sinatra-portier 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3526df1906d6fda7d480ccc1059a993380b23517
+  data.tar.gz: f024759855c2410cc6d16fc938d9f6b626316c08
+SHA512:
+  metadata.gz: 7ceaea629c496c9b2823f03359380824148d4f55bd7418efea7dc3c8aa63cfb36da04f9c32493e31d33e0564b8f30515aae6ba989743295132cf31fa2f69b4ce
+  data.tar.gz: 27b7766b99dc5c50f4e4309b060be43d1f790ad8af3df2c89783c5245c79837c11bd5d2ca5d72ccb643d0f732202409d0876abb1a0d1fb30b5e4aad2d5637a12

data/README.md

@@ -0,0 +1,53 @@
+Sinatra plugin that allows authentication against portier, the successor for [Persona](https://login.persona.org/about). Like Persona, this lets you verify the email identity of a user.
+
+To be a drop-in replacement, the code keeps using the browserid namespace.
+
+---
+
+To learn more, [read about portier](https://portier.github.io/).
+
+Note that logins are not done from within a form on your site -- you provide a login form, and that will start up the login flow and redirect back to your main page.
+
+How to get started:
+
+```ruby
+require 'sinatra/base'
+require 'sinatra/browserid'
+
+module MyApp < Sinatra::Base
+    register Sinatra::BrowserID
+
+    set :sessions, true
+
+    get '/'
+        if authorized?
+            "Welcome, #{authorized_email}"
+        else
+            render_login_button
+        end
+    end
+
+    get '/secure'
+        authorize!                 # require a user be logged in
+
+        email = authorized_email   # browserid email
+        ...
+    end
+
+    get '/logout'
+        logout!
+
+        redirect '/'
+    end
+end
+```
+
+See the rdoc for more details on the helper functions.  For a functioning
+example app, run <tt>rackup -p $PORT</tt> in the example directory.
+
+Available sinatra settings:
+
+ * <tt>:browserid_url</tt>: If you're using an alternate auth provider
+  other than https://broker.portier.io
+ * <tt>:browserid_login_url</tt>: URL users get redirected to when the
+  <tt>authorize!</tt> helper is called and a user is not logged in

data/example/app.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+
+$: << File.join(File.dirname(__FILE__), "..", "lib")
+
+require "sinatra/base"
+require "sinatra/browserid"
+
+class TestApp < Sinatra::Base
+  register Sinatra::BrowserID
+
+  set :sessions, true
+
+  get '/' do
+    erb :index
+  end
+
+  get '/logout' do
+    logout!
+
+    redirect '/'
+  end
+
+  get '/confidential' do
+    authorize!
+
+    "Hey #{authorized_email}, you're authorized!"
+  end
+end

data/example/config.ru

@@ -0,0 +1,2 @@
+require "./app"
+run TestApp

data/example/views/index.erb

@@ -0,0 +1,21 @@
+<html>
+<head>
+</head>
+<body>
+
+<h1>Test App</h1>
+
+<p>
+<% if authorized? %>
+Hello, <%= authorized_email %> <a href="/logout">(logout)</a>
+<% else %>
+<%= render_login_button %>
+<% end %>
+</p>
+
+<p>
+see a <a href="/confidential">page that requires a login</a>.
+</p>
+
+</body>
+</html>

data/lib/sinatra/browserid.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/env ruby
+
+require "open-uri"
+require 'json'
+require 'url_safe_base64'
+require 'jwt'
+require "sinatra/base"
+require 'sinatra/browserid/helpers'
+require 'sinatra/browserid/template'
+
+# This module provides an interface to verify a users email address
+# with browserid.org.
+module Sinatra
+    module BrowserID
+        def self.registered(app)
+            app.helpers BrowserID::Helpers
+
+            app.set :browserid_url, "https://broker.portier.io"
+            app.set :browserid_login_button, :red
+            app.set :browserid_login_url, "/_browserid_login"
+
+            app.get '/_browserid_login' do
+                # TODO(petef): render a page that initiates login without
+                # waiting for a user click.
+                render_login_button
+            end
+
+          app.post '/_browserid_assert' do
+              begin
+                  # 3. Server checks signature
+                  # for that, fetch the public key from the LA instance (TODO: Do that beforehand for trusted instances, and generally cache the key)
+                  public_key_jwks = JSON.parse(URI.parse(URI.escape(settings.browserid_url + '/jwks.json')).read)
+                  public_key = OpenSSL::PKey::RSA.new
+                  public_key.e = OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["e"]), 2 
+                  public_key.n = OpenSSL::BN.new UrlSafeBase64.decode64(public_key_jwks["keys"][0]["n"]), 2
+                  
+                  id_token = JWT.decode params[:id_token], public_key, true, { :algorithm => 'RS256' }
+                  id_token = id_token[0]
+                  # 4. Needs to make sure token is still valid
+                  if (id_token["iss"] == settings.browserid_url &&
+                      id_token["aud"] == request.base_url.chomp('/') &&        
+                      id_token["exp"] > Time.now.to_i &&
+                      id_token["email_verified"] &&
+                      id_token["nonce"] == session[:nonce])
+                          session[:browserid_email] = id_token["email"]
+                          session.delete(:nonce)
+                          if session['redirect_url']
+                            redirect session['redirect_url']
+                          else
+                            redirect "/"
+                          end
+                  end
+              rescue OpenURI::HTTPError => e
+                  puts "could not validate token: " + e.to_s
+              end
+              halt 403
+              
+            end
+        end # def self.registered
+    end # module BrowserID
+    register BrowserID
+end # module Sinatra
+

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification
+name: sinatra-portier
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- Pete Fritchman
+- Malte Paskuda
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.4
+- !ruby/object:Gem::Dependency
+  name: url_safe_base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+description: 
+email:
+- malte@paskuda.biz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- example/app.rb
+- example/config.ru
+- example/views/index.erb
+- lib/sinatra/browserid.rb
+homepage: https://github.com/onli/sinatra-portier
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--inline-source"
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.7
+signing_key: 
+specification_version: 4
+summary: Sinatra extension for user authentication with portier
+test_files: []