riddl 0.99.256 → 0.99.257

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ruby/riddl/utils/oauth2-univie.rb +5 -0
  3. data/lib/ruby/riddl/utils/oauth2-univie.rb.orig +166 -0
  4. data/lib/ruby/riddl/utils/oauth2-univie.rb.rej +10 -0
  5. data/riddl.gemspec +1 -1
  6. metadata +10 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 234355d07a1365d8c3edad0985f8fbed5c1020b1
4
- data.tar.gz: eeedfe05639e119ff574ecaef299e4fe792786aa
3
+ metadata.gz: 32d893d88c9f303cb71b2ad369e45cf7581c177c
4
+ data.tar.gz: 9a2ea9a6ae45aa961fff86a5a4fcf58cdc71d0ad
5
5
  SHA512:
6
- metadata.gz: 8746dda65d1ecfb226db477340b060ca803392ddf40d1228299c39a670afdd6fb004bb579ed1cfeab379c9d7dbfc2af06a4688405de26132d713eb4e149095fa
7
- data.tar.gz: fccc19fdd4ca57f9673ece1c9a071c85d1188fc52a3b9c76461424232b3d08fe06590e5738d88fcf30c4bbc640ec7217d5241bb10874ed4b6fce1fb274bb552f
6
+ metadata.gz: 43a615f7a29b7a1240a5a38ec8ef73c26d113e468474edcf11b148637fd7fdb82968a205edf353d1a694c707205357fe39cfdef5ed1602dab4036bbf4ee12a86
7
+ data.tar.gz: 38cdd3f4eaa23b0d18adfb983f255ec017a5c2f365d05452a3a481eef5c5992cf215b498d4457dc98bbae2eec28881c64710b106e092fbffc30fd9c30aaaaffe
data/lib/ruby/riddl/utils/oauth2-univie.rb CHANGED
@@ -50,6 +50,11 @@ module Riddl
50
50
  end
51
51
 
52
52
  @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
53
+ else
54
+ @status = 403
55
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
56
+ :error => 'No authorization provided.'
57
+ }.to_json)
53
58
  end
54
59
 
55
60
  @p
data/lib/ruby/riddl/utils/oauth2-univie.rb.orig ADDED
@@ -0,0 +1,166 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/oauth2-helper')
2
+
3
+ module Riddl
4
+ module Utils
5
+ module OAuth2
6
+
7
+ module UnivieBearer
8
+ class CheckAuth < Riddl::Implementation
9
+ def response
10
+ client_id = @a[0]
11
+ client_secret = @a[1]
12
+ access_tokens = @a[2]
13
+ if @h['AUTHORIZATION']
14
+ token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
15
+
16
+ data, _, signature = token.rpartition '.'
17
+ expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
18
+
19
+ if !access_tokens.key? token
20
+ @status = 403
21
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
22
+ :error => 'Unknown token'
23
+ }.to_json)
24
+ elsif signature != expected_sign
25
+ @status = 403
26
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
27
+ :error => 'Invalid token, you bad boy'
28
+ }.to_json)
29
+ end
30
+
31
+ header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
32
+ payload_claims = JSON::parse payload_claims
33
+
34
+ if header_claims != Riddl::Utils::OAuth2::Helper::header
35
+ @status = 401
36
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
37
+ :error => 'Invalid header claims'
38
+ }.to_json)
39
+ elsif payload_claims['exp'] <= Time.now.to_i
40
+ @status = 403
41
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
42
+ :error => 'Expired token'
43
+ }.to_json)
44
+ elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
45
+ # XXX: ein token für mehrere clients gültig? lookup?
46
+ @status = 403
47
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
48
+ :error => 'Token is not valid for this application'
49
+ }.to_json)
50
+ end
51
+
52
+ @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
53
+ end
54
+
55
+ @p
56
+ end
57
+ end
58
+ end
59
+
60
+ module UnivieApp
61
+ def self::implementation(client_id, client_secret, access_tokens, refresh_tokens, codes, adur, rdur)
62
+ Proc.new do
63
+ run UnivieBearer::CheckAuth, client_id, client_secret, access_tokens if get 'check'
64
+ on resource 'verify' do
65
+ run VerifyIdentity, access_tokens, refresh_tokens, codes, client_id, client_secret, adur, rdur if post 'verify_in'
66
+ end
67
+ on resource 'token' do
68
+ run RefreshToken, access_tokens, refresh_tokens, client_id, client_secret, adur, rdur if post 'refresh_token_in'
69
+ end
70
+ on resource 'revoke' do
71
+ run RevokeFlow, access_tokens, refresh_tokens, codes if delete 'revoke_in'
72
+ end
73
+ end
74
+ end
75
+
76
+ class VerifyIdentity < Riddl::Implementation
77
+ def response
78
+ code = Base64::urlsafe_decode64 @p[0].value
79
+ access_tokens = @a[0]
80
+ refresh_tokens = @a[1]
81
+ codes = @a[2]
82
+ client_id = @a[3]
83
+ client_secret = @a[4]
84
+ adur = @a[5]
85
+ rdur = @a[6]
86
+ client_pass = "#{client_id}:#{client_secret}"
87
+
88
+ user_id, decrypted = Riddl::Utils::OAuth2::Helper::decrypt_with_shared_secret(code, client_pass).split(':', 2) rescue [nil,nil]
89
+ if user_id.nil?
90
+ @status = 403
91
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
92
+ :error => 'Code invalid. Client_id or client_secret not suitable for decryption.'
93
+ }.to_json)
94
+ else
95
+ token, refresh_token = Riddl::Utils::OAuth2::Helper::generate_optimistic_token(client_id, client_pass, adur, rdur)
96
+ codes.set(code, refresh_token, rdur)
97
+ access_tokens.set(token, user_id, rdur) # not adur, to identify expired access tokens
98
+ refresh_tokens.set(refresh_token, token, rdur)
99
+
100
+ json_response = {
101
+ :access_token => token,
102
+ :refresh_token => refresh_token,
103
+ :code => Base64.urlsafe_encode64(decrypted),
104
+ :user_id => user_id
105
+ }.to_json
106
+
107
+ Riddl::Parameter::Complex.new('data', 'application/json', json_response)
108
+ end
109
+ end
110
+ end
111
+
112
+ class RevokeFlow < Riddl::Implementation
113
+ def response
114
+ code = Base64::urlsafe_decode64 @p[0].value
115
+ access_tokens = @a[0]
116
+ refresh_tokens = @a[1]
117
+ codes = @a[2]
118
+
119
+ rt = codes.delete(code)
120
+ at = refresh_tokens.delete(rt)
121
+ access_tokens.delete(at)
122
+ end
123
+ end
124
+
125
+ class RefreshToken < Riddl::Implementation
126
+ def response
127
+ refresh_token = @p[1].value
128
+ access_tokens = @a[0]
129
+ refresh_tokens = @a[1]
130
+ client_id = @a[2]
131
+ client_secret = @a[3]
132
+ adur = @a[4]
133
+ rdur = @a[5]
134
+
135
+ token, _ = refresh_token.split '.'
136
+ token_data = JSON::parse(Base64::urlsafe_decode64 token)
137
+
138
+ if token_data['iss'] != client_id
139
+ @status = 401
140
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
141
+ :error => 'Token must be refreshed by issuer.'
142
+ }.to_json)
143
+ elsif !refresh_tokens.key?(refresh_token) || token_data['exp'] <= Time.now.to_i
144
+ @status = 403
145
+ puts "i dont know #{refresh_token}", "#{refresh_tokens.get(refresh_token)}"
146
+ return Riddl::Parameter::Complex.new('data', 'application/json', {
147
+ :error => 'Invalid refresh token.'
148
+ }.to_json)
149
+ end
150
+
151
+ old_token = refresh_tokens.get(refresh_token)
152
+ user = access_tokens.delete old_token
153
+
154
+ token = Riddl::Utils::OAuth2::Helper::generate_access_token(client_id, client_id + ':' + client_secret, adur)
155
+
156
+ access_tokens.set(token,user,rdur) # not adur, to identify expired access tokens
157
+ refresh_tokens.set(refresh_token, token)
158
+
159
+ Riddl::Parameter::Complex.new('data', 'application/json', { :token => token }.to_json)
160
+ end
161
+ end
162
+ end
163
+
164
+ end
165
+ end
166
+ end
data/lib/ruby/riddl/utils/oauth2-univie.rb.rej ADDED
@@ -0,0 +1,10 @@
1
+ *** /dev/null
2
+ --- /dev/null
3
+ ***************
4
+ *** 53,57
5
+ - else
6
+ - @status = 403
7
+ - return Riddl::Parameter::Complex.new('data', 'application/json', {
8
+ - :error => 'No authorization provided.'
9
+ - }.to_json)
10
+ --- 0 -----
data/riddl.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "riddl"
3
- s.version = "0.99.256"
3
+ s.version = "0.99.257"
4
4
  s.platform = Gem::Platform::RUBY
5
5
  s.license = "LGPL-3.0"
6
6
  s.summary = "restful interface description and declaration language: tools and client/server libs"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: riddl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.99.256
4
+ version: 0.99.257
5
5
  platform: ruby
6
6
  authors:
7
7
  - Juergen 'eTM' Mangler
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: tools
12
12
  cert_chain: []
13
- date: 2017-12-01 00:00:00.000000000 Z
13
+ date: 2018-01-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: xml-smart
@@ -442,6 +442,8 @@ files:
442
442
  - lib/ruby/riddl/utils/notifications_producer.rb
443
443
  - lib/ruby/riddl/utils/oauth2-helper.rb
444
444
  - lib/ruby/riddl/utils/oauth2-univie.rb
445
+ - lib/ruby/riddl/utils/oauth2-univie.rb.orig
446
+ - lib/ruby/riddl/utils/oauth2-univie.rb.rej
445
447
  - lib/ruby/riddl/utils/properties.rb
446
448
  - lib/ruby/riddl/utils/turtle.rb
447
449
  - lib/ruby/riddl/utils/xmlserve.rb
@@ -512,18 +514,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
512
514
  version: '0'
513
515
  requirements: []
514
516
  rubyforge_project:
515
- rubygems_version: 2.6.6
517
+ rubygems_version: 2.5.2
516
518
  signing_key:
517
519
  specification_version: 4
518
520
  summary: 'restful interface description and declaration language: tools and client/server
519
521
  libs'
520
522
  test_files:
521
- - test/tc_properties.rb
522
- - test/tc_declaration-hybrid.rb
523
- - test/tc_declaration-local.rb
523
+ - test/tc_websocket.rb
524
+ - test/tc_producer.rb
524
525
  - test/tc_helloworld.rb
526
+ - test/tc_declaration-local.rb
527
+ - test/tc_properties.rb
525
528
  - test/tc_library.rb
529
+ - test/tc_declaration-hybrid.rb
526
530
  - test/tc_declaration-distributed.rb
527
- - test/tc_websocket.rb
528
- - test/tc_producer.rb
529
531
  - test/smartrunner.rb