riddl 0.99.233 → 0.99.234
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/ruby/riddl/utils/oauth2-helper.rb +4 -2
- data/lib/ruby/riddl/utils/oauth2-univie.rb +78 -71
- data/riddl.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ca93248adde70b071655d4b0216f00511496271
|
4
|
+
data.tar.gz: 49324eeeafb669bd4b2090d312cd91ef332d172d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ada3aebb57578cd169a84710b8ef75bb6d4c7d73ab6cb864e0ab54349088fff60c3bdf90f7fcc9a9f5ed910cc0d458c79fbe65f4c787b857b05bd39184f44433
|
7
|
+
data.tar.gz: 1101e2de3121e467205694db830536b1c977e03484b2e824cafc0ecb10d2f04ecc96bd4743f1f7759c708034ddceaa2c9af7bcf4c3d3085fdfc759f3b03ddd92
|
@@ -50,8 +50,9 @@ module Riddl
|
|
50
50
|
end
|
51
51
|
|
52
52
|
def delete(key)
|
53
|
-
value =
|
53
|
+
value = nil
|
54
54
|
@redis.multi do
|
55
|
+
value = @redis.get key
|
55
56
|
@redis.del key
|
56
57
|
@redis.del value
|
57
58
|
end
|
@@ -59,9 +60,10 @@ module Riddl
|
|
59
60
|
end
|
60
61
|
|
61
62
|
def delete_by_value(value)
|
63
|
+
key = nil
|
62
64
|
value = value.is_a?(String) ? value.to_s : (JSON::generate(value) rescue {})
|
63
|
-
key = @redis.get value
|
64
65
|
@redis.multi do
|
66
|
+
key = @redis.get value
|
65
67
|
@redis.del key
|
66
68
|
@redis.del value
|
67
69
|
end
|
@@ -3,65 +3,65 @@ require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
|
|
3
3
|
module Riddl
|
4
4
|
module Utils
|
5
5
|
module OAuth2
|
6
|
-
|
6
|
+
|
7
7
|
module UnivieBearer
|
8
8
|
def self::implementation(client_id, client_secret, access_tokens)
|
9
9
|
Proc.new do
|
10
|
-
|
10
|
+
run CheckAuth, client_id, client_secret, access_tokens if get
|
11
11
|
end
|
12
|
-
end
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
12
|
+
end
|
13
|
+
|
14
|
+
class CheckAuth < Riddl::Implementation
|
15
|
+
def response
|
16
|
+
client_id = @a[0]
|
17
|
+
client_secret = @a[1]
|
18
|
+
access_tokens = @a[2]
|
19
|
+
if @h['AUTHORIZATION']
|
20
|
+
token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
|
21
|
+
|
22
|
+
data, _, signature = token.rpartition '.'
|
23
|
+
expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
|
24
|
+
|
25
|
+
if !access_tokens.key? token
|
26
|
+
@status = 403
|
27
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
28
|
+
:error => 'Unknown token'
|
29
|
+
}.to_json)
|
30
|
+
elsif signature != expected_sign
|
31
|
+
@status = 403
|
32
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
33
|
+
:error => 'Invalid token, you bad boy'
|
34
|
+
}.to_json)
|
35
|
+
end
|
36
|
+
|
37
|
+
header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
|
38
|
+
payload_claims = JSON::parse payload_claims
|
39
|
+
|
40
|
+
if header_claims != Riddl::Utils::OAuth2::Helper::header
|
41
|
+
@status = 401
|
42
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
43
|
+
:error => 'Invalid header claims'
|
44
|
+
}.to_json)
|
45
|
+
elsif payload_claims['exp'] <= Time.now.to_i
|
46
|
+
@status = 403
|
47
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
48
|
+
:error => 'Expired token'
|
49
|
+
}.to_json)
|
50
|
+
elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
|
51
|
+
# XXX: ein token für mehrere clients gültig? lookup?
|
52
|
+
@status = 403
|
53
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
54
|
+
:error => 'Token is not valid for this application'
|
55
|
+
}.to_json)
|
56
|
+
end
|
57
|
+
|
58
|
+
@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
|
59
|
+
end
|
60
|
+
|
61
|
+
@p
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
65
|
|
66
66
|
module UnivieApp
|
67
67
|
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, adur, rdur)
|
@@ -77,7 +77,7 @@ module Riddl
|
|
77
77
|
run RevokeUserFlow, access_tokens, refresh_tokens if get 'revoke_user_in'
|
78
78
|
end
|
79
79
|
end
|
80
|
-
end
|
80
|
+
end
|
81
81
|
|
82
82
|
class VerifyIdentity < Riddl::Implementation
|
83
83
|
def response
|
@@ -88,20 +88,27 @@ module Riddl
|
|
88
88
|
client_secret = @a[3]
|
89
89
|
adur = @a[4]
|
90
90
|
rdur = @a[5]
|
91
|
+
client_pass = "#{client_id}:#{client_secret}"
|
91
92
|
|
92
|
-
|
93
|
-
user_id
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
93
|
+
user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2) rescue [nil,nil]
|
94
|
+
if user_id.nil?
|
95
|
+
@status = 403
|
96
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
97
|
+
:error => 'Code invalid. Client_id or client_secret not suitable for decryption.'
|
98
|
+
}.to_json)
|
99
|
+
else
|
100
|
+
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
|
101
|
+
access_tokens.set(token, user_id, adur)
|
102
|
+
refresh_tokens.set(refresh_token, token, rdur)
|
103
|
+
|
104
|
+
json_response = {
|
105
|
+
:access_token => token,
|
106
|
+
:refresh_token => refresh_token,
|
107
|
+
:code => Base64.urlsafe_encode64(decrypted)
|
108
|
+
}.to_json
|
109
|
+
|
110
|
+
Riddl::Parameter::Complex.new('data', 'application/json', json_response)
|
111
|
+
end
|
105
112
|
end
|
106
113
|
end
|
107
114
|
|
@@ -166,6 +173,6 @@ module Riddl
|
|
166
173
|
end
|
167
174
|
end
|
168
175
|
|
169
|
-
end
|
170
|
-
end
|
176
|
+
end
|
177
|
+
end
|
171
178
|
end
|
data/riddl.gemspec
CHANGED