RubyGems - userbin - Versions diffs - 0.1.3 - Mend

userbin 0.1.3

Files changed (12) hide show

checksums.yaml +7 -0
data/README.md +4 -0
data/lib/userbin/authentication.rb +140 -0
data/lib/userbin/basic_auth.rb +33 -0
data/lib/userbin/current.rb +17 -0
data/lib/userbin/session.rb +31 -0
data/lib/userbin/userbin.rb +123 -0
data/lib/userbin.rb +28 -0
data/spec/session_spec.rb +38 -0
data/spec/spec_helper.rb +8 -0
data/spec/userbin_spec.rb +100 -0
metadata +127 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4283d8611ee035f2141284b2c339d5244f2830fa
+  data.tar.gz: 0200a7e005412dc60e56fee0693fcea5a1f826bd
+SHA512:
+  metadata.gz: 2980f02fb4669639ac88c121141959499e6e783dc23ca58f4dc41156838a3639f626e55537ec0a04b4d8f4016857400cee9e8cc69f7a10bb5184fa938a55a4c4
+  data.tar.gz: 4735bd77af93832204838b1776c0779c77056af02f31e19778e7b4bc92933f07a0fa1214dd2f592f86c49084d79d2e6fe767b56e22ae7b3959a684916148f6d4

data/README.md ADDED Viewed

@@ -0,0 +1,4 @@
+Userbin Ruby gem
+================
+Hold tight for more info.

data/lib/userbin/authentication.rb ADDED Viewed

@@ -0,0 +1,140 @@
+module Userbin
+  class Authentication
+    CLOSING_HEAD_TAG = %r{</head>}
+    CLOSING_BODY_TAG = %r{</body>}
+    def initialize(app, options = {})
+      @app = app
+      @restricted_path = options[:restricted_path]
+    end
+    def call(env)
+      request = Rack::Request.new(env)
+      begin
+        if env["REQUEST_PATH"] == "/userbin" &&
+           env["REQUEST_METHOD"] == "POST"
+          signature, data = Userbin.authenticate_events!(request)
+          MultiJson.decode(data)['events'].each do |event|
+            Userbin.trigger(event)
+          end
+          [ 200, { 'Content-Type' => 'text/html',
+            'Content-Length' => '2' }, ['OK'] ]
+        else
+          signature, data = Userbin.authenticate!(request)
+          if restrict && env["REQUEST_PATH"].start_with?(restrict) &&
+             !Userbin.authenticated?
+            return render_gateway(env["REQUEST_PATH"])
+          end
+          generate_response(env, signature, data)
+        end
+      rescue Userbin::SecurityError
+        message =
+          'Userbin::SecurityError: Invalid signature. Refresh to try again.'
+        headers = {
+          'Content-Type' => 'text/text',
+          'Content-Length' => message.length.to_s
+        }
+        Rack::Utils.delete_cookie_header!(
+          headers, 'userbin_signature', value = {})
+        Rack::Utils.delete_cookie_header!(
+          headers, 'userbin_data', value = {})
+        [ 400, headers, [message] ]
+      end
+    end
+    def restrict
+      Userbin.restricted_path || @restricted_path
+    end
+    def link_tags(login_path)
+      <<-LINK_TAGS
+<link rel="userbin:root" href="/">
+<link rel="userbin:login" href="#{login_path}">
+      LINK_TAGS
+    end
+    def meta_tag
+      <<-META_TAG
+<meta property="userbin:events" content="/userbin">
+      META_TAG
+    end
+    def script_tag
+      script_url = ENV.fetch('USERBIN_SCRIPT_URL') {
+        "https://userbin.com/js/v0"
+      }
+      str = <<-SCRIPT_TAG
+<script src="#{script_url}?#{Userbin.app_id}"></script>
+      SCRIPT_TAG
+    end
+    def render_gateway(current_path)
+      login_page = <<-LOGIN_PAGE
+<html>
+<head>
+  <title>Log in</title>
+</head>
+<body style="background-color: #DBDBDB;">
+  <a class="ub-login-form"></a>
+</body>
+</html>
+      LOGIN_PAGE
+      login_page = inject_tags(login_page, current_path)
+      [ 200,
+        { 'Content-Type' => 'text/html',
+          'Content-Length' => login_page.length.to_s },
+        [login_page]
+      ]
+    end
+    def inject_tags(body, login_path = restrict)
+      if body[CLOSING_HEAD_TAG]
+        body = body.gsub(CLOSING_HEAD_TAG, link_tags(login_path) + '\\0')
+        body = body.gsub(CLOSING_HEAD_TAG, meta_tag + '\\0')
+      end
+      if body[CLOSING_BODY_TAG]
+        body = body.gsub(CLOSING_BODY_TAG, script_tag + '\\0')
+      end
+      body
+    end
+    def generate_response(env, signature, data)
+      status, headers, response = @app.call(env)
+      if headers['Content-Type'] && headers['Content-Type']['text/html']
+        body = response.each.map do |chunk|
+          inject_tags(chunk)
+        end
+        if response.class.name.end_with?('::Response')
+          response.body = body
+        else
+          response = body
+        end
+        headers['Content-Length'] = body.join.length.to_s
+      end
+      if signature && data
+        Rack::Utils.set_cookie_header!(
+          headers, 'userbin_signature', value: signature, path: '/')
+        Rack::Utils.set_cookie_header!(
+          headers, 'userbin_data', value: data, path: '/')
+      else
+        Rack::Utils.delete_cookie_header!(
+          headers, 'userbin_signature', value = {})
+        Rack::Utils.delete_cookie_header!(
+          headers, 'userbin_data', value = {})
+      end
+      [status, headers, response]
+    end
+  end
+end

data/lib/userbin/basic_auth.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Userbin
+  class BasicAuth < Faraday::Middleware
+    def call(env)
+      value = Base64.encode64([Userbin.app_id, Userbin.api_secret].join(':'))
+      value.gsub!("\n", '')
+      env[:request_headers]["Authorization"] = "Basic #{value}"
+      @app.call(env)
+    end
+  end
+  class VerifySignature < Faraday::Response::Middleware
+    def call(env)
+      @app.call(env).on_complete do
+        signature = env[:response_headers]['x-userbin-signature']
+        data = env[:body]
+        Userbin.valid_signature?(signature, data)
+      end
+    end
+  end
+  class ParseSignedJSON < Faraday::Response::Middleware
+    def on_complete(env)
+      json = MultiJson.load(env[:body], symbolize_keys: true)
+      signature = env[:response_headers]['x-userbin-signature']
+      json[:signature] = signature if signature
+      env[:body] = {
+        data: json,
+        errors: [],
+        metadata: {}
+      }
+    end
+  end
+end

data/lib/userbin/current.rb ADDED Viewed

@@ -0,0 +1,17 @@
+module Userbin
+  class Current
+    attr_accessor :token, :expires_at, :user
+    def initialize(data)
+      if data
+        @token = data['id']
+        @expires_at = data['expires_at']
+        @user = Userbin::User.new(data['user'])
+      end
+    end
+    def authenticated?
+      !@user.nil?
+    end
+  end
+end

data/lib/userbin/session.rb ADDED Viewed

@@ -0,0 +1,31 @@
+require 'her'
+module Userbin
+  class Model
+    include Her::Model
+  end
+  class User < Model
+    def update_local_id(local_id)
+      self.local_id = local_id
+      save
+    end
+  end
+  class Session < Model
+    has_one :user
+    # Hack to avoid loading a remote user
+    def user
+      return self['user'] if self['user'].is_a?(User)
+      User.new(self['user']) if self['user']
+    end
+    def authenticated?
+      !user.id.nil? rescue false
+    end
+  end
+  class Event < Model
+  end
+end

data/lib/userbin/userbin.rb ADDED Viewed

@@ -0,0 +1,123 @@
+module Userbin
+  Callback = Struct.new(:pattern, :block) do; end
+  class << self
+    attr_accessor :app_id, :api_secret, :restricted_path
+  end
+  def self.authenticate_events!(request, now = Time.now)
+    signature, data =
+      request.params.values_at('userbin_signature', 'userbin_data')
+    valid_signature?(signature, data)
+    [signature, data]
+  end
+  # Provide either a Rack::Request or a Hash containing :signature and :data.
+  #
+  def self.authenticate!(request, now = Time.now)
+    signature, data =
+      request.cookies.values_at('userbin_signature', 'userbin_data')
+    if signature && data && valid_signature?(signature, data)
+      current = Userbin::Session.new(MultiJson.decode(data))
+      if current.authenticated?
+        # FIXME: NoMethodError (undefined method `/' for nil:NilClass):
+        if now > Time.at(current.expires_at / 1000)
+          signature, data = refresh_session(current.user.id)
+        end
+      end
+    end
+    tmp = MultiJson.decode(data) if data
+    self.current = Userbin::Session.new(tmp)
+    [signature, data]
+  end
+  def self.refresh_session(user_id)
+    api_endpoint = ENV["USERBIN_API_ENDPOINT"] || 'https://userbin.com/api/v0'
+    uri = URI("#{api_endpoint}/users/#{user_id}/sessions")
+    uri.user = app_id
+    uri.password = api_secret
+    net = Net::HTTP.post_form(uri, {})
+    [net['X-Userbin-Signature'], net.body]
+  end
+  def self.current
+    Thread.current[:userbin]
+  end
+  def self.current=(value)
+    Thread.current[:userbin] = value
+  end
+  def self.authenticated?
+    current.authenticated? rescue false
+  end
+  def self.current_user
+    current.user if current
+  end
+  def self.user
+    current_user
+  end
+  # Event handling
+  #
+  class << self
+    def on(*names, &block)
+      pattern = Regexp.union(names.empty? ? TYPE_LIST.to_a : names)
+      callbacks.each do |callback|
+        if pattern == callback.pattern
+          callbacks.delete(callback)
+          callbacks << Userbin::Callback.new(pattern, block)
+          return
+        end
+      end
+      callbacks << Userbin::Callback.new(pattern, block)
+    end
+    def trigger(raw_event)
+      event = Userbin::Event.new(raw_event)
+      callbacks.each do |callback|
+        if event.type =~ callback.pattern
+          object = case event['type']
+          when /^user\./
+            Userbin::User.new(event.object)
+          else
+            event.object
+          end
+          model = event.instance_exec object, &callback.block
+          if event.type =~ /user\.created/ && model.respond_to?(:id)
+            object.update_local_id(model.id)
+          end
+        end
+      end
+    end
+    private
+    def callbacks
+      @callbacks ||= []
+    end
+  end
+  private
+  # Checks signature against secret and returns boolean
+  #
+  def self.valid_signature?(signature, data)
+    digest = OpenSSL::Digest::SHA256.new
+    valid = signature == OpenSSL::HMAC.hexdigest(digest, api_secret, data)
+    raise SecurityError, "Invalid signature" unless valid
+    valid
+  end
+end

data/lib/userbin.rb ADDED Viewed

@@ -0,0 +1,28 @@
+require 'her'
+require 'multi_json'
+require 'openssl'
+require 'net/http'
+require "userbin/userbin"
+require "userbin/basic_auth"
+api_endpoint = ENV.fetch('USERBIN_API_ENDPOINT') {
+  "https://userbin.com/api/v0"
+}
+@api = Her::API.setup url: api_endpoint do |c|
+  c.use Userbin::BasicAuth
+  c.use Faraday::Request::UrlEncoded
+  c.use Userbin::ParseSignedJSON
+  c.use Faraday::Adapter::NetHttp
+  c.use Userbin::VerifySignature
+end
+require "userbin/current"
+require "userbin/session"
+require "userbin/authentication"
+class Userbin::Error < Exception; end
+class Userbin::SecurityError < Userbin::Error; end

data/spec/session_spec.rb ADDED Viewed

@@ -0,0 +1,38 @@
+require 'spec_helper'
+require 'multi_json'
+describe 'Userbin::Session' do
+  before do
+    Userbin.app_id = '100000000000000'
+    Userbin.api_secret = 'test'
+  end
+  before do
+    data = {
+      id: "Prars5v7xz2xwWvF5LEqfEUHCoNNsV7V",
+      created_at: 1378978281000,
+      expires_at: 1378981881000,
+      user: {
+        confirmed_at: nil,
+        created_at: 1378978280000,
+        email: "johan@userbin.com",
+        id: "TF15JEy7HRxDYx6U435zzEwydKJcptUr",
+        last_sign_in_at: nil,
+        local_id: nil
+      }
+    }
+    stub_request(:post, /\/users\/.*\/sessions/).to_return(
+      status: 200,
+      headers: {'X-Userbin-Signature' => 'abcd'},
+      body: MultiJson.encode(data)
+    )
+  end
+  xit 'creates a session' do
+    allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
+    user = Userbin::User.new(id: 'guid1')
+    session = user.sessions.create
+    session.user.email.should == 'johan@userbin.com'
+    session.signature.should == 'abcd'
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'rack'
+require 'userbin'
+require 'webmock/rspec'
+RSpec.configure do |config|
+end

data/spec/userbin_spec.rb ADDED Viewed

@@ -0,0 +1,100 @@
+require 'spec_helper'
+require 'cgi'
+describe Userbin do
+  before do
+    Userbin.app_id = '1000'
+    Userbin.api_secret = '1234'
+  end
+  let (:args) do
+    {
+      "HTTP_COOKIE" => "userbin_signature=abcd; userbin_data=#{CGI.escape(MultiJson.encode(session))} "
+    }
+  end
+  let (:session) do
+    {
+      "id" => 'xyz',
+      "expires_at" => 1478981881000,
+      "user" => {
+        "id" => 'abc'
+      }
+    }
+  end
+  let (:request) do
+    Rack::Request.new({
+      'HTTP_X_USERBIN_SIGNATURE' => 'abcd',
+      'CONTENT_TYPE' => 'application/json',
+      'rack.input' => StringIO.new()
+    }.merge(args))
+  end
+  let (:response) do
+    Rack::Response.new("", 200, {})
+  end
+  context 'when session is created' do
+    it 'authenticates with class methods' do
+      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
+      Userbin.authenticate!(request)
+      Userbin.should be_authenticated
+      Userbin.current_user.id.should == "abc"
+    end
+    it 'renews' do
+      stub_request(:post, /.*userbin\.com.*/).to_return(:status => 200, :body => "{\"id\":\"Prars5v7xz2xwWvF5LEqfEUHCoNNsV7V\",\"created_at\":1378978281000,\"expires_at\":1378981881000,\"user\":{\"confirmed_at\":null,\"created_at\":1378978280000,\"email\":\"admin@getapp6133.com\",\"id\":\"TF15JEy7HRxDYx6U435zzEwydKJcptUr\",\"last_sign_in_at\":null,\"local_id\":null}}", :headers => {'X-Userbin-Signature' => 'abcd'})
+      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
+      Userbin.authenticate!(request, Time.at(1478981882)) # expired 1s
+      Userbin.current.id.should == 'Prars5v7xz2xwWvF5LEqfEUHCoNNsV7V'
+    end
+    it 'does not renew' do
+      stub_request(:post, /.*userbin\.com.*/).to_return(:status => 404)
+      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
+      Userbin.authenticate!(request, Time.at(1478981882)) # expired 1s
+    end
+    xit 'authenticate with correct signature' do
+      expect {
+        Userbin.authenticate!(request)
+      }.to raise_error { Userbin::SecurityError }
+    end
+    it 'does not authenticate incorrect signature' do
+      expect {
+        Userbin.authenticate!(request)
+      }.to raise_error { Userbin::SecurityError }
+    end
+  end
+  context 'when session is deleted' do
+    let (:args) do
+      {
+        "HTTP_COOKIE" => "userbin_signature=abcd;"
+      }
+    end
+    it 'does not authenticate' do
+      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
+      Userbin.authenticate!(request)
+      Userbin.should_not be_authenticated
+      Userbin.user.should be_nil
+    end
+  end
+  context 'when params are present' do
+    let (:args) do
+      {
+        "QUERY_STRING" => "userbin_signature=abcd&userbin_data=#{MultiJson.encode(session)}"
+      }
+    end
+    it 'authenticates with class methods' do
+      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
+      Userbin.authenticate_events!(request)
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: userbin
+version: !ruby/object:Gem::Version
+  version: 0.1.3
+platform: ruby
+authors:
+- Johan
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-09-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: her
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.8
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Plug n’ play user accounts. The simplest way to integrate a full authentication
+  and user management stack into your web application.
+email: johan@userbin.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/userbin/authentication.rb
+- lib/userbin/basic_auth.rb
+- lib/userbin/current.rb
+- lib/userbin/session.rb
+- lib/userbin/userbin.rb
+- lib/userbin.rb
+- README.md
+- spec/session_spec.rb
+- spec/spec_helper.rb
+- spec/userbin_spec.rb
+homepage: https://userbin.com
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.0.3
+signing_key:
+specification_version: 4
+summary: Userbin
+test_files:
+- spec/session_spec.rb
+- spec/spec_helper.rb
+- spec/userbin_spec.rb