sq_auth 0.0.28 → 0.0.29
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/sq_auth/sq_auth_access.rb +8 -0
- data/lib/sq_auth/sq_auth_cache.rb +39 -0
- data/lib/sq_auth/sq_auth_client.rb +38 -6
- data/lib/sq_auth/sq_auth_integration/sq_auth_rack.rb +11 -0
- data/lib/sq_auth/sq_auth_server_interface/basic_server.rb +2 -1
- data/lib/sq_auth/sq_auth_session.rb +33 -0
- data/lib/sq_auth/sq_auth_sessions.rb +7 -1
- data/lib/sq_auth/sq_auth_user/basic_user.rb +9 -1
- data/lib/sq_auth/sq_auth_utils.rb +1 -1
- data/lib/sq_auth/version.rb +1 -1
- data/lib/sq_auth.rb +6 -0
- data/sq_auth.gemspec +3 -3
- metadata +8 -5
@@ -88,10 +88,18 @@ module SqAuth
|
|
88
88
|
end
|
89
89
|
end
|
90
90
|
|
91
|
+
def roles_for_current_user project = @project_name
|
92
|
+
@session_provider.roles_for_current_user project
|
93
|
+
end
|
94
|
+
|
91
95
|
def save_session_for_current_user sqauthsession
|
92
96
|
@session_provider.create_session_for_current_user sqauthsession
|
93
97
|
end
|
94
98
|
|
99
|
+
def revoke_session sqauthsession
|
100
|
+
@session_provider.delete_session(sqauthsession)
|
101
|
+
end
|
102
|
+
|
95
103
|
def save_username_for_current_user username
|
96
104
|
@session_provider.username = username
|
97
105
|
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module SqAuth
|
2
|
+
class SqAuthCache
|
3
|
+
DEFAULT_OPTIONS = {:ttl => 3600, :max_fetches => 5000}
|
4
|
+
def initialize options = {}
|
5
|
+
options = DEFAULT_OPTIONS.merge(options)
|
6
|
+
@cache = {}
|
7
|
+
@ttl = options[:ttl]
|
8
|
+
@max_fetches = options[:max_fetches]
|
9
|
+
@keys_access = Hash.new{|h,k| h[k] = {updated_at: Time.now, fetches: 0}}
|
10
|
+
end
|
11
|
+
|
12
|
+
def fetch key
|
13
|
+
secure_cache_operation(key) do
|
14
|
+
@cache[key]
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def save key, value
|
19
|
+
clear_cache_key(key)
|
20
|
+
@cache[key] = value
|
21
|
+
@keys_access[key]
|
22
|
+
end
|
23
|
+
|
24
|
+
def clear_cache_key key
|
25
|
+
@cache.delete(key)
|
26
|
+
@keys_access.delete(key)
|
27
|
+
end
|
28
|
+
|
29
|
+
def secure_cache_operation key, &block
|
30
|
+
@keys_access[key][:fetches] += 1
|
31
|
+
key_age = (Time.now - @keys_access[key][:updated_at]).to_i
|
32
|
+
fetches = @keys_access[key][:fetches]
|
33
|
+
if key_age > @ttl || fetches > @max_fetches || key_age < 0
|
34
|
+
clear_cache_key(key)
|
35
|
+
end
|
36
|
+
yield if block_given?
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -37,8 +37,12 @@ module SqAuth
|
|
37
37
|
role_exist? current_user, role, project
|
38
38
|
end
|
39
39
|
|
40
|
+
def roles_for_current_user project
|
41
|
+
project_roles current_user, project
|
42
|
+
end
|
43
|
+
|
40
44
|
def user
|
41
|
-
@user
|
45
|
+
@user.current_user
|
42
46
|
end
|
43
47
|
|
44
48
|
def username=(username)
|
@@ -54,7 +58,6 @@ module SqAuth
|
|
54
58
|
end
|
55
59
|
|
56
60
|
def session_for user
|
57
|
-
p @sessions
|
58
61
|
@sessions[user]
|
59
62
|
end
|
60
63
|
|
@@ -63,9 +66,34 @@ module SqAuth
|
|
63
66
|
end
|
64
67
|
|
65
68
|
def role_exist? user, roles, project
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
+
project_roles(user, project)
|
70
|
+
session = session_for user
|
71
|
+
session.role_exist?(roles, project) do
|
72
|
+
request_hash = {sqauthsession: session.session_value, roles: [*roles], auth_name: project, ip: user[:ip]}
|
73
|
+
response = send_request :check_role, request_hash
|
74
|
+
response.is_a?(Hash) && response[:data].is_a?(Hash) && (response[:data]["role_exist"] == true)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
def project_roles user, project
|
79
|
+
session = session_for user
|
80
|
+
session.project_roles(project) do
|
81
|
+
request_hash = {sqauthsession: session.session_value, ip: user[:ip]}
|
82
|
+
response = send_request :get_roles, request_hash
|
83
|
+
ret = []
|
84
|
+
if response.is_a?(Hash) && response[:data].is_a?(Array)
|
85
|
+
ret = begin
|
86
|
+
response[:data].map do |project_hash|
|
87
|
+
if project_hash["project"] == project
|
88
|
+
project_hash["role"]
|
89
|
+
end
|
90
|
+
end
|
91
|
+
rescue => ex
|
92
|
+
[]
|
93
|
+
end.flatten.compact.uniq
|
94
|
+
end
|
95
|
+
ret
|
96
|
+
end
|
69
97
|
end
|
70
98
|
|
71
99
|
def send_request request_name, params = nil
|
@@ -82,7 +110,11 @@ module SqAuth
|
|
82
110
|
end
|
83
111
|
|
84
112
|
def current_user_params
|
85
|
-
{session: session_for_current_user, ip: ip_for_current_user}
|
113
|
+
{session: session_for_current_user.session_value, ip: ip_for_current_user}
|
114
|
+
end
|
115
|
+
|
116
|
+
def delete_session session
|
117
|
+
@sessions.delete_session session
|
86
118
|
end
|
87
119
|
end
|
88
120
|
end
|
@@ -42,6 +42,8 @@ module SqAuth
|
|
42
42
|
form_hash = req.params||{}
|
43
43
|
if auth_request?(env, form_hash)
|
44
44
|
redirect_to_callback(env, form_hash)
|
45
|
+
elsif revoke_session_request?(env, form_hash)
|
46
|
+
revoke_session(env, form_hash)
|
45
47
|
else
|
46
48
|
pass_through env
|
47
49
|
end
|
@@ -51,6 +53,10 @@ module SqAuth
|
|
51
53
|
env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("callback")
|
52
54
|
end
|
53
55
|
|
56
|
+
def revoke_session_request? env, form_hash
|
57
|
+
env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("revoke_session")
|
58
|
+
end
|
59
|
+
|
54
60
|
def redirect_to_callback env, form_hash
|
55
61
|
env["rack.session"][:sqauthsession] = form_hash["sqauthsession"] if env["rack.session"]
|
56
62
|
env["rack.session"][:current_user] = form_hash["current_user"] if env["rack.session"]
|
@@ -61,6 +67,11 @@ module SqAuth
|
|
61
67
|
[302, {'Content-Type'=>'text/plain', 'Location' => form_hash["callback"]}, ['Authenticated']]
|
62
68
|
end
|
63
69
|
|
70
|
+
def revoke_session env, form_hash
|
71
|
+
SqAuth.access.revoke_session(form_hash["sqauthsession"])
|
72
|
+
[200, {'Content-Type'=>'text/plain'}, ['Session revoked']]
|
73
|
+
end
|
74
|
+
|
64
75
|
def callback_uri env
|
65
76
|
if URI.parse(env["REQUEST_URI"]).host
|
66
77
|
env["REQUEST_URI"]
|
@@ -3,7 +3,8 @@ module SqAuth
|
|
3
3
|
class BasicServer
|
4
4
|
SERVER_INTERFACE = {
|
5
5
|
check_connection: {path: "health", method: :get},
|
6
|
-
check_role: {path: "check_role", method: :post}
|
6
|
+
check_role: {path: "check_role", method: :post},
|
7
|
+
get_roles: {path: "get_roles", method: :get}
|
7
8
|
}
|
8
9
|
|
9
10
|
def self.init_request specification, host_options = {}
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module SqAuth
|
2
|
+
class SqAuthSession
|
3
|
+
attr_reader :session_value
|
4
|
+
def initialize value
|
5
|
+
@cache = SqAuthCache.new
|
6
|
+
@session_value = value
|
7
|
+
end
|
8
|
+
|
9
|
+
def role_exist? roles, project, &block
|
10
|
+
result = @cache.fetch(project)
|
11
|
+
if result.nil?
|
12
|
+
yield(self, roles, project)
|
13
|
+
else
|
14
|
+
!([*roles] & result).empty?
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def project_roles project
|
19
|
+
result = @cache.fetch(project)
|
20
|
+
if result.nil?
|
21
|
+
fetched_roles = yield(self, project)
|
22
|
+
if fetched_roles
|
23
|
+
@cache.save(project, fetched_roles)
|
24
|
+
else
|
25
|
+
return []
|
26
|
+
end
|
27
|
+
else
|
28
|
+
result
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
@@ -2,6 +2,7 @@ module SqAuth
|
|
2
2
|
class SqAuthSessions
|
3
3
|
def initialize
|
4
4
|
@sessions = {}
|
5
|
+
@known_sessions = {}
|
5
6
|
end
|
6
7
|
|
7
8
|
def [] key
|
@@ -9,7 +10,12 @@ module SqAuth
|
|
9
10
|
end
|
10
11
|
|
11
12
|
def []= key, value
|
12
|
-
@
|
13
|
+
@known_sessions[value] ||= SqAuthSession.new(value)
|
14
|
+
@sessions[key] = @known_sessions[value]
|
15
|
+
end
|
16
|
+
|
17
|
+
def delete_session session
|
18
|
+
@known_sessions.delete(session)
|
13
19
|
end
|
14
20
|
|
15
21
|
end
|
@@ -3,8 +3,16 @@ module SqAuth
|
|
3
3
|
class BasicUser
|
4
4
|
attr_accessor :user_name, :user_ip
|
5
5
|
def current_user
|
6
|
-
|
6
|
+
self
|
7
7
|
end
|
8
|
+
|
9
|
+
def [] key
|
10
|
+
{name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}[key]
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
|
15
|
+
|
8
16
|
end
|
9
17
|
end
|
10
18
|
end
|
@@ -3,7 +3,7 @@ module SqAuth
|
|
3
3
|
def self.default_draw_template uri, project_params, user_params #callback, role, project, session, ip
|
4
4
|
<<-EOF
|
5
5
|
<div class="sq_auth_not_logged_in">
|
6
|
-
<iframe src='#{uri}
|
6
|
+
<iframe src='#{uri}?_=#{Time.now.to_i}&#{SqAuth::SqAuthRequest.hash_to_query(project_params.merge(user_params))}'>
|
7
7
|
</iframe>
|
8
8
|
</div>
|
9
9
|
EOF
|
data/lib/sq_auth/version.rb
CHANGED
data/lib/sq_auth.rb
CHANGED
@@ -9,8 +9,10 @@ require 'digest'
|
|
9
9
|
# internal dependencies
|
10
10
|
require "sq_auth/version"
|
11
11
|
require "sq_auth/sq_auth_access"
|
12
|
+
require "sq_auth/sq_auth_cache"
|
12
13
|
require "sq_auth/sq_auth_client"
|
13
14
|
require "sq_auth/sq_auth_request"
|
15
|
+
require "sq_auth/sq_auth_session"
|
14
16
|
require "sq_auth/sq_auth_sessions"
|
15
17
|
require "sq_auth/sq_auth_utils"
|
16
18
|
require "sq_auth/sq_auth_server_interface/basic_server"
|
@@ -61,6 +63,10 @@ module SqAuth
|
|
61
63
|
end
|
62
64
|
end
|
63
65
|
|
66
|
+
def roles_for_current_user
|
67
|
+
@session_access.roles_for_current_user
|
68
|
+
end
|
69
|
+
|
64
70
|
def not_accessible_message
|
65
71
|
SqAuth.access.message_when_not_authenticated
|
66
72
|
end
|
data/sq_auth.gemspec
CHANGED
@@ -7,9 +7,9 @@ Gem::Specification.new do |s|
|
|
7
7
|
s.version = SqAuth::VERSION
|
8
8
|
s.authors = ["Leonid Krinitsyn"]
|
9
9
|
s.email = ["leonidkrn@gmail.com"]
|
10
|
-
s.homepage = ""
|
11
|
-
s.summary = %q{SQ
|
12
|
-
s.description = %q{
|
10
|
+
s.homepage = "https://github.com/LeonidKrn/sq_auth"
|
11
|
+
s.summary = %q{SQ services authentication gem}
|
12
|
+
s.description = %q{Gem for authenticaiton by third-party server. Integrates in Sinatra and Rails.}
|
13
13
|
|
14
14
|
s.rubyforge_project = "sq_auth"
|
15
15
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sq_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.29
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-08-
|
12
|
+
date: 2012-08-15 00:00:00.000000000Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
@@ -59,7 +59,8 @@ dependencies:
|
|
59
59
|
- - ! '>='
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '0'
|
62
|
-
description:
|
62
|
+
description: Gem for authenticaiton by third-party server. Integrates in Sinatra and
|
63
|
+
Rails.
|
63
64
|
email:
|
64
65
|
- leonidkrn@gmail.com
|
65
66
|
executables: []
|
@@ -75,6 +76,7 @@ files:
|
|
75
76
|
- examples/server.rb
|
76
77
|
- lib/sq_auth.rb
|
77
78
|
- lib/sq_auth/sq_auth_access.rb
|
79
|
+
- lib/sq_auth/sq_auth_cache.rb
|
78
80
|
- lib/sq_auth/sq_auth_client.rb
|
79
81
|
- lib/sq_auth/sq_auth_helpers/sq_auth_helpers_dsl.rb
|
80
82
|
- lib/sq_auth/sq_auth_helpers/sq_auth_helpers_rails.rb
|
@@ -86,6 +88,7 @@ files:
|
|
86
88
|
- lib/sq_auth/sq_auth_integration/sq_auth_sinatra.rb
|
87
89
|
- lib/sq_auth/sq_auth_request.rb
|
88
90
|
- lib/sq_auth/sq_auth_server_interface/basic_server.rb
|
91
|
+
- lib/sq_auth/sq_auth_session.rb
|
89
92
|
- lib/sq_auth/sq_auth_sessions.rb
|
90
93
|
- lib/sq_auth/sq_auth_user/basic_user.rb
|
91
94
|
- lib/sq_auth/sq_auth_user/rack_user.rb
|
@@ -99,7 +102,7 @@ files:
|
|
99
102
|
- spec/lib/sq_auth_spec.rb
|
100
103
|
- spec/spec_helper.rb
|
101
104
|
- sq_auth.gemspec
|
102
|
-
homepage:
|
105
|
+
homepage: https://github.com/LeonidKrn/sq_auth
|
103
106
|
licenses: []
|
104
107
|
post_install_message:
|
105
108
|
rdoc_options: []
|
@@ -122,5 +125,5 @@ rubyforge_project: sq_auth
|
|
122
125
|
rubygems_version: 1.8.18
|
123
126
|
signing_key:
|
124
127
|
specification_version: 3
|
125
|
-
summary: SQ
|
128
|
+
summary: SQ services authentication gem
|
126
129
|
test_files: []
|