userbin 1.0.4 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d9b8ce69ab60a585a76e9a70407998c381af3ff5
-  data.tar.gz: f28be477edf5edd04eb8a0d115b2f30e7925fa54
+  metadata.gz: eda8c2ec2217b83cb4943e8302c0844f7d72c158
+  data.tar.gz: ad7583bd3627cd2898cd2f95a687393e8e48d2dd
 SHA512:
-  metadata.gz: 6dff1ce4527789fd98d09dad1ca96c735839ef1c40af6bd6d2cb0f551d7e326ac9ebd36dee7cef2de96f5a3291acfe2776ed583a57bed251b8e2bda419e659e2
-  data.tar.gz: 812f6a193e50662368adc8d193301005455034ae3e65b2ffc2f36b152893ff81da19d12d9890331fb538b09545eab3923af75288b75787a7ac50670bb64eea0a
+  metadata.gz: 888dea6e532ce801149b4f3ae95cf875835f5c5a61fbc81fe636983b266e7310097052c64d2b4c3dcccee0c5440ff79b2abaca0fd21c813feafd6328258da2a4
+  data.tar.gz: b5abb4dc7fc8f4f5f8b9a3d4a89a6d409c31322ce7748996d093d2eb72b8260972c998f02cd7621824334c788d875d97a323d55051892f386f2330cf30e9c8ff

data/README.md

@@ -1,15 +1,13 @@
+# Ruby SDK for Userbin
 
 [![Build Status](https://travis-ci.org/userbin/userbin-ruby.png)](https://travis-ci.org/userbin/userbin-ruby)
 [![Gem Version](https://badge.fury.io/rb/userbin.png)](http://badge.fury.io/rb/userbin)
 [![Dependency Status](https://gemnasium.com/userbin/userbin-ruby.png)](https://gemnasium.com/userbin/userbin-ruby)
 
-# Ruby SDK for Userbin
-
-> Using Ruby on Rails? Install [Userbin for Devise](https://github.com/userbin/devise_userbin) for super-quick integration.
 
-This library's purpose is to provide an additional security layer to your application by adding multi-factor authentication, user activity monitoring, and real-time threat protection in a white-label package. Your users **do not** need to be signed up or registered for Userbin before using the service.
+[Userbin](https://userbin.com) provides an additional security layer to your application by adding user activity monitoring, real-time threat protection and two-factor authentication in a white-label package. Your users **do not** need to be signed up or registered for Userbin before using the service and there's no need for them to download any proprietary apps. Also, Userbin requires **no modification of your current database schema** as it uses your local user IDs.
 
-Your users can now easily activate two-factor authentication, configure the level of security in terms of monitoring and notifications and take action on suspicious behaviour. These settings are available as a per-user security settings page which is easily customized to fit your current layout.
+<!-- Your users can now easily activate two-factor authentication, configure the level of security in terms of monitoring and notifications and take action on suspicious behaviour. These settings are available as a per-user security settings page which is easily customized to fit your current layout. -->
 
 ## Getting started
 
@@ -32,109 +30,59 @@ require 'userbin'
 Userbin.api_secret = "YOUR_API_SECRET"
 ```
 
-## Authenticate
-
-`authenticate` is the key component of the Userbin API. It lets you tie a user to their actions and record properties about them. Whenever any suspious behaviour is detected or a user gets locked out, a call to `authenticate` may throw an exception which needs to be handled by your application.
-
-You’ll want to `authenticate` a user with any relevant information as soon as the current user object is assigned in your application. The method returns a *session token* that you store in a session or cookie for future reference. Either you use the Userbin session token as the ground truth for the user being logged in, or you can store it separately in tandem with your current session.
-
-#### Example
+Initialize a Userbin client for every incoming HTTP request and add it to the environment so that it's accessible during the request lifetime.
 
 ```ruby
-
-options = {
-  properties: {
-    email: current_user.email,
-    name: current_user.full_name
-  },
-  context: {
-    ip: request.ip,
-    user_agent: request.user_agent
-  }
-}
-
-session_token =
-  Userbin.authenticate(session[:userbin], current_user.id, options)
-
-session[:userbin] = session_token
+env['userbin'] = Userbin::Client.new(request)
 ```
 
-#### Arguments
-
-The first argument is a session token from a previous call to `authenticate`. This variable is obviously nil on the very first call, where a HTTP request will be made and a new session created.
-
-The second argument is a locally unique identifier for the logged in user, commonly the `id` field. This is the identifier you'll use further on when querying the user.
-
-- `properties` (Hash, optional) - A Hash of properties you know about the user. See the User reference documentation for available fields and their meaning.
-- `context` (Hash, optional) - A Hash specifying the user_agent and ip for the current request.
-
-> Note that every call to `authenticate` **does not** result in an HTTP request. Only the very first call, as well as expired session tokens result in a request. Session tokens expire every 5 minutes.
-
-## Two-factor authentication
 
-Two-factor authentication is available to your users out-of-the-box. By browsing to their security settings page, they're able to configure Google Authenticator and SMS settings, set up a backup phone number, and download their recovery codes.
 
-The session token returned from `authenticate` indicates if two-factor authentication is required from the user once your application asks for it. You can do this immediately after you've called `authenticate`, or you can wait until later. You have complete control over what actions you when you want to require two-factor authentication, e.g. when logging in, changing account information, making a purchase etc.
+## Monitor a user
 
-### Step 1: Prompt the user
+To monitor a logged in user, simply call `authorize!` on the Userbin object. You need to pass the user id, and optionally a hash of [user properties](.), preferrable including at least `email`. This call only result in an HTTP request once every 5 minutes.
 
-`two_factor_authenticate!` acts as a gateway in your application. If the user has enabled two-factor authentication, this method will return the second factor that is used to authenticate. If SMS is used, this call will also send out an SMS to the user's registered phone number.
+```ruby
+# do this for *every* request, right after current_user is assigned
+env['userbin'].authorize!(current_user.id, { email: current_user.email })
+```
 
-When `two_factor_authenticate!` returns non-falsy value, you should display the appropriate form to the user, requesting their authentication code.
+Clear the session when the user logs out.
 
 ```ruby
-factor = Userbin.two_factor_authenticate!(session[:userbin])
-
-case factor
-when :authenticator
-  render 'two_factor_authenticator_form'
-when :sms
-  render 'two_factor_sms_form'
-end
+env['userbin'].logout
 ```
 
-> Note that this call may return a factor more than once per session since Userbin continously scans for behaviour that would require another round of two-factor authentication, such as the user switching to another IP address or web browser.
 
-### Step 2: Verify the code
+Done! Now log in to your application and watch the user appear in your Userbin dashboard.
 
-The user enters the authentication code in the form and posts it to your handler. The last step is for your application to verify the code with Userbin by calling `verify_code`. The session token will get updated on a successful verification, so you'll need to update it in your local session or cookie.
+## Add a link to the user's security settings
 
-`code` can be either a code from the Google Authenticator app, an SMS, or one of the user's recovery codes.
+Create a new route where you redirect the user to its [security settings page](.), where they can configure two-factor authentication, revoke suspicious sessions and set up notifications.
 
 ```ruby
-begin
-  session[:userbin] =
-    Userbin.verify_code(session[:userbin], params[:code])
-
-  redirect_to logged_in_path
-rescue Userbin::UserUnauthorizedError => error
-  # invalid code, show the form again
-rescue Userbin::Forbidden => error
-  # no tries remaining, log out
-rescue Userbin::Error => error
-  # other error, log out
-end
+redirect_to env['userbin'].security_settings_url
 ```
 
-## User security settings
+## Activate two-factor authentication
 
-Every user has access to their security settings, which is a hosted page on Userbin. Here users can configure two-factor authentication, revoke suspicious sessions and set up notifications. The security settings page can be customized to fit your current layout by going to the appearance settings in your Userbin dashboard.
-
-**Important:** Since the generated URL contains a Userbin session token that needs to be up-to-date, it's crucial that you don't use this helper directly in your HTML, but instead create a new route where you redirect to the security settings page.
+If the user has enabled two-factor authentication, `two_factor_authenticate!` will return the second factor that is used to authenticate. If SMS is used, this call will also send out an SMS to the user's registered phone number.
 
 ```ruby
-get '/security'
-  redirect Userbin.security_settings_url
+factor = env['userbin'].two_factor_authenticate!
+
+case factor
+when :authenticator then render 'authenticator_form'
+when :sms then render 'sms_form'
 end
 ```
 
-## De-authenticate
-
-Whenever a user is logged out from your application, you should inform Userbin about this so that the active session is properly terminated. This prevents the session from being used further on.
+The user enters the authentication code in the form and posts it to your handler.
 
 ```ruby
-begin
-  token = session.delete(:userbin) # remove the local reference
-  Userbin.deauthenticate(token)
-rescue Userbin::Error; end
+env['userbin'].two_factor_verify(params[:code])
 ```
+
+## Handling errors
+
+If any request runs into an subclass of `Userbin::Error` will be raised with more details on what went wrong.

data/lib/userbin.rb

@@ -6,20 +6,26 @@ require 'net/http'
 require 'request_store'
 require 'active_support/core_ext/hash/indifferent_access'
 
-require "userbin/version"
-require "userbin/configuration"
-require "userbin/request"
-require "userbin/jwt"
-require "userbin/utils"
-require "userbin/helpers"
-require "userbin/errors"
+require 'userbin/version'
+
+require 'userbin/configuration'
+require 'userbin/client'
+require 'userbin/errors'
+require 'userbin/session_store'
+require 'userbin/jwt'
+require 'userbin/utils'
+require 'userbin/request'
+require 'userbin/session_token'
 
 module Userbin
   API = Userbin.setup_api
 end
 
 # These need to be required after setting up Her
-require "userbin/models/base"
-require "userbin/models/challenge"
-require "userbin/models/session"
-require "userbin/models/user"
+require 'userbin/models/model'
+require 'userbin/models/challenge'
+require 'userbin/models/channel'
+require 'userbin/models/token'
+require 'userbin/models/session'
+require 'userbin/models/user'
+require 'userbin/models/monitoring'

data/lib/userbin/client.rb

@@ -0,0 +1,116 @@
+module Userbin
+  class Client
+
+    attr_accessor :request_context
+
+    def initialize(request, opts = {})
+      # Save a reference in the per-request store so that the request
+      # middleware in request.rb can access it
+      RequestStore.store[:userbin] = self
+
+      # By default the session token is persisted in the Rack store, which may
+      # in turn point to any source. But this option gives you an option to
+      # use any store, such as Redis or Memcached to store your Userbin tokens.
+      if opts[:session_store]
+        @session_store = opts[:session_store]
+      else
+        @session_store = Userbin::SessionStore::Rack.new(request.session)
+      end
+
+      @request_context = {
+        ip: request.ip,
+        user_agent: request.user_agent
+      }
+    end
+
+    def session_token=(value)
+      if value && value != @session_store.read
+        @session_store.write(value)
+      elsif !value
+        @session_store.destroy
+      end
+    end
+
+    def session_token
+      token = @session_store.read
+      Userbin::SessionToken.new(token) if token
+    end
+
+    def authorize!(user_id, user_attrs = {})
+      # The user identifier is used in API paths so it needs to be cleaned
+      user_id = URI.encode(user_id.to_s)
+
+      @session_store.user_id = user_id
+
+      if !session_token
+        # Create a session, and implicitly a user with user_attrs
+        session = Userbin::Session.post(
+          "users/#{user_id}/sessions", user: user_attrs)
+
+        # Set the session token for use in all subsequent requests
+        self.session_token = session.token
+      else
+        if session_token.expired?
+          Userbin::Monitoring.heartbeat
+        end
+      end
+    end
+
+    # This method ends the current monitoring session. It should be called
+    # whenever the user logs out from your system.
+    #
+    def logout
+      return unless session_token
+
+      # Destroy the current session specified in the session token
+      begin
+        Userbin::Session.destroy_existing('current')
+      rescue Userbin::Error; end
+
+      # Clear the session token
+      self.session_token = nil
+    end
+
+    # This method creates a two-factor challenge for the current user, if the
+    # user has enabled a device for authentication.
+    #
+    # If there already exists a challenge on the current session, it will be
+    # returned. Otherwise a new will be created.
+    #
+    def two_factor_authenticate!
+      return unless session_token
+
+      if session_token.needs_challenge?
+        Userbin::Challenge.post("users/current/challenges")
+        return two_factor_method
+      end
+    end
+
+    # Once a two factor challenge has been created using
+    # two_factor_authenticate!, the response code from the user is verified
+    # using this method.
+    #
+    def two_factor_verify(response)
+      # Need to have an active challenge to verify it
+      return unless session_token && session_token.has_challenge?
+
+      challenge = Userbin::Challenge.new('current')
+      challenge.verify(response: response)
+    end
+
+    def security_settings_url
+      raise Userbin::Error unless session_token
+      return "https://security.userbin.com/?session_token=#{session_token}"
+    end
+
+     # If a two-factor authentication process has been started, this method will
+     # return the method which is used to perform the authentication. Eg.
+     # :authenticator or :sms
+     #
+    def two_factor_method
+      return unless session_token
+      return session_token.challenge_type
+    end
+
+  end
+end

data/lib/userbin/errors.rb

@@ -1,5 +1,14 @@
 class Userbin::Error < Exception; end
-class Userbin::Forbidden < Userbin::Error; end
-class Userbin::UserUnauthorizedError < Userbin::Error; end
+
+class Userbin::RequestError < Userbin::Error; end
 class Userbin::SecurityError < Userbin::Error; end
 class Userbin::ConfigurationError < Userbin::Error; end
+
+class Userbin::ApiError < Userbin::Error; end
+
+class Userbin::BadRequest < Userbin::ApiError; end
+class Userbin::UnauthorizedError < Userbin::ApiError; end
+class Userbin::ForbiddenError < Userbin::ApiError; end
+class Userbin::NotFoundError < Userbin::ApiError; end
+class Userbin::UserUnauthorizedError < Userbin::ApiError; end
+class Userbin::InvalidParametersError < Userbin::ApiError; end

data/lib/userbin/jwt.rb

@@ -2,8 +2,7 @@ require 'jwt'
 
 module Userbin
   class JWT
-    attr_reader :header
-    attr_reader :payload
+    attr_accessor :header, :payload
 
     def initialize(jwt)
       begin
@@ -21,6 +20,10 @@ module Userbin
       Time.now.utc > Time.at(@header['exp']).utc
     end
 
+    def merge!(payload = {})
+      @payload.merge!(payload)
+    end
+
     def to_json
       @payload
     end
@@ -29,12 +32,5 @@ module Userbin
       ::JWT.encode(@payload, Userbin.config.api_secret, "HS256", @header)
     end
 
-    def app_id
-      @header['aud']
-    end
-
-    def merge!(payload = {})
-      @payload.merge!(payload)
-    end
   end
 end

data/lib/userbin/models/challenge.rb

@@ -1,4 +1,6 @@
 module Userbin
-  class Challenge < Base
+  class Challenge < Model
+    has_one :channel
+    instance_post :verify
   end
 end

data/lib/userbin/models/channel.rb

@@ -0,0 +1,5 @@
+module Userbin
+  class Channel < Model
+    has_one :token
+  end
+end

data/lib/userbin/models/{base.rb → model.rb}

@@ -1,10 +1,16 @@
 require 'her'
 
 module Userbin
-  class Base
+  class Model
     include Her::Model
     use_api Userbin::API
 
+    def initialize(args = {})
+      # allow initializing with id as a string
+      args = { id: args } if args.is_a? String
+      super(args)
+    end
+
     METHODS.each do |method|
       class_eval <<-RUBY, __FILE__, __LINE__ + 1
         def self.instance_#{method}(action)

data/lib/userbin/models/monitoring.rb

@@ -0,0 +1,6 @@
+module Userbin
+  class Monitoring < Model
+    collection_path '/v1' # Her doesn't accept the empty string
+    custom_post :heartbeat
+  end
+end

data/lib/userbin/models/session.rb

@@ -1,11 +1,5 @@
 module Userbin
-  class Session < Base
-    primary_key :token
+  class Session < Model
     instance_post :refresh
-    instance_post :verify
-
-    def expired?
-      Userbin::JWT.new(token).expired?
-    end
   end
 end

data/lib/userbin/models/token.rb

@@ -0,0 +1,4 @@
+module Userbin
+  class Token < Model
+  end
+end

data/lib/userbin/models/user.rb

@@ -1,5 +1,5 @@
 module Userbin
-  class User < Base
+  class User < Model
     custom_post :import
     instance_post :lock
     instance_post :unlock

data/lib/userbin/request.rb

@@ -57,12 +57,39 @@ module Userbin
         end
       end
 
+      # Sends the active session token in a header, and extracts the returned
+      # session token and sets it locally.
+      #
+      class SessionToken < Faraday::Middleware
+        def call(env)
+          userbin = RequestStore.store[:userbin]
+          return @app.call(env) unless userbin
+
+          # get the session token from our local store
+          if userbin.session_token
+            env[:request_headers]['X-Userbin-Session-Token'] =
+              userbin.session_token.to_s
+          end
+
+          # call the API
+          response = @app.call(env)
+
+          # update the local store with the updated session token
+          token = response.env.response_headers['x-userbin-session-token']
+          userbin.session_token = token if token
+
+          response
+        end
+      end
+
       # Adds request context like IP address and user agent to any request.
       #
       class ContextHeaders < Faraday::Middleware
         def call(env)
-          userbin_headers = RequestStore.store.fetch(:userbin_headers, [])
-          userbin_headers.each do |key, value|
+          userbin = RequestStore.store[:userbin]
+          return @app.call(env) unless userbin
+
+          userbin.request_context.each do |key, value|
             header =
               "X-Userbin-#{key.to_s.gsub('_', '-').gsub(/\w+/) {|m| m.capitalize}}"
             env[:request_headers][header] = value
@@ -83,11 +110,19 @@ module Userbin
           when 403
             raise Userbin::ForbiddenError.new(
               MultiJson.decode(env[:body])['message'])
+          when 404
+            raise Userbin::NotFoundError.new(
+              MultiJson.decode(env[:body])['message'])
           when 419
             raise Userbin::UserUnauthorizedError.new(
               MultiJson.decode(env[:body])['message'])
           when 400..599
-            raise Userbin::Error.new(MultiJson.decode(env[:body])['message'])
+            begin
+              message = MultiJson.decode(env[:body])['message']
+              raise Userbin::Error.new(message)
+            rescue MultiJson::ParseError
+              raise Userbin::ApiError.new
+            end
           else
             parse(env[:body])
           end

data/lib/userbin/session_store.rb

@@ -0,0 +1,35 @@
+module Userbin
+  class SessionStore
+    class Rack < SessionStore
+      def initialize(session)
+        @session = session
+      end
+
+      def user_id
+        @session['userbin.user_id']
+      end
+
+      def user_id=(value)
+        @session['userbin.user_id'] = value
+      end
+
+      def read
+        @session[key]
+      end
+
+      def write(value)
+        @session[key] = value
+      end
+
+      def destroy
+        @session.delete(key)
+      end
+
+      private
+
+      def key
+        "userbin.user.#{user_id}"
+      end
+    end
+  end
+end

data/lib/userbin/session_token.rb

@@ -0,0 +1,31 @@
+require 'jwt'
+
+module Userbin
+  class SessionToken
+    def initialize(token)
+      if token
+        @jwt = Userbin::JWT.new(token)
+      end
+    end
+
+    def to_s
+      @jwt.to_token
+    end
+
+    def expired?
+      @jwt.expired?
+    end
+
+    def needs_challenge?
+      @jwt.payload['vfy'] > 0
+    end
+
+    def has_challenge?
+      !!@jwt.payload['chg']
+    end
+
+    def challenge_type
+      @jwt.payload['chg']['typ'] if has_challenge?
+    end
+  end
+end

data/lib/userbin/utils.rb

@@ -11,6 +11,7 @@ module Userbin
         c.use Userbin::Request::Middleware::BasicAuth, api_secret
         c.use Userbin::Request::Middleware::EnvironmentHeaders
         c.use Userbin::Request::Middleware::ContextHeaders
+        c.use Userbin::Request::Middleware::SessionToken
         c.use FaradayMiddleware::EncodeJson
         c.use Userbin::Request::Middleware::JSONParser
         c.use Faraday::Adapter::NetHttp

data/lib/userbin/version.rb

@@ -1,3 +1,3 @@
 module Userbin
-  VERSION = "1.0.4"
+  VERSION = "1.1.0"
 end

data/spec/fixtures/vcr_cassettes/challenge_create.yml

@@ -0,0 +1,48 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://:secretkey@secure.userbin.com/v1/users/dTxR68nzuRXT4wrB2HJ4hanYtcaGSz2y/challenges
+    body:
+      encoding: UTF-8
+      string: "{}"
+    headers:
+      User-Agent:
+      - Userbin/v1 RubyBindings/1.0.4
+      X-Userbin-Client-User-Agent:
+      - '{"bindings_version":"1.0.4","lang":"ruby","lang_version":"2.1.1 p76 (2014-02-24)","platform":"x86_64-darwin13.0","publisher":"userbin","uname":"Darwin
+        Johans-MacBook-Pro-2.local 13.2.0 Darwin Kernel Version 13.2.0: Thu Apr 17
+        23:03:13 PDT 2014; root:xnu-2422.100.13~1/RELEASE_X86_64 x86_64"}'
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 201
+      message: 'Created '
+    headers:
+      Content-Type:
+      - application/json
+      Content-Length:
+      - '476'
+      X-Ua-Compatible:
+      - IE=Edge
+      Etag:
+      - '"ee1750920e2acc320adbd6826d5299be"'
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Server:
+      - WEBrick/1.3.1 (Ruby/2.1.1/2014-02-24)
+      Date:
+      - Sat, 07 Jun 2014 20:42:33 GMT
+      Connection:
+      - Keep-Alive
+    body:
+      encoding: UTF-8
+      string: '{"id":"UWwy5FrWf9DTeoTpJz1LpBp4dPkWZ2Ne","created_at":"2014-06-07T20:42:33Z","channel":{"id":"Ff892rfGx3TwNF33sQUz3S51NsV24w7H","created_at":"2014-06-07T20:25:27Z","primary":true,"type":"token","token":{"id":"VVG3qirUxy8mUSkmzy3QpPcuhLN1JY4r","created_at":"2014-06-07T20:24:39Z","verified":true,"qr_url":"https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth%3A%2F%2Ftotp%2FUserbin%3Abrissmyr%40gmail.com%3Fsecret%3Dxulnnls324pajcfn%26issuer%3DUserbin"}}}'
+    http_version:
+  recorded_at: Sat, 07 Jun 2014 20:42:33 GMT
+recorded_with: VCR 2.9.0

data/spec/fixtures/vcr_cassettes/challenge_verify.yml

@@ -0,0 +1,42 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://:secretkey@secure.userbin.com/v1/challenges/UWwy5FrWf9DTeoTpJz1LpBp4dPkWZ2Ne/verify
+    body:
+      encoding: UTF-8
+      string: '{"response":"000000"}'
+    headers:
+      User-Agent:
+      - Userbin/v1 RubyBindings/1.0.4
+      X-Userbin-Client-User-Agent:
+      - '{"bindings_version":"1.0.4","lang":"ruby","lang_version":"2.1.1 p76 (2014-02-24)","platform":"x86_64-darwin13.0","publisher":"userbin","uname":"Darwin
+        Johans-MacBook-Pro-2.local 13.2.0 Darwin Kernel Version 13.2.0: Thu Apr 17
+        23:03:13 PDT 2014; root:xnu-2422.100.13~1/RELEASE_X86_64 x86_64"}'
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 204
+      message: 'No Content '
+    headers:
+      X-Ua-Compatible:
+      - IE=Edge
+      Cache-Control:
+      - no-cache
+      Server:
+      - WEBrick/1.3.1 (Ruby/2.1.1/2014-02-24)
+      Date:
+      - Sat, 07 Jun 2014 20:52:43 GMT
+      Connection:
+      - Keep-Alive
+    body:
+      encoding: UTF-8
+      string: ''
+    http_version:
+  recorded_at: Sat, 07 Jun 2014 20:52:43 GMT
+recorded_with: VCR 2.9.0

data/spec/helpers_spec.rb

@@ -3,14 +3,14 @@ require 'spec_helper'
 describe 'Userbin helpers' do
   let(:token) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImlhdCI6MTM5ODIzOTIwMywiZXhwIjoxMzk4MjQyODAzfQ.eyJ1c2VyX2lkIjoiZUF3djVIdGRiU2s4Yk1OWVpvanNZdW13UXlLcFhxS3IifQ.Apa7EmT5T1sOYz4Af0ERTDzcnUvSalailNJbejZ2ddQ' }
 
-  it 'creates a session' do
+  xit 'creates a session' do
     Userbin::Session.should_receive(:post).
       with("users/user%201234/sessions", user: {email: 'valid@example.com'}).
       and_return(Userbin::Session.new(token: token))
     Userbin.authenticate(nil, 'user 1234', properties: {email: 'valid@example.com'})
   end
 
-  it 'refreshes, and does not create a session' do
+  xit 'refreshes, and does not create a session' do
     Userbin::Session.should_not_receive(:create)
     Userbin::Session.any_instance.should_receive(:refresh).
       and_return(Userbin::Session.new(token: token))
@@ -27,7 +27,7 @@ describe 'Userbin helpers' do
     Userbin.authenticate(token, opts)
   end
 
-  it 'deauthenticates with context' do
+  xit 'deauthenticates with context' do
     Userbin::Session.should_receive(:destroy_existing)
 
     jwt = Userbin::JWT.new(token)

data/spec/models/challenge_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe 'Userbin::Challenge' do
+  it 'creates a challenge' do
+    VCR.use_cassette('challenge_create') do
+      challenge = Userbin::Challenge.post(
+        "users/dTxR68nzuRXT4wrB2HJ4hanYtcaGSz2y/challenges")
+      challenge.channel.token.id.should == 'VVG3qirUxy8mUSkmzy3QpPcuhLN1JY4r'
+    end
+  end
+
+  it 'verifies a challenge' do
+    VCR.use_cassette('challenge_verify') do
+      challenge = Userbin::Challenge.new(id: 'UWwy5FrWf9DTeoTpJz1LpBp4dPkWZ2Ne')
+      challenge.verify(response: '000000')
+    end
+  end
+end

data/spec/models/session_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe 'Userbin::Session' do
-
   let(:session_token) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImlzcyI6InVzZXItMjQxMiIsInN1YiI6IlMyb2R4UmVabkdxaHF4UGFRN1Y3a05rTG9Ya0daUEZ6IiwiYXVkIjoiODAwMDAwMDAwMDAwMDAwIiwiZXhwIjoxMzk5NDc5Njc1LCJpYXQiOjEzOTk0Nzk2NjUsImp0aSI6MH0.eyJjaGFsbGVuZ2UiOnsiaWQiOiJUVENqd3VyM3lwbTRUR1ZwWU43cENzTXFxOW9mWEVBSCIsInR5cGUiOiJvdHBfYXV0aGVudGljYXRvciJ9fQ.LT9mUzJEbsizbFxcpMo3zbms0aCDBzfgMbveMGSi1-s' }
 
   it 'creates a session' do
@@ -12,22 +11,4 @@ describe 'Userbin::Session' do
       Userbin::JWT.new(session.token).header['iss'].should == user_id
     end
   end
-
-  it 'refreshes a session' do
-    VCR.use_cassette('session_refresh') do
-      session = Userbin::Session.new(token: session_token)
-      session = session.refresh(user: {name: 'New Name'})
-
-      session.token.should_not == session_token
-    end
-  end
-
-  it 'verifies a session' do
-    VCR.use_cassette('session_verify') do
-      Userbin::JWT.new(session_token).payload['challenge'].should_not be_nil
-      session = Userbin::Session.new(token: session_token)
-      session = session.verify(response: '017010')
-      Userbin::JWT.new(session.token).payload['challenge'].should be_nil
-    end
-  end
 end

data/spec/utils_spec.rb

@@ -1,5 +1,23 @@
 require 'spec_helper'
 
+class MemoryStore < Userbin::SessionStore
+  def initialize
+    @value = nil
+  end
+
+  def read
+    @value
+  end
+
+  def write(value)
+    @value = value
+  end
+
+  def destroy
+    @value = nil
+  end
+end
+
 describe 'Userbin utils' do
   describe 'ContextHeaders middleware' do
     before do
@@ -26,11 +44,12 @@ describe 'Userbin utils' do
     end
 
     it 'sets context headers from env' do
-      Userbin.with_context(ip: '8.8.8.8', user_agent: 'Mozilla') do
-        Userbin::User.create()
-        @env['request_headers']['X-Userbin-Ip'].should == '8.8.8.8'
-        @env['request_headers']['X-Userbin-User-Agent'].should == 'Mozilla'
-      end
+      request = Rack::Request.new(Rack::MockRequest.env_for('/',
+        "HTTP_USER_AGENT" => "Mozilla", "REMOTE_ADDR" => "8.8.8.8"))
+      Userbin::Client.new(request, session_store: MemoryStore.new)
+      Userbin::User.create()
+      @env['request_headers']['X-Userbin-Ip'].should == '8.8.8.8'
+      @env['request_headers']['X-Userbin-User-Agent'].should == 'Mozilla'
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: userbin
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.1.0
 platform: ruby
 authors:
 - Johan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-14 00:00:00.000000000 Z
+date: 2014-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: her
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.8
+        version: 0.7.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.8
+        version: 0.7.2
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
@@ -173,18 +173,24 @@ extra_rdoc_files: []
 files:
 - README.md
 - lib/userbin.rb
+- lib/userbin/client.rb
 - lib/userbin/configuration.rb
 - lib/userbin/errors.rb
-- lib/userbin/helpers.rb
 - lib/userbin/jwt.rb
-- lib/userbin/models/base.rb
 - lib/userbin/models/challenge.rb
+- lib/userbin/models/channel.rb
+- lib/userbin/models/model.rb
+- lib/userbin/models/monitoring.rb
 - lib/userbin/models/session.rb
+- lib/userbin/models/token.rb
 - lib/userbin/models/user.rb
 - lib/userbin/request.rb
+- lib/userbin/session_store.rb
+- lib/userbin/session_token.rb
 - lib/userbin/utils.rb
 - lib/userbin/version.rb
-- spec/configuration_spec.rb
+- spec/fixtures/vcr_cassettes/challenge_create.yml
+- spec/fixtures/vcr_cassettes/challenge_verify.yml
 - spec/fixtures/vcr_cassettes/session_create.yml
 - spec/fixtures/vcr_cassettes/session_refresh.yml
 - spec/fixtures/vcr_cassettes/session_verify.yml
@@ -194,6 +200,7 @@ files:
 - spec/fixtures/vcr_cassettes/user_update.yml
 - spec/helpers_spec.rb
 - spec/jwt_spec.rb
+- spec/models/challenge_spec.rb
 - spec/models/session_spec.rb
 - spec/models/user_spec.rb
 - spec/spec_helper.rb
@@ -223,7 +230,8 @@ signing_key:
 specification_version: 4
 summary: Userbin
 test_files:
-- spec/configuration_spec.rb
+- spec/fixtures/vcr_cassettes/challenge_create.yml
+- spec/fixtures/vcr_cassettes/challenge_verify.yml
 - spec/fixtures/vcr_cassettes/session_create.yml
 - spec/fixtures/vcr_cassettes/session_refresh.yml
 - spec/fixtures/vcr_cassettes/session_verify.yml
@@ -233,6 +241,7 @@ test_files:
 - spec/fixtures/vcr_cassettes/user_update.yml
 - spec/helpers_spec.rb
 - spec/jwt_spec.rb
+- spec/models/challenge_spec.rb
 - spec/models/session_spec.rb
 - spec/models/user_spec.rb
 - spec/spec_helper.rb

data/lib/userbin/helpers.rb

@@ -1,83 +0,0 @@
-module Userbin
-  class << self
-
-    def authenticate(session_token, user_id, opts = {})
-      session = Userbin::Session.new(token: session_token)
-
-      user_data = opts.fetch(:properties, {})
-
-      if session.token
-        if session.expired?
-          session = Userbin.with_context(opts[:context]) do
-            session.refresh(user: user_data)
-          end
-        end
-      else
-        session = Userbin.with_context(opts[:context]) do
-          Userbin::Session.post(
-            "users/#{URI.encode(user_id.to_s)}/sessions", user: user_data)
-        end
-      end
-
-      session_token = session.token
-
-      # By encoding the context to the JWT payload, we avoid having to
-      # fetch the context for subsequent Userbin calls during the
-      # current request
-      jwt = Userbin::JWT.new(session_token)
-      jwt.merge!(context: opts[:context])
-      jwt.to_token
-    end
-
-    def deauthenticate(session_token)
-      return unless session_token
-
-      # Extract context from authenticated session token
-      jwt = Userbin::JWT.new(session_token)
-      context = jwt.payload['context']
-
-      Userbin.with_context(context) do
-        Userbin::Session.destroy_existing(session_token)
-      end
-    end
-
-    def two_factor_authenticate!(session_token)
-      return unless session_token
-
-      challenge = Userbin::JWT.new(session_token).payload['challenge']
-
-      if challenge
-        case challenge['type']
-        when 'otp_authenticator' then :authenticator
-        when 'otp_sms' then :sms
-        end
-      end
-    end
-
-    # TODO: almost the same as deauthenticate. Refactor?
-    def verify_code(session_token, response)
-      return unless session_token
-
-      # Extract context from authenticated session token
-      jwt = Userbin::JWT.new(session_token)
-      context = jwt.payload['context']
-
-      session = Userbin.with_context(context) do
-        Userbin::Session.new(token: session_token).verify(response: response)
-      end
-
-      session.token
-    end
-
-    def security_settings_url(session_token)
-      return '' unless session_token
-      begin
-        app_id = Userbin::JWT.new(session_token).app_id
-        "https://security.userbin.com/?session_token=#{session_token}"
-      rescue Userbin::Error
-        ''
-      end
-    end
-
-  end
-end

data/spec/configuration_spec.rb

@@ -1,8 +0,0 @@
-require 'spec_helper'
-
-describe 'Userbin configuration' do
-  it 'sets API secret without using block' do
-    #Userbin.api_secret = 'secret'
-    #Userbin.config.api_secret.should == 'secret'
-  end
-end