sq_auth 0.0.28 → 0.0.29

data/lib/sq_auth/sq_auth_access.rb

@@ -88,10 +88,18 @@ module SqAuth
       end
     end
 
+    def roles_for_current_user project = @project_name
+      @session_provider.roles_for_current_user project
+    end
+
     def save_session_for_current_user sqauthsession
       @session_provider.create_session_for_current_user sqauthsession
     end
 
+    def revoke_session sqauthsession
+      @session_provider.delete_session(sqauthsession)
+    end
+
     def save_username_for_current_user username
       @session_provider.username = username
     end

data/lib/sq_auth/sq_auth_cache.rb

@@ -0,0 +1,39 @@
+module SqAuth
+  class SqAuthCache
+    DEFAULT_OPTIONS = {:ttl => 3600, :max_fetches => 5000}
+    def initialize options = {}
+      options = DEFAULT_OPTIONS.merge(options)
+      @cache = {}
+      @ttl = options[:ttl]
+      @max_fetches = options[:max_fetches]
+      @keys_access = Hash.new{|h,k| h[k] = {updated_at: Time.now, fetches: 0}}
+    end
+
+    def fetch key
+      secure_cache_operation(key) do
+        @cache[key]
+      end
+    end
+
+    def save key, value
+      clear_cache_key(key)
+      @cache[key] = value
+      @keys_access[key]
+    end
+
+    def clear_cache_key key
+      @cache.delete(key)
+      @keys_access.delete(key)
+    end
+
+    def secure_cache_operation key, &block
+      @keys_access[key][:fetches] += 1
+      key_age = (Time.now - @keys_access[key][:updated_at]).to_i
+      fetches = @keys_access[key][:fetches]
+      if key_age > @ttl || fetches > @max_fetches || key_age < 0
+        clear_cache_key(key)
+      end
+      yield if block_given?
+    end
+  end
+end

data/lib/sq_auth/sq_auth_client.rb

@@ -37,8 +37,12 @@ module SqAuth
       role_exist? current_user, role, project
     end
 
+    def roles_for_current_user project
+      project_roles current_user, project
+    end
+
     def user
-      @user
+      @user.current_user
     end
 
     def username=(username)
@@ -54,7 +58,6 @@ module SqAuth
     end
 
     def session_for user
-      p @sessions
       @sessions[user]
     end
 
@@ -63,9 +66,34 @@ module SqAuth
     end
 
     def role_exist? user, roles, project
-      request_hash = {sqauthsession: session_for(user), roles: [*roles], auth_name: project, ip: user[:ip]}
-      response = send_request :check_role, request_hash
-      response.is_a?(Hash) && response[:data].is_a?(Hash) && (response[:data]["role_exist"] == true)
+      project_roles(user, project)
+      session = session_for user
+      session.role_exist?(roles, project) do
+        request_hash = {sqauthsession: session.session_value, roles: [*roles], auth_name: project, ip: user[:ip]}
+        response = send_request :check_role, request_hash
+        response.is_a?(Hash) && response[:data].is_a?(Hash) && (response[:data]["role_exist"] == true)
+      end
+    end
+
+    def project_roles user, project
+      session = session_for user
+      session.project_roles(project) do
+        request_hash = {sqauthsession: session.session_value, ip: user[:ip]}
+        response = send_request :get_roles, request_hash
+        ret = []
+        if response.is_a?(Hash) && response[:data].is_a?(Array)
+          ret = begin
+            response[:data].map do |project_hash|
+              if project_hash["project"] == project
+                project_hash["role"]
+              end
+            end
+          rescue => ex
+            []
+          end.flatten.compact.uniq
+        end
+        ret
+      end
     end
 
     def send_request request_name, params = nil
@@ -82,7 +110,11 @@ module SqAuth
     end
 
     def current_user_params
-      {session: session_for_current_user, ip: ip_for_current_user}
+      {session: session_for_current_user.session_value, ip: ip_for_current_user}
+    end
+
+    def delete_session session
+      @sessions.delete_session session
     end
   end
 end

data/lib/sq_auth/sq_auth_integration/sq_auth_rack.rb

@@ -42,6 +42,8 @@ module SqAuth
           form_hash = req.params||{}
           if auth_request?(env, form_hash)
             redirect_to_callback(env, form_hash)
+          elsif revoke_session_request?(env, form_hash)
+            revoke_session(env, form_hash)
           else
             pass_through env
           end
@@ -51,6 +53,10 @@ module SqAuth
           env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("callback")
         end
 
+        def revoke_session_request? env, form_hash
+          env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("revoke_session")
+        end
+
         def redirect_to_callback env, form_hash
           env["rack.session"][:sqauthsession] = form_hash["sqauthsession"] if env["rack.session"]
           env["rack.session"][:current_user] = form_hash["current_user"] if env["rack.session"]
@@ -61,6 +67,11 @@ module SqAuth
           [302, {'Content-Type'=>'text/plain', 'Location' => form_hash["callback"]}, ['Authenticated']]
         end
 
+        def revoke_session env, form_hash
+          SqAuth.access.revoke_session(form_hash["sqauthsession"])
+          [200, {'Content-Type'=>'text/plain'}, ['Session revoked']]
+        end
+
         def callback_uri env
           if URI.parse(env["REQUEST_URI"]).host
             env["REQUEST_URI"]

data/lib/sq_auth/sq_auth_server_interface/basic_server.rb

@@ -3,7 +3,8 @@ module SqAuth
     class BasicServer
       SERVER_INTERFACE = {
         check_connection: {path: "health", method: :get},
-        check_role: {path: "check_role", method: :post}
+        check_role: {path: "check_role", method: :post},
+        get_roles: {path: "get_roles", method: :get}
       }
 
       def self.init_request specification, host_options = {}

data/lib/sq_auth/sq_auth_session.rb

@@ -0,0 +1,33 @@
+module SqAuth
+  class SqAuthSession
+    attr_reader :session_value
+    def initialize value
+      @cache = SqAuthCache.new
+      @session_value = value
+    end
+
+    def role_exist? roles, project, &block
+      result = @cache.fetch(project)
+      if result.nil?
+	yield(self, roles, project)
+      else
+        !([*roles] & result).empty?
+      end
+    end
+
+    def project_roles project
+      result = @cache.fetch(project)
+      if result.nil?
+        fetched_roles = yield(self, project)
+        if fetched_roles
+          @cache.save(project, fetched_roles)
+        else
+          return []
+        end
+      else
+        result
+      end
+    end
+
+  end
+end

data/lib/sq_auth/sq_auth_sessions.rb

@@ -2,6 +2,7 @@ module SqAuth
   class SqAuthSessions
     def initialize
       @sessions = {}
+      @known_sessions = {}
     end
 
     def [] key
@@ -9,7 +10,12 @@ module SqAuth
     end
 
     def []= key, value
-      @sessions[key] = value
+      @known_sessions[value] ||= SqAuthSession.new(value)
+      @sessions[key] = @known_sessions[value] 
+    end
+
+    def delete_session session
+      @known_sessions.delete(session)
     end
 
   end

data/lib/sq_auth/sq_auth_user/basic_user.rb

@@ -3,8 +3,16 @@ module SqAuth
     class BasicUser
       attr_accessor :user_name, :user_ip
       def current_user
-        {name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}
+        self
       end
+
+      def [] key
+        {name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}[key]
+      end
+
+
+
+
     end
   end
 end

data/lib/sq_auth/sq_auth_utils.rb

@@ -3,7 +3,7 @@ module SqAuth
     def self.default_draw_template uri, project_params, user_params #callback, role, project, session, ip
       <<-EOF
         <div class="sq_auth_not_logged_in">
-          <iframe src='#{uri}?#{SqAuth::SqAuthRequest.hash_to_query(project_params.merge(user_params))}'>
+          <iframe src='#{uri}?_=#{Time.now.to_i}&#{SqAuth::SqAuthRequest.hash_to_query(project_params.merge(user_params))}'>
           </iframe>
         </div>
       EOF

data/lib/sq_auth/version.rb

@@ -1,3 +1,3 @@
 module SqAuth
-  VERSION = "0.0.28"
+  VERSION = "0.0.29"
 end

data/lib/sq_auth.rb

@@ -9,8 +9,10 @@ require 'digest'
 # internal dependencies
 require "sq_auth/version"
 require "sq_auth/sq_auth_access"
+require "sq_auth/sq_auth_cache"
 require "sq_auth/sq_auth_client"
 require "sq_auth/sq_auth_request"
+require "sq_auth/sq_auth_session"
 require "sq_auth/sq_auth_sessions"
 require "sq_auth/sq_auth_utils"
 require "sq_auth/sq_auth_server_interface/basic_server"
@@ -61,6 +63,10 @@ module SqAuth
     end
   end
 
+  def roles_for_current_user
+    @session_access.roles_for_current_user
+  end
+
   def not_accessible_message
     SqAuth.access.message_when_not_authenticated
   end

data/sq_auth.gemspec

@@ -7,9 +7,9 @@ Gem::Specification.new do |s|
   s.version     = SqAuth::VERSION
   s.authors     = ["Leonid Krinitsyn"]
   s.email       = ["leonidkrn@gmail.com"]
-  s.homepage    = ""
-  s.summary     = %q{SQ sevices authentication gem}
-  s.description = %q{SQ sevices authentication gem}
+  s.homepage    = "https://github.com/LeonidKrn/sq_auth"
+  s.summary     = %q{SQ services authentication gem}
+  s.description = %q{Gem for authenticaiton by third-party server. Integrates in Sinatra and Rails.}
 
   s.rubyforge_project = "sq_auth"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sq_auth
 version: !ruby/object:Gem::Version
-  version: 0.0.28
+  version: 0.0.29
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-02 00:00:00.000000000Z
+date: 2012-08-15 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -59,7 +59,8 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: SQ sevices authentication gem
+description: Gem for authenticaiton by third-party server. Integrates in Sinatra and
+  Rails.
 email:
 - leonidkrn@gmail.com
 executables: []
@@ -75,6 +76,7 @@ files:
 - examples/server.rb
 - lib/sq_auth.rb
 - lib/sq_auth/sq_auth_access.rb
+- lib/sq_auth/sq_auth_cache.rb
 - lib/sq_auth/sq_auth_client.rb
 - lib/sq_auth/sq_auth_helpers/sq_auth_helpers_dsl.rb
 - lib/sq_auth/sq_auth_helpers/sq_auth_helpers_rails.rb
@@ -86,6 +88,7 @@ files:
 - lib/sq_auth/sq_auth_integration/sq_auth_sinatra.rb
 - lib/sq_auth/sq_auth_request.rb
 - lib/sq_auth/sq_auth_server_interface/basic_server.rb
+- lib/sq_auth/sq_auth_session.rb
 - lib/sq_auth/sq_auth_sessions.rb
 - lib/sq_auth/sq_auth_user/basic_user.rb
 - lib/sq_auth/sq_auth_user/rack_user.rb
@@ -99,7 +102,7 @@ files:
 - spec/lib/sq_auth_spec.rb
 - spec/spec_helper.rb
 - sq_auth.gemspec
-homepage: ''
+homepage: https://github.com/LeonidKrn/sq_auth
 licenses: []
 post_install_message: 
 rdoc_options: []
@@ -122,5 +125,5 @@ rubyforge_project: sq_auth
 rubygems_version: 1.8.18
 signing_key: 
 specification_version: 3
-summary: SQ sevices authentication gem
+summary: SQ services authentication gem
 test_files: []