warden-token 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +20 -0
  3. data/README.md +32 -0
  4. data/lib/warden/strategies/token.rb +44 -0
  5. metadata +63 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 3f99beec06cfd70365a863bf69731157dd11b393
4
+ data.tar.gz: 75f43189603c58adc8c4ce3313e555e292216fbf
5
+ SHA512:
6
+ metadata.gz: 1a3de0d3196adc741c9b57d397713096001b6c904e1656879803155b86c40583e868dc0ad763f00d6de4ca47aa9c8b24ec67b70b513bd0656f987bdc0aa27b69
7
+ data.tar.gz: 25ac2f839f2fbb21a731f3f1a55ff78b540610f132bed1f36266c5aa6631d0218e9514a0156d8ecff759b039d647e51f4266b141efa61846aaac45405b75f592
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2014 Tyler Margison
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,32 @@
1
+ # Warden Token Strategy
2
+
3
+ ## Introduction
4
+
5
+ This is a simple token authentication strategy for
6
+ [Warden](https://github.com/hassox/warden). It's not very secure and I wouldn't
7
+ use it long-term in production, but if you want a simple API-like means of
8
+ authenticating a user with each request, this is a decent way to do it.
9
+
10
+ It makes a couple of assumptions on parameter naming and such, but I plan to
11
+ eventually include configuration capabilities, such that you can create an
12
+ initiailizer or something and override the parameter names with custom ones.
13
+
14
+ ## Setup
15
+
16
+ Pretty easy if you use bundler:
17
+
18
+ ```ruby
19
+ gem "warden-token"
20
+ ```
21
+
22
+ Or if you use RubyGems:
23
+
24
+ gem install warden-token
25
+
26
+ Then `require "warden/strategies/token"` in your project code (or your Gemfile)
27
+ and add it to the Warden strategies collection as such:
28
+
29
+ Warden::Strategies.add(:token, Warden::Strategies::Token)
30
+
31
+ Now you may authenticate using the strategy name `:token`, but you can change
32
+ that part to whatever you'd like.
data/lib/warden/strategies/token.rb ADDED
@@ -0,0 +1,44 @@
1
+ require "warden"
2
+
3
+ class Warden::Strategies::Token < ::Warden::Strategies::Base
4
+ VERSION = "0.1.0"
5
+
6
+ attr_reader :id, :token
7
+
8
+ def initialize(env, scope=nil)
9
+ super
10
+
11
+ if request.authorization && request.authorization =~ /^Basic (.*)$/m
12
+ @id, @token = Base64.decode64($1).split(/:/, 2)
13
+ else
14
+ @id, @token = params[:user_id], params[:token]
15
+ end
16
+ end
17
+
18
+ def valid?
19
+ id && token
20
+ end
21
+
22
+ def authenticate!
23
+ user = User.where(id: id).first
24
+ if user && Token.secure_compare(user.auth_token)
25
+ success!(user)
26
+ else
27
+ fail!("Invalid user id or token")
28
+ end
29
+ end
30
+
31
+ private
32
+
33
+ # Taken from [Devise](https://github.com/plataformatec/devise).
34
+ # constant-time comparison algorithm to prevent timing attacks
35
+ def secure_compare(a)
36
+ b = token
37
+ return false if a.blank? || b.blank? || a.bytesize != b.bytesize
38
+ l = a.unpack "C#{a.bytesize}"
39
+
40
+ res = 0
41
+ b.each_byte { |byte| res |= byte ^ l.shift }
42
+ res == 0
43
+ end
44
+ end
metadata ADDED
@@ -0,0 +1,63 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: warden-token
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Tyler Margison
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-09-06 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: warden
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.2'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.2'
27
+ description: Simple token authentication strategy for Warden. Not necessarily secure
28
+ or powerful, this is for simple token-based authentication like what you might need
29
+ for an API project.
30
+ email: kolorahl@gmail.com
31
+ executables: []
32
+ extensions: []
33
+ extra_rdoc_files: []
34
+ files:
35
+ - LICENSE
36
+ - README.md
37
+ - lib/warden/strategies/token.rb
38
+ homepage: https://github.com/kolorahl/warden-token
39
+ licenses:
40
+ - MIT
41
+ metadata: {}
42
+ post_install_message:
43
+ rdoc_options: []
44
+ require_paths:
45
+ - lib
46
+ required_ruby_version: !ruby/object:Gem::Requirement
47
+ requirements:
48
+ - - ">="
49
+ - !ruby/object:Gem::Version
50
+ version: '0'
51
+ required_rubygems_version: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - ">="
54
+ - !ruby/object:Gem::Version
55
+ version: '0'
56
+ requirements: []
57
+ rubyforge_project:
58
+ rubygems_version: 2.2.2
59
+ signing_key:
60
+ specification_version: 4
61
+ summary: Simple token authentication strategy for Warden.
62
+ test_files: []
63
+ has_rdoc: