yus 1.0.0

data/lib/yus/session.rb

@@ -0,0 +1,335 @@
+#!/usr/bin/env ruby
+# Session -- yus -- 02.06.2006 -- hwyss@ywesee.com
+
+require 'drb'
+require 'thread'
+require 'yus/entity'
+begin 
+  require 'encoding/character/utf-8'
+rescue LoadError
+end
+
+
+module Yus
+  class Session
+    include DRb::DRbUndumped
+    def initialize(needle)
+      @needle = needle
+      @timeout = needle.config.session_timeout
+      @mutex = Mutex.new
+      touch!
+    end
+    def affiliate(name, groupname)
+      info("affiliate(name=#{name}, group=#{groupname})")
+      @mutex.synchronize { 
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(name)
+        group = find_or_fail(groupname)
+        user.join(group)
+        save(user, group)
+      }
+      touch!
+    end
+    def create_entity(name, valid_until=nil, valid_from=Time.now)
+      info("create_entity(name=#{name}, valid_until=#{valid_until}, valid_from=#{valid_from})")
+      entity = nil
+      @mutex.synchronize { 
+        allow_or_fail('edit', 'yus.entities')
+        if(@needle.persistence.find_entity(name))
+          debug("create_entity: Duplicate Name: '#{name}'")
+          raise DuplicateNameError, "Duplicate name: #{name}"
+        end
+        entity = Entity.new(name, valid_until, valid_from)
+        entity.grant('set_password', name)
+        @needle.persistence.add_entity(entity)
+      }
+      touch!
+      entity
+    end
+    def delete_entity(name)
+      info("delete_entity(name=#{name})")
+      allow_or_fail 'edit', 'yus.entities'
+      entity = find_or_fail name
+      @needle.persistence.delete_entity name
+      touch!
+    end
+    def destroy!
+      @needle = @user = nil
+      @timeout = -1
+    end
+    def disaffiliate(name, groupname)
+      info("disaffiliate(name=#{name}, group=#{groupname})")
+      @mutex.synchronize { 
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(name)
+        group = find_or_fail(groupname)
+        puts group.inspect
+        puts user.leave(group).inspect
+        puts user.inspect
+        save(user, group)
+      }
+      touch!
+    end
+    def expired?
+      Time.now > (@last_access + @timeout)
+    end
+    def entities
+      allow_or_fail('edit', 'yus.entities')
+      touch!
+      @needle.persistence.entities
+    end
+    def find_entity(name)
+      allow_or_fail('edit', 'yus.entities')
+      touch!
+      @needle.persistence.find_entity(name)
+    end
+    def grant(name, action, item=nil, expires=nil)
+      info("grant(name=#{name}, action=#{action}, item=#{item}, expires=#{expires})")
+      @mutex.synchronize { 
+        allow_or_fail('grant', action)
+        user = find_or_fail(name)
+        user.grant(action, item || :everything, expires || :never)
+        save(user)
+      }
+      touch!
+    end
+    def last_login(name, domain=@domain)
+      if(user = find_entity(name))
+        user.last_login(domain)
+      end
+    end
+    def remove_token(token)
+      @user.remove_token token
+      save @user
+      nil
+    end
+    def rename(oldname, newname)
+      info("rename(#{oldname}, #{newname})")
+      @mutex.synchronize { 
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(oldname)
+        if((other = @needle.persistence.find_entity(newname)) && other != user)
+          raise DuplicateNameError, "Duplicate name: #{newname}"
+        end
+        user.revoke('set_password', oldname)
+        user.rename(newname)
+        user.grant('set_password', newname)
+        save(user)
+      }
+    end
+    def revoke(name, action, item=nil, time=nil)
+      info("revoke(name=#{name}, action=#{action}, item=#{item}, time=#{time})")
+      @mutex.synchronize {
+        allow_or_fail('grant', action)
+        user = find_or_fail(name)
+        user.revoke(action, item || :everything, time)
+        save(user)
+      }
+      touch!
+    end
+    def set_password(name, pass)
+      @mutex.synchronize {
+        allow_or_fail('set_password', name)
+        user = find_or_fail(name)
+        user.passhash = @needle.config.digest.hexdigest(pass)
+        save(user)
+      }
+      touch!
+    end
+    def set_entity_preference(name, key, value, domain=@domain)
+      debug("set_entity_preference(name=#{name}, key=#{key}, value=#{value}, domain=#{domain})")
+      @mutex.synchronize {
+        allow_or_fail('edit', 'yus.entities')
+        user = find_or_fail(name)
+        user.set_preference(key, value, domain)
+        save(user)
+      }
+      touch!
+    end
+    private
+    def allow_or_fail(action, item)
+      unless(allowed?(action, item))
+        raise NotPrivilegedError, "You are not privileged to #{action} #{item}"
+      end
+    end
+    def debug(message)
+      @needle.logger.debug(self.class) { message }
+    end
+    def find_or_fail(name)
+      @needle.persistence.find_entity(name) \
+        or raise UnknownEntityError, "Unknown Entity '#{name}'"
+    end
+    def info(message)
+      @needle.logger.info(self.class) { message }
+    end
+    def save(*args)
+      args.each { |entity|
+        @needle.persistence.save_entity(entity)
+      }
+    end
+    def touch!
+      @last_access = Time.now
+    end
+  end
+  class AutoSession < Session
+    def initialize(needle, domain)
+      @domain = domain
+      super(needle)
+    end
+    def allowed?(*args)
+      false
+    end
+    def create_entity(name, pass=nil, valid_until=nil, valid_from=Time.now)
+      info("create_entity(name=#{name}, valid_until=#{valid_until}, valid_from=#{valid_from})")
+      entity = nil
+      @mutex.synchronize { 
+        if(@needle.persistence.find_entity(name))
+          debug("create_entity: Duplicate Name: '#{name}'")
+          raise DuplicateNameError, "Duplicate name: #{name}"
+        end
+        entity = Entity.new(name, valid_until, valid_from)
+        entity.grant('set_password', name)
+        if(pass)
+          entity.passhash = @needle.config.digest.hexdigest(pass)
+        end
+        @needle.persistence.add_entity(entity)
+      }
+      touch!
+    end
+    def entity_allowed?(name, *args)
+      find_or_fail(name).allowed?(*args)
+    end
+    def get_entity_preference(name, key, domain=@domain)
+      debug("get_entity_preference(name=#{name}, key=#{key}, domain=#{domain})")
+      @mutex.synchronize { 
+        user = find_or_fail(name)
+        user.get_preference(key, domain)
+      }
+    end
+    def get_entity_preferences(name, keys, domain=@domain)
+      debug("get_entity_preferences(name=#{name}, keys=#{keys}, domain=#{domain})")
+      @mutex.synchronize { 
+        user = find_or_fail(name)
+        keys.inject({}) { |memo, key|
+          memo.store(key, user.get_preference(key, domain))
+          memo
+        }
+      }
+    end
+    def rename(oldname, newname)
+      info("rename(#{oldname}, #{newname})")
+      @mutex.synchronize { 
+        user = find_or_fail(oldname)
+        if((other = @needle.persistence.find_entity(newname)) && other != user)
+          raise DuplicateNameError, "Duplicate name: #{newname}"
+        end
+        user.revoke('set_password', oldname)
+        user.rename(newname)
+        user.grant('set_password', newname)
+        save(user)
+      }
+    end
+    def reset_entity_password(name, token, password)
+      info("reset_entity_password(name=#{name}, token=#{token})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        unless(user.allowed?('reset_password', token))
+          raise NotPrivilegedError, "You are not privileged to reset #{name}'s password"
+        end
+        user.passhash = @needle.config.digest.hexdigest(password)
+        user.revoke('reset_password', token)
+        save(user)
+      }
+      touch!
+    end
+    def set_entity_preference(name, key, value, domain=@domain)
+      debug("set_entity_preference(name=#{name}, key=#{key}, value=#{value}, domain=#{domain})")
+      @mutex.synchronize {
+        user = find_or_fail(name)
+        unless(user.get_preference(key, domain))
+          user.set_preference(key, value, domain)
+          save(user)
+        end
+      }
+      touch!
+    end
+    def grant(name, action, item=nil, expires=nil)
+      info("grant(name=#{name}, action=#{action}, item=#{item}, expires=#{expires})")
+      @mutex.synchronize { 
+        user = find_or_fail(name)
+        user.grant(action, item || :everything, expires || :never)
+        save(user)
+      }
+      touch!
+    end
+  end
+  class EntitySession < Session
+    def initialize(needle, user, domain)
+      @user = user
+      @domain = domain
+      super(needle)
+    end
+    def allowed?(*args)
+      debug("allowed?(#{args.join(', ')})")
+      @user.allowed?(*args)
+    end
+    def name
+      @user.name
+    end
+    def generate_token
+      token = @needle.config.digest.hexdigest(rand(2**128).to_s)
+      expires = Time.now + @needle.config.token_lifetime.to_i * 24*60*60
+      @user.set_token token, expires
+      save @user
+      token
+    end
+    def get_preference(key)
+      @user.get_preference(key, @domain)
+    end
+    def ping
+      true
+    end
+    def set_preference(key, value)
+      debug("set_preference(#{key}, #{value})")
+      @user.set_preference(key, value, @domain)
+      save(@user)
+      touch!
+    end
+    def set_preferences(hash)
+      debug("set_preferences(#{hash.inspect}")
+      hash.each { |key, value|
+        @user.set_preference(key, value, @domain)
+      }
+      save(@user)
+      touch!
+    end
+    def valid?
+      @user.valid?
+    end
+  end
+  class TokenSession < EntitySession
+    def allowed?(*args)
+      key, arg, = args
+      if key == 'set_password' || ( key == 'edit' && arg == 'yus.entities' )
+        false
+      else
+        super
+      end
+    end
+  end
+  class RootSession < Session
+    def allowed?(*args)
+      true
+    end
+    def name
+      @needle.config.root_name
+    end
+    def show(name, recursive=false)
+      require 'pp'
+      find_or_fail(name).info(recursive).pretty_inspect
+    end
+    def valid?
+      true
+    end
+  end
+end

data/sha256.rb

@@ -0,0 +1,3 @@
+require 'digest/sha2'
+print "password: ", ARGV[0], "\n"
+print "SHA256 encoding: ",Digest::SHA256.hexdigest(ARGV[0]),"\n"

data/test/suite.rb

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# TestSuite -- yus -- 02.06.2006 -- rwaltert@ywesee.com
+
+$: << File.dirname(File.expand_path(__FILE__))
+
+Dir.foreach(File.dirname(__FILE__)) { |file|
+	require file if /^test_.*\.rb$/o.match(file)
+}

data/test/test_entity.rb

@@ -0,0 +1,241 @@
+#!/usr/bin/env ruby
+# TestEntity -- yus -- 29.05.2006 -- hwyss@ywesee.com
+
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'test/unit'
+require 'yus/entity'
+
+module Yus
+  class TestEntity < Test::Unit::TestCase
+    def setup
+      @user = Entity.new('user')
+    end
+    def test_authenticate
+      assert_equal(false, @user.authenticate(nil))
+      @user.passhash = '12345abcde'
+      assert_equal(false, @user.authenticate('abcde12345'))
+      assert_equal(true, @user.authenticate('12345abcde'))
+    end
+    def test_authenticate_token
+      assert_equal(false, @user.authenticate_token(nil))
+      token = '123456'
+      @user.set_token token, Time.now + 60
+      other = '654321'
+      @user.set_token other, Time.now + 60
+      assert_equal(true, @user.authenticate_token(token))
+      assert_equal(true, @user.authenticate_token(other))
+      assert_equal(false, @user.authenticate_token(token))
+      @user.set_token token, Time.now - 60
+      assert_equal(false, @user.authenticate_token(token))
+
+      # Be paranoid
+      token = '123456'
+      @user.set_token token, Time.now + 60
+      other = '654321'
+      @user.set_token other, Time.now + 60
+      assert_equal(false, @user.authenticate_token('hacker'))
+      assert_equal(false, @user.authenticate_token(token))
+      assert_equal(false, @user.authenticate_token(other))
+    end
+    def test_join
+      group1 = Entity.new('A Group')
+      group2 = Entity.new('Another Group')
+      assert_equal([], @user.affiliations)
+      @user.join(group1)
+      assert_equal([group1], @user.affiliations)
+      @user.join(group1)
+      assert_equal([group1], @user.affiliations)
+      @user.join(group2)
+      assert_equal([group1, group2], @user.affiliations)
+      @user.join(group1)
+      assert_equal([group1, group2], @user.affiliations)
+      @user.join(group2)
+      assert_equal([group1, group2], @user.affiliations)
+    end
+    def test_join__circular
+      group1 = Entity.new('A Group')
+      group2 = Entity.new('Another Group')
+      assert_equal([], @user.affiliations)
+      assert_nothing_raised {
+        @user.join(group1)
+      }
+      assert_raises(CircularAffiliationError) {
+        group1.join(@user) 
+      }
+      assert_nothing_raised {
+        group1.join(group2)
+      }
+      assert_raises(CircularAffiliationError) {
+        group2.join(@user) 
+      }
+    end
+    def test_leave
+      group1 = Entity.new('A Group')
+      group2 = Entity.new('Another Group')
+      group3 = Entity.new('A third Group')
+      @user.affiliations.push(group1, group2, group3)
+      assert_equal([group1, group2, group3], @user.affiliations)
+      @user.leave(group2)
+      assert_equal([group1, group3], @user.affiliations)
+      @user.leave(group2)
+      assert_equal([group1, group3], @user.affiliations)
+    end
+    def test_grant__action
+      assert_equal(false, @user.allowed?('write'))
+      @user.grant('write')
+      assert_equal(true, @user.allowed?('write'))
+      assert_equal(true, @user.allowed?('write', 'Article'))
+    end
+    def test_grant__action_class
+      assert_equal(false, @user.allowed?('write'))
+      @user.grant('write', 'Article')
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(true, @user.allowed?('write', 'Article'))
+    end
+    def test_allowed
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(false, @user.allowed?('read', 'Article'))
+      @user.grant('read', 'Article')
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(true, @user.allowed?('read', 'Article'))
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(false, @user.allowed?('read'))
+    end
+    def test_allowed__delegated
+      group1 = Entity.new('group1')
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      group1.grant('read', 'Article')
+      @user.join(group1)
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(true, @user.allowed?('read', 'Article'))
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(false, @user.allowed?('read'))
+    end
+    def test_allowed__delegated__once_removed
+      group1 = Entity.new('group1')
+      group2 = Entity.new('group1')
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      group1.grant('read', 'Article')
+      group2.join(group1)
+      @user.join(group2)
+      assert_equal(false, @user.allowed?('write', 'Article'))
+      assert_equal(true, @user.allowed?('read', 'Article'))
+      assert_equal(false, @user.allowed?('write'))
+      assert_equal(false, @user.allowed?('read'))
+    end
+    def test_privileged
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      @user.grant('read', 'Article')
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      assert_equal(true, @user.privileged?('read', 'Article'))
+      assert_equal(false, @user.privileged?('write'))
+      assert_equal(false, @user.privileged?('read'))
+    end
+    def test_privileged__delegated
+      group1 = Entity.new('group1')
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      group1.grant('read', 'Article')
+      @user.join(group1)
+      assert_equal(false, @user.privileged?('write', 'Article'))
+      assert_equal(false, @user.privileged?('read', 'Article'))
+      assert_equal(false, @user.privileged?('write'))
+      assert_equal(false, @user.privileged?('read'))
+    end
+    def test_privileged_until
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('read', 'Article')
+      }
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('write', 'Article')
+      }
+      @user.grant('read', 'Article')
+      assert_nil(@user.privileged_until('read', 'Article'))
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('read')
+      }
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('write', 'Article')
+      }
+      @user.grant('read', 'Article', Time.local(3000))
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('read')
+      }
+      assert_equal(Time.local(3000), 
+                   @user.privileged_until('read', 'Article'))
+      assert_raises(NotPrivilegedError) {
+        @user.privileged_until('write', 'Article')
+      }
+      @user.grant('read', :everything, Time.local(4000))
+      assert_equal(Time.local(4000), 
+                   @user.privileged_until('read', 'Article'))
+      @user.grant('read', 'Article', Time.local(5000))
+      assert_equal(Time.local(5000), 
+                   @user.privileged_until('read', 'Article'))
+    end
+    def test_valid
+      assert_equal(true, @user.valid?)
+      @user.valid_from = Time.now + 100
+      assert_equal(false, @user.valid?)
+      @user.valid_until = Time.now - 100
+      assert_equal(false, @user.valid?)
+      @user.valid_from = Time.now - 200
+      assert_equal(false, @user.valid?)
+      @user.valid_until = Time.now + 100
+      assert_equal(true, @user.valid?)
+      @user.valid_until = nil
+      assert_equal(true, @user.valid?)
+    end
+    def test_domain_based_preference
+      assert_nil(@user.get_preference('other'))
+      assert_nil(@user.get_preference('pref'))
+      assert_nil(@user.get_preference('pref', 'domain'))
+      assert_nil(@user.get_preference('pref', 'other'))
+      @user.set_preference('pref', 'value', 'domain')
+      assert_nil(@user.get_preference('other'))
+      assert_nil(@user.get_preference('pref'))
+      assert_equal('value', @user.get_preference('pref', 'domain'))
+      assert_nil(@user.get_preference('pref', 'other'))
+      @user.set_preference('pref', 'global')
+      assert_nil(@user.get_preference('other'))
+      assert_equal('global', @user.get_preference('pref'))
+      assert_equal('value', @user.get_preference('pref', 'domain'))
+      assert_equal('global', @user.get_preference('pref', 'other'))
+    end
+    def test_rename
+      assert_equal('user', @user.name)
+      @user.rename('renamed')
+      assert_equal('renamed', @user.name)
+    end
+    def test_revoke__action
+      assert_equal(false, @user.allowed?('write'))
+      @user.grant('write')
+      assert_equal(true, @user.allowed?('write'))
+      @user.revoke('write')
+      assert_equal(false, @user.allowed?('write'))
+    end
+    def test_to_s
+      assert_equal('user', @user.to_s)
+    end
+    def test_info
+      assert_equal ['user'], @user.info
+      @user.grant('write')
+      assert_equal ['user', ['write', [['everything']]]], @user.info
+      @user.grant('write', 'Article')
+      assert_equal ['user', ['write', [['Article'], ['everything']]]], @user.info
+      group1 = Entity.new('group1')
+      group1.grant('read', 'Article')
+      @user.join(group1)
+      assert_equal ['user', ['write', [['Article'], ['everything']]], ['group1']], @user.info
+      group2 = Entity.new('group2')
+      group2.grant('read', 'Journal')
+      @user.join(group2)
+      assert_equal ['user', ['write', [['Article'], ['everything']]], ['group1', 'group2']], @user.info
+      assert_equal ['user', ['write', [['Article'], ['everything']]],
+        ['group1', ['read', [['Article']]]],
+        ['group2', ['read', [['Journal']]]]],
+        @user.info(true)
+    end
+  end
+end

data/test/test_privilege.rb

@@ -0,0 +1,56 @@
+#!/usr/bin/env ruby
+# TestPrivilege -- yus -- 31.05.2006 -- hwyss@ywesee.com
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'test/unit'
+require 'yus/privilege'
+
+module Yus
+  class TestPrivilege < Test::Unit::TestCase
+    def setup
+      @privilege = Privilege.new
+    end
+    def test_grant
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant('Article')
+      assert_equal(false, @privilege.granted?('Book'))
+      assert_equal(true, @privilege.granted?('Article'))
+    end
+    def test_grant__timed
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant('Article', Time.now)
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant('Article', Time.now + 0.5)
+      assert_equal(true, @privilege.granted?('Article'))
+      sleep(1)
+      assert_equal(false, @privilege.granted?('Article'))
+    end
+    def test_grant__everything
+      assert_equal(false, @privilege.granted?('Article'))
+      @privilege.grant(:everything)
+      assert_equal(true, @privilege.granted?('Article'))
+    end
+    def test_grant__wildcard
+      assert_equal(false, @privilege.granted?('org.oddb.company'))
+      @privilege.grant('org.oddb.*')
+      assert_equal(true, @privilege.granted?('org.oddb.company'))
+      assert_equal(false, @privilege.granted?('org.oddb'))
+      assert_equal(false, @privilege.granted?('org.foo.company'))
+    end
+    def test_revoke
+      @privilege.grant('Article')
+      assert_equal(true, @privilege.granted?('Article'))
+      @privilege.revoke('Article')
+      assert_equal(false, @privilege.granted?('Article'))
+    end
+    def test_revoke__timed
+      @privilege.grant('Article')
+      assert_equal(true, @privilege.granted?('Article'))
+      @privilege.revoke('Article', Time.now + 0.5)
+      assert_equal(true, @privilege.granted?('Article'))
+      sleep(1)
+      assert_equal(false, @privilege.granted?('Article'))
+    end
+  end
+end