riddl 0.99.233 → 0.99.234

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e023417dff45880c13899fa20a9949376f27317a
-  data.tar.gz: 323810c54386ca0dca442962ef57288ab5e75cf4
+  metadata.gz: 2ca93248adde70b071655d4b0216f00511496271
+  data.tar.gz: 49324eeeafb669bd4b2090d312cd91ef332d172d
 SHA512:
-  metadata.gz: d49f600293f1ce6dec1313530b2adad6358892faddf5459ab24e014d9e11ddd5fc4e645378b43daa1d6cd17c0966708ff541035eb9f01c08760baa240fae0936
-  data.tar.gz: 4070c96163be8524ff934a0c203cc42609ca55721bea2534074254c3f4ed94b03498aaec78e9881546c069d59618fc4997658219f2be88ff5b4e8e9b4158bad0
+  metadata.gz: ada3aebb57578cd169a84710b8ef75bb6d4c7d73ab6cb864e0ab54349088fff60c3bdf90f7fcc9a9f5ed910cc0d458c79fbe65f4c787b857b05bd39184f44433
+  data.tar.gz: 1101e2de3121e467205694db830536b1c977e03484b2e824cafc0ecb10d2f04ecc96bd4743f1f7759c708034ddceaa2c9af7bcf4c3d3085fdfc759f3b03ddd92

data/lib/ruby/riddl/utils/oauth2-helper.rb

@@ -50,8 +50,9 @@ module Riddl
             end
 
             def delete(key)
-              value = @redis.get key
+              value = nil
               @redis.multi do
+                value = @redis.get key
                 @redis.del key
                 @redis.del value
               end
@@ -59,9 +60,10 @@ module Riddl
             end
 
             def delete_by_value(value)
+              key = nil
               value = value.is_a?(String) ? value.to_s : (JSON::generate(value) rescue {})
-              key = @redis.get value
               @redis.multi do
+                key = @redis.get value
                 @redis.del key
                 @redis.del value
               end

data/lib/ruby/riddl/utils/oauth2-univie.rb

@@ -3,65 +3,65 @@ require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
 module Riddl
   module Utils
     module OAuth2
-      
+
       module UnivieBearer
         def self::implementation(client_id, client_secret, access_tokens)
           Proc.new do
-						run CheckAuth, client_id, client_secret, access_tokens if get
+            run CheckAuth, client_id, client_secret, access_tokens if get
           end
-        end  
-
-				class CheckAuth < Riddl::Implementation
-					def response
-						client_id = @a[0]
-						client_secret = @a[1]
-						access_tokens = @a[2]
-						if @h['AUTHORIZATION']
-							token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
-
-							data, _, signature = token.rpartition '.'
-							expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
-
-							if !access_tokens.key? token
-								@status = 403
-								return Riddl::Parameter::Complex.new('data', 'application/json', {
-									:error => 'Unknown token'
-								}.to_json)
-							elsif signature != expected_sign
-								@status = 403
-								return Riddl::Parameter::Complex.new('data', 'application/json', {
-									:error => 'Invalid token, you bad boy'
-								}.to_json)
-							end
-
-							header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
-							payload_claims = JSON::parse payload_claims
-
-							if header_claims != Riddl::Utils::OAuth2::Helper::header
-								@status = 401
-								return Riddl::Parameter::Complex.new('data', 'application/json', {
-									:error => 'Invalid header claims'
-								}.to_json)
-							elsif payload_claims['exp'] <= Time.now.to_i
-								@status = 403
-								return Riddl::Parameter::Complex.new('data', 'application/json', {
-									:error => 'Expired token'
-								}.to_json)
-							elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
-								# XXX: ein token für mehrere clients gültig? lookup?
-								@status = 403
-								return Riddl::Parameter::Complex.new('data', 'application/json', {
-									:error => 'Token is not valid for this application'
-								}.to_json)
-							end
-
-							@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
-						end
-
-						@p
-					end
-				end
-			end
+        end
+
+        class CheckAuth < Riddl::Implementation
+          def response
+            client_id = @a[0]
+            client_secret = @a[1]
+            access_tokens = @a[2]
+            if @h['AUTHORIZATION']
+              token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
+
+              data, _, signature = token.rpartition '.'
+              expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
+
+              if !access_tokens.key? token
+                @status = 403
+                return Riddl::Parameter::Complex.new('data', 'application/json', {
+                  :error => 'Unknown token'
+                }.to_json)
+              elsif signature != expected_sign
+                @status = 403
+                return Riddl::Parameter::Complex.new('data', 'application/json', {
+                  :error => 'Invalid token, you bad boy'
+                }.to_json)
+              end
+
+              header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
+              payload_claims = JSON::parse payload_claims
+
+              if header_claims != Riddl::Utils::OAuth2::Helper::header
+                @status = 401
+                return Riddl::Parameter::Complex.new('data', 'application/json', {
+                  :error => 'Invalid header claims'
+                }.to_json)
+              elsif payload_claims['exp'] <= Time.now.to_i
+                @status = 403
+                return Riddl::Parameter::Complex.new('data', 'application/json', {
+                  :error => 'Expired token'
+                }.to_json)
+              elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
+                # XXX: ein token für mehrere clients gültig? lookup?
+                @status = 403
+                return Riddl::Parameter::Complex.new('data', 'application/json', {
+                  :error => 'Token is not valid for this application'
+                }.to_json)
+              end
+
+              @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
+            end
+
+            @p
+          end
+        end
+      end
 
       module UnivieApp
         def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, adur, rdur)
@@ -77,7 +77,7 @@ module Riddl
               run RevokeUserFlow, access_tokens, refresh_tokens if get 'revoke_user_in'
             end
           end
-        end  
+        end
 
         class VerifyIdentity < Riddl::Implementation
           def response
@@ -88,20 +88,27 @@ module Riddl
             client_secret  = @a[3]
             adur           = @a[4]
             rdur           = @a[5]
+            client_pass    = "#{client_id}:#{client_secret}"
 
-            client_pass   = "#{client_id}:#{client_secret}"
-            user_id, decrypted            = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2)
-            token, refresh_token          = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
-            access_tokens.set(token, user_id, adur)
-            refresh_tokens.set(refresh_token, token, rdur)
-
-            json_response = {
-              :access_token => token,
-              :refresh_token => refresh_token,
-              :code => Base64.urlsafe_encode64(decrypted)
-            }.to_json
-
-            Riddl::Parameter::Complex.new('data', 'application/json', json_response)
+            user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2) rescue [nil,nil]
+            if user_id.nil?
+              @status = 403
+              return Riddl::Parameter::Complex.new('data', 'application/json', {
+                :error => 'Code invalid. Client_id or client_secret not suitable for decryption.'
+              }.to_json)
+            else
+              token, refresh_token          = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
+              access_tokens.set(token, user_id, adur)
+              refresh_tokens.set(refresh_token, token, rdur)
+
+              json_response = {
+                :access_token => token,
+                :refresh_token => refresh_token,
+                :code => Base64.urlsafe_encode64(decrypted)
+              }.to_json
+
+              Riddl::Parameter::Complex.new('data', 'application/json', json_response)
+            end
           end
         end
 
@@ -166,6 +173,6 @@ module Riddl
         end
       end
 
-    end  
-  end  
+    end
+  end
 end

data/riddl.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name             = "riddl"
-  s.version          = "0.99.233"
+  s.version          = "0.99.234"
   s.platform         = Gem::Platform::RUBY
   s.license          = "LGPL-3"
   s.summary          = "restful interface description and declaration language: tools and client/server libs"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: riddl
 version: !ruby/object:Gem::Version
-  version: 0.99.233
+  version: 0.99.234
 platform: ruby
 authors:
 - Juergen 'eTM' Mangler