sso 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sso/benchmarking.rb +1 -1
- data/lib/sso/client/warden/hooks/after_fetch.rb +5 -4
- data/lib/sso/client/warden/strategies/passport.rb +4 -1
- data/lib/sso/meter.rb +4 -4
- data/lib/sso/server/warden/strategies/passport.rb +3 -0
- data/spec/lib/sso/benchmarking_spec.rb +9 -7
- data/spec/lib/sso/client/warden/hooks/after_fetch_spec.rb +30 -9
- data/spec/lib/sso/client/warden/strategies/passport_spec.rb +21 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1612060577f395274bade4fb34686a7762d7a18
|
|
4
|
+
data.tar.gz: bc1c6cf750efdf8b5a94e8ab93e81a49d9e7c1be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 64685ba474ed7bee87c26c7f0809d1f6a12d1b3f461cdbd22a6fc44fb733c7d3824d903e9fd01c918dc1533a8cb9263088cb4a350ad968f7a3710e787fad1772
|
|
7
|
+
data.tar.gz: 5a573a497c99e35bf9cd5b44aa5157988d7a9eaba2aed9b7da809e41c8f4b057b5ec7f8a67d43a2461f43f4beb301d12065f0fbc053d3422e786fc88becc70db
|
data/lib/sso/benchmarking.rb
CHANGED
|
@@ -12,7 +12,7 @@ module SSO
|
|
|
12
12
|
end
|
|
13
13
|
milliseconds = (seconds * 1000).round
|
|
14
14
|
debug { "#{name || metric || 'Benchmark'} took #{milliseconds}ms" }
|
|
15
|
-
|
|
15
|
+
timing key: metric, value: milliseconds if metric
|
|
16
16
|
result
|
|
17
17
|
end
|
|
18
18
|
end
|
|
@@ -123,11 +123,12 @@ module SSO
|
|
|
123
123
|
end
|
|
124
124
|
|
|
125
125
|
def meter(key, data = {})
|
|
126
|
-
|
|
127
|
-
|
|
126
|
+
metrics = {}
|
|
127
|
+
metrics[:key] = "client.warden.hooks.after_fetch.#{key}"
|
|
128
|
+
metrics[:tags] = { scope: warden_scope }
|
|
128
129
|
data[:passport_id] = passport.id
|
|
129
|
-
|
|
130
|
-
track
|
|
130
|
+
metrics[:data] = data
|
|
131
|
+
track metrics
|
|
131
132
|
end
|
|
132
133
|
|
|
133
134
|
# TODO: Use ActionDispatch remote IP or you might get the Load Balancer's IP instead :(
|
|
@@ -15,14 +15,17 @@ module SSO
|
|
|
15
15
|
debug { 'Authenticating from Passport...' }
|
|
16
16
|
|
|
17
17
|
authentication = passport_authentication
|
|
18
|
+
track key: 'client.warden.strategies.passport.authentication', tags: { scope: scope }
|
|
18
19
|
|
|
19
20
|
if authentication.success?
|
|
20
21
|
debug { 'Authentication on Client from Passport successful.' }
|
|
21
22
|
debug { "Persisting trusted Passport #{authentication.object.inspect}" }
|
|
23
|
+
track key: "client.warden.strategies.passport.#{authentication.code}", tags: { scope: scope }
|
|
22
24
|
success! authentication.object
|
|
23
25
|
else
|
|
24
26
|
debug { 'Authentication from Passport on Client failed.' }
|
|
25
27
|
debug { "Responding with #{authentication.object.inspect}" }
|
|
28
|
+
track key: "client.warden.strategies.passport.#{authentication.code}", tags: { scope: scope }
|
|
26
29
|
custom! authentication.object
|
|
27
30
|
end
|
|
28
31
|
|
|
@@ -31,7 +34,7 @@ module SSO
|
|
|
31
34
|
end
|
|
32
35
|
|
|
33
36
|
def passport_authentication
|
|
34
|
-
benchmark(name: 'Passport proxy verification request', metric: 'client.passport.
|
|
37
|
+
benchmark(name: 'Passport proxy verification request', metric: 'client.passport.proxy_verification.duration') do
|
|
35
38
|
::SSO::Client::Authentications::Passport.new(request).authenticate
|
|
36
39
|
end
|
|
37
40
|
end
|
data/lib/sso/meter.rb
CHANGED
|
@@ -4,17 +4,17 @@ module SSO
|
|
|
4
4
|
|
|
5
5
|
def track(key:, value: 1, tags: nil, data: {})
|
|
6
6
|
data[:caller] = caller_name
|
|
7
|
-
|
|
7
|
+
debug { "Measuring increment #{key.inspect} with value #{value.inspect} and tags #{tags.inspect} and data #{data.inspect}" }
|
|
8
8
|
metric.call type: :increment, key: "sso.#{key}", value: value, tags: tags, data: data
|
|
9
9
|
|
|
10
10
|
rescue => exception
|
|
11
11
|
::SSO.config.exception_handler.call exception
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def
|
|
14
|
+
def timing(key:, value:, tags: nil, data: {})
|
|
15
15
|
data[:caller] = caller_name
|
|
16
|
-
|
|
17
|
-
metric.call type: :
|
|
16
|
+
debug { "Measuring timing #{key.inspect} with value #{value.inspect} and tags #{tags.inspect} and data #{data.inspect}" }
|
|
17
|
+
metric.call type: :timing, key: "sso.#{key}", value: value, tags: tags, data: data
|
|
18
18
|
|
|
19
19
|
rescue => exception
|
|
20
20
|
::SSO.config.exception_handler.call exception
|
|
@@ -14,13 +14,16 @@ module SSO
|
|
|
14
14
|
debug { 'Authenticating from Passport...' }
|
|
15
15
|
|
|
16
16
|
authentication = passport_authentication
|
|
17
|
+
track key: 'server.warden.strategies.passport.authentication'
|
|
17
18
|
|
|
18
19
|
if authentication.success?
|
|
19
20
|
debug { 'Authentication on Server from Passport successful.' }
|
|
20
21
|
debug { "Responding with #{authentication.object}" }
|
|
22
|
+
track key: "server.warden.strategies.passport.#{authentication.code}"
|
|
21
23
|
custom! authentication.object
|
|
22
24
|
else
|
|
23
25
|
debug { 'Authentication from Passport on Server failed.' }
|
|
26
|
+
track key: "server.warden.strategies.passport.#{authentication.code}"
|
|
24
27
|
custom! authentication.object
|
|
25
28
|
end
|
|
26
29
|
|
|
@@ -45,35 +45,37 @@ RSpec.describe ::SSO::Benchmarking do
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
it 'does not meter' do
|
|
48
|
-
expect(instance).to_not receive(:
|
|
48
|
+
expect(instance).to_not receive(:timing)
|
|
49
49
|
instance.benchmark(name: 'Long calculation') {}
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
context 'only with metric' do
|
|
54
54
|
it 'logs with the metric' do
|
|
55
|
-
expect(instance).to receive(:debug) do |_, &block|
|
|
55
|
+
expect(instance).to receive(:debug).twice do |_, &block|
|
|
56
|
+
next if block.call.include?('Measuring')
|
|
56
57
|
expect(block.call).to eq 'blob.serialization took 0ms'
|
|
57
58
|
end
|
|
58
59
|
instance.benchmark(metric: 'blob.serialization') {}
|
|
59
60
|
end
|
|
60
61
|
|
|
61
|
-
it 'meters as
|
|
62
|
-
expect(instance).to receive(:
|
|
62
|
+
it 'meters as timing with the metric as name' do
|
|
63
|
+
expect(instance).to receive(:timing).with key: 'blob.serialization', value: 0
|
|
63
64
|
instance.benchmark(metric: 'blob.serialization') {}
|
|
64
65
|
end
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
context 'with name and metric' do
|
|
68
69
|
it 'logs with the name' do
|
|
69
|
-
expect(instance).to receive(:debug) do |_, &block|
|
|
70
|
+
expect(instance).to receive(:debug).twice do |_, &block|
|
|
71
|
+
next if block.call.include?('Measuring')
|
|
70
72
|
expect(block.call).to eq 'Synchronous encryption took 0ms'
|
|
71
73
|
end
|
|
72
74
|
instance.benchmark(name: 'Synchronous encryption', metric: 'encryption.aes') {}
|
|
73
75
|
end
|
|
74
76
|
|
|
75
|
-
it 'meters as
|
|
76
|
-
expect(instance).to receive(:
|
|
77
|
+
it 'meters as timing with the metric as name' do
|
|
78
|
+
expect(instance).to receive(:timing).with key: 'encryption.aes', value: 0
|
|
77
79
|
instance.benchmark(name: 'Synchronous encryption', metric: 'encryption.aes') {}
|
|
78
80
|
end
|
|
79
81
|
end
|
|
@@ -7,7 +7,8 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
7
7
|
let(:client_params) { { device_id: 'unique device identifier' } }
|
|
8
8
|
let(:warden_request) { double :warden_request, ip: ip, user_agent: agent, params: client_params, env: warden_env }
|
|
9
9
|
let(:warden) { double :warden, request: warden_request }
|
|
10
|
-
let(:hook) { described_class.new passport: client_passport, warden: warden, options: {} }
|
|
10
|
+
let(:hook) { described_class.new passport: client_passport, warden: warden, options: { scope: warden_scope } }
|
|
11
|
+
let(:warden_scope) {}
|
|
11
12
|
let(:client_user) { double :client_user, name: 'Good old client user' }
|
|
12
13
|
let(:client_passport) { ::SSO::Client::Passport.new id: passport_id, secret: passport_secret, state: passport_state, user: client_user }
|
|
13
14
|
let(:operation) { hook.call }
|
|
@@ -60,10 +61,24 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
60
61
|
end
|
|
61
62
|
|
|
62
63
|
it 'meters the invalid passport' do
|
|
63
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
64
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.passport_authentication_failed', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
65
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
66
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
64
67
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.invalid', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
65
68
|
hook.call
|
|
66
69
|
end
|
|
70
|
+
|
|
71
|
+
context 'with warden scope' do
|
|
72
|
+
let(:warden_scope) { :vip }
|
|
73
|
+
|
|
74
|
+
it 'meters the invalid passport with the scope' do
|
|
75
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.passport_authentication_failed', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
76
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
77
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
78
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.invalid', value: 1, tags: { scope: :vip }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
79
|
+
hook.call
|
|
80
|
+
end
|
|
81
|
+
end
|
|
67
82
|
end
|
|
68
83
|
|
|
69
84
|
context 'user does not change' do
|
|
@@ -93,7 +108,9 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
93
108
|
end
|
|
94
109
|
|
|
95
110
|
it 'meters the invalid passport' do
|
|
96
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
111
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.signature_approved_no_changes', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
112
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
113
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
97
114
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.valid', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
98
115
|
hook.call
|
|
99
116
|
end
|
|
@@ -131,7 +148,9 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
131
148
|
end
|
|
132
149
|
|
|
133
150
|
it 'meters the invalid passport' do
|
|
134
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
151
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.signature_approved_no_changes', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
152
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
153
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
135
154
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.valid', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
136
155
|
hook.call
|
|
137
156
|
end
|
|
@@ -169,7 +188,9 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
169
188
|
end
|
|
170
189
|
|
|
171
190
|
it 'meters the invalid passport' do
|
|
172
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
191
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.signature_approved_state_changed', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
192
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.server.warden.strategies.passport.authentication', value: 1, tags: nil, data: { caller: 'SSO::Server::Warden::Strategies::Passport' }
|
|
193
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
173
194
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.valid_and_modified', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
174
195
|
hook.call
|
|
175
196
|
end
|
|
@@ -208,7 +229,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
208
229
|
end
|
|
209
230
|
|
|
210
231
|
it 'meters the timeout' do
|
|
211
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
232
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
212
233
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.server_unreachable', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
213
234
|
hook.call
|
|
214
235
|
end
|
|
@@ -231,7 +252,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
231
252
|
end
|
|
232
253
|
|
|
233
254
|
it 'meters the timeout' do
|
|
234
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
255
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
235
256
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.server_response_not_parseable', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
236
257
|
hook.call
|
|
237
258
|
end
|
|
@@ -253,7 +274,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
253
274
|
end
|
|
254
275
|
|
|
255
276
|
it 'meters the timeout' do
|
|
256
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
277
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
257
278
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.server_response_missing_success_flag', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
258
279
|
hook.call
|
|
259
280
|
end
|
|
@@ -275,7 +296,7 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true,
|
|
|
275
296
|
end
|
|
276
297
|
|
|
277
298
|
it 'meters the timeout' do
|
|
278
|
-
expect(::SSO.config.metric).to receive(:call).with type: :
|
|
299
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::PassportVerifier' }
|
|
279
300
|
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.hooks.after_fetch.unexpected_server_response_status', value: 1, tags: { scope: nil }, data: { passport_id: client_passport.id, caller: 'SSO::Client::Warden::Hooks::AfterFetch' }
|
|
280
301
|
hook.call
|
|
281
302
|
end
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
|
-
RSpec.describe SSO::Client::Warden::Strategies::Passport do
|
|
3
|
+
RSpec.describe SSO::Client::Warden::Strategies::Passport, stub_benchmarks: true do
|
|
4
4
|
|
|
5
5
|
let(:env) { env_with_params }
|
|
6
|
-
let(:strategy) { described_class.new env }
|
|
6
|
+
let(:strategy) { described_class.new env, scope }
|
|
7
|
+
let(:scope) {}
|
|
7
8
|
|
|
8
9
|
describe '#valid?' do
|
|
9
10
|
context 'with :auth_version and :state' do
|
|
@@ -45,6 +46,24 @@ RSpec.describe SSO::Client::Warden::Strategies::Passport do
|
|
|
45
46
|
it 'is a custom response' do
|
|
46
47
|
expect(strategy.authenticate!).to eq :custom
|
|
47
48
|
end
|
|
49
|
+
|
|
50
|
+
it 'meters' do
|
|
51
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.authentication', value: 1, tags: { scope: nil }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
52
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.passport_authentication_failed', value: 1, tags: { scope: nil }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
53
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.proxy_verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
54
|
+
strategy.authenticate!
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
context 'with scope' do
|
|
58
|
+
let(:scope) { :cool }
|
|
59
|
+
|
|
60
|
+
it 'meters with the scope' do
|
|
61
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.authentication', value: 1, tags: { scope: :cool }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
62
|
+
expect(::SSO.config.metric).to receive(:call).with type: :increment, key: 'sso.client.warden.strategies.passport.passport_authentication_failed', value: 1, tags: { scope: :cool }, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
63
|
+
expect(::SSO.config.metric).to receive(:call).with type: :timing, key: 'sso.client.passport.proxy_verification.duration', value: 42_000, tags: nil, data: { caller: 'SSO::Client::Warden::Strategies::Passport' }
|
|
64
|
+
strategy.authenticate!
|
|
65
|
+
end
|
|
66
|
+
end
|
|
48
67
|
end
|
|
49
68
|
|
|
50
69
|
it 'fails' do
|