RubyGems - yus - Versions diffs - 1.0.0 - Mend

yus 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

data/lib/yus/session.rb ADDED Viewed

@@ -0,0 +1,335 @@
+#!/usr/bin/env ruby
+# Session -- yus -- 02.06.2006 -- hwyss@ywesee.com
+require 'drb'
+require 'thread'
+require 'yus/entity'
+begin
+  require 'encoding/character/utf-8'
+rescue LoadError
+end
+module Yus
+  class Session
+    include DRb::DRbUndumped
+    def initialize(needle)
+      @needle = needle
+      @timeout = needle.config.session_timeout
+      @mutex = Mutex.new
+      touch!
+    end
+    def affiliate(name, groupname)
+      info("affiliate(name=#{name}, group=#{groupname})")
+      @mutex.synchronize {
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(name)
+        group = find_or_fail(groupname)
+        user.join(group)
+        save(user, group)
+      }
+      touch!
+    end
+    def create_entity(name, valid_until=nil, valid_from=Time.now)
+      info("create_entity(name=#{name}, valid_until=#{valid_until}, valid_from=#{valid_from})")
+      entity = nil
+      @mutex.synchronize {
+        allow_or_fail('edit', 'yus.entities')
+        if(@needle.persistence.find_entity(name))
+          debug("create_entity: Duplicate Name: '#{name}'")
+          raise DuplicateNameError, "Duplicate name: #{name}"
+        end
+        entity = Entity.new(name, valid_until, valid_from)
+        entity.grant('set_password', name)
+        @needle.persistence.add_entity(entity)
+      }
+      touch!
+      entity
+    end
+    def delete_entity(name)
+      info("delete_entity(name=#{name})")
+      allow_or_fail 'edit', 'yus.entities'
+      entity = find_or_fail name
+      @needle.persistence.delete_entity name
+      touch!
+    end
+    def destroy!
+      @needle = @user = nil
+      @timeout = -1
+    end
+    def disaffiliate(name, groupname)
+      info("disaffiliate(name=#{name}, group=#{groupname})")
+      @mutex.synchronize {
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(name)
+        group = find_or_fail(groupname)
+        puts group.inspect
+        puts user.leave(group).inspect
+        puts user.inspect
+        save(user, group)
+      }
+      touch!
+    end
+    def expired?
+      Time.now > (@last_access + @timeout)
+    end
+    def entities
+      allow_or_fail('edit', 'yus.entities')
+      touch!
+      @needle.persistence.entities
+    end
+    def find_entity(name)
+      allow_or_fail('edit', 'yus.entities')
+      touch!
+      @needle.persistence.find_entity(name)
+    end
+    def grant(name, action, item=nil, expires=nil)
+      info("grant(name=#{name}, action=#{action}, item=#{item}, expires=#{expires})")
+      @mutex.synchronize {
+        allow_or_fail('grant', action)
+        user = find_or_fail(name)
+        user.grant(action, item || :everything, expires || :never)
+        save(user)
+      }
+      touch!
+    end
+    def last_login(name, domain=@domain)
+      if(user = find_entity(name))
+        user.last_login(domain)
+      end
+    end
+    def remove_token(token)
+      @user.remove_token token
+      save @user
+      nil
+    end
+    def rename(oldname, newname)
+      info("rename(#{oldname}, #{newname})")
+      @mutex.synchronize {
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(oldname)
+        if((other = @needle.persistence.find_entity(newname)) && other != user)
+          raise DuplicateNameError, "Duplicate name: #{newname}"
+        end
+        user.revoke('set_password', oldname)
+        user.rename(newname)
+        user.grant('set_password', newname)
+        save(user)
+      }
+    end
+    def revoke(name, action, item=nil, time=nil)
+      info("revoke(name=#{name}, action=#{action}, item=#{item}, time=#{time})")
+      @mutex.synchronize {
+        allow_or_fail('grant', action)
+        user = find_or_fail(name)
+        user.revoke(action, item || :everything, time)
+        save(user)
+      }
+      touch!
+    end
+    def set_password(name, pass)
+      @mutex.synchronize {
+        allow_or_fail('set_password', name)
+        user = find_or_fail(name)
+        user.passhash = @needle.config.digest.hexdigest(pass)
+        save(user)
+      }
+      touch!
+    end
+    def set_entity_preference(name, key, value, domain=@domain)
+      debug("set_entity_preference(name=#{name}, key=#{key}, value=#{value}, domain=#{domain})")
+      @mutex.synchronize {
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(name)
+        user.set_preference(key, value, domain)
+        save(user)
+      }
+      touch!
+    end
+    private
+    def allow_or_fail(action, item)
+      unless(allowed?(action, item))
+        raise NotPrivilegedError, "You are not privileged to #{action} #{item}"
+      end
+    end
+    def debug(message)
+      @needle.logger.debug(self.class) { message }
+    end
+    def find_or_fail(name)
+      @needle.persistence.find_entity(name) \
+        or raise UnknownEntityError, "Unknown Entity '#{name}'"
+    end
+    def info(message)
+      @needle.logger.info(self.class) { message }
+    end
+    def save(*args)
+      args.each { |entity|
+        @needle.persistence.save_entity(entity)
+      }
+    end
+    def touch!
+      @last_access = Time.now
+    end
+  end
+  class AutoSession < Session
+    def initialize(needle, domain)
+      @domain = domain
+      super(needle)
+    end
+    def allowed?(*args)
+      false
+    end
+    def create_entity(name, pass=nil, valid_until=nil, valid_from=Time.now)
+      info("create_entity(name=#{name}, valid_until=#{valid_until}, valid_from=#{valid_from})")
+      entity = nil
+      @mutex.synchronize {
+        if(@needle.persistence.find_entity(name))
+          debug("create_entity: Duplicate Name: '#{name}'")
+          raise DuplicateNameError, "Duplicate name: #{name}"
+        end
+        entity = Entity.new(name, valid_until, valid_from)
+        entity.grant('set_password', name)
+        if(pass)
+          entity.passhash = @needle.config.digest.hexdigest(pass)
+        end
+        @needle.persistence.add_entity(entity)
+      }
+      touch!
+    end
+    def entity_allowed?(name, *args)
+      find_or_fail(name).allowed?(*args)
+    end
+    def get_entity_preference(name, key, domain=@domain)
+      debug("get_entity_preference(name=#{name}, key=#{key}, domain=#{domain})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        user.get_preference(key, domain)
+      }
+    end
+    def get_entity_preferences(name, keys, domain=@domain)
+      debug("get_entity_preferences(name=#{name}, keys=#{keys}, domain=#{domain})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        keys.inject({}) { |memo, key|
+          memo.store(key, user.get_preference(key, domain))
+          memo
+        }
+      }
+    end
+    def rename(oldname, newname)
+      info("rename(#{oldname}, #{newname})")
+      @mutex.synchronize {
+        user = find_or_fail(oldname)
+        if((other = @needle.persistence.find_entity(newname)) && other != user)
+          raise DuplicateNameError, "Duplicate name: #{newname}"
+        end
+        user.revoke('set_password', oldname)
+        user.rename(newname)
+        user.grant('set_password', newname)
+        save(user)
+      }
+    end
+    def reset_entity_password(name, token, password)
+      info("reset_entity_password(name=#{name}, token=#{token})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        unless(user.allowed?('reset_password', token))
+          raise NotPrivilegedError, "You are not privileged to reset #{name}'s password"
+        end
+        user.passhash = @needle.config.digest.hexdigest(password)
+        user.revoke('reset_password', token)
+        save(user)
+      }
+      touch!
+    end
+    def set_entity_preference(name, key, value, domain=@domain)
+      debug("set_entity_preference(name=#{name}, key=#{key}, value=#{value}, domain=#{domain})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        unless(user.get_preference(key, domain))
+          user.set_preference(key, value, domain)
+          save(user)
+        end
+      }
+      touch!
+    end
+    def grant(name, action, item=nil, expires=nil)
+      info("grant(name=#{name}, action=#{action}, item=#{item}, expires=#{expires})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        user.grant(action, item || :everything, expires || :never)
+        save(user)
+      }
+      touch!
+    end
+  end
+  class EntitySession < Session
+    def initialize(needle, user, domain)
+      @user = user
+      @domain = domain
+      super(needle)
+    end
+    def allowed?(*args)
+      debug("allowed?(#{args.join(', ')})")
+      @user.allowed?(*args)
+    end
+    def name
+      @user.name
+    end
+    def generate_token
+      token = @needle.config.digest.hexdigest(rand(2**128).to_s)
+      expires = Time.now + @needle.config.token_lifetime.to_i * 24*60*60
+      @user.set_token token, expires
+      save @user
+      token
+    end
+    def get_preference(key)
+      @user.get_preference(key, @domain)
+    end
+    def ping
+      true
+    end
+    def set_preference(key, value)
+      debug("set_preference(#{key}, #{value})")
+      @user.set_preference(key, value, @domain)
+      save(@user)
+      touch!
+    end
+    def set_preferences(hash)
+      debug("set_preferences(#{hash.inspect}")
+      hash.each { |key, value|
+        @user.set_preference(key, value, @domain)
+      }
+      save(@user)
+      touch!
+    end
+    def valid?
+      @user.valid?
+    end
+  end
+  class TokenSession < EntitySession
+    def allowed?(*args)
+      key, arg, = args
+      if key == 'set_password' || ( key == 'edit' && arg == 'yus.entities' )
+        false
+      else
+        super
+      end
+    end
+  end
+  class RootSession < Session
+    def allowed?(*args)
+      true
+    end
+    def name
+      @needle.config.root_name
+    end
+    def show(name, recursive=false)
+      require 'pp'
+      find_or_fail(name).info(recursive).pretty_inspect
+    end
+    def valid?
+      true
+    end
+  end
+end

data/sha256.rb ADDED Viewed

@@ -0,0 +1,3 @@
+require 'digest/sha2'
+print "password: ", ARGV[0], "\n"
+print "SHA256 encoding: ",Digest::SHA256.hexdigest(ARGV[0]),"\n"

data/test/suite.rb ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# TestSuite -- yus -- 02.06.2006 -- rwaltert@ywesee.com
+$: << File.dirname(File.expand_path(__FILE__))
+Dir.foreach(File.dirname(__FILE__)) { |file|
+	require file if /^test_.*\.rb$/o.match(file)
+}

data/test/test_entity.rb ADDED Viewed

@@ -0,0 +1,241 @@
+#!/usr/bin/env ruby
+# TestEntity -- yus -- 29.05.2006 -- hwyss@ywesee.com
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+require 'test/unit'
+require 'yus/entity'
+module Yus
+  class TestEntity < Test::Unit::TestCase
+    def setup
+      @user = Entity.new('user')
+    end
+    def test_authenticate
+      assert_equal(false, @user.authenticate(nil))
+      @user.passhash = '12345abcde'
+      assert_equal(false, @user.authenticate('abcde12345'))
+      assert_equal(true, @user.authenticate('12345abcde'))
+    end
+    def test_authenticate_token
+      assert_equal(false, @user.authenticate_token(nil))
+      token = '123456'
+      @user.set_token token, Time.now + 60
+      other = '654321'
+      @user.set_token other, Time.now + 60
+      assert_equal(true, @user.authenticate_token(token))
+      assert_equal(true, @user.authenticate_token(other))
+      assert_equal(false, @user.authenticate_token(token))
+      @user.set_token token, Time.now - 60
+      assert_equal(false, @user.authenticate_token(token))
+      # Be paranoid
+      token = '123456'
+      @user.set_token token, Time.now + 60
+      other = '654321'
+      @user.set_token other, Time.now + 60
+      assert_equal(false, @user.authenticate_token('hacker'))
+      assert_equal(false, @user.authenticate_token(token))
+      assert_equal(false, @user.authenticate_token(other))
+    end
+    def test_join
+      group1 = Entity.new('A Group')
+      group2 = Entity.new('Another Group')
+      assert_equal([], @user.affiliations)
+      @user.join(group1)
+      assert_equal([group1], @user.affiliations)
+      @user.join(group1)
+      assert_equal([group1], @user.affiliations)
+      @user.join(group2)
+      assert_equal([group1, group2], @user.affiliations)
+      @user.join(group1)
+      assert_equal([group1, group2], @user.affiliations)
+      @user.join(group2)
+      assert_equal([group1, group2], @user.affiliations)
+    end
+    def test_join__circular
+      group1 = Entity.new('A Group')
+      group2 = Entity.new('Another Group')
+      assert_equal([], @user.affiliations)
+      assert_nothing_raised {
+        @user.join(group1)
+      }
+      assert_raises(CircularAffiliationError) {
+        group1.join(@user)
+      }
+      assert_nothing_raised {
+        group1.join(group2)
+      }
+      assert_raises(CircularAffiliationError) {
+        group2.join(@user)
+      }
+    end
+    def test_leave
+      group1 = Entity.new('A Group')
+      group2 = Entity.new('Another Group')
+      group3 = Entity.new('A third Group')
+      @user.affiliations.push(group1, group2, group3)
+      assert_equal([group1, group2, group3], @user.affiliations)
+      @user.leave(group2)
+      assert_equal([group1, group3], @user.affiliations)
+      @user.leave(group2)
+      assert_equal([group1, group3], @user.affiliations)
+    end
+    def test_grant__action
+      assert_equal(false, @user.allowed?('write'))
+      @user.grant('write')
+      assert_equal(true, @user.allowed?('write'))
+      assert_equal(true, @user.allowed?('write', 'Article'))
+    end
+    def test_grant__action_class
+      assert_equal(false, @user.allowed?('write'))
+      @user.grant('write', 'Article')
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(true, @user.allowed?('write', 'Article'))
+    end
+    def test_allowed
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(false, @user.allowed?('read', 'Article'))
+      @user.grant('read', 'Article')
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(true, @user.allowed?('read', 'Article'))
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(false, @user.allowed?('read'))
+    end
+    def test_allowed__delegated
+      group1 = Entity.new('group1')
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      group1.grant('read', 'Article')
+      @user.join(group1)
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(true, @user.allowed?('read', 'Article'))
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(false, @user.allowed?('read'))
+    end
+    def test_allowed__delegated__once_removed
+      group1 = Entity.new('group1')
+      group2 = Entity.new('group1')
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      group1.grant('read', 'Article')
+      group2.join(group1)
+      @user.join(group2)
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(true, @user.allowed?('read', 'Article'))
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(false, @user.allowed?('read'))
+    end
+    def test_privileged
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      @user.grant('read', 'Article')
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      assert_equal(true, @user.privileged?('read', 'Article'))
+      assert_equal(false, @user.privileged?('write'))
+      assert_equal(false, @user.privileged?('read'))
+    end
+    def test_privileged__delegated
+      group1 = Entity.new('group1')
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      group1.grant('read', 'Article')
+      @user.join(group1)
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      assert_equal(false, @user.privileged?('read', 'Article'))
+      assert_equal(false, @user.privileged?('write'))
+      assert_equal(false, @user.privileged?('read'))
+    end
+    def test_privileged_until
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('read', 'Article')
+      }
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('write', 'Article')
+      }
+      @user.grant('read', 'Article')
+      assert_nil(@user.privileged_until('read', 'Article'))
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('read')
+      }
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('write', 'Article')
+      }
+      @user.grant('read', 'Article', Time.local(3000))
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('read')
+      }
+      assert_equal(Time.local(3000),
+                   @user.privileged_until('read', 'Article'))
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('write', 'Article')
+      }
+      @user.grant('read', :everything, Time.local(4000))
+      assert_equal(Time.local(4000),
+                   @user.privileged_until('read', 'Article'))
+      @user.grant('read', 'Article', Time.local(5000))
+      assert_equal(Time.local(5000),
+                   @user.privileged_until('read', 'Article'))
+    end
+    def test_valid
+      assert_equal(true, @user.valid?)
+      @user.valid_from = Time.now + 100
+      assert_equal(false, @user.valid?)
+      @user.valid_until = Time.now - 100
+      assert_equal(false, @user.valid?)
+      @user.valid_from = Time.now - 200
+      assert_equal(false, @user.valid?)
+      @user.valid_until = Time.now + 100
+      assert_equal(true, @user.valid?)
+      @user.valid_until = nil
+      assert_equal(true, @user.valid?)
+    end
+    def test_domain_based_preference
+      assert_nil(@user.get_preference('other'))
+      assert_nil(@user.get_preference('pref'))
+      assert_nil(@user.get_preference('pref', 'domain'))
+      assert_nil(@user.get_preference('pref', 'other'))
+      @user.set_preference('pref', 'value', 'domain')
+      assert_nil(@user.get_preference('other'))
+      assert_nil(@user.get_preference('pref'))
+      assert_equal('value', @user.get_preference('pref', 'domain'))
+      assert_nil(@user.get_preference('pref', 'other'))
+      @user.set_preference('pref', 'global')
+      assert_nil(@user.get_preference('other'))
+      assert_equal('global', @user.get_preference('pref'))
+      assert_equal('value', @user.get_preference('pref', 'domain'))
+      assert_equal('global', @user.get_preference('pref', 'other'))
+    end
+    def test_rename
+      assert_equal('user', @user.name)
+      @user.rename('renamed')
+      assert_equal('renamed', @user.name)
+    end
+    def test_revoke__action
+      assert_equal(false, @user.allowed?('write'))
+      @user.grant('write')
+      assert_equal(true, @user.allowed?('write'))
+      @user.revoke('write')
+      assert_equal(false, @user.allowed?('write'))
+    end
+    def test_to_s
+      assert_equal('user', @user.to_s)
+    end
+    def test_info
+      assert_equal ['user'], @user.info
+      @user.grant('write')
+      assert_equal ['user', ['write', [['everything']]]], @user.info
+      @user.grant('write', 'Article')
+      assert_equal ['user', ['write', [['Article'], ['everything']]]], @user.info
+      group1 = Entity.new('group1')
+      group1.grant('read', 'Article')
+      @user.join(group1)
+      assert_equal ['user', ['write', [['Article'], ['everything']]], ['group1']], @user.info
+      group2 = Entity.new('group2')
+      group2.grant('read', 'Journal')
+      @user.join(group2)
+      assert_equal ['user', ['write', [['Article'], ['everything']]], ['group1', 'group2']], @user.info
+      assert_equal ['user', ['write', [['Article'], ['everything']]],
+        ['group1', ['read', [['Article']]]],
+        ['group2', ['read', [['Journal']]]]],
+        @user.info(true)
+    end
+  end
+end

data/test/test_privilege.rb ADDED Viewed

@@ -0,0 +1,56 @@
+#!/usr/bin/env ruby
+# TestPrivilege -- yus -- 31.05.2006 -- hwyss@ywesee.com
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+require 'test/unit'
+require 'yus/privilege'
+module Yus
+  class TestPrivilege < Test::Unit::TestCase
+    def setup
+      @privilege = Privilege.new
+    end
+    def test_grant
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant('Article')
+      assert_equal(false, @privilege.granted?('Book'))
+      assert_equal(true, @privilege.granted?('Article'))
+    end
+    def test_grant__timed
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant('Article', Time.now)
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant('Article', Time.now + 0.5)
+      assert_equal(true, @privilege.granted?('Article'))
+      sleep(1)
+      assert_equal(false, @privilege.granted?('Article'))
+    end
+    def test_grant__everything
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant(:everything)
+      assert_equal(true, @privilege.granted?('Article'))
+    end
+    def test_grant__wildcard
+      assert_equal(false, @privilege.granted?('org.oddb.company'))
+      @privilege.grant('org.oddb.*')
+      assert_equal(true, @privilege.granted?('org.oddb.company'))
+      assert_equal(false, @privilege.granted?('org.oddb'))
+      assert_equal(false, @privilege.granted?('org.foo.company'))
+    end
+    def test_revoke
+      @privilege.grant('Article')
+      assert_equal(true, @privilege.granted?('Article'))
+      @privilege.revoke('Article')
+      assert_equal(false, @privilege.granted?('Article'))
+    end
+    def test_revoke__timed
+      @privilege.grant('Article')
+      assert_equal(true, @privilege.granted?('Article'))
+      @privilege.revoke('Article', Time.now + 0.5)
+      assert_equal(true, @privilege.granted?('Article'))
+      sleep(1)
+      assert_equal(false, @privilege.granted?('Article'))
+    end
+  end
+end