
|
+
run VerifyIdentity, access_tokens, refresh_tokens, client_id, client_secret, adur, rdur if post 'verify_in'
|
77
71
|
end
|
78
72
|
on resource 'token' do
|
79
|
-
run RefreshToken, access_tokens, refresh_tokens, client_id, client_secret if post 'refresh_token_in'
|
73
|
+
run RefreshToken, access_tokens, refresh_tokens, client_id, client_secret, adur, rdur if post 'refresh_token_in'
|
80
74
|
end
|
81
75
|
on resource 'revoke' do
|
82
76
|
run RevokeTokenFlow, access_tokens, refresh_tokens if get 'revoke_token_in'
|
@@ -88,16 +82,18 @@ module Riddl
|
|
88
82
|
class VerifyIdentity < Riddl::Implementation
|
89
83
|
def response
|
90
84
|
code = Base64::urlsafe_decode64 @p[0].value
|
91
|
-
access_tokens
|
85
|
+
access_tokens = @a[0]
|
92
86
|
refresh_tokens = @a[1]
|
93
|
-
client_id
|
94
|
-
client_secret
|
87
|
+
client_id = @a[2]
|
88
|
+
client_secret = @a[3]
|
89
|
+
adur = @a[4]
|
90
|
+
rdur = @a[5]
|
95
91
|
|
96
92
|
client_pass = "#{client_id}:#{client_secret}"
|
97
93
|
user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2)
|
98
|
-
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass)
|
99
|
-
access_tokens
|
100
|
-
refresh_tokens
|
94
|
+
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
|
95
|
+
access_tokens.set(token, user_id, adur)
|
96
|
+
refresh_tokens.set(refresh_token, token, rdur)
|
101
97
|
|
102
98
|
json_response = {
|
103
99
|
:access_token => token,
|
@@ -133,11 +129,13 @@ module Riddl
|
|
133
129
|
|
134
130
|
class RefreshToken < Riddl::Implementation
|
135
131
|
def response
|
136
|
-
refresh_token
|
137
|
-
access_tokens
|
132
|
+
refresh_token = @p[1].value
|
133
|
+
access_tokens = @a[0]
|
138
134
|
refresh_tokens = @a[1]
|
139
|
-
client_id
|
140
|
-
client_secret
|
135
|
+
client_id = @a[2]
|
136
|
+
client_secret = @a[3]
|
137
|
+
adur = @a[4]
|
138
|
+
rdur = @a[5]
|
141
139
|
|
142
140
|
token, _ = refresh_token.split '.'
|
143
141
|
token_data = JSON::parse(Base64::urlsafe_decode64 token)
|
@@ -158,10 +156,10 @@ module Riddl
|
|
158
156
|
old_token = refresh_tokens[refresh_token]
|
159
157
|
user = access_tokens.delete old_token
|
160
158
|
|
161
|
-
token = Riddl::Utils::OAuth2::Helper::
|
159
|
+
token = Riddl::Utils::OAuth2::Helper::generate_access_token(client_id, client_id + ':' + client_secret, adur)
|
162
160
|
|
163
|
-
|
164
|
-
|
161
|
+
access_tokens.set(token,user,adur)
|
162
|
+
refresh_tokens.set(refresh_token, token, rdur)
|
165
163
|
|
166
164
|
Riddl::Parameter::Complex.new('data', 'application/json', { :token => token }.to_json)
|
167
165
|
end
|
data/riddl.gemspec
CHANGED