unimatrix 2.6.1 → 2.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/unimatrix.rb +2 -0
- data/lib/unimatrix/authorization/error.rb +8 -0
- data/lib/unimatrix/authorization/filters/requires_policies.rb +19 -19
- data/lib/unimatrix/authorization/filters/requires_resource_owner.rb +63 -0
- data/lib/unimatrix/authorization/parser.rb +11 -6
- data/lib/unimatrix/authorization/railtie.rb +15 -6
- data/lib/unimatrix/authorization/request.rb +3 -2
- data/lib/unimatrix/authorization/response.rb +3 -2
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f66b57e1dc33be3b0eb908b38cd7254c909dd6d
|
4
|
+
data.tar.gz: e7b5cd35824ca6b133b21763bd6806ccf3dc3c10
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0a846a05eb1da761d8d5881f8843c688f00737b59d2efc7ab35bfc7bf63339e6ec8a5543179b454b4abf8e933be51584c98a6bcf28c64fdf9ae429074681b1cc
|
7
|
+
data.tar.gz: 9efc2ba34b1fa8dc1ff8683095ddfe5b15781262953a37a2aa671dfa3d57182c1dea4423e78e2b4c8074e39d0a274ebcac5f389cb8dbc12cedb47001dc7c5e8f
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.7.0
|
data/lib/unimatrix.rb
CHANGED
@@ -69,8 +69,10 @@ require 'unimatrix/authorization/parser'
|
|
69
69
|
require 'unimatrix/authorization/request'
|
70
70
|
require 'unimatrix/authorization/response'
|
71
71
|
require 'unimatrix/authorization/filters/requires_policies' if defined?( Rails )
|
72
|
+
require 'unimatrix/authorization/filters/requires_resource_owner' if defined?( Rails )
|
72
73
|
require 'unimatrix/authorization/railtie' if defined?( Rails )
|
73
74
|
require 'unimatrix/authorization/client_credentials_grant'
|
75
|
+
require 'unimatrix/authorization/error'
|
74
76
|
require 'unimatrix/authorization/policy'
|
75
77
|
require 'unimatrix/authorization/resource'
|
76
78
|
require 'unimatrix/authorization/resource_owner'
|
@@ -1,5 +1,5 @@
|
|
1
1
|
module Unimatrix::Authorization
|
2
|
-
|
2
|
+
|
3
3
|
class RequiresPolicies
|
4
4
|
def initialize( resource, options = {} )
|
5
5
|
@resource_name = resource
|
@@ -8,8 +8,8 @@ module Unimatrix::Authorization
|
|
8
8
|
|
9
9
|
def before( controller )
|
10
10
|
access_token = controller.params[ 'access_token' ]
|
11
|
-
|
12
|
-
realm_uuid = begin
|
11
|
+
|
12
|
+
realm_uuid = begin
|
13
13
|
if controller.respond_to?( :realm_uuid )
|
14
14
|
controller.realm_uuid
|
15
15
|
elsif controller.respond_to?( :realm )
|
@@ -20,11 +20,11 @@ module Unimatrix::Authorization
|
|
20
20
|
end
|
21
21
|
|
22
22
|
if access_token.present?
|
23
|
-
policies = controller.retrieve_policies(
|
24
|
-
@resource_name,
|
25
|
-
access_token,
|
26
|
-
realm_uuid,
|
27
|
-
@resource_server
|
23
|
+
policies = controller.retrieve_policies(
|
24
|
+
@resource_name,
|
25
|
+
access_token,
|
26
|
+
realm_uuid,
|
27
|
+
@resource_server
|
28
28
|
)
|
29
29
|
|
30
30
|
if policies.present? && policies.is_a?( Array ) &&
|
@@ -50,10 +50,10 @@ module Unimatrix::Authorization
|
|
50
50
|
)
|
51
51
|
end
|
52
52
|
else
|
53
|
-
controller.render_error(
|
53
|
+
controller.render_error(
|
54
54
|
::MissingParameterError,
|
55
55
|
"The parameter 'access_token' is required."
|
56
|
-
)
|
56
|
+
)
|
57
57
|
end
|
58
58
|
end
|
59
59
|
end
|
@@ -78,11 +78,11 @@ module Unimatrix::Authorization
|
|
78
78
|
def policies
|
79
79
|
@policies ||= begin
|
80
80
|
# Used by Archivist requires_permission filter. TODO: deprecate
|
81
|
-
retrieve_policies(
|
82
|
-
@resource_name,
|
83
|
-
params[ :access_token ],
|
81
|
+
retrieve_policies(
|
82
|
+
@resource_name,
|
83
|
+
params[ :access_token ],
|
84
84
|
realm_uuid,
|
85
|
-
@resource_server
|
85
|
+
@resource_server
|
86
86
|
)
|
87
87
|
end
|
88
88
|
end
|
@@ -90,11 +90,11 @@ module Unimatrix::Authorization
|
|
90
90
|
# In Rails app, this is overwritten by #retrieve_policies in railtie.rb
|
91
91
|
def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
|
92
92
|
if resource_name && access_token
|
93
|
-
request_policies(
|
94
|
-
resource_name,
|
95
|
-
access_token,
|
96
|
-
realm_uuid,
|
97
|
-
resource_server
|
93
|
+
request_policies(
|
94
|
+
resource_name,
|
95
|
+
access_token,
|
96
|
+
realm_uuid,
|
97
|
+
resource_server
|
98
98
|
)
|
99
99
|
end
|
100
100
|
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
module Unimatrix::Authorization
|
2
|
+
|
3
|
+
class RequiresResourceOwner
|
4
|
+
|
5
|
+
def before( controller )
|
6
|
+
access_token = controller.params[ 'access_token' ]
|
7
|
+
|
8
|
+
if access_token.present?
|
9
|
+
resource_owner = controller.retrieve_resource_owner( access_token )
|
10
|
+
|
11
|
+
if resource_owner.present? && resource_owner.is_a?( Array ) &&
|
12
|
+
resource_owner.first.type_name == 'resource_owner'
|
13
|
+
controller.resource_owner = resource_owner
|
14
|
+
else
|
15
|
+
controller.render_error(
|
16
|
+
::ForbiddenError,
|
17
|
+
"The requested resource_owner could not be retrieved."
|
18
|
+
)
|
19
|
+
end
|
20
|
+
else
|
21
|
+
controller.render_error(
|
22
|
+
::MissingParameterError,
|
23
|
+
"The parameter 'access_token' is required."
|
24
|
+
)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
module ClassMethods
|
30
|
+
def requires_resource_owner( options = {} )
|
31
|
+
before_action(
|
32
|
+
RequiresResourceOwner.new,
|
33
|
+
options
|
34
|
+
)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def self.included( controller )
|
39
|
+
controller.extend( ClassMethods )
|
40
|
+
end
|
41
|
+
|
42
|
+
def resource_owner=( attributes )
|
43
|
+
@resource_owner = attributes
|
44
|
+
end
|
45
|
+
|
46
|
+
def resource_owner
|
47
|
+
@resource_owner ||= begin
|
48
|
+
retrieve_resource_owner( params[ :access_token ] )
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
# In Rails app, this is overwritten by #retrieve_resource_owner in railtie.rb
|
53
|
+
def retrieve_resource_owner( access_token )
|
54
|
+
if access_token
|
55
|
+
request_resource_owner( access_token )
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def request_resource_owner( access_token )
|
60
|
+
Operation.new( '/resource_owner' ).where( access_token: access_token ).read
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
@@ -2,13 +2,14 @@ module Unimatrix::Authorization
|
|
2
2
|
|
3
3
|
class Parser
|
4
4
|
|
5
|
-
def initialize( content = {} )
|
5
|
+
def initialize( content = {}, request_path = "" )
|
6
6
|
@content = content
|
7
|
+
@request_path = request_path
|
7
8
|
yield self if block_given?
|
8
9
|
end
|
9
10
|
|
10
11
|
def name
|
11
|
-
@
|
12
|
+
@request_path[ 1...@request_path.length ]
|
12
13
|
end
|
13
14
|
|
14
15
|
def type_name
|
@@ -20,10 +21,14 @@ module Unimatrix::Authorization
|
|
20
21
|
|
21
22
|
unless self.name.blank?
|
22
23
|
if @content[ 'error' ]
|
23
|
-
result = parse_resource(
|
24
|
+
result = parse_resource( 'error', @content )
|
24
25
|
else
|
25
|
-
|
26
|
-
|
26
|
+
unless @content[ name ].is_a?( Array )
|
27
|
+
result = [ parse_resource( name, @content ) ]
|
28
|
+
else
|
29
|
+
result = @content[ name ].map do | attributes |
|
30
|
+
parse_resource( name, attributes )
|
31
|
+
end
|
27
32
|
end
|
28
33
|
end
|
29
34
|
end
|
@@ -43,7 +48,7 @@ module Unimatrix::Authorization
|
|
43
48
|
end
|
44
49
|
resource
|
45
50
|
end
|
46
|
-
|
51
|
+
|
47
52
|
end
|
48
53
|
|
49
54
|
end
|
@@ -10,17 +10,26 @@ module Unimatrix::Authorization
|
|
10
10
|
|
11
11
|
def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
|
12
12
|
if resource_name && access_token
|
13
|
-
key =
|
14
|
-
|
15
|
-
params.sort.to_s
|
16
|
-
|
13
|
+
key = [ resource_name, access_token, realm_uuid, resource_server ].join
|
14
|
+
|
17
15
|
Rails.cache.fetch(
|
18
|
-
Digest::SHA1.hexdigest( key ),
|
16
|
+
"keymaker-policies-#{ Digest::SHA1.hexdigest( key ) }",
|
19
17
|
expires_in: 1.minute
|
20
18
|
) do
|
21
19
|
request_policies( resource_name, access_token, realm_uuid, resource_server )
|
22
20
|
end
|
23
21
|
end
|
24
22
|
end
|
25
|
-
|
23
|
+
|
24
|
+
def retrieve_resource_owner( access_token )
|
25
|
+
if access_token
|
26
|
+
Rails.cache.fetch(
|
27
|
+
"keymaker-resource_owner-#{ Digest::SHA1.hexdigest( access_token ) }",
|
28
|
+
expires_in: 1.minute
|
29
|
+
) do
|
30
|
+
request_resource_owner( access_token )
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
26
35
|
end
|
@@ -19,7 +19,8 @@ module Unimatrix::Authorization
|
|
19
19
|
|
20
20
|
begin
|
21
21
|
response = Response.new(
|
22
|
-
@http.get( compose_request_path( path, parameters ) )
|
22
|
+
@http.get( compose_request_path( path, parameters ) ),
|
23
|
+
path
|
23
24
|
)
|
24
25
|
rescue Timeout::Error
|
25
26
|
response = nil
|
@@ -38,7 +39,7 @@ module Unimatrix::Authorization
|
|
38
39
|
)
|
39
40
|
request.body = body.to_json
|
40
41
|
|
41
|
-
response = Response.new( @http.request( request ) )
|
42
|
+
response = Response.new( @http.request( request ), path )
|
42
43
|
rescue Timeout::Error
|
43
44
|
response = nil
|
44
45
|
end
|
@@ -6,14 +6,15 @@ module Unimatrix::Authorization
|
|
6
6
|
attr_reader :body
|
7
7
|
attr_reader :resources
|
8
8
|
|
9
|
-
def initialize( http_response )
|
9
|
+
def initialize( http_response, path = "" )
|
10
|
+
@request_path = path
|
10
11
|
@success = http_response.is_a?( Net::HTTPOK )
|
11
12
|
@code = http_response.code
|
12
13
|
@resources = []
|
13
14
|
@body = decode_response_body( http_response )
|
14
15
|
|
15
16
|
if ( @body && @body.respond_to?( :keys ) )
|
16
|
-
Parser.new( @body ) do | parser |
|
17
|
+
Parser.new( @body, @request_path ) do | parser |
|
17
18
|
@resources = parser.resources
|
18
19
|
@success = !( parser.type_name == 'error' )
|
19
20
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: unimatrix
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jackson Souza
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-03
|
11
|
+
date: 2018-04-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -117,7 +117,9 @@ files:
|
|
117
117
|
- lib/unimatrix/archivist/component.rb
|
118
118
|
- lib/unimatrix/attribute_error.rb
|
119
119
|
- lib/unimatrix/authorization/client_credentials_grant.rb
|
120
|
+
- lib/unimatrix/authorization/error.rb
|
120
121
|
- lib/unimatrix/authorization/filters/requires_policies.rb
|
122
|
+
- lib/unimatrix/authorization/filters/requires_resource_owner.rb
|
121
123
|
- lib/unimatrix/authorization/operation.rb
|
122
124
|
- lib/unimatrix/authorization/parser.rb
|
123
125
|
- lib/unimatrix/authorization/policy.rb
|