sq_auth 0.0.28 → 0.0.29

Sign up to get free protection for your applications and to get access to all the features.
@@ -88,10 +88,18 @@ module SqAuth
88
88
  end
89
89
  end
90
90
 
91
+ def roles_for_current_user project = @project_name
92
+ @session_provider.roles_for_current_user project
93
+ end
94
+
91
95
  def save_session_for_current_user sqauthsession
92
96
  @session_provider.create_session_for_current_user sqauthsession
93
97
  end
94
98
 
99
+ def revoke_session sqauthsession
100
+ @session_provider.delete_session(sqauthsession)
101
+ end
102
+
95
103
  def save_username_for_current_user username
96
104
  @session_provider.username = username
97
105
  end
@@ -0,0 +1,39 @@
1
+ module SqAuth
2
+ class SqAuthCache
3
+ DEFAULT_OPTIONS = {:ttl => 3600, :max_fetches => 5000}
4
+ def initialize options = {}
5
+ options = DEFAULT_OPTIONS.merge(options)
6
+ @cache = {}
7
+ @ttl = options[:ttl]
8
+ @max_fetches = options[:max_fetches]
9
+ @keys_access = Hash.new{|h,k| h[k] = {updated_at: Time.now, fetches: 0}}
10
+ end
11
+
12
+ def fetch key
13
+ secure_cache_operation(key) do
14
+ @cache[key]
15
+ end
16
+ end
17
+
18
+ def save key, value
19
+ clear_cache_key(key)
20
+ @cache[key] = value
21
+ @keys_access[key]
22
+ end
23
+
24
+ def clear_cache_key key
25
+ @cache.delete(key)
26
+ @keys_access.delete(key)
27
+ end
28
+
29
+ def secure_cache_operation key, &block
30
+ @keys_access[key][:fetches] += 1
31
+ key_age = (Time.now - @keys_access[key][:updated_at]).to_i
32
+ fetches = @keys_access[key][:fetches]
33
+ if key_age > @ttl || fetches > @max_fetches || key_age < 0
34
+ clear_cache_key(key)
35
+ end
36
+ yield if block_given?
37
+ end
38
+ end
39
+ end
@@ -37,8 +37,12 @@ module SqAuth
37
37
  role_exist? current_user, role, project
38
38
  end
39
39
 
40
+ def roles_for_current_user project
41
+ project_roles current_user, project
42
+ end
43
+
40
44
  def user
41
- @user
45
+ @user.current_user
42
46
  end
43
47
 
44
48
  def username=(username)
@@ -54,7 +58,6 @@ module SqAuth
54
58
  end
55
59
 
56
60
  def session_for user
57
- p @sessions
58
61
  @sessions[user]
59
62
  end
60
63
 
@@ -63,9 +66,34 @@ module SqAuth
63
66
  end
64
67
 
65
68
  def role_exist? user, roles, project
66
- request_hash = {sqauthsession: session_for(user), roles: [*roles], auth_name: project, ip: user[:ip]}
67
- response = send_request :check_role, request_hash
68
- response.is_a?(Hash) && response[:data].is_a?(Hash) && (response[:data]["role_exist"] == true)
69
+ project_roles(user, project)
70
+ session = session_for user
71
+ session.role_exist?(roles, project) do
72
+ request_hash = {sqauthsession: session.session_value, roles: [*roles], auth_name: project, ip: user[:ip]}
73
+ response = send_request :check_role, request_hash
74
+ response.is_a?(Hash) && response[:data].is_a?(Hash) && (response[:data]["role_exist"] == true)
75
+ end
76
+ end
77
+
78
+ def project_roles user, project
79
+ session = session_for user
80
+ session.project_roles(project) do
81
+ request_hash = {sqauthsession: session.session_value, ip: user[:ip]}
82
+ response = send_request :get_roles, request_hash
83
+ ret = []
84
+ if response.is_a?(Hash) && response[:data].is_a?(Array)
85
+ ret = begin
86
+ response[:data].map do |project_hash|
87
+ if project_hash["project"] == project
88
+ project_hash["role"]
89
+ end
90
+ end
91
+ rescue => ex
92
+ []
93
+ end.flatten.compact.uniq
94
+ end
95
+ ret
96
+ end
69
97
  end
70
98
 
71
99
  def send_request request_name, params = nil
@@ -82,7 +110,11 @@ module SqAuth
82
110
  end
83
111
 
84
112
  def current_user_params
85
- {session: session_for_current_user, ip: ip_for_current_user}
113
+ {session: session_for_current_user.session_value, ip: ip_for_current_user}
114
+ end
115
+
116
+ def delete_session session
117
+ @sessions.delete_session session
86
118
  end
87
119
  end
88
120
  end
@@ -42,6 +42,8 @@ module SqAuth
42
42
  form_hash = req.params||{}
43
43
  if auth_request?(env, form_hash)
44
44
  redirect_to_callback(env, form_hash)
45
+ elsif revoke_session_request?(env, form_hash)
46
+ revoke_session(env, form_hash)
45
47
  else
46
48
  pass_through env
47
49
  end
@@ -51,6 +53,10 @@ module SqAuth
51
53
  env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("callback")
52
54
  end
53
55
 
56
+ def revoke_session_request? env, form_hash
57
+ env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("revoke_session")
58
+ end
59
+
54
60
  def redirect_to_callback env, form_hash
55
61
  env["rack.session"][:sqauthsession] = form_hash["sqauthsession"] if env["rack.session"]
56
62
  env["rack.session"][:current_user] = form_hash["current_user"] if env["rack.session"]
@@ -61,6 +67,11 @@ module SqAuth
61
67
  [302, {'Content-Type'=>'text/plain', 'Location' => form_hash["callback"]}, ['Authenticated']]
62
68
  end
63
69
 
70
+ def revoke_session env, form_hash
71
+ SqAuth.access.revoke_session(form_hash["sqauthsession"])
72
+ [200, {'Content-Type'=>'text/plain'}, ['Session revoked']]
73
+ end
74
+
64
75
  def callback_uri env
65
76
  if URI.parse(env["REQUEST_URI"]).host
66
77
  env["REQUEST_URI"]
@@ -3,7 +3,8 @@ module SqAuth
3
3
  class BasicServer
4
4
  SERVER_INTERFACE = {
5
5
  check_connection: {path: "health", method: :get},
6
- check_role: {path: "check_role", method: :post}
6
+ check_role: {path: "check_role", method: :post},
7
+ get_roles: {path: "get_roles", method: :get}
7
8
  }
8
9
 
9
10
  def self.init_request specification, host_options = {}
@@ -0,0 +1,33 @@
1
+ module SqAuth
2
+ class SqAuthSession
3
+ attr_reader :session_value
4
+ def initialize value
5
+ @cache = SqAuthCache.new
6
+ @session_value = value
7
+ end
8
+
9
+ def role_exist? roles, project, &block
10
+ result = @cache.fetch(project)
11
+ if result.nil?
12
+ yield(self, roles, project)
13
+ else
14
+ !([*roles] & result).empty?
15
+ end
16
+ end
17
+
18
+ def project_roles project
19
+ result = @cache.fetch(project)
20
+ if result.nil?
21
+ fetched_roles = yield(self, project)
22
+ if fetched_roles
23
+ @cache.save(project, fetched_roles)
24
+ else
25
+ return []
26
+ end
27
+ else
28
+ result
29
+ end
30
+ end
31
+
32
+ end
33
+ end
@@ -2,6 +2,7 @@ module SqAuth
2
2
  class SqAuthSessions
3
3
  def initialize
4
4
  @sessions = {}
5
+ @known_sessions = {}
5
6
  end
6
7
 
7
8
  def [] key
@@ -9,7 +10,12 @@ module SqAuth
9
10
  end
10
11
 
11
12
  def []= key, value
12
- @sessions[key] = value
13
+ @known_sessions[value] ||= SqAuthSession.new(value)
14
+ @sessions[key] = @known_sessions[value]
15
+ end
16
+
17
+ def delete_session session
18
+ @known_sessions.delete(session)
13
19
  end
14
20
 
15
21
  end
@@ -3,8 +3,16 @@ module SqAuth
3
3
  class BasicUser
4
4
  attr_accessor :user_name, :user_ip
5
5
  def current_user
6
- {name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}
6
+ self
7
7
  end
8
+
9
+ def [] key
10
+ {name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}[key]
11
+ end
12
+
13
+
14
+
15
+
8
16
  end
9
17
  end
10
18
  end
@@ -3,7 +3,7 @@ module SqAuth
3
3
  def self.default_draw_template uri, project_params, user_params #callback, role, project, session, ip
4
4
  <<-EOF
5
5
  <div class="sq_auth_not_logged_in">
6
- <iframe src='#{uri}?#{SqAuth::SqAuthRequest.hash_to_query(project_params.merge(user_params))}'>
6
+ <iframe src='#{uri}?_=#{Time.now.to_i}&#{SqAuth::SqAuthRequest.hash_to_query(project_params.merge(user_params))}'>
7
7
  </iframe>
8
8
  </div>
9
9
  EOF
@@ -1,3 +1,3 @@
1
1
  module SqAuth
2
- VERSION = "0.0.28"
2
+ VERSION = "0.0.29"
3
3
  end
data/lib/sq_auth.rb CHANGED
@@ -9,8 +9,10 @@ require 'digest'
9
9
  # internal dependencies
10
10
  require "sq_auth/version"
11
11
  require "sq_auth/sq_auth_access"
12
+ require "sq_auth/sq_auth_cache"
12
13
  require "sq_auth/sq_auth_client"
13
14
  require "sq_auth/sq_auth_request"
15
+ require "sq_auth/sq_auth_session"
14
16
  require "sq_auth/sq_auth_sessions"
15
17
  require "sq_auth/sq_auth_utils"
16
18
  require "sq_auth/sq_auth_server_interface/basic_server"
@@ -61,6 +63,10 @@ module SqAuth
61
63
  end
62
64
  end
63
65
 
66
+ def roles_for_current_user
67
+ @session_access.roles_for_current_user
68
+ end
69
+
64
70
  def not_accessible_message
65
71
  SqAuth.access.message_when_not_authenticated
66
72
  end
data/sq_auth.gemspec CHANGED
@@ -7,9 +7,9 @@ Gem::Specification.new do |s|
7
7
  s.version = SqAuth::VERSION
8
8
  s.authors = ["Leonid Krinitsyn"]
9
9
  s.email = ["leonidkrn@gmail.com"]
10
- s.homepage = ""
11
- s.summary = %q{SQ sevices authentication gem}
12
- s.description = %q{SQ sevices authentication gem}
10
+ s.homepage = "https://github.com/LeonidKrn/sq_auth"
11
+ s.summary = %q{SQ services authentication gem}
12
+ s.description = %q{Gem for authenticaiton by third-party server. Integrates in Sinatra and Rails.}
13
13
 
14
14
  s.rubyforge_project = "sq_auth"
15
15
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sq_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.28
4
+ version: 0.0.29
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-08-02 00:00:00.000000000Z
12
+ date: 2012-08-15 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -59,7 +59,8 @@ dependencies:
59
59
  - - ! '>='
60
60
  - !ruby/object:Gem::Version
61
61
  version: '0'
62
- description: SQ sevices authentication gem
62
+ description: Gem for authenticaiton by third-party server. Integrates in Sinatra and
63
+ Rails.
63
64
  email:
64
65
  - leonidkrn@gmail.com
65
66
  executables: []
@@ -75,6 +76,7 @@ files:
75
76
  - examples/server.rb
76
77
  - lib/sq_auth.rb
77
78
  - lib/sq_auth/sq_auth_access.rb
79
+ - lib/sq_auth/sq_auth_cache.rb
78
80
  - lib/sq_auth/sq_auth_client.rb
79
81
  - lib/sq_auth/sq_auth_helpers/sq_auth_helpers_dsl.rb
80
82
  - lib/sq_auth/sq_auth_helpers/sq_auth_helpers_rails.rb
@@ -86,6 +88,7 @@ files:
86
88
  - lib/sq_auth/sq_auth_integration/sq_auth_sinatra.rb
87
89
  - lib/sq_auth/sq_auth_request.rb
88
90
  - lib/sq_auth/sq_auth_server_interface/basic_server.rb
91
+ - lib/sq_auth/sq_auth_session.rb
89
92
  - lib/sq_auth/sq_auth_sessions.rb
90
93
  - lib/sq_auth/sq_auth_user/basic_user.rb
91
94
  - lib/sq_auth/sq_auth_user/rack_user.rb
@@ -99,7 +102,7 @@ files:
99
102
  - spec/lib/sq_auth_spec.rb
100
103
  - spec/spec_helper.rb
101
104
  - sq_auth.gemspec
102
- homepage: ''
105
+ homepage: https://github.com/LeonidKrn/sq_auth
103
106
  licenses: []
104
107
  post_install_message:
105
108
  rdoc_options: []
@@ -122,5 +125,5 @@ rubyforge_project: sq_auth
122
125
  rubygems_version: 1.8.18
123
126
  signing_key:
124
127
  specification_version: 3
125
- summary: SQ sevices authentication gem
128
+ summary: SQ services authentication gem
126
129
  test_files: []