sinatra-portier 1.3.0 → 1.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b69ad3706ecd35b13c72a3466113634f0a8aa89c
-  data.tar.gz: 7a91809bbc697a7d09a240bdfbbaab7ad7545773
+SHA256:
+  metadata.gz: cbb567b7fdc34ac49a53113b97b08a27b52c2fd1e85552c2ea44eb7cabfc9666
+  data.tar.gz: 3528e61f4a6fdc75ed3d2aee2bb80235a139860ca079b63d6ee3cfac487adbf3
 SHA512:
-  metadata.gz: 11f3a230f0f3a9a9d861ffa1cd4651cb0193154df0e343f234e2711be6b6d4c217ad7a63efae308c264d7d70c89e15415fb354c0332e6a005a2a5a85f6022a65
-  data.tar.gz: 9a6a524ce59d2d2a4b4e493b156f9f27d6cb778bd91608a385b6d1a1f3fee2c8f45a3e652e16276f9aa41137e64cca0456633a8ea747702d2c386879623d101a
+  metadata.gz: ce0b199ca249d27d1cefc7db7c25f6bb5595165d7076843a190c448e61b596fcd2b0e3c362ddaf155ca6f7fb3002a73511b0ba4a8f111a5ffc1f5b1bc7b8e15c
+  data.tar.gz: 5c6e1b3cc2890c87f32bda865530accd31ff97df69c5977d1c1de5009337cda8f38447756da9ca202cfae8d34859c8f9d98a6a606efc4d76120ec5587dedceba

data/README.md

@@ -10,7 +10,7 @@ Note that logins are not done from within a form on your site -- you provide a l
 
 ## How to get started
 
-Install the gem **sinatra-portier**"
+Install the gem **sinatra-portier**:
 
 ```
 gem install sinatra-portier
@@ -27,7 +27,7 @@ require 'sinatra/browserid'
 register Sinatra::BrowserID
 
 set :sessions, true
-# Disabling origin-chek is needed to make webkit-browsers like Chrome work. 
+# Disabling origin-check is needed to make webkit-browsers like Chrome work. 
 # Behind a proxy you will also need to disable :remote_token, regardless for which browser.
 set :protection, except: [:http_origin] 
 get '/' do
@@ -53,12 +53,19 @@ end
 ```
 
 See the rdoc for more details on the helper functions.  For a functioning
-example app, run <tt>rackup -p $PORT</tt> in the example directory.
+example app, start the app in the example directory:
+
+```
+bundle install
+bundle exec rackup -p PORT
+
+```
 
 Available sinatra settings:
 
  * <tt>:browserid_url</tt>: If you're using an alternate auth provider
   other than https://broker.portier.io
  * <tt>:browserid_login_url</tt>: URL users get redirected to when the
-  <tt>authorize!</tt> helper is called and a user is not logged in
- * <tt>:browserid_button_class</tt> css class of the login button
+  <tt>authorize!(redirect: nil)</tt> helper is called and a user is not logged in. `redirect` is an optional parameter to set the redirect target on the function call instead.
+ * <tt>:browserid_button_class</tt>: Css class of the login button
+ * <tt>:browserid_button_text</tt>: Text of the login button

data/example/app.rb

@@ -1,28 +1,29 @@
-#!/usr/bin/env ruby
-
-$: << File.join(File.dirname(__FILE__), "..", "lib")
-
-require "sinatra/base"
-require "sinatra/browserid"
-
-class TestApp < Sinatra::Base
-  register Sinatra::BrowserID
+require 'sinatra'
+require 'sinatra/browserid'
+
+
+register Sinatra::BrowserID
+
+set :sessions, true
+# Disabling origin-check is needed to make webkit-browsers like Chrome work. 
+# Behind a proxy you will also need to disable :remote_token, regardless for which browser.
+set :protection, except: [:http_origin] 
+get '/' do
+    if authorized?
+        "Welcome, #{authorized_email}"
+    else
+        render_login_button
+    end
+end
 
-  set :sessions, true
+get '/secure' do
+    authorize!                 # require a user be logged in
 
-  get '/' do
-    erb :index
-  end
+    authorized_email   # browserid email
+end
 
-  get '/logout' do
+get '/logout' do
     logout!
 
     redirect '/'
-  end
-
-  get '/confidential' do
-    authorize!
-
-    "Hey #{authorized_email}, you're authorized!"
-  end
-end
+end

data/example/config.ru

@@ -1,2 +1,8 @@
-require "./app"
-run TestApp
+require 'rubygems'
+require 'bundler'
+
+Bundler.require
+
+require './app.rb'
+
+run Sinatra::Application.new

data/lib/sinatra/browserid/helpers.rb

@@ -28,6 +28,28 @@ module Sinatra
         session[:browserid_email]
       end
 
+      # Normalize the email like the broker will do it, see
+      # https://github.com/portier/portier.github.io/blob/master/specs/Email-Normalization.md
+      def normalize_email(email)
+        begin
+            user, domain = email.split("@")
+            if user == nil or user.empty?
+                raise ArgumentError.new('user part must not be empty')  
+            end 
+            user = user.downcase
+            domain = SimpleIDN.to_ascii(domain).downcase
+            begin
+                IPAddr.new(domain)
+            rescue
+                # if domain could not be parsed as IP we are good
+                return user + "@" + domain
+            end
+            raise ArgumentError.new('domain must not be an IP')  
+        rescue Exception => e
+            raise ArgumentError, 'Not a valid email adress: ' + e.message
+        end
+      end
+
       # Returns the HTML to render the Persona login form.
       # Optionally takes a URL parameter for where the user should
       # be redirected to after the assert POST back.

data/lib/sinatra/browserid/template.rb

@@ -10,7 +10,7 @@ module Sinatra
       <input type=hidden name=client_id value="<%= request.base_url.chomp('/') %>" />
       <input type=hidden name=redirect_uri value="<%= url '/_browserid_assert' %>" />
       <input type=hidden name=nonce value="<%= nonce %>" />
-      <input type=submit value="Log In" class="<%= settings.browserid_button_class %>" />
+      <input type=submit value="<%= settings.browserid_button_text %>" class="<%= settings.browserid_button_class %>" />
     </form>
 EOF
         end

data/lib/sinatra/browserid.rb

@@ -4,9 +4,12 @@ require "open-uri"
 require 'json'
 require 'url_safe_base64'
 require 'jwt'
+require 'simpleidn'
+require 'ipaddr'
 require "sinatra/base"
 require 'sinatra/browserid/helpers'
 require 'sinatra/browserid/template'
+require 'addressable/uri'
 
 # This module provides an interface to verify a users email address
 # with browserid.org.
@@ -19,6 +22,7 @@ module Sinatra
             app.set :browserid_login_button, :red
             app.set :browserid_login_url, "/_browserid_login"
             app.set :browserid_button_class, ""
+            app.set :browserid_button_text, "Log in"
 
             app.get '/_browserid_login' do
                 # TODO(petef): render a page that initiates login without
@@ -30,10 +34,19 @@ module Sinatra
               begin
                   # 3. Server checks signature
                   # for that, fetch the public key from the LA instance (TODO: Do that beforehand for trusted instances, and generally cache the key)
-                  public_key_jwks = ::JSON.parse(URI.parse(URI.escape(settings.browserid_url + '/keys.json')).read)
+                  public_key_jwks_uri = Addressable::URI.parse(settings.browserid_url + '/keys.json')
+                  public_key_jwks = ::JSON.parse(URI.parse(public_key_jwks_uri).read)
                   public_key = OpenSSL::PKey::RSA.new
-                  public_key.e = OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["e"]), 2 
-                  public_key.n = OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["n"]), 2
+                  if public_key.respond_to? :set_key
+                    # set n and d via the new set_key function, as direct access to n and e is blocked for some ruby and openssl versions.
+                    # Note that we have no d, as this is a public key, which would be the third param
+                    public_key.set_key( (OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["n"]), 2),
+                                        (OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["e"]), 2),
+                                        nil)
+                  else
+                    public_key.e = OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["e"]), 2 
+                    public_key.n = OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["n"]), 2
+                  end
                   
                   id_token = JWT.decode params[:id_token], public_key, true, { :algorithm => 'RS256' }
                   id_token = id_token[0]
@@ -43,7 +56,7 @@ module Sinatra
                       id_token["exp"] > Time.now.to_i &&
                       id_token["email_verified"] &&
                       id_token["nonce"] == session[:nonce])
-                          session[:browserid_email] = id_token["email"]
+                          session[:browserid_email] = id_token['email']
                           session.delete(:nonce)
                           if session['redirect_url']
                             redirect session['redirect_url']

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: sinatra-portier
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.5.2
 platform: ruby
 authors:
 - Pete Fritchman
 - Malte Paskuda
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-01 00:00:00.000000000 Z
+date: 2021-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -53,7 +53,35 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.2.2
-description: 
+- !ruby/object:Gem::Dependency
+  name: simpleidn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.9
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.8'
+description:
 email:
 - malte@paskuda.biz
 executables: []
@@ -63,7 +91,6 @@ files:
 - README.md
 - example/app.rb
 - example/config.ru
-- example/views/index.erb
 - lib/sinatra/browserid.rb
 - lib/sinatra/browserid/helpers.rb
 - lib/sinatra/browserid/template.rb
@@ -71,7 +98,7 @@ files:
 homepage: https://github.com/onli/sinatra-portier
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--inline-source"
 require_paths:
@@ -87,9 +114,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Sinatra extension for user authentication with portier
 test_files: []

data/example/views/index.erb

@@ -1,21 +0,0 @@
-<html>
-<head>
-</head>
-<body>
-
-<h1>Test App</h1>
-
-<p>
-<% if authorized? %>
-Hello, <%= authorized_email %> <a href="/logout">(logout)</a>
-<% else %>
-<%= render_login_button %>
-<% end %>
-</p>
-
-<p>
-see a <a href="/confidential">page that requires a login</a>.
-</p>
-
-</body>
-</html>