unimatrix 2.6.1 → 2.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/unimatrix.rb +2 -0
- data/lib/unimatrix/authorization/error.rb +8 -0
- data/lib/unimatrix/authorization/filters/requires_policies.rb +19 -19
- data/lib/unimatrix/authorization/filters/requires_resource_owner.rb +63 -0
- data/lib/unimatrix/authorization/parser.rb +11 -6
- data/lib/unimatrix/authorization/railtie.rb +15 -6
- data/lib/unimatrix/authorization/request.rb +3 -2
- data/lib/unimatrix/authorization/response.rb +3 -2
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f66b57e1dc33be3b0eb908b38cd7254c909dd6d
|
|
4
|
+
data.tar.gz: e7b5cd35824ca6b133b21763bd6806ccf3dc3c10
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0a846a05eb1da761d8d5881f8843c688f00737b59d2efc7ab35bfc7bf63339e6ec8a5543179b454b4abf8e933be51584c98a6bcf28c64fdf9ae429074681b1cc
|
|
7
|
+
data.tar.gz: 9efc2ba34b1fa8dc1ff8683095ddfe5b15781262953a37a2aa671dfa3d57182c1dea4423e78e2b4c8074e39d0a274ebcac5f389cb8dbc12cedb47001dc7c5e8f
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.7.0
|
data/lib/unimatrix.rb
CHANGED
|
@@ -69,8 +69,10 @@ require 'unimatrix/authorization/parser'
|
|
|
69
69
|
require 'unimatrix/authorization/request'
|
|
70
70
|
require 'unimatrix/authorization/response'
|
|
71
71
|
require 'unimatrix/authorization/filters/requires_policies' if defined?( Rails )
|
|
72
|
+
require 'unimatrix/authorization/filters/requires_resource_owner' if defined?( Rails )
|
|
72
73
|
require 'unimatrix/authorization/railtie' if defined?( Rails )
|
|
73
74
|
require 'unimatrix/authorization/client_credentials_grant'
|
|
75
|
+
require 'unimatrix/authorization/error'
|
|
74
76
|
require 'unimatrix/authorization/policy'
|
|
75
77
|
require 'unimatrix/authorization/resource'
|
|
76
78
|
require 'unimatrix/authorization/resource_owner'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
module Unimatrix::Authorization
|
|
2
|
-
|
|
2
|
+
|
|
3
3
|
class RequiresPolicies
|
|
4
4
|
def initialize( resource, options = {} )
|
|
5
5
|
@resource_name = resource
|
|
@@ -8,8 +8,8 @@ module Unimatrix::Authorization
|
|
|
8
8
|
|
|
9
9
|
def before( controller )
|
|
10
10
|
access_token = controller.params[ 'access_token' ]
|
|
11
|
-
|
|
12
|
-
realm_uuid = begin
|
|
11
|
+
|
|
12
|
+
realm_uuid = begin
|
|
13
13
|
if controller.respond_to?( :realm_uuid )
|
|
14
14
|
controller.realm_uuid
|
|
15
15
|
elsif controller.respond_to?( :realm )
|
|
@@ -20,11 +20,11 @@ module Unimatrix::Authorization
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
if access_token.present?
|
|
23
|
-
policies = controller.retrieve_policies(
|
|
24
|
-
@resource_name,
|
|
25
|
-
access_token,
|
|
26
|
-
realm_uuid,
|
|
27
|
-
@resource_server
|
|
23
|
+
policies = controller.retrieve_policies(
|
|
24
|
+
@resource_name,
|
|
25
|
+
access_token,
|
|
26
|
+
realm_uuid,
|
|
27
|
+
@resource_server
|
|
28
28
|
)
|
|
29
29
|
|
|
30
30
|
if policies.present? && policies.is_a?( Array ) &&
|
|
@@ -50,10 +50,10 @@ module Unimatrix::Authorization
|
|
|
50
50
|
)
|
|
51
51
|
end
|
|
52
52
|
else
|
|
53
|
-
controller.render_error(
|
|
53
|
+
controller.render_error(
|
|
54
54
|
::MissingParameterError,
|
|
55
55
|
"The parameter 'access_token' is required."
|
|
56
|
-
)
|
|
56
|
+
)
|
|
57
57
|
end
|
|
58
58
|
end
|
|
59
59
|
end
|
|
@@ -78,11 +78,11 @@ module Unimatrix::Authorization
|
|
|
78
78
|
def policies
|
|
79
79
|
@policies ||= begin
|
|
80
80
|
# Used by Archivist requires_permission filter. TODO: deprecate
|
|
81
|
-
retrieve_policies(
|
|
82
|
-
@resource_name,
|
|
83
|
-
params[ :access_token ],
|
|
81
|
+
retrieve_policies(
|
|
82
|
+
@resource_name,
|
|
83
|
+
params[ :access_token ],
|
|
84
84
|
realm_uuid,
|
|
85
|
-
@resource_server
|
|
85
|
+
@resource_server
|
|
86
86
|
)
|
|
87
87
|
end
|
|
88
88
|
end
|
|
@@ -90,11 +90,11 @@ module Unimatrix::Authorization
|
|
|
90
90
|
# In Rails app, this is overwritten by #retrieve_policies in railtie.rb
|
|
91
91
|
def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
|
|
92
92
|
if resource_name && access_token
|
|
93
|
-
request_policies(
|
|
94
|
-
resource_name,
|
|
95
|
-
access_token,
|
|
96
|
-
realm_uuid,
|
|
97
|
-
resource_server
|
|
93
|
+
request_policies(
|
|
94
|
+
resource_name,
|
|
95
|
+
access_token,
|
|
96
|
+
realm_uuid,
|
|
97
|
+
resource_server
|
|
98
98
|
)
|
|
99
99
|
end
|
|
100
100
|
end
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
module Unimatrix::Authorization
|
|
2
|
+
|
|
3
|
+
class RequiresResourceOwner
|
|
4
|
+
|
|
5
|
+
def before( controller )
|
|
6
|
+
access_token = controller.params[ 'access_token' ]
|
|
7
|
+
|
|
8
|
+
if access_token.present?
|
|
9
|
+
resource_owner = controller.retrieve_resource_owner( access_token )
|
|
10
|
+
|
|
11
|
+
if resource_owner.present? && resource_owner.is_a?( Array ) &&
|
|
12
|
+
resource_owner.first.type_name == 'resource_owner'
|
|
13
|
+
controller.resource_owner = resource_owner
|
|
14
|
+
else
|
|
15
|
+
controller.render_error(
|
|
16
|
+
::ForbiddenError,
|
|
17
|
+
"The requested resource_owner could not be retrieved."
|
|
18
|
+
)
|
|
19
|
+
end
|
|
20
|
+
else
|
|
21
|
+
controller.render_error(
|
|
22
|
+
::MissingParameterError,
|
|
23
|
+
"The parameter 'access_token' is required."
|
|
24
|
+
)
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
module ClassMethods
|
|
30
|
+
def requires_resource_owner( options = {} )
|
|
31
|
+
before_action(
|
|
32
|
+
RequiresResourceOwner.new,
|
|
33
|
+
options
|
|
34
|
+
)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def self.included( controller )
|
|
39
|
+
controller.extend( ClassMethods )
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def resource_owner=( attributes )
|
|
43
|
+
@resource_owner = attributes
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def resource_owner
|
|
47
|
+
@resource_owner ||= begin
|
|
48
|
+
retrieve_resource_owner( params[ :access_token ] )
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# In Rails app, this is overwritten by #retrieve_resource_owner in railtie.rb
|
|
53
|
+
def retrieve_resource_owner( access_token )
|
|
54
|
+
if access_token
|
|
55
|
+
request_resource_owner( access_token )
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def request_resource_owner( access_token )
|
|
60
|
+
Operation.new( '/resource_owner' ).where( access_token: access_token ).read
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
end
|
|
@@ -2,13 +2,14 @@ module Unimatrix::Authorization
|
|
|
2
2
|
|
|
3
3
|
class Parser
|
|
4
4
|
|
|
5
|
-
def initialize( content = {} )
|
|
5
|
+
def initialize( content = {}, request_path = "" )
|
|
6
6
|
@content = content
|
|
7
|
+
@request_path = request_path
|
|
7
8
|
yield self if block_given?
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
def name
|
|
11
|
-
@
|
|
12
|
+
@request_path[ 1...@request_path.length ]
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def type_name
|
|
@@ -20,10 +21,14 @@ module Unimatrix::Authorization
|
|
|
20
21
|
|
|
21
22
|
unless self.name.blank?
|
|
22
23
|
if @content[ 'error' ]
|
|
23
|
-
result = parse_resource(
|
|
24
|
+
result = parse_resource( 'error', @content )
|
|
24
25
|
else
|
|
25
|
-
|
|
26
|
-
|
|
26
|
+
unless @content[ name ].is_a?( Array )
|
|
27
|
+
result = [ parse_resource( name, @content ) ]
|
|
28
|
+
else
|
|
29
|
+
result = @content[ name ].map do | attributes |
|
|
30
|
+
parse_resource( name, attributes )
|
|
31
|
+
end
|
|
27
32
|
end
|
|
28
33
|
end
|
|
29
34
|
end
|
|
@@ -43,7 +48,7 @@ module Unimatrix::Authorization
|
|
|
43
48
|
end
|
|
44
49
|
resource
|
|
45
50
|
end
|
|
46
|
-
|
|
51
|
+
|
|
47
52
|
end
|
|
48
53
|
|
|
49
54
|
end
|
|
@@ -10,17 +10,26 @@ module Unimatrix::Authorization
|
|
|
10
10
|
|
|
11
11
|
def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
|
|
12
12
|
if resource_name && access_token
|
|
13
|
-
key =
|
|
14
|
-
|
|
15
|
-
params.sort.to_s
|
|
16
|
-
|
|
13
|
+
key = [ resource_name, access_token, realm_uuid, resource_server ].join
|
|
14
|
+
|
|
17
15
|
Rails.cache.fetch(
|
|
18
|
-
Digest::SHA1.hexdigest( key ),
|
|
16
|
+
"keymaker-policies-#{ Digest::SHA1.hexdigest( key ) }",
|
|
19
17
|
expires_in: 1.minute
|
|
20
18
|
) do
|
|
21
19
|
request_policies( resource_name, access_token, realm_uuid, resource_server )
|
|
22
20
|
end
|
|
23
21
|
end
|
|
24
22
|
end
|
|
25
|
-
|
|
23
|
+
|
|
24
|
+
def retrieve_resource_owner( access_token )
|
|
25
|
+
if access_token
|
|
26
|
+
Rails.cache.fetch(
|
|
27
|
+
"keymaker-resource_owner-#{ Digest::SHA1.hexdigest( access_token ) }",
|
|
28
|
+
expires_in: 1.minute
|
|
29
|
+
) do
|
|
30
|
+
request_resource_owner( access_token )
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
26
35
|
end
|
|
@@ -19,7 +19,8 @@ module Unimatrix::Authorization
|
|
|
19
19
|
|
|
20
20
|
begin
|
|
21
21
|
response = Response.new(
|
|
22
|
-
@http.get( compose_request_path( path, parameters ) )
|
|
22
|
+
@http.get( compose_request_path( path, parameters ) ),
|
|
23
|
+
path
|
|
23
24
|
)
|
|
24
25
|
rescue Timeout::Error
|
|
25
26
|
response = nil
|
|
@@ -38,7 +39,7 @@ module Unimatrix::Authorization
|
|
|
38
39
|
)
|
|
39
40
|
request.body = body.to_json
|
|
40
41
|
|
|
41
|
-
response = Response.new( @http.request( request ) )
|
|
42
|
+
response = Response.new( @http.request( request ), path )
|
|
42
43
|
rescue Timeout::Error
|
|
43
44
|
response = nil
|
|
44
45
|
end
|
|
@@ -6,14 +6,15 @@ module Unimatrix::Authorization
|
|
|
6
6
|
attr_reader :body
|
|
7
7
|
attr_reader :resources
|
|
8
8
|
|
|
9
|
-
def initialize( http_response )
|
|
9
|
+
def initialize( http_response, path = "" )
|
|
10
|
+
@request_path = path
|
|
10
11
|
@success = http_response.is_a?( Net::HTTPOK )
|
|
11
12
|
@code = http_response.code
|
|
12
13
|
@resources = []
|
|
13
14
|
@body = decode_response_body( http_response )
|
|
14
15
|
|
|
15
16
|
if ( @body && @body.respond_to?( :keys ) )
|
|
16
|
-
Parser.new( @body ) do | parser |
|
|
17
|
+
Parser.new( @body, @request_path ) do | parser |
|
|
17
18
|
@resources = parser.resources
|
|
18
19
|
@success = !( parser.type_name == 'error' )
|
|
19
20
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: unimatrix
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jackson Souza
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-03
|
|
11
|
+
date: 2018-04-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -117,7 +117,9 @@ files:
|
|
|
117
117
|
- lib/unimatrix/archivist/component.rb
|
|
118
118
|
- lib/unimatrix/attribute_error.rb
|
|
119
119
|
- lib/unimatrix/authorization/client_credentials_grant.rb
|
|
120
|
+
- lib/unimatrix/authorization/error.rb
|
|
120
121
|
- lib/unimatrix/authorization/filters/requires_policies.rb
|
|
122
|
+
- lib/unimatrix/authorization/filters/requires_resource_owner.rb
|
|
121
123
|
- lib/unimatrix/authorization/operation.rb
|
|
122
124
|
- lib/unimatrix/authorization/parser.rb
|
|
123
125
|
- lib/unimatrix/authorization/policy.rb
|