ssomg 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/ssomg/controllers/base_controller.rb +3 -135
- data/lib/ssomg/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6710e4a7d65c086ebabe90db91d61e43887ea537
|
|
4
|
+
data.tar.gz: 19cb24a0873c13fedb96a31bc3933fd9a6d64892
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7ab37d06553a291594cda5e9b4f3e1117bb9b1bf027737766cb606dffa5645a1f18148c9aff1975df9968677083df7eee605122c828d52eaf375a5ffcd2b1d1f
|
|
7
|
+
data.tar.gz: cfabcec11aa0ff5b364ece6bece12fe41dcac0d5162edd36882a63f7c231a94c901421dc990044e771a8ea5a2103664ad82faf04ae0bf087ca6bf43516b8902a
|
|
@@ -2,145 +2,13 @@ require 'net/http'
|
|
|
2
2
|
require 'json'
|
|
3
3
|
|
|
4
4
|
module Ssomg
|
|
5
|
-
class BaseController <
|
|
5
|
+
class BaseController < RootController
|
|
6
6
|
|
|
7
|
-
before_action :register_user, unless: -> { request.query_parameters["token"] }
|
|
8
7
|
|
|
9
8
|
private
|
|
10
9
|
|
|
11
|
-
def
|
|
12
|
-
|
|
13
|
-
token = cookies["ssomg"]
|
|
14
|
-
else
|
|
15
|
-
token = bearer_token
|
|
16
|
-
end
|
|
17
|
-
if( token )
|
|
18
|
-
begin
|
|
19
|
-
decoded_token = ::JWT.decode token, Ssomg.PUB_KEY, true, { algorithm: 'RS256' }
|
|
20
|
-
@user = decoded_token[ 0 ]
|
|
21
|
-
rescue ::JWT::ExpiredSignature
|
|
22
|
-
if ( cookies["ssomg"] )
|
|
23
|
-
begin
|
|
24
|
-
decoded_token = ::JWT.decode token, Ssomg.PUB_KEY, true, { exp_leeway: 432000, algorithm: 'RS256' } #5 day leeway to ensure token is read
|
|
25
|
-
accessTokens = JSON.parse refresh( decoded_token[ 0 ]["refresh_token"] )
|
|
26
|
-
userToken = accessTokens[ENV["APP_ID"]]
|
|
27
|
-
cookies["ssomg" ] = { :value => accessTokens[ENV["APP_ID"]], :secure => Rails.env.production?, :httponly => true }
|
|
28
|
-
withoutMain = accessTokens.except!( ENV["APP_ID"] )
|
|
29
|
-
cookies["ssomg_all" ] = { :value => withoutMain.keys.join(","), :secure => Rails.env.production?, :httponly => true }
|
|
30
|
-
withoutMain.each { |key, value|
|
|
31
|
-
cookies["ssomg_" + key ] = { :value => value, :secure => Rails.env.production?, :httponly => true }
|
|
32
|
-
}
|
|
33
|
-
decoded_user = ::JWT.decode userToken, Ssomg.PUB_KEY, true, { algorithm: 'RS256' }
|
|
34
|
-
@user = decoded_user[ 0 ]
|
|
35
|
-
rescue StandardError => e
|
|
36
|
-
# raise e
|
|
37
|
-
end
|
|
38
|
-
else
|
|
39
|
-
cookies["ssomg_meta" ] = { :value => request.original_url, :secure => Rails.env.production?, :httponly => true }
|
|
40
|
-
go_to_provider
|
|
41
|
-
end
|
|
42
|
-
rescue StandardError => e
|
|
43
|
-
# raise e
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
def verify_token
|
|
49
|
-
if request.query_parameters["token"]
|
|
50
|
-
accessTokens = JSON.parse refresh( request.query_parameters["token"] )
|
|
51
|
-
cookies["ssomg" ] = { :value => accessTokens[ENV["APP_ID"]], :secure => Rails.env.production?, :httponly => true }
|
|
52
|
-
withoutMain = accessTokens.except!( ENV["APP_ID"] )
|
|
53
|
-
cookies["ssomg_all" ] = { :value => withoutMain.keys.join(","), :secure => Rails.env.production?, :httponly => true }
|
|
54
|
-
withoutMain.each { |key, value|
|
|
55
|
-
cookies["ssomg_" + key ] = { :value => value, :secure => Rails.env.production?, :httponly => true }
|
|
56
|
-
}
|
|
57
|
-
if ( cookies["ssomg_meta"] )
|
|
58
|
-
path = cookies["ssomg_meta"]
|
|
59
|
-
cookies.delete "ssomg_meta"
|
|
60
|
-
redirect_to path and return
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
def protect( roles )
|
|
66
|
-
if ( @user )
|
|
67
|
-
if !roles.kind_of?(Array)
|
|
68
|
-
roles = [ roles ]
|
|
69
|
-
end
|
|
70
|
-
authorised = false;
|
|
71
|
-
for role in roles
|
|
72
|
-
if ( @user["roles"].include? role )
|
|
73
|
-
authorised = true
|
|
74
|
-
break
|
|
75
|
-
end
|
|
76
|
-
end
|
|
77
|
-
if ( !authorised )
|
|
78
|
-
head(403) and return
|
|
79
|
-
end
|
|
80
|
-
else
|
|
81
|
-
cookies["ssomg_meta" ] = { :value => request.original_url, :secure => Rails.env.production?, :httponly => true }
|
|
82
|
-
go_to_provider
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
def refresh( token )
|
|
88
|
-
begin
|
|
89
|
-
uri = URI(ENV["SSO_HOST"] + "/auth/sso")
|
|
90
|
-
http = Net::HTTP.new(uri.host, uri.port )
|
|
91
|
-
req = Net::HTTP::Post.new(uri.path, {'Content-Type' =>'application/json'})
|
|
92
|
-
if uri.scheme == "https"
|
|
93
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
94
|
-
http.use_ssl = true
|
|
95
|
-
end
|
|
96
|
-
req.body = { :token => token }.to_json
|
|
97
|
-
res = http.request(req)
|
|
98
|
-
jwt = res.body
|
|
99
|
-
return jwt
|
|
100
|
-
rescue StandardError => e
|
|
101
|
-
# puts "failed #{e}"
|
|
102
|
-
end
|
|
103
|
-
end
|
|
104
|
-
|
|
105
|
-
def refresh_silent token
|
|
106
|
-
begin
|
|
107
|
-
uri = URI(ENV["SSO_HOST"] + "/auth/sso")
|
|
108
|
-
http = Net::HTTP.new(uri.host, uri.port )
|
|
109
|
-
req = Net::HTTP::Post.new(uri.path, {'Content-Type' =>'application/json'})
|
|
110
|
-
if uri.scheme == "https"
|
|
111
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
112
|
-
http.use_ssl = true
|
|
113
|
-
end
|
|
114
|
-
req.body = { :token => token }.to_json
|
|
115
|
-
res = http.request(req)
|
|
116
|
-
jwt = res.body
|
|
117
|
-
return jwt
|
|
118
|
-
rescue StandardError => e
|
|
119
|
-
end
|
|
120
|
-
end
|
|
121
|
-
|
|
122
|
-
def bearer_token
|
|
123
|
-
pattern = /^Bearer /
|
|
124
|
-
header = request.headers['Authorization']
|
|
125
|
-
header.gsub(pattern, '') if header && header.match(pattern)
|
|
126
|
-
end
|
|
127
|
-
|
|
128
|
-
def clear_linked_cookies
|
|
129
|
-
if cookies["ssomg_all"]
|
|
130
|
-
all_cookies = cookies["ssomg_all"].split(",")
|
|
131
|
-
all_cookies.each { |key| cookies.delete "ssomg_" + key }
|
|
132
|
-
cookies.delete "ssomg_all"
|
|
133
|
-
end
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
def clear_cookies
|
|
137
|
-
cookies.delete "ssomg_meta"
|
|
138
|
-
cookies.delete "ssomg"
|
|
139
|
-
end
|
|
140
|
-
|
|
141
|
-
def go_to_provider
|
|
142
|
-
clear_linked_cookies
|
|
143
|
-
redirect_to ENV["SSO_HOST"] + "/auth/login?app_id=" + ENV["APP_ID"] and return
|
|
10
|
+
def getToken
|
|
11
|
+
cookies["ssomg"]
|
|
144
12
|
end
|
|
145
13
|
|
|
146
14
|
end
|
data/lib/ssomg/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssomg
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Henry McIntosh
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-09-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|