wikk_web_auth 0.1.3 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/History.txt +46 -0
- data/README.md +3 -3
- data/Rakefile +1 -2
- data/lib/wikk_web_auth.rb +175 -159
- metadata +15 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f11e7bb6190975e4175a2e0b67a4a01b157c3c4787538138099dda2a020ae07a
|
4
|
+
data.tar.gz: 622a9d3c4d29584a860b39f3a1e30b5462b765f02373dae5d8ab1139a9b5b441
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83560ee013e45a01a0b8d7c62a4daef09d4c8e33501673d96b643a8ffb5675e136b3f4392b59041138d63abcc3e1584312bf027433ca941ef1da71c6f0fc22f7
|
7
|
+
data.tar.gz: 7fdd8602fa9427be49777ffa2b221f9718109c05c9c00b5a914b01a1af24fb242ef946c86f404efad63d818455c2626b7c8624cc31506f27c43f622ec663b249
|
data/History.txt
CHANGED
@@ -1,3 +1,49 @@
|
|
1
|
+
robertburrowes Wed Mar 29 22:03:06 2023 +1300
|
2
|
+
Test against the new lib version, not the gem
|
3
|
+
robertburrowes Wed Mar 29 22:02:44 2023 +1300
|
4
|
+
Put back lines deleted from previous version. Added nil? check on session_expires, which we are now getting.
|
5
|
+
robertburrowes Wed Mar 29 18:07:39 2023 +1300
|
6
|
+
consistent use of args.
|
7
|
+
robertburrowes Wed Mar 29 17:58:25 2023 +1300
|
8
|
+
make init more compatible with previous version
|
9
|
+
robertburrowes Wed Mar 29 16:27:00 2023 +1300
|
10
|
+
better naming for config
|
11
|
+
robertburrowes Wed Mar 29 16:13:58 2023 +1300
|
12
|
+
mixed my config files up. Need to do this more cleanly.
|
13
|
+
robertburrowes Wed Mar 29 13:17:17 2023 +1300
|
14
|
+
Change self.session_config to have a config_override: param, and to use named arguments
|
15
|
+
robertburrowes Tue Mar 28 09:28:06 2023 +1300
|
16
|
+
Give option to pass in config to class methods (and use the config passed into initialize)
|
17
|
+
robertburrowes Mon Mar 27 17:22:31 2023 +1300
|
18
|
+
Moved pstore default location, so we can test against new thin Rack version of rpc
|
19
|
+
robertburrowes Mon Jun 13 17:53:13 2022 +1200
|
20
|
+
rubcop'd
|
21
|
+
robertburrowes Mon Jun 13 17:51:24 2022 +1200
|
22
|
+
Merge branch 'master' of github.com:wikarekare/wikk_web_auth
|
23
|
+
robertburrowes Mon Jun 13 13:55:32 2022 +1200
|
24
|
+
rubocop Scripts to bash
|
25
|
+
robertburrowes Mon Jun 13 12:20:35 2022 +1200
|
26
|
+
rubocop'd
|
27
|
+
robertburrowes Sun Oct 25 21:36:01 2020 +1300
|
28
|
+
Tidy up the yard comments to fix formatting
|
29
|
+
robertburrowes Sun Oct 25 21:22:21 2020 +1300
|
30
|
+
mode change
|
31
|
+
robertburrowes Sun Oct 25 21:22:11 2020 +1300
|
32
|
+
new Hoe format
|
33
|
+
robertburrowes Sun Oct 25 21:21:50 2020 +1300
|
34
|
+
Improve dependencies to remove warning
|
35
|
+
robertburrowes Sun Oct 25 21:21:29 2020 +1300
|
36
|
+
include in repo
|
37
|
+
robertburrowes Sun Oct 25 21:21:18 2020 +1300
|
38
|
+
mv dev scripts to sbin
|
39
|
+
robertburrowes Mon Apr 13 23:14:27 2020 +1200
|
40
|
+
bump version
|
41
|
+
robertburrowes Mon Apr 13 23:14:14 2020 +1200
|
42
|
+
change logging name to match gem name
|
43
|
+
robertburrowes Mon Apr 13 23:13:37 2020 +1200
|
44
|
+
rename js to json
|
45
|
+
robertburrowes Mon Apr 13 23:13:19 2020 +1200
|
46
|
+
qualify dir for passwd.json
|
1
47
|
robertburrowes Fri May 26 09:38:55 2017 +1200
|
2
48
|
Bug fix: @log.err -> @log.error
|
3
49
|
robertburrowes Mon Jun 27 12:23:02 2016 +1200
|
data/README.md
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# wikk_web_auth
|
2
2
|
|
3
|
-
*
|
4
|
-
* Source https://github.com/wikarekare/wikk_web_auth
|
5
|
-
* Gem https://rubygems.org/gems/wikk_web_auth
|
3
|
+
* Docs :: https://wikarekare.github.io/wikk_web_auth/
|
4
|
+
* Source :: https://github.com/wikarekare/wikk_web_auth
|
5
|
+
* Gem :: https://rubygems.org/gems/wikk_web_auth
|
6
6
|
|
7
7
|
## DESCRIPTION:
|
8
8
|
|
data/Rakefile
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
# -*- ruby -*-
|
2
|
-
|
3
2
|
require 'rubygems'
|
4
3
|
require 'hoe'
|
5
4
|
Hoe.plugin :yard
|
@@ -12,7 +11,7 @@ Hoe.spec 'wikk_web_auth' do
|
|
12
11
|
self.yard_title = 'wikk_web_auth'
|
13
12
|
self.yard_options = ['--markup', 'markdown', '--protected']
|
14
13
|
|
15
|
-
self.dependency "wikk_password", [
|
14
|
+
self.dependency "wikk_password", ['~> 0.1', '>= 0.1.0']
|
16
15
|
end
|
17
16
|
|
18
17
|
|
data/lib/wikk_web_auth.rb
CHANGED
@@ -1,263 +1,279 @@
|
|
1
|
-
module WIKK
|
2
|
-
require 'cgi'
|
3
|
-
require 'cgi/session'
|
1
|
+
module WIKK
|
2
|
+
require 'cgi'
|
3
|
+
require 'cgi/session'
|
4
4
|
require 'cgi/session/pstore' # provides CGI::Session::PStore
|
5
5
|
require 'digest/sha2'
|
6
6
|
require 'syslog/logger'
|
7
|
-
require
|
7
|
+
require 'wikk_aes_256'
|
8
8
|
require 'wikk_password'
|
9
9
|
|
10
|
-
#Provides common authentication mechanism for all our cgis.
|
11
|
-
# @attr_reader [String] user , the remote user's user name
|
10
|
+
# Provides common authentication mechanism for all our cgis.
|
11
|
+
# @attr_reader [String] user , the remote user's user name
|
12
12
|
# @attr_reader [String] session , the persistent Session record for this user
|
13
13
|
class Web_Auth
|
14
|
-
VERSION =
|
15
|
-
|
14
|
+
VERSION = '0.1.5' # Gem version
|
15
|
+
|
16
16
|
attr_reader :user, :session
|
17
|
-
|
18
|
-
#Create new Web_Auth instance, and proceed through authentication process by creating a login web form, if the user isn't authenticated.
|
17
|
+
|
18
|
+
# Create new Web_Auth instance, and proceed through authentication process by creating a login web form, if the user isn't authenticated.
|
19
19
|
# @param cgi [CGI] Which carries the client data, cookies, and PUT/POST form data.
|
20
|
-
# @param
|
20
|
+
# @param pwd_config [WIKK::Configuration|Hash] the location of the password file is embedded here.
|
21
|
+
# @param pstore_config [Hash] overrides default pstore settings
|
21
22
|
# @param return_url [String] If we successfully authenticate, return here.
|
22
23
|
# @return [WIKK::Web_Auth]
|
23
|
-
|
24
|
-
if
|
25
|
-
sym =
|
24
|
+
def initialize(cgi, pwd_config = nil, return_url = nil, pstore_config: nil)
|
25
|
+
if pwd_config.instance_of?(Hash)
|
26
|
+
sym = pwd_config.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
|
26
27
|
@config = Struct.new(*(k = sym.keys)).new(*sym.values_at(*k))
|
27
28
|
else
|
28
|
-
|
29
|
-
|
30
|
-
|
29
|
+
@pwd_config = pwd_config
|
30
|
+
end
|
31
|
+
|
32
|
+
@cgi = cgi
|
33
|
+
@pstore_config = pstore_config
|
31
34
|
@user = ''
|
32
35
|
@session = nil
|
33
|
-
|
36
|
+
begin
|
34
37
|
@log = Syslog::Logger.syslog
|
35
|
-
rescue
|
36
|
-
@log = Syslog::Logger.new(
|
38
|
+
rescue StandardError
|
39
|
+
@log = Syslog::Logger.new('wikk_web_auth')
|
37
40
|
end
|
38
|
-
authenticate(return_url)
|
41
|
+
authenticate(return_url)
|
39
42
|
end
|
40
43
|
|
41
|
-
#way of checking without doing a full login sequence.
|
44
|
+
# way of checking without doing a full login sequence.
|
42
45
|
# @param cgi [CGI] Which carries the client data, cookies, and PUT/POST form data.
|
46
|
+
# @param pstore_config [Hash] overrides default pstore settings
|
43
47
|
# @return [Boolean] authenticated == true.
|
44
|
-
|
48
|
+
def self.authenticated?(cgi, pstore_config: nil )
|
45
49
|
begin
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
rescue ArgumentError =>
|
51
|
-
|
50
|
+
session = CGI::Session.new(cgi, Web_Auth.session_config( { 'new_session' => false }, pstore_config: pstore_config ) )
|
51
|
+
authenticated = (session != nil && session['session_expires'] > Time.now && session['auth'] == true && session['ip'] == cgi.remote_addr)
|
52
|
+
session.close # Writes back the session data
|
53
|
+
return authenticated
|
54
|
+
rescue ArgumentError => e # if no old session to find.
|
55
|
+
begin
|
52
56
|
@log = Syslog::Logger.syslog
|
53
|
-
rescue
|
54
|
-
@log = Syslog::Logger.new(
|
57
|
+
rescue StandardError
|
58
|
+
@log = Syslog::Logger.new('wikk_web_auth')
|
55
59
|
end
|
56
|
-
@log.error(
|
60
|
+
@log.error(e.message)
|
57
61
|
return false
|
58
62
|
end
|
59
63
|
end
|
60
64
|
|
61
|
-
#get the session reference and delete the session.
|
65
|
+
# get the session reference and delete the session.
|
66
|
+
# @param pstore_config [Hash] overrides default pstore settings
|
62
67
|
# @param cgi [CGI] Which carries the client data, cookies, and PUT/POST form data.
|
63
|
-
def self.logout(cgi)
|
68
|
+
def self.logout(cgi, pstore_config: nil)
|
64
69
|
begin
|
65
|
-
|
66
|
-
|
67
|
-
rescue ArgumentError =>
|
68
|
-
|
70
|
+
session = CGI::Session.new(cgi, Web_Auth.session_config( { 'new_session' => false }, pstore_config: pstore_config ))
|
71
|
+
session.delete if session != nil
|
72
|
+
rescue ArgumentError => e # if no old session
|
73
|
+
begin
|
69
74
|
@log = Syslog::Logger.syslog
|
70
|
-
rescue
|
71
|
-
@log = Syslog::Logger.new(
|
75
|
+
rescue StandardError
|
76
|
+
@log = Syslog::Logger.new('wikk_web_auth')
|
72
77
|
end
|
73
|
-
@log.error(
|
78
|
+
@log.error(e.message)
|
74
79
|
end
|
75
80
|
end
|
76
|
-
|
77
|
-
#Checks password file to see if the response from the user matches generating a hash from the password locally.
|
81
|
+
|
82
|
+
# Checks password file to see if the response from the user matches generating a hash from the password locally.
|
78
83
|
# @param user [String] Who the remote user claims to be
|
79
84
|
# @param challenge [String] Random string we sent to this user, and they used in hashing their password.
|
80
85
|
# @param received_hash [String] The hex_SHA256(password + challenge) string that the user sent back.
|
81
86
|
# @return [Boolean] True for authorization test suceeded.
|
82
87
|
def authorized?(user, challenge, received_hash)
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
88
|
+
begin
|
89
|
+
return WIKK::Password.valid_sha256_response?(user, @pwd_config, challenge, received_hash)
|
90
|
+
rescue IndexError => e # User didn't exist
|
91
|
+
@log.error("authorized?(#{user}) User not found: " + e.message)
|
92
|
+
return false
|
93
|
+
rescue Exception => e # rubocop:disable Lint/RescueException # In a cgi, we want to log all errors.
|
94
|
+
@log.error("authorized?(#{user}): " + e.message)
|
95
|
+
return false
|
96
|
+
end
|
92
97
|
end
|
93
98
|
|
94
|
-
#Generate the new Session's config parameters, mixing in and/or overriding the preset values.
|
95
|
-
# @param
|
99
|
+
# Generate the new Session's config parameters, mixing in and/or overriding the preset values.
|
100
|
+
# @param pstore_config [Hash] Override the default pstore configurations. Only changed keys need to be included
|
101
|
+
# @param extra_arguments [Hash] Extra arguments that get added to the hash. Will also override values with the same key.
|
96
102
|
# @return [Hash] The configuration hash.
|
97
|
-
def self.session_config(extra_arguments =
|
98
|
-
|
103
|
+
def self.session_config( extra_arguments = nil, pstore_config: nil )
|
104
|
+
instance_of?(Hash)
|
105
|
+
session_conf = {
|
99
106
|
'database_manager' => CGI::Session::PStore, # use PStore
|
100
|
-
'session_key' => '_wikk_rb_sess_id',
|
101
|
-
|
102
|
-
'
|
103
|
-
'
|
104
|
-
'
|
105
|
-
#
|
106
|
-
#
|
107
|
-
#
|
108
|
-
#
|
109
|
-
#
|
110
|
-
#no_cookies => ?, #boolean
|
111
|
-
#suffix => ?
|
112
|
-
}
|
107
|
+
'session_key' => '_wikk_rb_sess_id', # custom session key
|
108
|
+
'session_expires' => (Time.now + 86400), # 1 day timeout
|
109
|
+
'prefix' => 'pstore_sid_', # Prefix for pstore file
|
110
|
+
'tmpdir' => '/tmp', # PStore option. Under Apache2, this is a private namespace /tmp
|
111
|
+
'session_path' => '/' # The cookie gets returned for URLs starting with this path
|
112
|
+
# 'session_id' => ?, # Created for new sessions. Merged in for existing sessions
|
113
|
+
# 'new_session' => true, # Default, is to create a new session if it doesn't already exist
|
114
|
+
# 'no_hidden' => ?,
|
115
|
+
# 'session_domain' => ?,
|
116
|
+
# 'session_secure' => ?,
|
117
|
+
# 'no_cookies' => ?, #boolean
|
118
|
+
# 'suffix' => ?
|
119
|
+
}
|
120
|
+
session_conf.merge!(pstore_config) if pstore_config.instance_of?(Hash)
|
121
|
+
session_conf.merge!(extra_arguments) if extra_arguments.instance_of?(Hash)
|
122
|
+
return session_conf
|
113
123
|
end
|
114
|
-
|
124
|
+
|
115
125
|
def session_state_init(session_options = {})
|
116
|
-
session_options.each { |k,v| @session[k] = v }
|
126
|
+
session_options.each { |k, v| @session[k] = v }
|
117
127
|
end
|
118
128
|
|
119
|
-
#Test to see if we are already authenticated, and if not, generate an HTML login page.
|
129
|
+
# Test to see if we are already authenticated, and if not, generate an HTML login page.
|
120
130
|
# @param return_url [String] We return here if we sucessfully login
|
121
131
|
def authenticate(return_url = nil)
|
122
132
|
begin
|
123
|
-
@session = CGI::Session.new(@cgi, Web_Auth.session_config({'new_session' => false})) #Look for existing session.
|
124
|
-
return gen_html_login_page(return_url) if @session
|
125
|
-
rescue ArgumentError =>
|
133
|
+
@session = CGI::Session.new(@cgi, Web_Auth.session_config( { 'new_session' => false }, pstore_config: @pstore_config )) # Look for existing session.
|
134
|
+
return gen_html_login_page(return_url) if @session.nil?
|
135
|
+
rescue ArgumentError => _e # if no old session
|
126
136
|
return gen_html_login_page(return_url)
|
127
|
-
rescue Exception =>
|
128
|
-
|
137
|
+
rescue Exception => e # rubocop:disable Lint/RescueException In CGI, we want to handle every exception
|
138
|
+
@log.error("authenticate(#{@session}): #{e.message}")
|
139
|
+
raise e.class, 'Authenticate, CGI::Session.new ' + e.message
|
129
140
|
end
|
130
|
-
|
131
|
-
@session['auth'] = false if @session['session_expires'] < Time.now || #Session has expired
|
132
|
-
@session['ip'] != @cgi.remote_addr || #Not coming from same IP address
|
133
|
-
CGI::escapeHTML(@cgi['logout']) != '' #Are trying to logout
|
134
|
-
|
135
|
-
return if(@session['auth'] == true) #if this is true, then we have already authenticated this session.
|
136
141
|
|
137
|
-
|
138
|
-
@
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
142
|
+
begin
|
143
|
+
@session['auth'] = false if @session['session_expires'].nil? ||
|
144
|
+
@session['session_expires'] < Time.now || # Session has expired
|
145
|
+
@session['ip'] != @cgi.remote_addr || # Not coming from same IP address
|
146
|
+
CGI.escapeHTML(@cgi['logout']) != '' # Are trying to logout
|
147
|
+
|
148
|
+
return if @session['auth'] == true # if this is true, then we have already authenticated this session.
|
149
|
+
|
150
|
+
if (challenge = @session['seed']) != '' # see if we are looking at a login response.
|
151
|
+
@user = CGI.escapeHTML(@cgi['Username'])
|
152
|
+
response = CGI.escapeHTML(@cgi['Response'])
|
153
|
+
if @user != '' && response != '' && authorized?(@user, challenge, response)
|
154
|
+
@session['auth'] = true # Response valid.
|
155
|
+
@session['user'] = @user
|
156
|
+
@session['ip'] = @cgi.remote_addr
|
157
|
+
@session['seed'] = '' # Don't use the same one twice.
|
158
|
+
@session.close
|
159
|
+
return
|
160
|
+
end
|
147
161
|
end
|
148
|
-
end
|
149
162
|
|
150
|
-
|
151
|
-
|
152
|
-
|
163
|
+
@session.delete # Start a new session.
|
164
|
+
gen_html_login_page(return_url)
|
165
|
+
@session.close if @session != nil # Saves the session state.
|
166
|
+
rescue Exception => e # rubocop:disable Lint/RescueException
|
167
|
+
@log.error("authenticate(#{@session}): #{e.message}")
|
168
|
+
raise e.class, 'Authenticate, CGI::Session.new ' + e.message
|
169
|
+
end
|
153
170
|
end
|
154
171
|
|
155
|
-
#clean up the session, setting @authenticated to false and deleting the session state.
|
156
|
-
def logout
|
172
|
+
# clean up the session, setting @authenticated to false and deleting the session state.
|
173
|
+
def logout
|
157
174
|
@session.delete if @session != nil
|
158
175
|
end
|
159
176
|
|
160
|
-
#Test to see if user authenticated,
|
177
|
+
# Test to see if user authenticated,
|
161
178
|
# @return [Boolean] i.e @authenticated's value.
|
162
179
|
def authenticated?
|
163
180
|
@session != nil && @session['session_expires'] > Time.now && @session['auth'] == true && session['ip'] == @cgi.remote_addr
|
164
181
|
end
|
165
|
-
|
166
182
|
|
167
|
-
#Used by calling cgi to generate a standard login page
|
183
|
+
# Used by calling cgi to generate a standard login page
|
168
184
|
# @param return_url [String] We return here if we sucessfully login
|
169
185
|
def gen_html_login_page(return_url = nil)
|
170
|
-
session_options = Web_Auth.session_config()
|
171
|
-
@session = CGI::Session.new(@cgi, session_options) #Start a new session for future authentications.
|
172
|
-
|
186
|
+
session_options = Web_Auth.session_config( pstore_config: @pstore_config )
|
187
|
+
@session = CGI::Session.new(@cgi, session_options ) # Start a new session for future authentications.
|
188
|
+
|
189
|
+
raise 'gen_html_login_page: @session == nil' if @session.nil?
|
190
|
+
|
173
191
|
challenge = WIKK::AES_256.gen_key_to_s
|
174
192
|
session_state_init('auth' => false, 'seed' => challenge, 'ip' => @cgi.remote_addr, 'session_expires' => session_options['session_expires'])
|
175
|
-
@cgi.header(
|
193
|
+
@cgi.header('type' => 'text/html')
|
176
194
|
@cgi.out do
|
177
195
|
@cgi.html do
|
178
|
-
@cgi.head{ @cgi.title{
|
179
|
-
|
196
|
+
@cgi.head { @cgi.title { 'login' } + html_nocache + html_script } +
|
197
|
+
@cgi.body { html_login_form(user, challenge, return_url) + "\n" }
|
180
198
|
end
|
181
199
|
end
|
182
200
|
@session.update
|
183
201
|
end
|
184
202
|
|
185
|
-
#Used by calling cgi to inject a return URL into the html response.
|
186
|
-
#Called by calling cgi, when constructing their html headers.
|
203
|
+
# Used by calling cgi to inject a return URL into the html response.
|
204
|
+
# Called by calling cgi, when constructing their html headers.
|
187
205
|
# @param url [String] URL to redirect to.
|
188
206
|
# @return [String] The HTML meta header, or "", if url is empty.
|
189
207
|
def html_reload(url = nil)
|
190
208
|
if url != nil && url != ''
|
191
209
|
"<meta http-equiv=\"Refresh\" content=\"0; URL=#{url}\">\n"
|
192
210
|
else
|
193
|
-
|
211
|
+
''
|
194
212
|
end
|
195
213
|
end
|
196
214
|
|
197
|
-
#Used by calling cgi to generate logout with this form.
|
215
|
+
# Used by calling cgi to generate logout with this form.
|
198
216
|
# @param cgi_dir [String] directory holding the login.rbx cgi.
|
199
217
|
# @return [String] Html logout form.
|
200
218
|
def html_logout_form(cgi_dir)
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
219
|
+
<<~HTML
|
220
|
+
<form NAME="login" ACTION="#{cgi_dir}/login.rbx" METHOD="post">
|
221
|
+
<input TYPE="submit" NAME="logout" VALUE="logout" >
|
222
|
+
</form>
|
223
|
+
HTML
|
206
224
|
end
|
207
|
-
|
208
|
-
|
209
|
-
#Login form javascript helper to SHA256 Hash a password and the challenge string sent by the server.
|
225
|
+
|
226
|
+
# Login form javascript helper to SHA256 Hash a password and the challenge string sent by the server.
|
210
227
|
# @return [String] Javascript to embed in html response.
|
211
|
-
def html_script
|
212
|
-
|
213
|
-
|
228
|
+
private def html_script
|
229
|
+
<<~HTML
|
230
|
+
<script type="text/javascript" src="/js/sha256.js"></script>
|
214
231
|
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
232
|
+
<script language="JavaScript">
|
233
|
+
function sendhash() {
|
234
|
+
str = document.login.Password.value +
|
235
|
+
document.login.Challenge.value;
|
219
236
|
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
237
|
+
document.login.Response.value = hex_sha256(str);
|
238
|
+
document.login.Password.value = "";
|
239
|
+
document.login.Challenge.value = "";
|
240
|
+
document.login.submit();
|
241
|
+
}
|
242
|
+
</script>
|
243
|
+
HTML
|
227
244
|
end
|
228
245
|
|
229
|
-
#Generate html login form.
|
246
|
+
# Generate html login form.
|
230
247
|
# @param user [String] user's login name.
|
231
248
|
# @param challenge [String] Random bytes to add to password, before sending back to server.
|
232
249
|
# @param return_url [String] Pass the url we want to return to if the login succeeds.
|
233
250
|
# @return [String] Login form to embed in html response to user.
|
234
|
-
def html_login_form(user, challenge, return_url='')
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
251
|
+
private def html_login_form(user, challenge, return_url = '')
|
252
|
+
<<~HTML
|
253
|
+
<form NAME="login" ACTION="/ruby/login.rbx" METHOD="post">
|
254
|
+
<input TYPE="hidden" NAME="Challenge" VALUE="#{challenge}">
|
255
|
+
<input TYPE="hidden" NAME="Response" VALUE="">
|
256
|
+
<input TYPE="hidden" NAME="ReturnURL" VALUE="#{return_url}">
|
257
|
+
<table>
|
258
|
+
<tr><th>User name</th><td><input TYPE="text" NAME="Username" VALUE="#{user}" SIZE="32" MAXLENGTH="32"></td></tr>
|
259
|
+
<tr><th>Password</th><td><input TYPE="password" NAME="Password" VALUE="" SIZE="32" MAXLENGTH="32"></td></tr>
|
260
|
+
<tr><td> </td><td>
|
261
|
+
<input ONCLICK="sendhash(); return false;" TYPE="submit" NAME="login" VALUE="Login">
|
262
|
+
<input TYPE="button" NAME="Cancel" VALUE=" Cancel "
|
263
|
+
ONCLICK="document.login.Username.value='';document.login.Password.value=';return false;'">
|
264
|
+
</td></tr>
|
265
|
+
</table>
|
266
|
+
</form>
|
267
|
+
<script LANGUAGE="javascript" TYPE="text/javascript">
|
268
|
+
document.login.Username.focus();
|
269
|
+
</script>
|
270
|
+
HTML
|
254
271
|
end
|
255
272
|
|
256
|
-
#Generate no cache metadata header record.
|
273
|
+
# Generate no cache metadata header record.
|
257
274
|
# @return [String] Html no-cache meta tag
|
258
|
-
def html_nocache
|
259
|
-
|
275
|
+
private def html_nocache
|
276
|
+
'<META HTTP-EQUIV="Pragma" CONTENT="no-cache">'
|
260
277
|
end
|
261
278
|
end
|
262
279
|
end
|
263
|
-
|
metadata
CHANGED
@@ -1,19 +1,22 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wikk_web_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rob Burrowes
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-03-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: wikk_password
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.1'
|
17
20
|
- - ">="
|
18
21
|
- !ruby/object:Gem::Version
|
19
22
|
version: 0.1.0
|
@@ -21,6 +24,9 @@ dependencies:
|
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0.1'
|
24
30
|
- - ">="
|
25
31
|
- !ruby/object:Gem::Version
|
26
32
|
version: 0.1.0
|
@@ -44,14 +50,14 @@ dependencies:
|
|
44
50
|
requirements:
|
45
51
|
- - "~>"
|
46
52
|
- !ruby/object:Gem::Version
|
47
|
-
version: '3.
|
53
|
+
version: '3.25'
|
48
54
|
type: :development
|
49
55
|
prerelease: false
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
51
57
|
requirements:
|
52
58
|
- - "~>"
|
53
59
|
- !ruby/object:Gem::Version
|
54
|
-
version: '3.
|
60
|
+
version: '3.25'
|
55
61
|
description: Gem provides common authentication framework for Wikarekare's Ruby CGIs.
|
56
62
|
email:
|
57
63
|
- r.burrowes@auckland.ac.nz
|
@@ -67,11 +73,11 @@ files:
|
|
67
73
|
- README.md
|
68
74
|
- Rakefile
|
69
75
|
- lib/wikk_web_auth.rb
|
70
|
-
homepage:
|
76
|
+
homepage: https://wikarekare.github.io/wikk_web_auth/
|
71
77
|
licenses:
|
72
78
|
- MIT
|
73
79
|
metadata: {}
|
74
|
-
post_install_message:
|
80
|
+
post_install_message:
|
75
81
|
rdoc_options:
|
76
82
|
- "--markup"
|
77
83
|
- markdown
|
@@ -92,9 +98,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
92
98
|
- !ruby/object:Gem::Version
|
93
99
|
version: '0'
|
94
100
|
requirements: []
|
95
|
-
|
96
|
-
|
97
|
-
signing_key:
|
101
|
+
rubygems_version: 3.3.7
|
102
|
+
signing_key:
|
98
103
|
specification_version: 4
|
99
104
|
summary: Gem provides common authentication framework for Wikarekare's Ruby CGIs.
|
100
105
|
test_files: []
|