sessionvoc-open 1.7.3

data/lib/sessionvoc/open/authentification.rb

@@ -0,0 +1,137 @@
+# Copyright:: 2011 triAGENS GmbH
+# Author:: Oliver Kiessler (mailto:kiessler@inceedo.com)
+module Sessionvoc
+  module Open
+    module Authentification
+      # Performs the simple authentification method against the SessionVOC server.
+      # Currently not available.
+      # === Parameters
+      # * sid = Session Id
+      # * uid = User
+      # * password = Plaintext Password
+      # * options
+      def simple(sid, uid, password, options = {})
+        logger.debug("Authentification#simple for sid: #{sid} for uid: #{uid}")
+        password = Digest::MD5.hexdigest(password) if meta_data["authenticationMethod"] > 0 and meta_data["clientHash"] == 1
+        response = get_response(:put, "/session/#{sid}/authenticate", {:body => {'uid' => uid, 'password' => password}.to_json})
+        if response_ok?(response)
+          response.parsed_response
+        else
+          if options[:no_exception]
+            false
+          else
+            handle_exception(response.parsed_response["errorCode"], response.parsed_response["message"])
+          end
+        end
+      end
+
+      # Performs the challenge-response authentification method against the SessionVOC
+      # === Parameters
+      # * sid = Session Id
+      # * uid = User
+      # * password = User Password
+      # * options
+      def challenge(sid, uid, password, options = {})
+        logger.debug("Authentification#challenge for sid: #{sid} for uid: #{uid}")
+        response = get_response(:put, "/session/#{sid}/authenticate",
+          {:body => {'uid' => uid}.to_json})
+        if response_ok?(response) and response.parsed_response["loginData"]
+          return challenge_response(sid, uid, password, response.parsed_response["loginData"]['salt'],
+            response.parsed_response["loginData"]['hash'], options)
+        else
+          if options[:no_exception]
+            return nil
+          else
+            handle_exception(response.parsed_response["errorCode"], response.parsed_response["message"])
+          end
+        end
+      end
+
+      # Performs a user logout.
+      # === Parameters
+      # * sid = Session Id
+      def logout(sid, options = {})
+        logger.debug("Authentification#logout for sid: #{sid}")
+        response = get_response(:put, "/session/#{sid}/authenticate", {:body => nil})
+        response_ok?(response) ? true : handle_exception(response.parsed_response["errorCode"], response.parsed_response["message"])
+      end
+
+      # Create a (one time) usable nonce.
+      # === Parameters
+      # * ts = Timestamp (only used for testing)
+      # * random_number = (only used for testing)
+      # * options
+      def create_nonce(ts = nil, random_number = nil, options = {})
+        timestamp = ts ? ts.to_s : Time.now.to_i.to_s
+        if options[:no_encode]
+          "#{timestamp[0..3]}#{random_number ? random_number[4..11] : gen_64bit_id[4..11]}"
+        else
+          Base64.encode64("#{timestamp[0..3]}#{random_number ? random_number[4..11] : gen_64bit_id[4..11]}")
+        end
+      end
+
+      # Checks if the previously created nonce was already used.
+      # === Parameters
+      # * nonce = Nonce string
+      def get_nonce(nonce, options = {})
+        response = get_response(:post, "/nonce/#{nonce}", {}, true)
+        (response_ok?(response) and response.parsed_response["status"]) ? true : handle_exception(response.parsed_response["errorCode"], response.parsed_response["message"])
+      end
+
+      # Generates a 64bit random number as part of the nonce.
+      def gen_64bit_id
+        encode_id(rand(18446744073709551615))
+      end
+
+      private
+      # The second part of the challenge response authentification method.
+      # === Parameters
+      # * sid = Session Id
+      # * uid = User
+      # * password = User password
+      # * salt = Salt delivered by SessionVOC
+      # * hash = Hash delivered by SessionVOC
+      # * options
+      def challenge_response(sid, uid, password, salt, hash, options = {})
+        logger.debug("Authentification#challenge_response for sid: #{sid} for uid: #{uid}")
+        response = get_response(:put, "/session/#{sid}/authenticate",
+          {:body => {'uid' => uid, 'password' => encrypt_password(password, salt, hash)}.to_json})
+        if response_ok?(response)
+          response.parsed_response
+        else
+          if options[:no_exception]
+            false
+          else
+            handle_exception(response.parsed_response["errorCode"], response.parsed_response["message"])
+          end
+        end
+      end
+
+      # Creates an encrypted and hashed password as required by the SessionVOC server.
+      # === Parameters
+      # * password = Password
+      # * salt = Salt delivered by SessionVOC
+      # * hash = Hash delivered by SessionVOC
+      def encrypt_password(password, salt, hash)
+        if hash.to_i == Sessionvoc::Open::Base::HASH_TYPES[:HASH_NONE]
+          return password
+        elsif hash.to_i == Sessionvoc::Open::Base::HASH_TYPES[:HASH_SHA1]
+          return Digest::MD5.hexdigest(Digest::MD5.hexdigest(Digest::SHA1.hexdigest(password)) + salt)
+        elsif hash.to_i == Sessionvoc::Open::Base::HASH_TYPES[:HASH_SHA224]
+          raise Sessionvoc::Open::NotSupportedException, "SHA224 is not supported"
+        elsif hash.to_i == Sessionvoc::Open::Base::HASH_TYPES[:HASH_SHA256]
+          raise Sessionvoc::Open::NotSupportedException, "SHA256 is not supported"
+        elsif hash.to_i == Sessionvoc::Open::Base::HASH_TYPES[:HASH_MD5]
+          return Digest::MD5.hexdigest(Digest::MD5.hexdigest(password) + salt)
+        end
+      end
+
+      # Encodes the 64bit random number.
+      # === Parameters
+      # * n = Random number
+      def encode_id(n)
+        n.to_s(36).rjust(13, '0')
+      end
+    end
+  end
+end

data/lib/sessionvoc/open/base.rb

@@ -0,0 +1,169 @@
+# Copyright:: 2011 triAGENS GmbH
+# Author:: Oliver Kiessler (mailto:kiessler@inceedo.com)
+module Sessionvoc
+  module Open
+    # This Ruby library provides a Ruby on Rails session store for the SessionVOC. It can also be used outside of Rails to interact with SessionVOC
+    # directly or within Sinatra and other webapplication frameworks in Ruby. 
+    #
+    # The SessionVOC is a noSQL database optimized for the management of user sessions. Additionally the SessionVOC establishes security mechanisms
+    # that are difficult to implement with other session management systems. It depends on the actual scenario which of these functions
+    # has the highest priority.
+    class Base
+      VERSION = '1.7.3'
+      attr_accessor :configuration, :logger
+    
+      # SessionVOC Error Codes used by the server.
+      ERROR_CODES = {
+        1  => "Errorcode 1: Internal Server Error",
+        2  => "Errorcode 2: Illegal request",
+        3  => "Errorcode 3: Unknown session identifier",
+        4  => "Errorcode 4: Authentification failed",
+        5  => "Errorcode 5: Unknown form data",
+        6  => "Errorcode 6: Temporary error",
+        7  => "Errorcode 7: Illegal authentification request",
+        8  => "Errorcode 8: Illegal user identifier",
+        9  => "Errorcode 9: Session remove (delete) failure",
+        10 => "Errorcode 10: Get request failure, can not output",
+        11 => "Errorcode 11: Parser error, illegal Json",
+        12 => "Errorcode 12: Error while attempting to create form data, internet server error",
+        13 => "Errorcode 13: Error while attempting to delete form data, invalid form identifier or internal server error",
+        14 => "Errorcode 14: Error while attempting to modify form data, invalid form identifier",
+        15 => "Errorcode 15: Error while attempting to output form data, invalid form identifier",
+        16 => "Errorcode 16: Internal Server Error while attempting to remove form data",
+        17 => "Errorcode 17: Error while attempting to update form data, invalid session or form identifier"
+      }
+
+      # Existing hash types used by the server.
+      HASH_TYPES = {
+         :HASH_NONE => 0,
+         :HASH_SHA1 => 1,
+         :HASH_SHA224 => 2,
+         :HASH_SHA256 => 3,
+         :HASH_MD5 => 4
+      }
+
+      # Existing data types used by the server.
+      DATA_TYPES = {
+         0  => :DT_NULL,
+         1  => :DT_BOOLEAN,
+         2  => :DT_CHAR,
+         3  => :DT_DOUBLE,
+         4  => :DT_FLOAT,
+         5  => :DT_INTEGER,
+         6  => :DT_LONG_INTEGER,
+         7  => :DT_STRING,
+         8  => :DT_UNSIGNED_INTEGER,
+         9  => :DT_UNSIGNED_LONG_INTEGER,
+         10 => :DT_BLOB,
+         11 => :DT_VARIANT,
+         -1 => :DT_UNDEFINED
+      }
+
+      # Existing access types allowed by the server.
+      DATA_ACCESS = {
+         0  => :DA_READ_ONLY,
+         1  => :DA_READ_WRITE,
+         2  => :DA_WRITE_ONLY,
+         -1 => :DA_UNDEFINED
+      }
+
+      # === Parameters
+      # * host = Hostname (required)
+      # * port = Port (required)
+      # * protocol = "http"/"https", defaults to "http"
+      # * log_level = defaults to LOGGER::INFO
+      # * auth = Authentication method configured in SessionVOC server
+      def initialize(options = {})
+        default_options = {'host' => 'localhost', 'port' => '8208', 'protocol' => 'http', 'log_level' => Logger::INFO,
+          'strict_mode' => true, 'auth' => 'none'}
+        options = default_options.merge(options)
+        options.empty? ? read_configuration : self.configuration = Sessionvoc::Open::Configuration.new(options)
+        if defined?(Rails)
+          self.logger = Rails.logger
+        else
+          self.logger = Logger.new(STDOUT)
+          self.logger.level = options['log_level']
+        end
+        self.logger.info("SessionVOC Open Ruby Client Version: #{VERSION}")
+      end
+
+      protected
+      # Reads the configuration from the current directory and when it doesn't find it falls back to the
+      # global configuration in the home directory (~/.sessionvoc.yml) under which this ruby interpreter is run.
+      def read_configuration
+        if File.exists?("config.yml")
+          logger.info("Using config in this directory")
+          self.configuration = Sessionvoc::Open::Configuration.new(YAML.load(File.read("config.yml")))
+        else
+          begin
+            logger.info("Using config in your home directory")
+            self.configuration = Sessionvoc::Open::Configuration.new(YAML.load(File.read("#{ENV['HOME']}/.sessionvoc.yml")))
+          rescue Errno::ENOENT
+            raise Sessionvoc::Open::ConfigurationMissingException, "config.yml expected in current directory or ~/.sessionvoc.yml"
+          end
+        end
+      end
+
+      # Returns the HTTP base URL for the SessionVOC Rest Service.
+      def base_url
+        "#{self.configuration.options['protocol']}://#{self.configuration.options['host']}:#{self.configuration.options['port']}"
+      end
+
+      # Returns true/false whether to use the client in strict-mode or not.
+      # In strict-mode exceptions are raised for the most common client operations.
+      def use_strict_mode?
+        self.configuration.options['strict_mode']
+      end
+    
+      # Convenience method to access error codes from within this instance.
+      def codes; ERROR_CODES; end
+    
+      # Internal method used to handle internal exceptions and map the error code to a human
+      # readable message.
+      # === Parameters
+      # * errorCode = Errorcode number
+      # * message = Optional message
+      def handle_exception(errorCode, message = nil)
+        case errorCode
+          when 1
+            raise Sessionvoc::Open::InternalServerErrorException, display_message(errorCode, message)
+          when 2
+            raise Sessionvoc::Open::IllegalRequestException, display_message(errorCode, message)
+          when 3
+            raise Sessionvoc::Open::InvalidSidException, display_message(errorCode, message)
+          when 4
+            raise Sessionvoc::Open::AuthentificationFailedException, display_message(errorCode, message)
+          when 5
+            raise Sessionvoc::Open::InvalidFidException, display_message(errorCode, message)
+          when 6
+            raise Sessionvoc::Open::TemporaryErrorException, display_message(errorCode, message)
+          when 7
+            raise Sessionvoc::Open::IllegalAuthentificationRequestException, display_message(errorCode, message)
+          when 8
+            raise Sessionvoc::Open::IllegalUserIdentifierException, display_message(errorCode, message)
+          when 9
+            raise Sessionvoc::Open::SessionDeletionFailure, display_message(errorCode, message)
+          when 11
+            raise Sessionvoc::Open::InvalidJSONException, display_message(errorCode, message)
+          when 12
+            raise Sessionvoc::Open::InternalServerErrorException, display_message(errorCode, message)
+          when 13
+            raise Sessionvoc::Open::InvalidFidException, display_message(errorCode, message)
+          when 14
+            raise Sessionvoc::Open::FormDataCantBeModifiedException, display_message(errorCode, message)
+          when 15
+            raise Sessionvoc::Open::InvalidFidException, display_message(errorCode, message)
+          when 16
+            raise Sessionvoc::Open::FormDataCantBeDestroyedException, display_message(errorCode, message)
+          when 17
+            raise Sessionvoc::Open::InvalidSidException, display_message(errorCode, message)
+        end
+      end
+
+      # Displays a message if available.
+      def display_message(errorCode, message)
+        message ? "#{codes[errorCode]} - #{message}" : codes[errorCode]
+      end
+    end
+  end
+end

data/lib/sessionvoc/open/client.rb

@@ -0,0 +1,54 @@
+# Copyright:: 2011 triAGENS GmbH
+# Author:: Oliver Kiessler (mailto:kiessler@inceedo.com)
+module Sessionvoc
+  module Open
+    # You can setup the client by passing options into the constructor or by using a configuration file in YAML.
+    # client = Sessionvoc::Open::Client.new('host' => 'localhost', 'port' => 12345, 'auth' => 'challenge')
+    class Client < Sessionvoc::Open::Base
+      include Sessionvoc::Open::Session
+      include Sessionvoc::Open::Authentification
+      include Sessionvoc::Open::FormData
+      include Sessionvoc::Open::DataConversion
+      include Sessionvoc::Open::MetaData
+
+      private
+      # Internal method to create the httparty request and return the http response that is already parsed by httparty.
+      # === Parameters
+      # * http_verb = HTTP verb symbol (:get, :post, :put, :delete)
+      # * endpoint = HTTP URL endpoint
+      # * options = Optional options with body and headers
+      def get_response(http_verb, endpoint, options = {}, no_uri_escape = false)
+        begin
+          if no_uri_escape
+            endpoint_value = "#{base_url}#{endpoint}"
+          else
+            endpoint_value = "#{base_url}#{URI.escape(endpoint)}"
+          end
+          logger.debug "Using endpoint: #{endpoint_value}"
+          body = {}; body.merge!(options) if options and options.any?
+          response = (http_verb == :post or http_verb == :put) ? HTTParty.send(http_verb, endpoint_value, body) : HTTParty.send(http_verb, endpoint_value)
+          logger.debug "Response: #{response.inspect}" if response
+          response
+        rescue => e
+          logger.error("Could not connect to SessionVOC: #{e.message}")
+          raise Sessionvoc::Open::ConnectionRefusedException
+        end
+      end
+
+      # Internal method to check the statuscode of a response and its error message if available.
+      # === Parameters
+      # * response = HTTP response
+      def response_ok?(response)
+        response and response.parsed_response and response.response.is_a?(Net::HTTPOK) and not response.parsed_response["error"]
+      end
+
+      # Internal method to get meta data about the types and access permissions for the given SessionVOC server installation.
+      def meta_data
+        logger.debug("Client#meta_data")
+        @@meta_data ||= nil
+        @@meta_data = self.datainfo unless @@meta_data
+        @@meta_data
+      end
+    end
+  end
+end

data/lib/sessionvoc/open/configuration.rb

@@ -0,0 +1,24 @@
+# Copyright:: 2011 triAGENS GmbH
+# Author:: Oliver Kiessler (mailto:kiessler@inceedo.com)
+module Sessionvoc
+  module Open
+    # You can also provide a configuration file in the current directory of your client to avoid setting up the client within your code.
+    # Checkout the config.yml.sample file as an example.
+    # 
+    # If this configuration file isn't found in the current directory, the client will look for a "global" configuration file in your 
+    # home directory (~/.sessionvoc.yml).
+    class Configuration
+      attr_accessor :options
+
+      # === Parameters
+      # * host = Hostname (required)
+      # * port = Port (required)
+      # * protocol = "http"/"https", defaults to "http"
+      # * auth = "none"/"simple"/"challenge"
+      # * log_level = defaults to LOGGER::INFO
+      def initialize(options = {})
+        self.options = options
+      end
+    end
+  end
+end

data/lib/sessionvoc/open/data_conversion.rb

@@ -0,0 +1,100 @@
+# Copyright:: 2011 triAGENS GmbH
+# Author:: Oliver Kiessler (mailto:kiessler@inceedo.com)
+module Sessionvoc
+  module Open
+    # The methods in this module handle the data conversion and access permissions expected by the SessionVOC
+    # server.
+    module DataConversion
+      # Forces session values to conform the data type the SessionVOC server expects. This method also
+      # checks if the value is allowed to be changed.
+      # === Parameters
+      # * scope = "transData","userData","formData"
+      # * key = Key
+      # * value = Value
+      # * session_data = Session object to work on
+      def enforce_value_type(scope, key, value, session_data)
+        if session_data and session_data[scope] and session_data['sid']
+          meta_data = datainfo
+          scope = "form" if scope == "formData"
+          if meta_data and meta_data["access"] and meta_data["access"][scope] and [1, 2].include?(meta_data["access"][scope][key.to_s])
+            if meta_data["types"] and meta_data["types"][scope] and meta_data["types"][scope][key.to_s]
+              desired_type = Sessionvoc::Open::Base::DATA_TYPES[meta_data["types"][scope][key.to_s]]
+              if desired_type
+                session_data[scope][key] = convert(key, value, desired_type)
+              else
+                raise Sessionvoc::Open::DataConversionException, "Unknown type"
+              end
+            else
+              raise Sessionvoc::Open::DataConversionException, "Unknown attribute" 
+            end
+          else
+            raise Sessionvoc::Open::DataConversionException, "Scope '#{scope}' not found"
+          end
+          return session_data
+        else
+          if session_data.nil? or (session_data['sid'].nil? or session_data['sid'].blank?)
+            raise Sessionvoc::Open::InvalidSidException
+          else
+            raise Sessionvoc::Open::DataConversionException
+          end
+        end
+      end
+    
+      # Sets the meta data used by the SessionVOC server.
+      def datainfo
+        @@meta_data ||= nil
+        @@meta_data = ActionDispatch::Session::SessionvocStore::Session.client.datainfo unless @@meta_data
+        @@meta_data
+      end
+
+      # This methods performs the actual type conversion.
+      # === Parameters
+      # * key = Key
+      # * value = value
+      # * desired_type = Type expected by SessionVOC server
+      def convert(key, value, desired_type)
+        if key and value and desired_type
+          begin
+            case desired_type
+              when :DT_NULL
+                value = nil
+              when :DT_BOOLEAN
+                if value == "true" or value == "1"
+                  value = true
+                elsif value == "false" or value == "0"
+                  value = false
+                else
+                  value = false
+                end
+              when :DT_CHAR
+                value = value.to_s[0..0]
+              when :DT_STRING
+                value = value.to_s
+              when :DT_DOUBLE
+                value = value.to_f
+              when :DT_FLOAT
+                value = value.to_f
+              when :DT_INTEGER
+                value = value.to_i
+              when :DT_LONG_INTEGER
+                value = value.to_i
+              when :DT_UNSIGNED_INTEGER
+                value = value.to_i
+                value = nil if value < 0
+              when :DT_UNSIGNED_LONG_INTEGER
+                value = value.to_i
+                value = nil if value < 0
+              when :DT_BLOB
+                value = Base64.encode64(value)
+              else
+                value = value.to_s
+            end
+          rescue => e
+            return nil
+          end
+          value
+        end
+      end
+    end
+  end
+end