trivial_sso 4.0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 757d1e6efcab4ef502c3b7081079211f9b59efb2
+  data.tar.gz: 132360a31cfd6b5c8e5859c50acb907f433b30a4
+SHA512:
+  metadata.gz: 513db9226ecb8da76264c56cc7c202355aff18553627c2f3b8c47d30758e0839d4509ba4553ec32953f14189a3b871f7329a13cd57552e7c8f36c9e0bd80f30e
+  data.tar.gz: 0e1edc9ec2f99d0cd34424292107a32eaf54374c26060e7bab067bbf699b97c4a6adbbfc8ca25894556cd4dbb8d25d424ca534487f15877ebd29c72aee275834

data/CHANGELOG.md

@@ -0,0 +1,15 @@
+## TrivialSso Change Log ##
+### Changelog ###
+
+### 4.0.0.3
+- ease the required ruby back to 1.9.3
+
+#### 4.0.0
+- change version high number number to follow supported Rails version
+
+#### 0.1.3 ####
+
+- Refactor the main code for slimness
+- Add Guard with Test Unit and Bundler support
+- Refactor Tests
+- added .rvmrc

data/MIT-LICENSE

@@ -0,0 +1,8 @@
+Copyright (c) 2012 David J. Lee.,  David Southard
+                   http://lee.dj/  http://github.com/nacengineer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,109 @@
+## TrivialSso
+
+A very simple gem to help with creating and reading cookies across multiple sites in a Ruby on Rails application.
+
+This allows for a simple single sign on solution among sites within the same domain.
+
+This does *not* work across domains.
+
+## Requirements
+
+- ruby 1.9
+
+## Getting Started
+
+Add the gem to your Gemfile
+
+    gem 'trivial_sso'
+
+Install the gem
+
+    bundle install
+
+After you've installed the gem, you need to generate a configuration file.
+
+    rails g trivial_sso:install
+
+This will create an initializer file with a shared secret. You need to modify this to a big long string of characters. Keep this safe from others as they could forge cookies for your sites if they get ahold of this string. All sites that use the single sign on must have this same shared secret for the cookies to properly interoperate.
+
+## Creating a cookie
+
+A cookie is created using a hash of data supplied to it. This must contain a **username** key.
+
+When you create the cookie data an expire time is built into the payload. Setting the **:expires** on the cookie is just a convenience to make sure it gets cleared by the browser. The actual expiration date that matters is what is encoded in the cookie.
+
+    ```ruby
+    # Create a hash of data we want to store in the cookie.
+    userdata = {
+      "username" => current_user.login,
+      "display"  => current_user.display_name,
+      "groups"   => current_user.memberof
+    }
+
+    #Generate the cookie data
+    cookie = TrivialSso::Login.cookie(userdata)
+
+    # Set the cookie
+    cookies[:sso_login] = {
+      :value    => cookie,
+      :expires  => TrivialSso::Login.expire_date,
+      :domain   => 'mydomain.com',
+      :httponly => true,
+    }
+    ```
+
+The above code creates a hash of data we will be putting in the cookie, generates the cookie, and then sets the cookie in the browser.
+
+## Decoding a cookie
+
+Retrieve the contents of the cookie by calling decode_cookie
+
+    @userdata = TrivialSso::Login.decode_cookie(cookies[:sso_login])
+
+This will throw an exception if the cookie has been tampered with, or if the expiration date has passed.
+
+## Sample code for application_controller
+
+Here are some methods you can add into your application controller to authenticate against the cookie.
+
+    ```ruby
+    # If there is a problem with the cookie, redirect back to our central login server.
+    rescue_from TrivialSso::CookieError do |exception|
+      redirect_to 'https://login.mydomain.com/'
+    end
+
+    # authorize our users based on the cookie.
+    before_filter :auth_user!
+
+    # authenticate a user and set @current_user
+    def auth_user!
+      cu = current_user
+
+      # Check for authorization based on "groups" data that was put in the cookie
+      # by the central login application.
+      # you could also skip this check and just return true if the cookie is valid.
+      if cu['groups'].include? "ALLOWED_GROUP"    #all lower case
+        @current_user = cu
+        true
+      else
+        render :file => "#{Rails.root}/public/403", :formats => [:html], :status => 403, :layout => false
+      end
+
+      false
+    end
+
+    # our current_user decodes the cookie.
+    def current_user
+      TrivialSso::Login.decode_cookie(cookies[:sso_login])
+    end
+
+    # Define the name we want to record in paper_trail (if using)
+    def user_for_paper_trail
+      if @current_user.blank?
+        "anonymous"
+      else
+        @current_user['username']
+      end
+    end
+    ```
+

data/lib/generators/templates/README

@@ -0,0 +1,9 @@
+=======================================================================
+
+What you need to do next:
+
+    Edit config/initalizers/sso_secret.rb to include a secret that will
+    be shared between all of the sites. This secret must match for each
+    site using the cookies.
+
+=======================================================================

data/lib/generators/templates/sso_secret.rb

@@ -0,0 +1,5 @@
+# This file is required to define the shared secret used for generating and decoding
+# SSO cookies. This secret *must* be the same across all of your applications.
+require 'securerandom'
+
+<%= Rails.application.class.parent_name %>::Application.config.sso_secret = SecureRandom.hex(64)

data/lib/generators/trivial_sso/install_generator.rb

@@ -0,0 +1,18 @@
+module TrivialSso
+	module Generators
+		class InstallGenerator < Rails::Generators::Base
+			source_root File.expand_path("../../templates",__FILE__)
+
+			desc "Creates a sso_secret initalizer"
+
+			def copy_initializer
+				template "sso_secret.rb", "config/initializers/sso_secret.rb"
+			end
+
+			def show_readme
+				readme "README"
+			end
+
+		end
+	end
+end

data/lib/trivial_sso.rb

@@ -0,0 +1,3 @@
+require "trivial_sso/version"
+require 'trivial_sso/error'
+require 'trivial_sso/login'

data/lib/trivial_sso/error.rb

@@ -0,0 +1,54 @@
+module TrivialSso
+  module Error
+
+    # General Cookie Error
+    class CookieError < RuntimeError
+      def to_s
+        "There was an error processing the Ophth Cookie"
+      end
+    end
+
+    # Cookie can not be verified, data has been altered
+    class BadCookie < CookieError
+      def to_s
+        "Login cookie can not be verified!"
+      end
+    end
+
+    # cookie is no longer valid
+    class LoginExpired < CookieError
+      def to_s
+        "Login cookie has expired!"
+      end
+    end
+
+    # Cookie is missing
+    class MissingCookie < CookieError
+      def to_s
+        "Login cookie is missing!"
+      end
+    end
+
+    # Cookie is lacking a username.
+    class NoUsernameCookie < CookieError
+      def to_s
+        "Need username to create cookie"
+      end
+    end
+
+    # Missing configuration value.
+    class MissingConfig < CookieError
+      def to_s
+        "Missing secret configuration for cookie, need to define config.sso_secret"
+      end
+    end
+
+    # Missing Rails configuration value.
+    class MissingRails < CookieError
+      def to_s
+        "Rails isn't loaded, you need Rails to use trivial_sso"
+      end
+    end
+
+  end
+end

data/lib/trivial_sso/login.rb

@@ -0,0 +1,77 @@
+module TrivialSso
+  class Login
+
+    # signing and un-signing may have to be refactored to use OpenSSL:HMAC...
+    # as this will not work well across platforms. (ideally this should work for PHP as well)
+
+    # Decodes and verifies an encrypted cookie
+    # throw a proper exception if a bad or invalid cookie.
+    # otherwise, return the username and userdata stored in the cookie
+    def self.decode_cookie(cookie = nil)
+      begin
+        raise TrivialSso::Error::MissingCookie if cookie.nil? || cookie.empty?
+        userdata, timestamp = encrypted_message.decrypt_and_verify(cookie)
+        raise TrivialSso::Error::LoginExpired if check_timestamp(timestamp)
+        userdata
+      rescue NoMethodError
+        raise TrivialSso::Error::MissingConfig
+      rescue ActiveSupport::MessageVerifier::InvalidSignature ||
+             ActiveSupport::MessageEncryptor::InvalidMessage
+        raise TrivialSso::Error::BadCookie
+      end
+    end
+
+    # create an encrypted and signed cookie containing userdata and an expiry date.
+    # userdata should be an array, and at minimum include a 'username' key.
+    # using json serializer to hopefully allow future cross version compatibliity
+    # (Marshall, the default serializer, is not compatble between versions)
+    def self.cookie(userdata, expire_date = default_expire_date)
+      begin
+        raise TrivialSso::Error::MissingConfig    if sso_secret
+        raise TrivialSso::Error::NoUsernameCookie if check_username(userdata)
+        enc.encrypt_and_sign([userdata, expire_date])
+      rescue NoMethodError
+        raise TrivialSso::Error::MissingConfig
+      end
+    end
+
+   private
+
+    def self.check_username(userdata)
+        userdata.nil?                 ||
+        userdata.empty?               ||
+      ! userdata.has_key?('username') ||
+        userdata['username'].empty?
+    end
+
+    def self.enc
+      ActiveSupport::MessageEncryptor.new(sso_secret , serializer: JSON)
+    end
+
+    def self.default_expire_date
+      (9.hours.from_now).to_i
+    end
+
+    def self.check_timestamp(timestamp)
+      (timestamp - DateTime.now.to_i) <= 0
+    end
+
+    def self.encrypted_message
+      raise TrivialSso::Error::MissingRails unless defined? Rails
+      ActiveSupport::MessageEncryptor.new(sso_secret, serializer: JSON)
+    end
+
+    def self.sso_secret
+      check_for_rails
+      if Rails.configuration.sso_secret.nil? || Rails.configuration.sso_secret.empty?
+        raise TrivialSso::Error::MissingConfig
+      end
+      Rails.configuration.sso_secret
+    end
+
+    def self.check_for_rails
+      raise TrivialSso::Error::MissingRails unless defined?(Rails)
+    end
+
+  end
+end

data/lib/trivial_sso/version.rb

@@ -0,0 +1,3 @@
+module TrivialSso
+  VERSION = "4.0.0.3"
+end

data/spec/models/trivial_sso_spec.rb

@@ -0,0 +1,66 @@
+require 'active_support/core_ext'
+
+require 'trivial_sso'
+require 'forgery'
+require 'securerandom'
+
+describe TrivialSso do
+
+  def before
+    # Stub out our Rails config so we can test things properly.
+    Rails.stubs(:configuration).returns(Rails::Application::Configuration.allocate)
+    Rails.configuration.sso_secret = SecureRandom.hex(64)
+    @user_name      = Forgery::Internet.user_name
+    @data           = Forgery::LoremIpsum.words(20)
+    @userdata       = {'username' => @user_name, 'data' => @data}
+    @expired_cookie = TrivialSso::Login.cookie(
+      {'username' => 'testor'}, 2.seconds.ago
+    )
+  end
+
+  it "does create cookie with userdata" do
+    TrivialSso::Login.cookie(@userdata).should_not be_nil
+  end
+
+  # def test_create_cookie_and_decode_it
+  #   mycookie = TrivialSso::Login.cookie(@userdata)
+  #   data     = TrivialSso::Login.decode_cookie(mycookie)
+  #   assert_equal data['data'],  @data
+  # end
+
+  # def test_throw_exception_on_missing_username
+  #   assert_raise TrivialSso::Error::NoUsernameCookie do
+  #     mycookie = TrivialSso::Login.cookie("")
+  #   end
+  # end
+
+  # def test_expire_date_exists
+  #   # in a full rails environment, this will return an ActiveSupport::TimeWithZone
+  #   assert TrivialSso::Login.expire_date.is_a?(Time),
+  #     "proper Time object not returned"
+  # end
+
+  # def test_expire_date_is_in_future
+  #   assert (DateTime.now < TrivialSso::Login.expire_date),
+  #     "Expire date is in the past - cookie will expire immediatly."
+  # end
+
+  # def test_raise_exception_on_blank_cookie
+  #   assert_raise TrivialSso::Error::MissingCookie do
+  #     TrivialSso::Login.decode_cookie("")
+  #   end
+  # end
+
+  # def test_raise_exception_on_bad_cookie
+  #   assert_raise TrivialSso::Error::BadCookie do
+  #     TrivialSso::Login.decode_cookie("BAhbB0kiC2RqbGVlMgY6BkVUbCsHo17iTg")
+  #   end
+  # end
+
+  # def test_raise_exception_on_expired_cookie
+  #   assert_raise TrivialSso::Error::LoginExpired do
+  #     TrivialSso::Login.decode_cookie(@expired_cookie)
+  #   end
+  # end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,62 @@
+require 'rubygems'
+require 'spork'
+# uncomment the following line to use spork with the debugger
+# require 'spork/ext/ruby-debug'
+
+Spork.prefork do
+  # Loading more in this block will cause your tests to run faster. However,
+  # if you change any configuration or code from libraries loaded here, you'll
+  # need to restart spork for it take effect.
+  ENV["RAILS_ENV"] ||= 'test'
+
+  unless ENV['DRB']
+    require 'simplecov'
+    SimpleCov.start
+  end
+
+  require 'rails'
+  require 'rspec/autorun'
+  require 'rspec/mocks'
+  require 'factory_girl'
+  require 'perftools'
+
+  # Requires supporting ruby files with custom matchers and macros, etc,
+  # in spec/support/ and its subdirectories.
+  # Dir[File.join("spec/support/**/*.rb")].each {|f| require f}
+
+  RSpec.configure do |config|
+    config.include FactoryGirl::Syntax::Methods
+
+    config.mock_with :rspec
+
+    config.order = "random"
+
+    config.before :suite do
+      PerfTools::CpuProfiler.start("#{profile_directory}/rspec_profile")
+    end
+
+    config.after :suite do
+      PerfTools::CpuProfiler.stop
+    end
+
+    def profile_directory
+      directory = "/tmp/trivial_sso"
+      system("mkdir #{directory}") unless Dir.exist? directory
+      directory
+    end
+
+  end
+end
+
+Spork.each_run do
+  if ENV['DRB']
+    require 'simplecov'
+    SimpleCov.start
+  end
+  FactoryGirl.reload
+  RSpec.configure do |config|
+    def svg_filename
+      "/tmp/trivial_sso/profile-#{Time.now.localtime.strftime("%H%M%S")}.svg"
+    end
+  end
+end

data/spec/support/deferred_garbage_collection.rb

@@ -0,0 +1,19 @@
+class DeferredGarbageCollection
+
+  DEFERRED_GC_THRESHOLD = (ENV['DEFER_GC'] || 15.0).to_f
+
+  @@last_gc_run = Time.now
+
+  def self.start
+    GC.disable if DEFERRED_GC_THRESHOLD > 0
+  end
+
+  def self.reconsider
+    if DEFERRED_GC_THRESHOLD > 0 && Time.now - @@last_gc_run >= DEFERRED_GC_THRESHOLD
+      GC.enable
+      GC.start
+      GC.disable
+      @@last_gc_run = Time.now
+    end
+  end
+end

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification
+name: trivial_sso
+version: !ruby/object:Gem::Version
+  version: 4.0.0.3
+platform: ruby
+authors:
+- David J. Lee
+- David Southard
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-07-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+description: |-
+  Used to encode and decode cookies used in a single
+                     sign on implementation within the same domain
+email:
+- david@lee.dj
+- nacengineer@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/generators/templates/README
+- lib/generators/templates/sso_secret.rb
+- lib/generators/trivial_sso/install_generator.rb
+- lib/trivial_sso/error.rb
+- lib/trivial_sso/login.rb
+- lib/trivial_sso/version.rb
+- lib/trivial_sso.rb
+- MIT-LICENSE
+- README.md
+- CHANGELOG.md
+- spec/models/trivial_sso_spec.rb
+- spec/spec_helper.rb
+- spec/support/deferred_garbage_collection.rb
+homepage: https://github.com/nacengineer/trivial_sso
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: A simple library to help with Single Sign On cookies
+test_files:
+- spec/models/trivial_sso_spec.rb
+- spec/spec_helper.rb
+- spec/support/deferred_garbage_collection.rb