unimatrix 2.6.1 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 28d2103549405252207125b6785d714dd5081ef5
-  data.tar.gz: 3a4abab733166f02af39b1e4032dac579dab249c
+  metadata.gz: 9f66b57e1dc33be3b0eb908b38cd7254c909dd6d
+  data.tar.gz: e7b5cd35824ca6b133b21763bd6806ccf3dc3c10
 SHA512:
-  metadata.gz: 61ed4ba297fed678b5dc5f0289869afcec24e2f3f7d04d3200ded085802c4e21b0ad4679758d76bb98f5973cc3606f9c218fd7f82b6137857c0b14a44c482958
-  data.tar.gz: 3d0f9d4cdddc93657e539e4f1b53820d7546d664468bd182f7c0fa010757f5a0fe21b2f73aa225b78235e32651b5b790de7c99da6d87abaf83a0bc833f825261
+  metadata.gz: 0a846a05eb1da761d8d5881f8843c688f00737b59d2efc7ab35bfc7bf63339e6ec8a5543179b454b4abf8e933be51584c98a6bcf28c64fdf9ae429074681b1cc
+  data.tar.gz: 9efc2ba34b1fa8dc1ff8683095ddfe5b15781262953a37a2aa671dfa3d57182c1dea4423e78e2b4c8074e39d0a274ebcac5f389cb8dbc12cedb47001dc7c5e8f

data/VERSION

@@ -1 +1 @@
-2.6.1
+2.7.0

data/lib/unimatrix.rb

@@ -69,8 +69,10 @@ require 'unimatrix/authorization/parser'
 require 'unimatrix/authorization/request'
 require 'unimatrix/authorization/response'
 require 'unimatrix/authorization/filters/requires_policies' if defined?( Rails )
+require 'unimatrix/authorization/filters/requires_resource_owner' if defined?( Rails )
 require 'unimatrix/authorization/railtie' if defined?( Rails )
 require 'unimatrix/authorization/client_credentials_grant'
+require 'unimatrix/authorization/error'
 require 'unimatrix/authorization/policy'
 require 'unimatrix/authorization/resource'
 require 'unimatrix/authorization/resource_owner'

data/lib/unimatrix/authorization/error.rb

@@ -0,0 +1,8 @@
+module Unimatrix::Authorization
+
+  class Error < Unimatrix::Resource
+    field :error
+    field :error_description
+  end
+
+end

data/lib/unimatrix/authorization/filters/requires_policies.rb

@@ -1,5 +1,5 @@
 module Unimatrix::Authorization
-  
+
   class RequiresPolicies
     def initialize( resource, options = {} )
       @resource_name = resource
@@ -8,8 +8,8 @@ module Unimatrix::Authorization
 
     def before( controller )
       access_token = controller.params[ 'access_token' ]
-      
-      realm_uuid = begin 
+
+      realm_uuid = begin
         if controller.respond_to?( :realm_uuid )
           controller.realm_uuid
         elsif controller.respond_to?( :realm )
@@ -20,11 +20,11 @@ module Unimatrix::Authorization
       end
 
       if access_token.present?
-        policies = controller.retrieve_policies( 
-          @resource_name, 
-          access_token, 
-          realm_uuid, 
-          @resource_server 
+        policies = controller.retrieve_policies(
+          @resource_name,
+          access_token,
+          realm_uuid,
+          @resource_server
         )
 
         if policies.present? && policies.is_a?( Array ) &&
@@ -50,10 +50,10 @@ module Unimatrix::Authorization
           )
         end
       else
-        controller.render_error( 
+        controller.render_error(
           ::MissingParameterError,
           "The parameter 'access_token' is required."
-        ) 
+        )
       end
     end
   end
@@ -78,11 +78,11 @@ module Unimatrix::Authorization
   def policies
     @policies ||= begin
       # Used by Archivist requires_permission filter. TODO: deprecate
-      retrieve_policies( 
-        @resource_name, 
-        params[ :access_token ], 
+      retrieve_policies(
+        @resource_name,
+        params[ :access_token ],
         realm_uuid,
-        @resource_server 
+        @resource_server
       )
     end
   end
@@ -90,11 +90,11 @@ module Unimatrix::Authorization
   # In Rails app, this is overwritten by #retrieve_policies in railtie.rb
   def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
     if resource_name && access_token
-      request_policies( 
-        resource_name, 
-        access_token, 
-        realm_uuid, 
-        resource_server 
+      request_policies(
+        resource_name,
+        access_token,
+        realm_uuid,
+        resource_server
       )
     end
   end

data/lib/unimatrix/authorization/filters/requires_resource_owner.rb

@@ -0,0 +1,63 @@
+module Unimatrix::Authorization
+
+  class RequiresResourceOwner
+
+    def before( controller )
+      access_token = controller.params[ 'access_token' ]
+
+      if access_token.present?
+        resource_owner = controller.retrieve_resource_owner( access_token )
+
+        if resource_owner.present? && resource_owner.is_a?( Array ) &&
+           resource_owner.first.type_name == 'resource_owner'
+          controller.resource_owner = resource_owner
+        else
+          controller.render_error(
+            ::ForbiddenError,
+            "The requested resource_owner could not be retrieved."
+          )
+        end
+      else
+        controller.render_error(
+          ::MissingParameterError,
+          "The parameter 'access_token' is required."
+        )
+      end
+    end
+  end
+
+  module ClassMethods
+    def requires_resource_owner( options = {} )
+      before_action(
+        RequiresResourceOwner.new,
+        options
+      )
+    end
+  end
+
+  def self.included( controller )
+    controller.extend( ClassMethods )
+  end
+
+  def resource_owner=( attributes )
+    @resource_owner = attributes
+  end
+
+  def resource_owner
+    @resource_owner ||= begin
+      retrieve_resource_owner( params[ :access_token ] )
+    end
+  end
+
+  # In Rails app, this is overwritten by #retrieve_resource_owner in railtie.rb
+  def retrieve_resource_owner( access_token )
+    if access_token
+      request_resource_owner( access_token )
+    end
+  end
+
+  def request_resource_owner( access_token )
+    Operation.new( '/resource_owner' ).where( access_token: access_token ).read
+  end
+
+end

data/lib/unimatrix/authorization/parser.rb

@@ -2,13 +2,14 @@ module Unimatrix::Authorization
 
   class Parser
 
-    def initialize( content = {} )
+    def initialize( content = {}, request_path = "" )
       @content = content
+      @request_path = request_path
       yield self if block_given?
     end
 
     def name
-      @content.keys.present? ? @content.keys.first : nil
+      @request_path[ 1...@request_path.length ]
     end
 
     def type_name
@@ -20,10 +21,14 @@ module Unimatrix::Authorization
 
       unless self.name.blank?
         if @content[ 'error' ]
-          result = parse_resource( name, @content )
+          result = parse_resource( 'error', @content )
         else
-          result = @content[ name ].map do | attributes |
-            self.parse_resource( name, attributes )
+          unless @content[ name ].is_a?( Array )
+            result = [ parse_resource( name, @content ) ]
+          else
+            result = @content[ name ].map do | attributes |
+              parse_resource( name, attributes )
+            end
           end
         end
       end
@@ -43,7 +48,7 @@ module Unimatrix::Authorization
       end
       resource
     end
-    
+
   end
 
 end

data/lib/unimatrix/authorization/railtie.rb

@@ -10,17 +10,26 @@ module Unimatrix::Authorization
 
   def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
     if resource_name && access_token
-      key = params.respond_to?( 'to_unsafe_h' ) ? 
-            params.to_unsafe_h.sort.to_s : 
-            params.sort.to_s
-            
+      key = [ resource_name, access_token, realm_uuid, resource_server ].join
+
       Rails.cache.fetch(
-        Digest::SHA1.hexdigest( key ),
+        "keymaker-policies-#{ Digest::SHA1.hexdigest( key ) }",
         expires_in: 1.minute
       ) do
         request_policies( resource_name, access_token, realm_uuid, resource_server )
       end
     end
   end
-  
+
+  def retrieve_resource_owner( access_token )
+    if access_token
+      Rails.cache.fetch(
+        "keymaker-resource_owner-#{ Digest::SHA1.hexdigest( access_token ) }",
+        expires_in: 1.minute
+      ) do
+        request_resource_owner( access_token )
+      end
+    end
+  end
+
 end

data/lib/unimatrix/authorization/request.rb

@@ -19,7 +19,8 @@ module Unimatrix::Authorization
 
       begin
         response = Response.new(
-          @http.get( compose_request_path( path, parameters ) )
+          @http.get( compose_request_path( path, parameters ) ),
+          path
         )
       rescue Timeout::Error
         response = nil
@@ -38,7 +39,7 @@ module Unimatrix::Authorization
         )
         request.body = body.to_json
 
-        response = Response.new( @http.request( request ) )
+        response = Response.new( @http.request( request ), path )
       rescue Timeout::Error
         response = nil
       end

data/lib/unimatrix/authorization/response.rb

@@ -6,14 +6,15 @@ module Unimatrix::Authorization
     attr_reader :body
     attr_reader :resources
 
-    def initialize( http_response )
+    def initialize( http_response, path = "" )
+      @request_path   = path
       @success        = http_response.is_a?( Net::HTTPOK )
       @code           = http_response.code
       @resources      = []
       @body           = decode_response_body( http_response )
 
       if ( @body && @body.respond_to?( :keys ) )
-        Parser.new( @body ) do | parser |
+        Parser.new( @body, @request_path ) do | parser |
           @resources = parser.resources
           @success   = !( parser.type_name == 'error' )
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: unimatrix
 version: !ruby/object:Gem::Version
-  version: 2.6.1
+  version: 2.7.0
 platform: ruby
 authors:
 - Jackson Souza
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-28 00:00:00.000000000 Z
+date: 2018-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -117,7 +117,9 @@ files:
 - lib/unimatrix/archivist/component.rb
 - lib/unimatrix/attribute_error.rb
 - lib/unimatrix/authorization/client_credentials_grant.rb
+- lib/unimatrix/authorization/error.rb
 - lib/unimatrix/authorization/filters/requires_policies.rb
+- lib/unimatrix/authorization/filters/requires_resource_owner.rb
 - lib/unimatrix/authorization/operation.rb
 - lib/unimatrix/authorization/parser.rb
 - lib/unimatrix/authorization/policy.rb