sso 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/sso/benchmarking.rb +1 -1
- data/lib/sso/client/warden/hooks/after_fetch.rb +5 -4
- data/lib/sso/client/warden/strategies/passport.rb +4 -1
- data/lib/sso/meter.rb +4 -4
- data/lib/sso/server/warden/strategies/passport.rb +3 -0
- data/spec/lib/sso/benchmarking_spec.rb +9 -7
- data/spec/lib/sso/client/warden/hooks/after_fetch_spec.rb +30 -9
- data/spec/lib/sso/client/warden/strategies/passport_spec.rb +21 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1612060577f395274bade4fb34686a7762d7a18
|
|
4
|
+
data.tar.gz: bc1c6cf750efdf8b5a94e8ab93e81a49d9e7c1be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 64685ba474ed7bee87c26c7f0809d1f6a12d1b3f461cdbd22a6fc44fb733c7d3824d903e9fd01c918dc1533a8cb9263088cb4a350ad968f7a3710e787fad1772
|
|
7
|
+
data.tar.gz: 5a573a497c99e35bf9cd5b44aa5157988d7a9eaba2aed9b7da809e41c8f4b057b5ec7f8a67d43a2461f43f4beb301d12065f0fbc053d3422e786fc88becc70db
|
data/lib/sso/benchmarking.rb
CHANGED
|
@@ -12,7 +12,7 @@ module SSO
|
|
|
12
12
|
end
|
|
13
13
|
milliseconds = (seconds * 1000).round
|
|
14
14
|
debug { "#{name || metric || 'Benchmark'} took #{milliseconds}ms" }
|
|
15
|
-
|
|
15
|
+
timing key: metric, value: milliseconds if metric
|
|
16
16
|
result
|
|
17
17
|
end
|
|
18
18
|
end
|
|
@@ -123,11 +123,12 @@ module SSO
|
|
|
123
123
|
end
|
|
124
124
|
|
|
125
125
|
def meter(key, data = {})
|
|
126
|
-
|
|
127
|
-
|
|
126
|
+
metrics = {}
|
|
127
|
+
metrics[:key] = "client.warden.hooks.after_fetch.#{key}"
|
|
128
|
+
metrics[:tags] = { scope: warden_scope }
|
|
128
129
|
data[:passport_id] = passport.id
|
|
129
|
-
|
|
130
|
-
track
|
|
130
|
+
metrics[:data] = data
|
|
131
|
+
track metrics
|
|
131
132
|
end
|
|
132
133
|
|
|
133
134
|
# TODO: Use ActionDispatch remote IP or you might get the Load Balancer's IP instead :(
|
|
@@ -15,14 +15,17 @@ module SSO
|
|
|
15
15
|
debug { 'Authenticating from Passport...' }
|
|
16
16
|
|
|
17
17
|
authentication = passport_authentication
|
|
18
|
+
track key: 'client.warden.strategies.passport.authentication', tags: { scope: scope }
|
|
18
19
|
|
|
19
20
|
if authentication.success?
|
|
20
21
|
debug { 'Authentication on Client from Passport successful.' }
|
|
21
22
|
debug { "Persisting trusted Passport #{authentication.object.inspect}" }
|
|
23
|
+
track key: "client.warden.strategies.passport.#{authentication.code}", tags: { scope: scope }
|
|
22
24
|
success! authentication.object
|
|
23
25
|
else
|
|
24
26
|
debug { 'Authentication from Passport on Client failed.' }
|
|
25
27
|
debug { "Responding with #{authentication.object.inspect}" }
|
|
28
|
+
track key: "client.warden.strategies.passport.#{authentication.code}", tags: { scope: scope }
|
|
26
29
|
custom! authentication.object
|
|
27
30
|
end
|
|
28
31
|
|
|
@@ -31,7 +34,7 @@ module SSO
|
|
|
31
34
|
end
|
|
32
35
|
|
|
33
36
|
def passport_authentication
|
|
34
|
-
benchmark(name: 'Passport proxy verification request', metric: 'client.passport.
|
|
37
|
+
benchmark(name: 'Passport proxy verification request', metric: 'client.passport.proxy_verification.duration') do
|
|
35
38
|
::SSO::Client::Authentications::Passport.new(request).authenticate
|
|
36
39
|
end
|
|
37
40
|
end
|
data/lib/sso/meter.rb
CHANGED
|
@@ -4,17 +4,17 @@ module SSO
|
|
|
4
4
|
|
|
5
5
|
def track(key:, value: 1, tags: nil, data: {})
|
|
6
6
|
data[:caller] = caller_name
|
|
7
|
-
|
|
7
|
+
debug { "Measuring increment #{key.inspect} with value #{value.inspect} and tags #{tags.inspect} and data #{data.inspect}" }
|
|
8
8
|
metric.call type: :increment, key: "sso.#{key}", value: value, tags: tags, data: data
|
|
9
9
|
|
|
10
10
|
rescue => exception
|
|
11
11
|
::SSO.config.exception_handler.call exception
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def
|
|
14
|
+
def timing(key:, value:, tags: nil, data: {})
|
|
15
15
|
data[:caller] = caller_name
|
|
16
|
-
|
|
17
|
-
metric.call type: :
|
|
16
|
+
debug { "Measuring timing #{key.inspect} with value #{value.inspect} and tags #{tags.inspect} and data #{data.inspect}" }
|
|
17
|
+
metric.call type: :timing, key: "sso.#{key}", value: value, tags: tags, data: data
|
|
18
18
|
|
|
19
19
|
rescue => exception
|
|
20
20
|
::SSO.config.exception_handler.call exception
|
|
@@ -14,13 +14,16 @@ module SSO
|
|
|
14
14
|
debug { 'Authenticating from Passport...' }
|
|
15
15
|
|
|
16
16
|
authentication = passport_authentication
|
|
17
|
+
track key: 'server.warden.strategies.passport.authentication'
|
|
17
18
|
|
|
18
19
|
if authentication.success?
|
|
19
20
|
debug { 'Authentication on Server from Passport successful.' }
|
|
20
21
|
debug { "Responding with #{authentication.object}" }
|
|
22
|
+
track key: "server.warden.strategies.passport.#{authentication.code}"
|
|
21
23
|
custom! authentication.object
|
|
22
24
|
else
|
|
23
25
|
debug { 'Authentication from Passport on Server failed.' }
|
|
26
|
+
track key: "server.warden.strategies.passport.#{authentication.code}"
|
|
24
27
|
custom! authentication.object
|
|
25
28
|
end
|
|
26
29
|
|
|
@@ -45,35 +45,37 @@ RSpec.describe ::SSO::Benchmarking do
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
it 'does not meter' do
|
|
48
|
-
expect(instance).to_not receive(:
|
|
48
|
+
expect(instance).to_not receive(:timing)
|
|
49
49
|
instance.benchmark(name: 'Long calculation') {}
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
context 'only with metric' do
|
|
54
54
|
it 'logs with the metric' do
|
|
55
|
-
expect(instance).to receive(:debug) do |_, &block|
|
|
55
|
+
expect(instance).to receive(:debug).twice do |_, &block|
|
|
56
|
+
next if block.call.include?('Measuring')
|
|
56
57
|
expect(block.call).to eq 'blob.serialization took 0ms'
|
|
57
58
|
end
|
|
58
59
|
instance.benchmark(metric: 'blob.serialization') {}
|
|
59
60
|
end
|
|
60
61
|
|
|
61
|
-
it 'meters as
|
|
62
|
-
expect(instance).to receive(:
|
|
62
|
+
it 'meters as timing with the metric as name' do
|
|
63
|
+
expect(instance).to receive(:timing).with key: 'blob.serialization', value: 0
|
|
63
64
|
instance.benchmark(metric: 'blob.serialization') {}
|
|
64
65
|
end
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
context 'with name and metric' do
|
|
68
69
|
it 'logs with the name' do
|
|
69
|
-
expect(instance).to receive(:debug) do |_, &block|
|
|
70
|
+
expect(instance).to receive(:debug).twice do |_, &block|
|
|
71
|
+
next if block.call.include?('Measuring')
|
|
70
72
|
expect(block.call).to eq 'Synchronous encryption took 0ms'
|
|
71
73
|
end
|
|
72
74
|
instance.benchmark(name: 'Synchronous encryption', metric: 'encryption.aes') {}
|
|
73
75
|
end
|
|
74
76
|
|
|
75
|
-
it 'meters as
|
|
76
|
-
expect(instance).to receive(:
|
|
77
|
+
it 'meters as timing with the metric as name' do
|
|
78
|
+
expect(instance).to receive(:timing).with key: 'encryption.aes', value: 0
|
|
77
79
|
instance.benchmark(name: 'Synchronous encryption', metric: 'encryption.aes') {}
|
|
78
80
|
end
|
|
79
81
|
end
|
|
@@ -7,7 +7,8 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
7
7
|
let(:client_params) { { device_id: 'unique device identifier' } }
|
|
8
8
|
let(:warden_request) { double :warden_request, ip: ip, user_agent: agent, params: client_params, env: warden_env }
|
|
9
9
|
let(:warden) { double :warden, request: warden_request }
|
|
10
|
-
let(:hook) { described_class.new passport: client_passport, warden: warden, options: {} }
|
|
10
|
+
let(:hook) { described_class.new passport: client_passport, warden: warden, options: { scope: warden_scope } }
|
|
11
|
+
let(:warden_scope) {}
|
|
11
12
|
let(:client_user) { double :client_user, name: 'Good old client user' }
|
|
12
13
|
let(:client_passport) { ::SSO::Client::Passport.new id: passport_id, secret: passport_secret, state: passport_state, user: client_user }
|
|
13
14
|
let(:operation) { hook.call }
|
|
@@ -60,10 +61,24 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
60
61
|
end
|
|
61
62
|
|
|
62
63
|
it 'meters the invalid passport' do
|
|
63
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
64
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.passport_authentication_failed', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
65
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
66
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
64
67
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.invalid', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
65
68
|
hook.call
|
|
66
69
|
end
|
|
70
|
+
|
|
71
|
+
context 'with warden scope' do
|
|
72
|
+
let(:warden_scope) { :vip }
|
|
73
|
+
|
|
74
|
+
it 'meters the invalid passport with the scope' do
|
|
75
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.passport_authentication_failed', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
76
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
77
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
78
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.invalid', value: 1, tags: { scope: :vip }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
79
|
+
hook.call
|
|
80
|
+
end
|
|
81
|
+
end
|
|
67
82
|
end
|
|
68
83
|
|
|
69
84
|
context 'user does not change' do
|
|
@@ -93,7 +108,9 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
93
108
|
end
|
|
94
109
|
|
|
95
110
|
it 'meters the invalid passport' do
|
|
96
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
111
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.signature_approved_no_changes', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
112
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
113
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
97
114
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.valid', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
98
115
|
hook.call
|
|
99
116
|
end
|
|
@@ -131,7 +148,9 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
131
148
|
end
|
|
132
149
|
|
|
133
150
|
it 'meters the invalid passport' do
|
|
134
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
151
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.signature_approved_no_changes', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
152
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
153
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
135
154
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.valid', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
136
155
|
hook.call
|
|
137
156
|
end
|
|
@@ -169,7 +188,9 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
169
188
|
end
|
|
170
189
|
|
|
171
190
|
it 'meters the invalid passport' do
|
|
172
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
191
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.signature_approved_state_changed', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
192
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
193
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
173
194
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.valid_and_modified', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
174
195
|
hook.call
|
|
175
196
|
end
|
|
@@ -208,7 +229,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
208
229
|
end
|
|
209
230
|
|
|
210
231
|
it 'meters the timeout' do
|
|
211
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
232
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
212
233
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.server_unreachable', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
213
234
|
hook.call
|
|
214
235
|
end
|
|
@@ -231,7 +252,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
231
252
|
end
|
|
232
253
|
|
|
233
254
|
it 'meters the timeout' do
|
|
234
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
255
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
235
256
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.server_response_not_parseable', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
236
257
|
hook.call
|
|
237
258
|
end
|
|
@@ -253,7 +274,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
253
274
|
end
|
|
254
275
|
|
|
255
276
|
it 'meters the timeout' do
|
|
256
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
277
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
257
278
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.server_response_missing_success_flag', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
258
279
|
hook.call
|
|
259
280
|
end
|
|
@@ -275,7 +296,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
275
296
|
end
|
|
276
297
|
|
|
277
298
|
it 'meters the timeout' do
|
|
278
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
299
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
279
300
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.unexpected_server_response_status', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
280
301
|
hook.call
|
|
281
302
|
end
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
|
-
RSpec.describe SSO::Client::Warden::Strategies::Passport do
|
|
3
|
+
RSpec.describe SSO::Client::Warden::Strategies::Passport, stub_benchmarks: true do
|
|
4
4
|
|
|
5
5
|
let(:env) { env_with_params }
|
|
6
|
-
let(:strategy) { described_class.new env }
|
|
6
|
+
let(:strategy) { described_class.new env, scope }
|
|
7
|
+
let(:scope) {}
|
|
7
8
|
|
|
8
9
|
describe '#valid?' do
|
|
9
10
|
context 'with :auth_version and :state' do
|
|
@@ -45,6 +46,24 @@ RSpec.describe SSO::Client::Warden::Strategies::Passport do
|
|
|
45
46
|
it 'is a custom response' do
|
|
46
47
|
expect(strategy.authenticate!).to eq :custom
|
|
47
48
|
end
|
|
49
|
+
|
|
50
|
+
it 'meters' do
|
|
51
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.authentication', value: 1, tags: { scope: nil }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
52
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.passport_authentication_failed', value: 1, tags: { scope: nil }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
53
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.proxy_verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
54
|
+
strategy.authenticate!
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
context 'with scope' do
|
|
58
|
+
let(:scope) { :cool }
|
|
59
|
+
|
|
60
|
+
it 'meters with the scope' do
|
|
61
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.authentication', value: 1, tags: { scope: :cool }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
62
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.passport_authentication_failed', value: 1, tags: { scope: :cool }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
63
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.proxy_verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
64
|
+
strategy.authenticate!
|
|
65
|
+
end
|
|
66
|
+
end
|
|
48
67
|
end
|
|
49
68
|
|
|
50
69
|
it 'fails' do
|