visa 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9f100a7183b849f640a7613dd135bf03d2b48e45
+  data.tar.gz: ba75001cfa1ecd0a285386a39431591f222edc30
+SHA512:
+  metadata.gz: d8c99ae11ed0d4095bb671d4ca18594e01fc308ace4ec344e659e7319e238d3988858022c2e098ceb98e114899dadcbb18b05e3923d35f0ab34b3eeca9f89dcc
+  data.tar.gz: ba52559000d5691e7ddefe32ec34dbe6bf203086c96492975d8d5d525457977f19a940fdbff5d4bbce8d57f20284c74743f910eda63de2476f3ba8850b80e519

data/.gitignore

@@ -0,0 +1,16 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+*.gem
+*.sqlite
+mkmf.log

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Pat Allan, Inspire9
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# Visa
+
+Multi-token authentication for Rails apps. Built with Devise in mind, but can be used separately.
+
+## Installation
+
+Something like the following should go in your Gemfile:
+
+```ruby
+gem 'visa', '~> 0.0.1'
+```
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/inspire9/visa/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## Credits
+
+Inspiration has come from [Lynn Dylan Hurley](https://github.com/lynndylanhurley)'s [devise_token_auth](https://github.com/lynndylanhurley/devise_token_auth) and [this post](http://www.brianauton.com/posts/token-authentication-devise.html) by [Brian Auton](https://github.com/brianauton).
+
+## Licence
+
+Copyright (c) 2015, Visa is developed and maintained by Pat Allan and Inspire9, and is released under the open MIT Licence.

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/app/models/visa/token.rb

@@ -0,0 +1,39 @@
+class Visa::Token < ActiveRecord::Base
+  self.table_name = 'visa_tokens'
+
+  belongs_to :tokenable, polymorphic: true
+
+  validates :tokenable,        presence: true
+  validates :client_id,        presence: true, uniqueness: true
+  validates :encrypted_secret, presence: true
+
+  before_validation :set_client_id, on: :create
+  before_validation :set_secret,    on: :create
+
+  attr_reader :secret
+
+  def self.find_by_credentials(client_id, secret)
+    token = find_by client_id: client_id
+    token && token.has_secret?(secret) ? token : nil
+  end
+
+  def has_secret?(secret)
+    BCrypt::Password.new(encrypted_secret) == secret
+  end
+
+  private
+
+  def encryption_cost
+    Visa.encryption_cost || 10
+  end
+
+  def set_client_id
+    self.client_id = SecureRandom.hex 8
+  end
+
+  def set_secret
+    @secret               = SecureRandom.urlsafe_base64 31
+    self.encrypted_secret = BCrypt::Password.create @secret,
+      cost: encryption_cost
+  end
+end

data/config.ru

@@ -0,0 +1,7 @@
+require 'rubygems'
+require 'bundler'
+
+Bundler.require :default, :development
+
+Combustion.initialize!
+run Combustion::Application

data/db/migrate/1_create_tokens.rb

@@ -0,0 +1,15 @@
+class CreateTokens < ActiveRecord::Migration
+  def change
+    create_table :visa_tokens do |t|
+      t.string   :tokenable_type,   null: false
+      t.integer  :tokenable_id,     null: false
+      t.string   :client_id,        null: false
+      t.string   :encrypted_secret, null: false
+      t.datetime :last_requested_at
+      t.timestamps null: false
+    end
+
+    add_index :visa_tokens, [:tokenable_type, :tokenable_id]
+    add_index :visa_tokens, :client_id, unique: true
+  end
+end

data/lib/visa.rb

@@ -0,0 +1,13 @@
+require 'bcrypt'
+require 'rack'
+
+module Visa
+  mattr_accessor :encryption_cost, :request_header, :timeout
+end
+
+Visa.encryption_cost = 10
+Visa.request_header  = 'Authentication'
+Visa.timeout         = 14.days
+
+require 'visa/engine'
+require 'visa/request'

data/lib/visa/engine.rb

@@ -0,0 +1,3 @@
+class Visa::Engine < Rails::Engine
+  engine_name :visa
+end

data/lib/visa/request.rb

@@ -0,0 +1,39 @@
+class Visa::Request
+  delegate :tokenable, to: :token
+
+  def initialize(environment)
+    @environment = environment
+  end
+
+  def touch
+    token.touch :last_requested_at
+  end
+
+  def valid?
+    token.present? && not_too_old?
+  end
+
+  private
+
+  attr_reader :environment
+
+  def credentials
+    string = request.params['access_token'] ||
+      request.headers[Visa.request_header]
+
+    [string[0..15], string[16..57]]
+  end
+
+  def not_too_old?
+    time = token.last_requested_at
+    time.nil? || (time > Visa.timeout.ago)
+  end
+
+  def request
+    @request ||= Rack::Request.new environment
+  end
+
+  def token
+    @token ||= Visa::Token.find_by_credentials *credentials
+  end
+end

data/spec/internal/app/controllers/application_controller.rb

@@ -0,0 +1,23 @@
+class ApplicationController < ActionController::Base
+  private
+
+  def authenticate_user!
+    if user_signed_in?
+      visa_request.touch
+    else
+      render text: 'Unauthorised', status: 401
+    end
+  end
+
+  def current_user
+    visa_request.tokenable
+  end
+
+  def visa_request
+    @visa_request ||= Visa::Request.new request.env
+  end
+
+  def user_signed_in?
+    visa_request.valid?
+  end
+end

data/spec/internal/app/controllers/home_controller.rb

@@ -0,0 +1,7 @@
+class HomeController < ApplicationController
+  before_filter :authenticate_user!
+
+  def index
+    render text: 'OK'
+  end
+end

data/spec/internal/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  #
+end

data/spec/internal/config/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter:  sqlite3
+  database: db/combustion_test.sqlite

data/spec/internal/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  root 'home#index'
+end

data/spec/internal/db/schema.rb

@@ -0,0 +1,6 @@
+ActiveRecord::Schema.define do
+  create_table :users, force: true do |t|
+    t.string :email
+    t.timestamps null: false
+  end
+end

data/spec/internal/log/.gitignore

@@ -0,0 +1 @@
+*.log

data/spec/models/visa/token_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+RSpec.describe Visa::Token, type: :model do
+  let(:token) { Visa::Token.create tokenable: User.create }
+
+  describe '.find_by_credentials' do
+    it 'returns the matching token' do
+      existing_token = Visa::Token.find_by_credentials token.client_id,
+        token.secret
+      expect(existing_token).to eq(token)
+    end
+
+    it 'returns nil when the client id is wrong' do
+      existing_token = Visa::Token.find_by_credentials 'foo', token.secret
+      expect(existing_token).to be_nil
+    end
+
+    it 'returns nil when the secret is wrong' do
+      existing_token = Visa::Token.find_by_credentials token.client_id,
+        'foo'
+      expect(existing_token).to be_nil
+    end
+  end
+
+  describe '#client_id' do
+    it 'is populated on creation' do
+      expect(token.client_id).to be_present
+    end
+  end
+
+  describe '#secret' do
+    it 'is populated on creation' do
+      expect(token.secret).to be_present
+    end
+
+    it 'is not persisted' do
+      existing_token = Visa::Token.find token.id
+      expect(existing_token.secret).to be_nil
+    end
+  end
+
+  describe '#has_secret?' do
+    it 'matches against the original secret' do
+      expect(token.has_secret?(token.secret)).to eq(true)
+    end
+
+    it 'returns false with different secrets' do
+      expect(token.has_secret?('foo')).to eq(false)
+    end
+  end
+end

data/spec/requests/requests_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+RSpec.describe 'Request integration', type: :request do
+  let(:token) { Visa::Token.create tokenable: User.create }
+
+  it 'accepts valid tokens' do
+    get '/', access_token: "#{token.client_id}#{token.secret}"
+
+    expect(response.status).to eq(200)
+  end
+
+  it 'returns 401 when the token is invalid' do
+    get '/', access_token: "#{token.client_id}this-is-invalid"
+
+    expect(response.status).to eq(401)
+  end
+
+  it 'returns 401 when the token has not been used in two weeks' do
+    token.update_column :last_requested_at, 15.days.ago
+
+    get '/', access_token: "#{token.client_id}#{token.secret}"
+
+    expect(response.status).to eq(401)
+  end
+
+  it 'updates the last_requested_at column' do
+    get '/', access_token: "#{token.client_id}#{token.secret}"
+
+    token.reload
+
+    expect(token.last_requested_at).to_not be_nil
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+require 'bundler'
+
+Bundler.setup :default, :development
+
+require 'rails'
+require 'combustion'
+require 'visa'
+
+Combustion.initialize! :active_record
+
+require 'rspec/rails'
+
+Visa.encryption_cost = 1
+
+RSpec.configure do |config|
+  config.use_transactional_fixtures = true
+end

data/spec/visa/request_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+RSpec.describe Visa::Request do
+  describe '#valid?' do
+    let(:environment) { {'rack.input' => StringIO.new('')} }
+    let(:request)     { Visa::Request.new environment }
+
+    before :each do
+      environment['QUERY_STRING'] = <<-STR
+access_token=1234567890123456789012345678901234567890123456789012345678
+      STR
+
+      allow(Visa::Token).to receive(:find_by_credentials).and_return(nil)
+    end
+
+    it 'sources credentials from the access_token parameter' do
+      expect(Visa::Token).to receive(:find_by_credentials).
+        with('1234567890123456', '789012345678901234567890123456789012345678').
+        and_return(nil)
+
+      request.valid?
+    end
+
+    it 'returns true when a matching token is found' do
+      allow(Visa::Token).to receive(:find_by_credentials).
+        and_return(double('token', last_requested_at: nil))
+
+      expect(request).to be_valid
+    end
+
+    it 'returns true when a matching token is less than two weeks old' do
+      allow(Visa::Token).to receive(:find_by_credentials).
+        and_return(double('token', last_requested_at: 13.days.ago))
+
+      expect(request).to be_valid
+    end
+
+    it 'returns false when no token is found' do
+      allow(Visa::Token).to receive(:find_by_credentials).
+        and_return(nil)
+
+      expect(request).to_not be_valid
+    end
+
+    it 'returns false when a matching token is more than two weeks old' do
+      allow(Visa::Token).to receive(:find_by_credentials).
+        and_return(double('token', last_requested_at: 15.days.ago))
+
+      expect(request).to_not be_valid
+    end
+  end
+end

data/visa.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+Gem::Specification.new do |spec|
+  spec.name          = 'visa'
+  spec.version       = '0.0.1'
+  spec.authors       = ['Pat Allan']
+  spec.email         = ['pat@freelancing-gods.com']
+  spec.summary       = %q{Multi-token authentication for Rails apps.}
+  spec.description   = %q{Multi-token authentication Rails engine.}
+  spec.homepage      = 'https://github.com/inspire9/visa'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency     'bcrypt'
+  spec.add_runtime_dependency     'rack'
+  spec.add_runtime_dependency     'rails', '~> 4.0'
+
+  spec.add_development_dependency 'combustion',  '0.5.1'
+  spec.add_development_dependency 'rspec-rails', '~> 3.1'
+  spec.add_development_dependency 'sqlite3',     '~> 1.3'
+end

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: visa
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Pat Allan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+description: Multi-token authentication Rails engine.
+email:
+- pat@freelancing-gods.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- app/models/visa/token.rb
+- config.ru
+- db/migrate/1_create_tokens.rb
+- lib/visa.rb
+- lib/visa/engine.rb
+- lib/visa/request.rb
+- spec/internal/app/controllers/application_controller.rb
+- spec/internal/app/controllers/home_controller.rb
+- spec/internal/app/models/user.rb
+- spec/internal/config/database.yml
+- spec/internal/config/routes.rb
+- spec/internal/db/schema.rb
+- spec/internal/log/.gitignore
+- spec/internal/public/favicon.ico
+- spec/models/visa/token_spec.rb
+- spec/requests/requests_spec.rb
+- spec/spec_helper.rb
+- spec/visa/request_spec.rb
+- visa.gemspec
+homepage: https://github.com/inspire9/visa
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Multi-token authentication for Rails apps.
+test_files:
+- spec/internal/app/controllers/application_controller.rb
+- spec/internal/app/controllers/home_controller.rb
+- spec/internal/app/models/user.rb
+- spec/internal/config/database.yml
+- spec/internal/config/routes.rb
+- spec/internal/db/schema.rb
+- spec/internal/log/.gitignore
+- spec/internal/public/favicon.ico
+- spec/models/visa/token_spec.rb
+- spec/requests/requests_spec.rb
+- spec/spec_helper.rb
+- spec/visa/request_spec.rb