RubyGems - ssomg - Versions diffs - 0.1.8 → 0.1.9 - Mend

ssomg 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/ssomg/controllers/api_controller.rb +16 -0
data/lib/ssomg/controllers/root_controller.rb +143 -0
data/lib/ssomg/version.rb +1 -1
metadata +3 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a7a915f1e8e7d224b1fbd808064f43a75fe8f296
-  data.tar.gz: 56e665119602b870bd1cb5c78d731f181a340f79
+  metadata.gz: 1ee8b1cd9c36768547fd3d9e1511bb1df13fcbce
+  data.tar.gz: 3fc17a322be2b7bb821a6c63852d8c3b1048e6b1
 SHA512:
-  metadata.gz: 9fd23c9ba6eb3f36f34acea4a82aabbae6481c960c7512f64b33b42a3508633215b6281aeccf2984f9047395380d506c66e42f0dfe98f8ce49d0ae0927f00dbd
-  data.tar.gz: 399397abab8dc293116ef5965a47193b13c5d333b8afa71a4411a5a664cfd179e930921365f0a8762520cc1f8ea8a443023be39ed2f47aef83451c55c86265cd
+  metadata.gz: a27bfae2520e1b5cc6c6c47c67386e1aea8eebd73da5ac801d14b667d4286199063c06fcd505e92bdc3573fe613f02fd104afe6a990d901086aa8c366347ac90
+  data.tar.gz: 41d6e2cd1cb628d370f3250aac0587fefa97db46aaa97b62a010ed4439a5a733cd87dd2a5e6eae75c0f3be4a9a805ed9d7dcb63b077442ab265c7bb268d89452

data/lib/ssomg/controllers/api_controller.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'net/http'
+require 'json'
+module Ssomg
+  class ApiController < RootController
+    before_action :register_user, unless: -> { request.query_parameters["token"] }
+  private
+    def get_token
+      bearer_token
+    end
+  end
+end

data/lib/ssomg/controllers/root_controller.rb ADDED Viewed

@@ -0,0 +1,143 @@
+require 'net/http'
+require 'json'
+module Ssomg
+  class RootController < ::ActionController::Base
+    before_action :register_user, unless: -> { request.query_parameters["token"] }
+  private
+    def register_user
+      token = get_token
+      if( token )
+        begin
+          decoded_token = ::JWT.decode token, Ssomg.PUB_KEY, true, { algorithm: 'RS256' }
+          @user = decoded_token[ 0 ]
+        rescue ::JWT::ExpiredSignature
+          if ( cookies["ssomg"] )
+            begin
+              decoded_token = ::JWT.decode token, Ssomg.PUB_KEY, true, { exp_leeway: 432000, algorithm: 'RS256' } #5 day leeway to ensure token is read
+              accessTokens = JSON.parse refresh( decoded_token[ 0 ]["refresh_token"] )
+              userToken = accessTokens[ENV["APP_ID"]]
+              cookies["ssomg" ] = { :value => accessTokens[ENV["APP_ID"]], :secure => Rails.env.production?, :httponly => true }
+              withoutMain = accessTokens.except!( ENV["APP_ID"] )
+              cookies["ssomg_all" ] = { :value => withoutMain.keys.join(","), :secure => Rails.env.production?, :httponly => true }
+              withoutMain.each { |key, value|
+                cookies["ssomg_" + key ] = { :value => value, :secure => Rails.env.production?, :httponly => true }
+              }
+              decoded_user = ::JWT.decode userToken, Ssomg.PUB_KEY, true, { algorithm: 'RS256' }
+              @user = decoded_user[ 0 ]
+            rescue StandardError => e
+              # raise e
+            end
+          else
+            cookies["ssomg_meta" ] = { :value => request.original_url, :secure => Rails.env.production?, :httponly => true }
+            go_to_provider
+          end
+        rescue StandardError => e
+          # raise e
+        end
+      end
+    end
+    def verify_token
+      if request.query_parameters["token"]
+        accessTokens = JSON.parse refresh( request.query_parameters["token"] )
+        cookies["ssomg" ] = { :value => accessTokens[ENV["APP_ID"]], :secure => Rails.env.production?, :httponly => true }
+        withoutMain = accessTokens.except!( ENV["APP_ID"] )
+        cookies["ssomg_all" ] = { :value => withoutMain.keys.join(","), :secure => Rails.env.production?, :httponly => true }
+        withoutMain.each { |key, value|
+          cookies["ssomg_" + key ] = { :value => value, :secure => Rails.env.production?, :httponly => true }
+        }
+        if ( cookies["ssomg_meta"] )
+          path = cookies["ssomg_meta"]
+          cookies.delete "ssomg_meta"
+          redirect_to path and return
+        end
+      end
+    end
+    def protect( roles )
+      if ( @user )
+        if !roles.kind_of?(Array)
+          roles = [ roles ]
+        end
+        authorised = false;
+        for role in roles
+          if ( @user["roles"].include? role )
+            authorised = true
+            break
+          end
+        end
+        if ( !authorised )
+          head(403) and return
+        end
+      else
+        cookies["ssomg_meta" ] = { :value => request.original_url, :secure => Rails.env.production?, :httponly => true }
+        go_to_provider
+      end
+    end
+    def refresh( token )
+      begin
+        uri = URI(ENV["SSO_HOST"] + "/auth/sso")
+        http = Net::HTTP.new(uri.host, uri.port )
+        req = Net::HTTP::Post.new(uri.path, {'Content-Type' =>'application/json'})
+        if uri.scheme == "https"
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          http.use_ssl = true
+        end
+        req.body = { :token => token }.to_json
+        res = http.request(req)
+        jwt = res.body
+        return jwt
+      rescue StandardError => e
+        # puts "failed #{e}"
+      end
+    end
+    def refresh_silent token
+      begin
+        uri = URI(ENV["SSO_HOST"] + "/auth/sso")
+        http = Net::HTTP.new(uri.host, uri.port )
+        req = Net::HTTP::Post.new(uri.path, {'Content-Type' =>'application/json'})
+        if uri.scheme == "https"
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          http.use_ssl = true
+        end
+        req.body = { :token => token }.to_json
+        res = http.request(req)
+        jwt = res.body
+        return jwt
+      rescue StandardError => e
+      end
+    end
+    def bearer_token
+      pattern = /^Bearer /
+      header  = request.headers['Authorization']
+      header.gsub(pattern, '') if header && header.match(pattern)
+    end
+    def clear_linked_cookies
+      if cookies["ssomg_all"]
+        all_cookies = cookies["ssomg_all"].split(",")
+        all_cookies.each { |key| cookies.delete "ssomg_" + key }
+        cookies.delete "ssomg_all"
+      end
+    end
+    def clear_cookies
+      cookies.delete "ssomg_meta"
+      cookies.delete "ssomg"
+    end
+    def go_to_provider
+      clear_linked_cookies
+      redirect_to ENV["SSO_HOST"] + "/auth/login?app_id=" + ENV["APP_ID"] and return
+    end
+  end
+end

data/lib/ssomg/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Ssomg
-  VERSION = "0.1.8"
+  VERSION = "0.1.9"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssomg
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.1.9
 platform: ruby
 authors:
 - Henry McIntosh
@@ -83,8 +83,10 @@ files:
 - bin/setup
 - lib/ssomg.rb
 - lib/ssomg/config/routes.rb
+- lib/ssomg/controllers/api_controller.rb
 - lib/ssomg/controllers/auth_controller.rb
 - lib/ssomg/controllers/base_controller.rb
+- lib/ssomg/controllers/root_controller.rb
 - lib/ssomg/engine.rb
 - lib/ssomg/version.rb
 - ssomg.gemspec