riddl 0.99.233 → 0.99.234
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/ruby/riddl/utils/oauth2-helper.rb +4 -2
- data/lib/ruby/riddl/utils/oauth2-univie.rb +78 -71
- data/riddl.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ca93248adde70b071655d4b0216f00511496271
|
4
|
+
data.tar.gz: 49324eeeafb669bd4b2090d312cd91ef332d172d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ada3aebb57578cd169a84710b8ef75bb6d4c7d73ab6cb864e0ab54349088fff60c3bdf90f7fcc9a9f5ed910cc0d458c79fbe65f4c787b857b05bd39184f44433
|
7
|
+
data.tar.gz: 1101e2de3121e467205694db830536b1c977e03484b2e824cafc0ecb10d2f04ecc96bd4743f1f7759c708034ddceaa2c9af7bcf4c3d3085fdfc759f3b03ddd92
|
@@ -50,8 +50,9 @@ module Riddl
|
|
50
50
|
end
|
51
51
|
|
52
52
|
def delete(key)
|
53
|
-
value =
|
53
|
+
value = nil
|
54
54
|
@redis.multi do
|
55
|
+
value = @redis.get key
|
55
56
|
@redis.del key
|
56
57
|
@redis.del value
|
57
58
|
end
|
@@ -59,9 +60,10 @@ module Riddl
|
|
59
60
|
end
|
60
61
|
|
61
62
|
def delete_by_value(value)
|
63
|
+
key = nil
|
62
64
|
value = value.is_a?(String) ? value.to_s : (JSON::generate(value) rescue {})
|
63
|
-
key = @redis.get value
|
64
65
|
@redis.multi do
|
66
|
+
key = @redis.get value
|
65
67
|
@redis.del key
|
66
68
|
@redis.del value
|
67
69
|
end
|
@@ -3,65 +3,65 @@ require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
|
|
3
3
|
module Riddl
|
4
4
|
module Utils
|
5
5
|
module OAuth2
|
6
|
-
|
6
|
+
|
7
7
|
module UnivieBearer
|
8
8
|
def self::implementation(client_id, client_secret, access_tokens)
|
9
9
|
Proc.new do
|
10
|
-
|
10
|
+
run CheckAuth, client_id, client_secret, access_tokens if get
|
11
11
|
end
|
12
|
-
end
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
12
|
+
end
|
13
|
+
|
14
|
+
class CheckAuth < Riddl::Implementation
|
15
|
+
def response
|
16
|
+
client_id = @a[0]
|
17
|
+
client_secret = @a[1]
|
18
|
+
access_tokens = @a[2]
|
19
|
+
if @h['AUTHORIZATION']
|
20
|
+
token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
|
21
|
+
|
22
|
+
data, _, signature = token.rpartition '.'
|
23
|
+
expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
|
24
|
+
|
25
|
+
if !access_tokens.key? token
|
26
|
+
@status = 403
|
27
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
28
|
+
:error => 'Unknown token'
|
29
|
+
}.to_json)
|
30
|
+
elsif signature != expected_sign
|
31
|
+
@status = 403
|
32
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
33
|
+
:error => 'Invalid token, you bad boy'
|
34
|
+
}.to_json)
|
35
|
+
end
|
36
|
+
|
37
|
+
header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
|
38
|
+
payload_claims = JSON::parse payload_claims
|
39
|
+
|
40
|
+
if header_claims != Riddl::Utils::OAuth2::Helper::header
|
41
|
+
@status = 401
|
42
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
43
|
+
:error => 'Invalid header claims'
|
44
|
+
}.to_json)
|
45
|
+
elsif payload_claims['exp'] <= Time.now.to_i
|
46
|
+
@status = 403
|
47
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
48
|
+
:error => 'Expired token'
|
49
|
+
}.to_json)
|
50
|
+
elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
|
51
|
+
# XXX: ein token für mehrere clients gültig? lookup?
|
52
|
+
@status = 403
|
53
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
54
|
+
:error => 'Token is not valid for this application'
|
55
|
+
}.to_json)
|
56
|
+
end
|
57
|
+
|
58
|
+
@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
|
59
|
+
end
|
60
|
+
|
61
|
+
@p
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
65
|
|
66
66
|
module UnivieApp
|
67
67
|
def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, adur, rdur)
|
@@ -77,7 +77,7 @@ module Riddl
|
|
77
77
|
run RevokeUserFlow, access_tokens, refresh_tokens if get 'revoke_user_in'
|
78
78
|
end
|
79
79
|
end
|
80
|
-
end
|
80
|
+
end
|
81
81
|
|
82
82
|
class VerifyIdentity < Riddl::Implementation
|
83
83
|
def response
|
@@ -88,20 +88,27 @@ module Riddl
|
|
88
88
|
client_secret = @a[3]
|
89
89
|
adur = @a[4]
|
90
90
|
rdur = @a[5]
|
91
|
+
client_pass = "#{client_id}:#{client_secret}"
|
91
92
|
|
92
|
-
|
93
|
-
user_id
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
93
|
+
user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2) rescue [nil,nil]
|
94
|
+
if user_id.nil?
|
95
|
+
@status = 403
|
96
|
+
return Riddl::Parameter::Complex.new('data', 'application/json', {
|
97
|
+
:error => 'Code invalid. Client_id or client_secret not suitable for decryption.'
|
98
|
+
}.to_json)
|
99
|
+
else
|
100
|
+
token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
|
101
|
+
access_tokens.set(token, user_id, adur)
|
102
|
+
refresh_tokens.set(refresh_token, token, rdur)
|
103
|
+
|
104
|
+
json_response = {
|
105
|
+
:access_token => token,
|
106
|
+
:refresh_token => refresh_token,
|
107
|
+
:code => Base64.urlsafe_encode64(decrypted)
|
108
|
+
}.to_json
|
109
|
+
|
110
|
+
Riddl::Parameter::Complex.new('data', 'application/json', json_response)
|
111
|
+
end
|
105
112
|
end
|
106
113
|
end
|
107
114
|
|
@@ -166,6 +173,6 @@ module Riddl
|
|
166
173
|
end
|
167
174
|
end
|
168
175
|
|
169
|
-
end
|
170
|
-
end
|
176
|
+
end
|
177
|
+
end
|
171
178
|
end
|
data/riddl.gemspec
CHANGED