sso 0.1.0.alpha3 → 0.1.0.alpha4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sso/server.rb +1 -0
- data/lib/sso/server/README.md +34 -1
- data/lib/sso/server/engine.rb +0 -11
- data/lib/sso/server/middleware/passport_creation.rb +61 -0
- data/lib/sso/server/passport.rb +1 -0
- data/lib/sso/server/passports.rb +1 -1
- data/lib/sso/server/warden/hooks/after_authentication.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eea3614bff8d83e9025dc3950f5bab00a5e06983
|
4
|
+
data.tar.gz: b1f053b3fbc6b6d008a5a3792853a887df1ff870
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 30fa00693afe5f1fcdb1a64520ec237134996c6a651b1c95f7c5491e3a3645cfae0e00574451ad17b962cda8c0558fff26ea1561fae8cf6ba08ebcdf433f266a
|
7
|
+
data.tar.gz: 869a69603c6eceea3ea47aad819a15b19ac015b451d969db97ce86b97f6eeabefa69282af9b419468fdc1fcc99fbfed933af0f58736c3a40f7e9e0fdda7bba0f
|
data/lib/sso/server.rb
CHANGED
@@ -17,6 +17,7 @@ require 'sso/server/engine'
|
|
17
17
|
|
18
18
|
require 'sso/server/authentications/passport'
|
19
19
|
require 'sso/server/middleware/passport_verification'
|
20
|
+
require 'sso/server/middleware/passport_creation'
|
20
21
|
|
21
22
|
require 'sso/server/warden/hooks/after_authentication'
|
22
23
|
require 'sso/server/warden/hooks/before_logout'
|
data/lib/sso/server/README.md
CHANGED
@@ -10,4 +10,37 @@
|
|
10
10
|
|
11
11
|
### Setup
|
12
12
|
|
13
|
-
For now, see [these point of interests](https://github.com/halo/sso/search?q=POI) to see how exactly a rails app can be setup.
|
13
|
+
For now, see [these point of interests](https://github.com/halo/sso/search?q=POI) to see how exactly a rails app can be setup. Other than that, I'll try to give you an overview here.
|
14
|
+
|
15
|
+
First, you'll need to make sure you're using the Warden Rack middleware.
|
16
|
+
It's entirely up to you to configure that, but it will probably look something like this if you're using Rails:
|
17
|
+
|
18
|
+
```ruby
|
19
|
+
# config/application.rb
|
20
|
+
config.middleware.insert_after ::ActionDispatch::Flash, '::Warden::Manager' do |manager|
|
21
|
+
manager.failure_app = SessionsController.action :new
|
22
|
+
manager.intercept_401 = false
|
23
|
+
|
24
|
+
manager.serialize_into_session(&:id)
|
25
|
+
manager.serialize_from_session { |id| User.find_by_id(id) }
|
26
|
+
end
|
27
|
+
```
|
28
|
+
|
29
|
+
Next, you might want to use the middleware provided by this gem.
|
30
|
+
They won't be loaded automatically, so you have to pick the ones you choose to use.
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
# config/application.rb
|
34
|
+
|
35
|
+
# These two augment passports with the related outgoing access tokens
|
36
|
+
config.middleware.insert_after ::Warden::Manager, ::SSO::Server::Doorkeeper::AccessTokenMarker
|
37
|
+
config.middleware.insert_after ::Warden::Manager, ::SSO::Server::Doorkeeper::GrantMarker
|
38
|
+
|
39
|
+
# This one responds to incoming passport verification requests.
|
40
|
+
config.middleware.insert_after ::Warden::Manager, ::SSO::Server::Middleware::PassportVerification
|
41
|
+
|
42
|
+
# This is a little more experimental at the moment,
|
43
|
+
# Provided an Access Token, you can create Passports.
|
44
|
+
# This is most likely needed if you use the iPhone client.
|
45
|
+
config.middleware.insert_after ::Warden::Manager, ::SSO::Server::Middleware::PassportCreation
|
46
|
+
```
|
data/lib/sso/server/engine.rb
CHANGED
@@ -1,16 +1,5 @@
|
|
1
1
|
module SSO
|
2
2
|
class Engine < ::Rails::Engine
|
3
3
|
isolate_namespace SSO
|
4
|
-
|
5
|
-
initializer 'sso.add_middleware' do |app|
|
6
|
-
app.middleware.insert_after ::Warden::Manager, ::SSO::Server::Middleware::PassportVerification
|
7
|
-
app.middleware.insert_after ::Warden::Manager, ::SSO::Server::Doorkeeper::GrantMarker
|
8
|
-
app.middleware.insert_after ::Warden::Manager, ::SSO::Server::Doorkeeper::AccessTokenMarker
|
9
|
-
end
|
10
|
-
|
11
|
-
config.generators do |g|
|
12
|
-
g.test_framework :rspec
|
13
|
-
g.fixture_replacement :factory_girl, dir: 'spec/factories'
|
14
|
-
end
|
15
4
|
end
|
16
5
|
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
module SSO
|
2
|
+
module Server
|
3
|
+
module Middleware
|
4
|
+
class PassportCreation
|
5
|
+
include ::SSO::Logging
|
6
|
+
|
7
|
+
def initialize(app)
|
8
|
+
@app = app
|
9
|
+
end
|
10
|
+
|
11
|
+
def call(env)
|
12
|
+
request = Rack::Request.new(env)
|
13
|
+
remote_ip = request.env['action_dispatch.remote_ip'].to_s
|
14
|
+
|
15
|
+
if !(request.post? && request.path == passports_path)
|
16
|
+
debug { "I'm not interested in this request to #{request.path}" }
|
17
|
+
return @app.call(env)
|
18
|
+
end
|
19
|
+
|
20
|
+
token = request.params['access_token']
|
21
|
+
debug { "Detected incoming Passport creation request for access token #{token.inspect}" }
|
22
|
+
access_token = ::Doorkeeper::AccessToken.find_by_token token
|
23
|
+
|
24
|
+
unless access_token
|
25
|
+
return json_code :access_token_not_found
|
26
|
+
end
|
27
|
+
|
28
|
+
unless access_token.valid?
|
29
|
+
return json_code :access_token_invalid
|
30
|
+
end
|
31
|
+
|
32
|
+
creation = ::SSO::Server::Passports.generate owner_id: access_token.resource_owner_id, ip: remote_ip, agent: request.user_agent
|
33
|
+
passport_id = creation.object
|
34
|
+
finding = ::SSO::Server::Passports.find(passport_id)
|
35
|
+
|
36
|
+
if finding.failure?
|
37
|
+
error { "Could not find newly generated Passport #{finding.code.inspect} - #{finding.object.inspect}"}
|
38
|
+
return json_code :access_token_not_attached_to_valid_passport
|
39
|
+
end
|
40
|
+
|
41
|
+
passport = finding.object
|
42
|
+
debug { "Attaching user to passport #{passport.inspect}" }
|
43
|
+
passport.user = SSO.config.find_user_for_passport.call(passport: passport, ip: remote_ip)
|
44
|
+
payload = { success: true, code: :here_is_your_passport, passport: passport.export }
|
45
|
+
debug { "Created Passport #{passport.id}, sending it including user #{passport.user.inspect}}"}
|
46
|
+
|
47
|
+
return [200, { 'Content-Type' => 'application/json' }, [payload.to_json]]
|
48
|
+
end
|
49
|
+
|
50
|
+
def json_code(code)
|
51
|
+
[200, { 'Content-Type' => 'application/json' }, [{ success: true, code: code }.to_json]]
|
52
|
+
end
|
53
|
+
|
54
|
+
def passports_path
|
55
|
+
OmniAuth::Strategies::SSO.passports_path
|
56
|
+
end
|
57
|
+
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
data/lib/sso/server/passport.rb
CHANGED
data/lib/sso/server/passports.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.0.
|
4
|
+
version: 0.1.0.alpha4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- halo
|
@@ -273,6 +273,7 @@ files:
|
|
273
273
|
- lib/sso/server/engine.rb
|
274
274
|
- lib/sso/server/errors.rb
|
275
275
|
- lib/sso/server/geolocations.rb
|
276
|
+
- lib/sso/server/middleware/passport_creation.rb
|
276
277
|
- lib/sso/server/middleware/passport_verification.rb
|
277
278
|
- lib/sso/server/passport.rb
|
278
279
|
- lib/sso/server/passports.rb
|