soar_authentication_token 7.1.0 → 7.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/soar_authentication_token/providers/cascade_provider.rb +2 -5
- data/lib/soar_authentication_token/providers/cookie_provider.rb +2 -5
- data/lib/soar_authentication_token/version.rb +1 -1
- data/spec/rack_middleware/authorization_header_provider_spec.rb +13 -0
- data/spec/rack_middleware/cascade_provider_spec.rb +13 -0
- data/spec/rack_middleware/cookie_provider_spec.rb +13 -0
- data/spec/rack_middleware/{authorization_header_spec.rb → shared/authentication_provider.rb} +44 -38
- metadata +11 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c2b4f619d0d797e93284b3304502fd1276682f36
|
|
4
|
+
data.tar.gz: fff0d61305cd10caa846cfd3ec1e6feeca88e075
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8c06b734c3fb22365d3085f6922faa9f004abe98be2b9c57ae02a77a56fe50ecb3d18e44a44543fef791e3bb41132c21e7087df7d1b3b4b72cffd677e474d19d
|
|
7
|
+
data.tar.gz: 44a8975ee1e0d70484b05a09725dc4fa11b06bfec4d683813d3564bf9049c0780aadeda39a51669691b591ee0cbce2bb468d3be397b3251f51691545c6a11524
|
|
@@ -13,12 +13,9 @@ module SoarAuthenticationToken
|
|
|
13
13
|
private
|
|
14
14
|
def fetch_by_cookie(request)
|
|
15
15
|
return false unless request.env.has_key?('HTTP_COOKIE')
|
|
16
|
+
return false unless request.cookies.has_key?(@configuration['cookie_name'])
|
|
16
17
|
|
|
17
|
-
|
|
18
|
-
auth_cookie = cookies.find { |cookie| cookie.name == @configuration['cookie_name'] }
|
|
19
|
-
return false unless auth_cookie.is_a?(HTTP::Cookie)
|
|
20
|
-
|
|
21
|
-
auth_cookie.value
|
|
18
|
+
request.cookies[@configuration['cookie_name']]
|
|
22
19
|
end
|
|
23
20
|
|
|
24
21
|
def fetch_by_auth_header(request)
|
|
@@ -9,12 +9,9 @@ module SoarAuthenticationToken
|
|
|
9
9
|
|
|
10
10
|
def fetch(request)
|
|
11
11
|
return false unless request.env.has_key?('HTTP_COOKIE')
|
|
12
|
+
return false unless request.cookies.has_key?(@configuration['cookie_name'])
|
|
12
13
|
|
|
13
|
-
|
|
14
|
-
auth_cookie = cookies.find { |cookie| cookie.name == @configuration['cookie_name'] }
|
|
15
|
-
return false unless auth_cookie.is_a?(HTTP::Cookie)
|
|
16
|
-
|
|
17
|
-
auth_cookie.value
|
|
14
|
+
request.cookies[@configuration['cookie_name']]
|
|
18
15
|
end
|
|
19
16
|
|
|
20
17
|
def validate_configuration
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'rack'
|
|
3
|
+
require 'rack/test'
|
|
4
|
+
require 'webmock/rspec'
|
|
5
|
+
require_relative 'shared/authentication_provider'
|
|
6
|
+
|
|
7
|
+
describe 'Authorization Header provider' do
|
|
8
|
+
let(:auth_provider) {
|
|
9
|
+
'SoarAuthenticationToken::AuthorizationHeaderProvider'
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
it_behaves_like "an authentication provider"
|
|
13
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'rack'
|
|
3
|
+
require 'rack/test'
|
|
4
|
+
require 'webmock/rspec'
|
|
5
|
+
require_relative 'shared/authentication_provider'
|
|
6
|
+
|
|
7
|
+
describe 'Cascade provider' do
|
|
8
|
+
let(:auth_provider) {
|
|
9
|
+
'SoarAuthenticationToken::CascadeProvider'
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
it_behaves_like "an authentication provider"
|
|
13
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'rack'
|
|
3
|
+
require 'rack/test'
|
|
4
|
+
require 'webmock/rspec'
|
|
5
|
+
require_relative 'shared/authentication_provider'
|
|
6
|
+
|
|
7
|
+
describe 'Cookie provider' do
|
|
8
|
+
let(:auth_provider) {
|
|
9
|
+
'SoarAuthenticationToken::CookieProvider'
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
it_behaves_like "an authentication provider"
|
|
13
|
+
end
|
data/spec/rack_middleware/{authorization_header_spec.rb → shared/authentication_provider.rb}
RENAMED
|
@@ -1,18 +1,19 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
|
-
require 'rack'
|
|
3
|
-
require 'rack/test'
|
|
4
|
-
require 'webmock/rspec'
|
|
5
2
|
|
|
6
|
-
|
|
3
|
+
shared_examples_for "an authentication provider" do
|
|
7
4
|
include Rack::Test::Methods
|
|
8
5
|
|
|
6
|
+
let(:version) {
|
|
7
|
+
SoarAuthenticationToken::VERSION
|
|
8
|
+
}
|
|
9
|
+
|
|
9
10
|
def create_valid_token_generator
|
|
10
11
|
keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
|
|
11
12
|
private_key, public_key = keypair_generator.generate
|
|
12
13
|
configuration = {
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
'provider' => 'SoarAuthenticationToken::RemoteTokenGenerator',
|
|
15
|
+
'generator-url' => 'http://authentication-token-generator-service:9393/generate',
|
|
16
|
+
'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
|
|
16
17
|
}
|
|
17
18
|
generator = SoarAuthenticationToken::TokenGenerator.new(configuration)
|
|
18
19
|
generator.inject_store_provider(get_store)
|
|
@@ -23,9 +24,9 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
23
24
|
keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
|
|
24
25
|
private_key, public_key = keypair_generator.generate
|
|
25
26
|
configuration = {
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
27
|
+
'provider' => 'SoarAuthenticationToken::JwtTokenGenerator',
|
|
28
|
+
'private_key' => private_key,
|
|
29
|
+
'public_key' => public_key
|
|
29
30
|
}
|
|
30
31
|
generator = SoarAuthenticationToken::TokenGenerator.new(configuration)
|
|
31
32
|
generator.inject_store_provider(get_store)
|
|
@@ -41,9 +42,9 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
41
42
|
@local_valid_generator, @valid_private_key, @valid_public_key = create_valid_token_generator
|
|
42
43
|
@local_invalid_generator, @invalid_private_key, @invalid_public_key = create_invalid_token_generator
|
|
43
44
|
@failure_response_json = [ { 'status' => 'fail', 'data' => {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
45
|
+
'notifications' => ['Not authenticated']
|
|
46
|
+
}
|
|
47
|
+
}.to_json ]
|
|
47
48
|
end
|
|
48
49
|
|
|
49
50
|
before :each do
|
|
@@ -51,19 +52,20 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
51
52
|
request = Rack::Request.new env
|
|
52
53
|
session = request.session
|
|
53
54
|
test_app_response_data = {
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
55
|
+
'message' => "tested with authenticated user #{session['user']}",
|
|
56
|
+
'user' => session['user'],
|
|
57
|
+
'auth_token_meta' => session['auth_token_meta']
|
|
57
58
|
}
|
|
58
59
|
[200, {"Content-Type" => "application/json"}, test_app_response_data ]
|
|
59
60
|
end
|
|
60
61
|
@iut_configuration = {
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
62
|
+
'provider' => 'SoarAuthenticationToken::RemoteTokenValidator',
|
|
63
|
+
'validator-url' => 'http://authentication-token-validator-service:9393/validate',
|
|
64
|
+
'authentication_token' => {
|
|
65
|
+
'provider' => auth_provider,
|
|
66
|
+
'header_name' => 'HTTP_AUTHORIZATION',
|
|
67
|
+
'cookie_name' => 'kh2.auth'
|
|
68
|
+
}
|
|
67
69
|
}
|
|
68
70
|
@iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration, "test-service", nil)
|
|
69
71
|
end
|
|
@@ -87,9 +89,9 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
87
89
|
it "return with 401" do
|
|
88
90
|
stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['none'] }}.to_json
|
|
89
91
|
stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
92
|
+
with(body: "{\"authentication_token\":null,\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"#{version}\"}}",
|
|
93
|
+
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
|
|
94
|
+
to_return(status: 200, body: stub_response_body, headers: {})
|
|
93
95
|
|
|
94
96
|
opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => nil }
|
|
95
97
|
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
|
@@ -101,9 +103,9 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
101
103
|
it "return with 401" do
|
|
102
104
|
stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['none'] }}.to_json
|
|
103
105
|
stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
106
|
+
with(body: "{\"authentication_token\":\"bad_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"#{version}\"}}",
|
|
107
|
+
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
|
|
108
|
+
to_return(status: 200, body: stub_response_body, headers: {})
|
|
107
109
|
|
|
108
110
|
opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => 'bad_token' }
|
|
109
111
|
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
|
@@ -113,11 +115,12 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
113
115
|
|
|
114
116
|
context 'with a valid authentiation token' do
|
|
115
117
|
it "pass requests to the application" do
|
|
118
|
+
skip if auth_provider == 'SoarAuthenticationToken::CookieProvider'
|
|
116
119
|
stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => 'a@b.com' }, 'notifications' => ['none'] }}.to_json
|
|
117
120
|
stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
+
with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"#{version}\"}}",
|
|
122
|
+
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
|
|
123
|
+
to_return(status: 200, body: stub_response_body, headers: {})
|
|
121
124
|
|
|
122
125
|
opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => 'valid_token' }
|
|
123
126
|
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
|
@@ -125,11 +128,12 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
125
128
|
end
|
|
126
129
|
|
|
127
130
|
it "populate the 'user' key in the rack session with the authenticated user" do
|
|
131
|
+
skip if auth_provider == 'SoarAuthenticationToken::CookieProvider'
|
|
128
132
|
stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => 'a@b.com' }, 'notifications' => ['none'] }}.to_json
|
|
129
133
|
stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
134
|
+
with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"#{version}\"}}",
|
|
135
|
+
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
|
|
136
|
+
to_return(status: 200, body: stub_response_body, headers: {})
|
|
133
137
|
|
|
134
138
|
opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => 'valid_token' }
|
|
135
139
|
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
|
@@ -137,11 +141,13 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
137
141
|
end
|
|
138
142
|
|
|
139
143
|
it "populate the 'auth_token_meta' key in the rack session with the hash containing the token meta" do
|
|
144
|
+
skip if auth_provider == 'SoarAuthenticationToken::CookieProvider'
|
|
145
|
+
|
|
140
146
|
stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => 'a@b.com' }, 'notifications' => ['none'] }}.to_json
|
|
141
147
|
stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
148
|
+
with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"#{version}\"}}",
|
|
149
|
+
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
|
|
150
|
+
to_return(status: 200, body: stub_response_body, headers: {})
|
|
145
151
|
|
|
146
152
|
opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => 'valid_token' }
|
|
147
153
|
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
|
@@ -149,4 +155,4 @@ describe SoarAuthenticationToken::RackMiddleware do
|
|
|
149
155
|
end
|
|
150
156
|
end
|
|
151
157
|
end
|
|
152
|
-
end
|
|
158
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: soar_authentication_token
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.1.
|
|
4
|
+
version: 7.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Barney de Villiers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: soar_xt
|
|
@@ -295,7 +295,10 @@ files:
|
|
|
295
295
|
- spec/config_rotator_spec.rb
|
|
296
296
|
- spec/jwt_token_validator_spec.rb
|
|
297
297
|
- spec/keypair_generator_spec.rb
|
|
298
|
-
- spec/rack_middleware/
|
|
298
|
+
- spec/rack_middleware/authorization_header_provider_spec.rb
|
|
299
|
+
- spec/rack_middleware/cascade_provider_spec.rb
|
|
300
|
+
- spec/rack_middleware/cookie_provider_spec.rb
|
|
301
|
+
- spec/rack_middleware/shared/authentication_provider.rb
|
|
299
302
|
- spec/remote_token_validator_spec.rb
|
|
300
303
|
- spec/spec_helper.rb
|
|
301
304
|
- spec/static_token_validator_spec.rb
|
|
@@ -321,7 +324,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
321
324
|
version: '0'
|
|
322
325
|
requirements: []
|
|
323
326
|
rubyforge_project:
|
|
324
|
-
rubygems_version: 2.
|
|
327
|
+
rubygems_version: 2.5.1
|
|
325
328
|
signing_key:
|
|
326
329
|
specification_version: 4
|
|
327
330
|
summary: Client library for Hetzner's authentication token service
|
|
@@ -329,7 +332,10 @@ test_files:
|
|
|
329
332
|
- spec/config_rotator_spec.rb
|
|
330
333
|
- spec/jwt_token_validator_spec.rb
|
|
331
334
|
- spec/keypair_generator_spec.rb
|
|
332
|
-
- spec/rack_middleware/
|
|
335
|
+
- spec/rack_middleware/authorization_header_provider_spec.rb
|
|
336
|
+
- spec/rack_middleware/cascade_provider_spec.rb
|
|
337
|
+
- spec/rack_middleware/cookie_provider_spec.rb
|
|
338
|
+
- spec/rack_middleware/shared/authentication_provider.rb
|
|
333
339
|
- spec/remote_token_validator_spec.rb
|
|
334
340
|
- spec/spec_helper.rb
|
|
335
341
|
- spec/static_token_validator_spec.rb
|