userbin 0.4.5 → 1.0.0

data/lib/userbin/authentication.rb

@@ -1,132 +0,0 @@
-module Userbin
-  class Authentication
-
-    CLOSING_BODY_TAG = %r{</body>}
-
-    def initialize(app, options = {})
-      @app = app
-    end
-
-    def call(env)
-      if !Userbin.config.app_id || !Userbin.config.api_secret
-        raise ConfigurationError, "app_id and api_secret must be present"
-      end
-
-      Thread.current[:userbin] = nil
-      env['userbin.unauthenticated'] = false
-
-      request = Rack::Request.new(env)
-
-      begin
-        jwt = Userbin.authenticate!(request)
-
-        if !Userbin.authenticated? && Userbin.config.protected_path &&
-          env["PATH_INFO"].start_with?(Userbin.config.protected_path)
-
-          return render_gateway(env["PATH_INFO"])
-        end
-
-        generate_response(env, jwt)
-      rescue Userbin::SecurityError
-        message =
-          'Userbin::SecurityError: Invalid session. Refresh to try again.'
-        headers = {
-          'Content-Type' => 'text/text'
-        }
-
-        Rack::Utils.delete_cookie_header!(
-          headers, '_ubt', value = {})
-
-        [ 400, headers, [message] ]
-      end
-    end
-
-    def script_tag(login_path)
-      script_url = ENV.fetch('USERBIN_SCRIPT_URL') {
-        "//js.userbin.com"
-      }
-      path = login_path || Userbin.config.protected_path
-
-      tag =  "<script src='#{script_url}?#{Userbin.config.app_id}'></script>\n"
-      tag += "<script type='text/javascript'>\n"
-      tag += "  Userbin.config({\n"
-      if Userbin.config.root_path
-        tag += "    logoutRedirectUrl: '#{Userbin.config.root_path}',\n"
-      end
-      tag += "    loginRedirectUrl: '#{path}',\n" if path
-      tag += "    reloadOnSuccess: true\n"
-      tag += "  });\n"
-      tag += "</script>\n"
-    end
-
-    def inject_tags(body, login_path = nil)
-      if body[CLOSING_BODY_TAG]
-        body = body.gsub(CLOSING_BODY_TAG, script_tag(login_path) + '\\0')
-      end
-      body
-    end
-
-    def render_gateway(current_path)
-      script_url = ENV["USERBIN_SCRIPT_URL"] || '//js.userbin.com'
-
-      login_page = <<-LOGIN_PAGE
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Log in</title>
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-</head>
-<body>
-  <a class="ub-login-form"></a>
-</body>
-</html>
-      LOGIN_PAGE
-
-      login_page = inject_tags(login_page, current_path)
-
-      headers = { 'Content-Type' => 'text/html' }
-
-      [403, headers, [login_page]]
-    end
-
-    def generate_response(env, jwt)
-      status, headers, response = @app.call(env)
-
-      # application stack is responsible for setting userbin.authenticated
-      return render_gateway(env["PATH_INFO"]) if env['userbin.unauthenticated']
-
-      if headers['Content-Type'] && headers['Content-Type']['text/html']
-       if response.respond_to?(:body)
-         body = [*response.body]
-       else
-         body = response
-       end
-       if !Userbin.config.skip_script_injection
-         body = body.each.map do |chunk|
-           inject_tags(chunk)
-         end
-       end
-       if response.respond_to?(:body)
-         response.body = body
-       else
-         response = body
-       end
-        unless body.empty?
-          headers['Content-Length'] = Rack::Utils.bytesize(body.flatten[0]).to_s
-        end
-      end
-
-      if jwt
-        Rack::Utils.set_cookie_header!(
-          headers, '_ubt', value: jwt, path: '/')
-      else
-        Rack::Utils.delete_cookie_header!(
-          headers, '_ubt', value = {})
-      end
-
-      [status, headers, response]
-    end
-  end
-end

data/lib/userbin/basic_auth.rb

@@ -1,31 +0,0 @@
-module Userbin
-  class BasicAuth < Faraday::Middleware
-    def call(env)
-      value = Base64.encode64([Userbin.config.app_id, Userbin.config.api_secret].join(':'))
-      value.gsub!("\n", '')
-      env[:request_headers]["Authorization"] = "Basic #{value}"
-      @app.call(env)
-    end
-  end
-
-  class VerifySignature < Faraday::Response::Middleware
-    def call(env)
-      @app.call(env).on_complete do
-        Userbin.decode_jwt(env[:body])
-      end
-    end
-  end
-
-  class ParseSignedJSON < Faraday::Response::Middleware
-    def on_complete(env)
-      json = MultiJson.load(env[:body], symbolize_keys: true)
-      signature = env[:response_headers]['x-userbin-signature']
-      json[:signature] = signature if signature
-      env[:body] = {
-        data: json,
-        errors: [],
-        metadata: {}
-      }
-    end
-  end
-end

data/lib/userbin/current.rb

@@ -1,17 +0,0 @@
-module Userbin
-  class Current
-    attr_accessor :token, :expires_at, :user
-
-    def initialize(data)
-      if data
-        @token = data['id']
-        @expires_at = data['expires_at']
-        @user = Userbin::User.new(data['user'])
-      end
-    end
-
-    def authenticated?
-      !@user.nil?
-    end
-  end
-end

data/lib/userbin/events.rb

@@ -1,40 +0,0 @@
-module Userbin
-
-  Callback = Struct.new(:pattern, :block) do; end
-
-  class Events
-    def self.on(*names, &block)
-      pattern = Regexp.union(names.empty? ? TYPE_LIST.to_a : names)
-      callbacks.each do |callback|
-        if pattern == callback.pattern
-          callbacks.delete(callback)
-          callbacks << Userbin::Callback.new(pattern, block)
-          return
-        end
-      end
-      callbacks << Userbin::Callback.new(pattern, block)
-    end
-
-    def self.trigger(raw_event)
-      event = Userbin::Event.new(raw_event)
-      callbacks.each do |callback|
-        if event.type =~ callback.pattern
-          object = case event['type']
-          when /^user\./
-            Userbin::User.new(event.object)
-          else
-            event.object
-          end
-          model = event.instance_exec object, &callback.block
-        end
-      end
-    end
-
-    private
-
-    def self.callbacks
-      @callbacks ||= []
-    end
-  end
-
-end

data/lib/userbin/rails/auth_helpers.rb

@@ -1,22 +0,0 @@
-module Userbin
-  module AuthHelpers
-    def authenticate_user!
-      unless user_logged_in?
-        env['userbin.unauthenticated'] = true
-        render nothing: true
-      end
-    end
-
-    def current_user
-      Userbin.current_user
-    end
-
-    def user_logged_in?
-      Userbin.user_logged_in?
-    end
-
-    def user_signed_in?
-      Userbin.user_signed_in?
-    end
-  end
-end

data/lib/userbin/railtie.rb

@@ -1,14 +0,0 @@
-require 'userbin/rails/auth_helpers'
-
-module Userbin
-  ActiveSupport.on_load(:action_controller) do
-    include AuthHelpers
-  end
-
-  class Railtie < Rails::Railtie
-    initializer "userbin" do |app|
-      ActionView::Base.send :include, AuthHelpers
-      app.config.middleware.use "Userbin::Authentication"
-    end
-  end
-end

data/lib/userbin/session.rb

@@ -1,26 +0,0 @@
-require 'her'
-
-module Userbin
-  class Model
-    include Her::Model
-  end
-
-  class User < Model; end
-
-  class Session < Model
-    has_one :user
-
-    # Hack to avoid loading a remote user
-    def user
-      return self['user'] if self['user'].is_a?(User)
-      User.new(self['user']) if self['user']
-    end
-
-    def authenticated?
-      !user.id.nil? rescue false
-    end
-  end
-
-  class Event < Model
-  end
-end

data/lib/userbin/userbin.rb

@@ -1,104 +0,0 @@
-require 'jwt'
-
-module Userbin
-  def self.decode_jwt(jwt)
-    JWT.decode(jwt, Userbin.config.api_secret)
-  end
-
-  def self.authenticate!(request)
-    jwt = request.cookies['_ubt']
-    return unless jwt
-
-    decoded = Userbin.decode_jwt(jwt)
-
-    if Time.now > Time.at(decoded['expires_at'] / 1000)
-      jwt = refresh_session(decoded['id'])
-      return unless jwt
-
-      decoded = Userbin.decode_jwt(jwt)
-
-      if Time.now > Time.at(decoded['expires_at'] / 1000)
-        raise Userbin::SecurityError
-      end
-    end
-
-    self.current = Userbin::Session.new(decoded)
-
-    return jwt
-  end
-
-  def self.refresh_session(session_id)
-    api_endpoint = ENV["USERBIN_API_ENDPOINT"] || 'https://api.userbin.com'
-    uri = URI("#{api_endpoint}/sessions/#{session_id}/refresh.jwt")
-    uri.user = config.app_id
-    uri.password = config.api_secret
-    net = Net::HTTP.post_form(uri, {})
-    net.body
-  end
-
-  def self.current
-    Thread.current[:userbin]
-  end
-
-  def self.current=(value)
-    Thread.current[:userbin] = value
-  end
-
-  def self.authenticated?
-    current.authenticated? rescue false
-  end
-
-  def self.logged_in?
-    authenticated?
-  end
-
-  def self.user_logged_in?
-    authenticated?
-  end
-
-  def self.user_signed_in?
-    authenticated?
-  end
-
-  def self._current_user
-    current.user if current
-  end
-
-  def self.current_profile
-    _current_user
-  end
-
-  def self.current_user
-    if _current_user
-      if Userbin.config.find_user
-        u = Userbin.config.find_user.call(_current_user.id)
-        if u
-          u
-        else
-          if Userbin.config.create_user
-
-            # Fetch a full profile from the API. This way we can get more
-            # sensitive details than those stored in the cookie. It also checks
-            # that the user still exists in Userbin.
-            profile = User.find(_current_user.id)
-
-            u = Userbin.config.create_user.call(profile)
-            if u
-              u
-            else
-              _current_user
-            end
-          else
-            raise ConfigurationError, "You need to implement create_user"
-          end
-        end
-      else
-        _current_user
-      end
-    end
-  end
-
-  def self.user
-    current_user
-  end
-end

data/spec/session_spec.rb

@@ -1,40 +0,0 @@
-require 'spec_helper'
-require 'multi_json'
-
-describe 'Userbin::Session' do
-  before do
-    Userbin.configure do |config|
-      config.app_id = '100000000000000'
-      config.api_secret = 'test'
-    end
-  end
-
-  before do
-    data = {
-      id: "Prars5v7xz2xwWvF5LEqfEUHCoNNsV7V",
-      created_at: 1378978281000,
-      expires_at: 1378981881000,
-      user: {
-        confirmed_at: nil,
-        created_at: 1378978280000,
-        email: "johan@userbin.com",
-        id: "TF15JEy7HRxDYx6U435zzEwydKJcptUr",
-        last_sign_in_at: nil,
-        local_id: nil
-      }
-    }
-    stub_request(:post, /\/users\/.*\/sessions/).to_return(
-      status: 200,
-      headers: {'X-Userbin-Signature' => 'abcd'},
-      body: MultiJson.encode(data)
-    )
-  end
-
-  xit 'creates a session' do
-    allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
-    user = Userbin::User.new(id: 'guid1')
-    session = user.sessions.create
-    session.user.email.should == 'johan@userbin.com'
-    session.signature.should == 'abcd'
-  end
-end

data/spec/userbin_spec.rb

@@ -1,102 +0,0 @@
-require 'spec_helper'
-require 'cgi'
-
-describe Userbin do
-  before do
-    Userbin.configure do |config|
-      config.app_id = '1000'
-      config.api_secret = '1234'
-    end
-  end
-
-  let (:args) do
-    {
-      "HTTP_COOKIE" => "_ubs=abcd; _ubd=#{CGI.escape(MultiJson.encode(session))} "
-    }
-  end
-
-  let (:session) do
-    {
-      "id" => 'xyz',
-      "expires_at" => 1478981881000,
-      "user" => {
-        "id" => 'abc'
-      }
-    }
-  end
-
-  let (:request) do
-    Rack::Request.new({
-      'HTTP_X_USERBIN_SIGNATURE' => 'abcd',
-      'CONTENT_TYPE' => 'application/json',
-      'rack.input' => StringIO.new()
-    }.merge(args))
-  end
-
-  let (:response) do
-    Rack::Response.new("", 200, {})
-  end
-
-  context 'when session is created' do
-
-    it 'authenticates with class methods' do
-      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
-      Userbin.authenticate!(request)
-      Userbin.should be_authenticated
-      Userbin.current_user.id.should == "abc"
-    end
-
-    it 'renews' do
-      stub_request(:post, /.*userbin\.com.*/).to_return(:status => 200, :body => "{\"id\":\"Prars5v7xz2xwWvF5LEqfEUHCoNNsV7V\",\"created_at\":1378978281000,\"expires_at\":1378981881000,\"user\":{\"confirmed_at\":null,\"created_at\":1378978280000,\"email\":\"admin@getapp6133.com\",\"id\":\"TF15JEy7HRxDYx6U435zzEwydKJcptUr\",\"last_sign_in_at\":null,\"local_id\":null}}", :headers => {'X-Userbin-Signature' => 'abcd'})
-      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
-      Userbin.authenticate!(request, Time.at(1478981882)) # expired 1s
-      Userbin.current.id.should == 'Prars5v7xz2xwWvF5LEqfEUHCoNNsV7V'
-    end
-
-    it 'does not renew' do
-      stub_request(:post, /.*userbin\.com.*/).to_return(:status => 404)
-      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
-      Userbin.authenticate!(request, Time.at(1478981882)) # expired 1s
-    end
-
-    xit 'authenticate with correct signature' do
-      expect {
-        Userbin.authenticate!(request)
-      }.to raise_error { Userbin::SecurityError }
-    end
-
-    it 'does not authenticate incorrect signature' do
-      expect {
-        Userbin.authenticate!(request)
-      }.to raise_error { Userbin::SecurityError }
-    end
-  end
-
-  context 'when session is deleted' do
-    let (:args) do
-      {
-        "HTTP_COOKIE" => "userbin_signature=abcd;"
-      }
-    end
-
-    it 'does not authenticate' do
-      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
-      Userbin.authenticate!(request)
-      Userbin.should_not be_authenticated
-      Userbin.user.should be_nil
-    end
-  end
-
-  context 'when params are present' do
-    let (:args) do
-      {
-        "QUERY_STRING" => "userbin_signature=abcd&userbin_data=#{MultiJson.encode(session)}"
-      }
-    end
-
-    xit 'authenticates with class methods' do
-      allow(OpenSSL::HMAC).to receive(:hexdigest) { 'abcd' }
-      Userbin.authenticate_events!(request)
-    end
-  end
-end