woople-session 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.gitignore ADDED
@@ -0,0 +1,5 @@
1
+ *.gem
2
+ .bundle
3
+ Gemfile.lock
4
+ pkg/*
5
+ .DS_Store
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --color
2
+ --format progress
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "http://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in woople-session.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2012 Woople LLC.
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,22 @@
1
+ # Woople Session
2
+
3
+ An easy way to login as a woople administrator.
4
+
5
+ ## Purpose & Rationale
6
+
7
+ * Woople has a lot of different applications.
8
+ * We don't want to maintain a seperate list of logins for each one.
9
+ * We want to login to all the applications from a central location.
10
+ * 'Child' Applications of woople can use this gem to make logins easy
11
+
12
+ ## Installation
13
+
14
+ coming soon
15
+
16
+ ## Usage
17
+
18
+ coming soon
19
+
20
+ ## Copyright
21
+
22
+ Copyright (c) 2012 Woople LLC. See LICENSE.txt for further details.
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require 'rspec/core/rake_task'
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,12 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+
4
+ require 'woople-session/version'
5
+ require 'woople-session/base'
6
+ require 'woople/tokenizer'
7
+
8
+ module Woople
9
+ class Session
10
+ # nothing here on purpose
11
+ end
12
+ end
@@ -0,0 +1,61 @@
1
+ require 'cgi'
2
+ require 'active_model'
3
+ require 'active_support/core_ext/numeric/time'
4
+ require 'active_support/core_ext/string/conversions'
5
+
6
+ module Woople
7
+ class Session
8
+ include ActiveModel::Validations
9
+
10
+ validate :token_decryptable, :token_expiration
11
+
12
+ # Class
13
+ def self.find(controller)
14
+ controller.session[:sso]
15
+ end
16
+
17
+ # Instance
18
+ def initialize(controller, token)
19
+ @controller = controller
20
+ @token = token
21
+ end
22
+
23
+ def save
24
+ if valid?
25
+ @controller.session[:sso] = get_token
26
+ return true
27
+ else
28
+ return false
29
+ end
30
+ end
31
+
32
+ private
33
+
34
+ def token_expiration
35
+ token = get_token
36
+ return if token.nil?
37
+
38
+ if token[:expires].nil? || DateTime.now >= token[:expires].to_datetime
39
+ errors.add(:token, "has expired")
40
+ end
41
+ end
42
+
43
+ def token_decryptable
44
+ token = get_token
45
+
46
+ if token.nil?
47
+ errors.add(:token, "could not be decrypted")
48
+ end
49
+ end
50
+
51
+ def get_token
52
+ begin
53
+ Woople::Tokenizer.decrypt(
54
+ ENV['WOOPLE_KEY'], ENV['WOOPLE_SECRET'], @token
55
+ )
56
+ rescue OpenSSL::Cipher::CipherError
57
+ return nil
58
+ end
59
+ end
60
+ end
61
+ end
@@ -0,0 +1,5 @@
1
+ module Woople
2
+ class Session
3
+ VERSION = "0.0.1"
4
+ end
5
+ end
@@ -0,0 +1,44 @@
1
+ require "rubygems"
2
+ require "ezcrypto"
3
+ require "base64"
4
+ require "json"
5
+ require 'active_support/hash_with_indifferent_access'
6
+
7
+ module Woople
8
+ class Tokenizer
9
+ def initialize( importer_key, api_key, data = {} )
10
+ # create the signed key
11
+ signed_key = EzCrypto::Key.with_password( importer_key, api_key )
12
+
13
+ # create the data-object, using the required fields
14
+ defaults = {
15
+ :expires => 10.minutes.from_now.to_s # expires 10 minutes from now
16
+ }
17
+
18
+ data = defaults.merge(data)
19
+
20
+ # encode the data-object to JSON, and encrypt
21
+ encrypted_data = signed_key.encrypt( data.to_json )
22
+
23
+ # generate the SSO-Token
24
+ @sso_token = CGI.escape( Base64.encode64( encrypted_data ).gsub(/\n/, "") )
25
+ end
26
+
27
+ def sso_token
28
+ @sso_token
29
+ end
30
+
31
+ def self.decrypt( importer_key, api_key, encrypted_token )
32
+ # encrypted token must have been run through CGI.unescape() before coming into this method
33
+
34
+ # create the signed key
35
+ signed_key = EzCrypto::Key.with_password( importer_key, api_key )
36
+
37
+ # decode the data-object
38
+ decoded = signed_key.decrypt( Base64.decode64( encrypted_token ) )
39
+
40
+ # convert the object to a hash
41
+ HashWithIndifferentAccess.new( ActiveSupport::JSON.decode(decoded) )
42
+ end
43
+ end
44
+ end
@@ -0,0 +1,11 @@
1
+ # This file was generated by the `rspec --init` command. Conventionally, all
2
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
3
+ # Require this file using `require "spec_helper.rb"` to ensure that it is only
4
+ # loaded once.
5
+ #
6
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
7
+ RSpec.configure do |config|
8
+ config.treat_symbols_as_metadata_keys_with_true_values = true
9
+ config.run_all_when_everything_filtered = true
10
+ config.filter_run :focus
11
+ end
@@ -0,0 +1,102 @@
1
+ require 'spec_helper'
2
+ require 'woople-session'
3
+ require 'cgi'
4
+
5
+ describe Woople::Session do
6
+ before do
7
+ @controller = stub( session: {} )
8
+ end
9
+ describe "#new" do
10
+ context "with an invalid token" do
11
+ subject { Woople::Session.new(@controller, 'bad_token') }
12
+ it { should_not be_valid }
13
+ it 'should have an error message' do
14
+ subject.valid?
15
+ subject.errors.full_messages.should include("Token could not be decrypted")
16
+ end
17
+ end
18
+
19
+ context "with a valid token" do
20
+ subject { Woople::Session.new(@controller, generate_valid_token) }
21
+ it { should be_valid }
22
+ end
23
+
24
+ context "with an expired token" do
25
+ subject { Woople::Session.new(@controller, generate_expired_token) }
26
+
27
+ it { should_not be_valid }
28
+ it 'should have an error message' do
29
+ subject.valid?
30
+ subject.errors.full_messages.should include("Token has expired")
31
+ end
32
+ end
33
+
34
+ context "without an expires key" do
35
+ subject { Woople::Session.new(@controller, generate_token_without_expires) }
36
+
37
+ it { should_not be_valid }
38
+ it 'should have an error message' do
39
+ subject.valid?
40
+ subject.errors.full_messages.should include("Token has expired")
41
+ end
42
+
43
+ end
44
+ end
45
+
46
+ describe "#find" do
47
+ context "retrieving a previously saved session" do
48
+ subject { Woople::Session.find(stub_controller) }
49
+
50
+ it "should have a name" do
51
+ subject[:name].should == 'bob'
52
+ end
53
+ end
54
+ end
55
+
56
+ describe "#save" do
57
+ context "with a valid token" do
58
+ before do
59
+ @session = Woople::Session.new(@controller, generate_valid_token)
60
+ end
61
+
62
+ it "should be true" do
63
+ @session.save.should be_true
64
+ end
65
+
66
+ it "should save the session" do
67
+ @session.save
68
+ @controller.session.should have_key :sso
69
+ end
70
+ end
71
+
72
+ context "with an invalid token" do
73
+ subject { Woople::Session.new(@controller, generate_expired_token).save }
74
+ it { should be_false }
75
+ end
76
+ end
77
+
78
+ def generate_token_without_expires
79
+ token(:expires => nil)
80
+ end
81
+
82
+ def generate_expired_token
83
+ token(:expires => 10.minutes.ago.to_s)
84
+ end
85
+
86
+ def generate_valid_token
87
+ token(:name => 'Bob Smith')
88
+ end
89
+
90
+ def token(data = {})
91
+ CGI.unescape(
92
+ Woople::Tokenizer.new(
93
+ ENV['WOOPLE_KEY'], ENV['WOOPLE_SECRET'], data
94
+ ).sso_token
95
+ )
96
+
97
+ end
98
+
99
+ def stub_controller
100
+ stub(:session => { :sso => { :name => 'bob' } })
101
+ end
102
+ end
@@ -0,0 +1,24 @@
1
+ # -*- encoding: utf-8 -*-
2
+ $:.push File.expand_path("../lib", __FILE__)
3
+ require "woople-session/version"
4
+
5
+ Gem::Specification.new do |s|
6
+ s.name = "woople-session"
7
+ s.version = Woople::Session::VERSION
8
+ s.authors = ["Cameron Westland"]
9
+ s.email = ["camwest@gmail.com"]
10
+ s.homepage = ""
11
+ s.summary = %q{An easy way to login as a woople administrator}
12
+ s.description = %q{Our internal session library}
13
+
14
+ s.rubyforge_project = "woople-session"
15
+
16
+ s.files = `git ls-files`.split("\n")
17
+ s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
18
+ s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
19
+ s.require_paths = ["lib"]
20
+
21
+ s.add_development_dependency "rspec", "~> 2.8"
22
+ s.add_dependency 'activemodel', "3.2.1"
23
+ s.add_dependency 'ezcrypto'
24
+ end
metadata ADDED
@@ -0,0 +1,93 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: woople-session
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Cameron Westland
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-02-21 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rspec
16
+ requirement: &70117980375940 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '2.8'
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: *70117980375940
25
+ - !ruby/object:Gem::Dependency
26
+ name: activemodel
27
+ requirement: &70117980375320 !ruby/object:Gem::Requirement
28
+ none: false
29
+ requirements:
30
+ - - =
31
+ - !ruby/object:Gem::Version
32
+ version: 3.2.1
33
+ type: :runtime
34
+ prerelease: false
35
+ version_requirements: *70117980375320
36
+ - !ruby/object:Gem::Dependency
37
+ name: ezcrypto
38
+ requirement: &70117980374720 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ! '>='
42
+ - !ruby/object:Gem::Version
43
+ version: '0'
44
+ type: :runtime
45
+ prerelease: false
46
+ version_requirements: *70117980374720
47
+ description: Our internal session library
48
+ email:
49
+ - camwest@gmail.com
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - .gitignore
55
+ - .rspec
56
+ - Gemfile
57
+ - LICENSE.txt
58
+ - README.md
59
+ - Rakefile
60
+ - lib/woople-session.rb
61
+ - lib/woople-session/base.rb
62
+ - lib/woople-session/version.rb
63
+ - lib/woople/tokenizer.rb
64
+ - spec/spec_helper.rb
65
+ - spec/woople-session/base_spec.rb
66
+ - woople-session.gemspec
67
+ homepage: ''
68
+ licenses: []
69
+ post_install_message:
70
+ rdoc_options: []
71
+ require_paths:
72
+ - lib
73
+ required_ruby_version: !ruby/object:Gem::Requirement
74
+ none: false
75
+ requirements:
76
+ - - ! '>='
77
+ - !ruby/object:Gem::Version
78
+ version: '0'
79
+ required_rubygems_version: !ruby/object:Gem::Requirement
80
+ none: false
81
+ requirements:
82
+ - - ! '>='
83
+ - !ruby/object:Gem::Version
84
+ version: '0'
85
+ requirements: []
86
+ rubyforge_project: woople-session
87
+ rubygems_version: 1.8.10
88
+ signing_key:
89
+ specification_version: 3
90
+ summary: An easy way to login as a woople administrator
91
+ test_files:
92
+ - spec/spec_helper.rb
93
+ - spec/woople-session/base_spec.rb