Module: Rack::Pubcookie::Auth

Includes:
AES, DES
Included in:
Rack::Pubcookie
Defined in:
lib/rack/pubcookie/auth.rb

Instance Method Summary collapse

Methods included from DES

#des_decrypt

Methods included from AES

#aes_decrypt

Instance Method Details

#callback_pathObject 



104
105
106
 
# File 'lib/rack/pubcookie/auth.rb', line 104

def callback_path
  '/auth/pubcookie/callback'
end

#extract_username(request) ⇒ Object 



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/rack/pubcookie/auth.rb', line 41

def extract_username request
  # If coments below refer to a URL, they mean this one:
  # http://svn.cac.washington.edu/viewvc/pubcookie/trunk/src/pubcookie.h?view=markup
  cookie = request.params['pubcookie_g'] || request.cookies['pubcookie_g']

  return nil if cookie.nil?

  bytes  = Base64.decode64(cookie).bytes.to_a
  index2 = bytes.pop
  index1 = bytes.pop

  if true # TODO: should check for aes vs des encryption...
    decrypted = des_decrypt bytes, index1, index2
  else
    decrypted = aes_decrypt bytes, index1, index2
  end

  return nil if decrypted.nil?

  # These values are all from the pubcookie source. For more info, see the
  # above URL. The relevant size definitions are around line 42 and the
  # struct begins on line 69 ish
  user, version, appsrvid, appid, type, creds, pre_sess_tok,
    create_ts, last_ts = decrypted.unpack('A42A4A40A128aaINN')

  create_ts = Time.at create_ts
  last_ts   = Time.at last_ts

  if Time.now < create_ts + @expires_after && appid == @appid
    user
  else
    nil
  end
end

#login_page_htmlObject 



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/rack/pubcookie/auth.rb', line 76

def 
  query = .to_a.map{ |k, v|
    "#{k}=#{Rack::Utils.escape v}"
  }.join '&'
  input_val = Base64.encode64 query
  input_val = input_val.gsub("\n", '')

  # Curious why exactly this template? This was taken from the pubcookie
  # source. We just do the same thing here...
  <<-HTML
<html>
<head></head>
<body onLoad="document.relay.submit()">
  <form method='post' action="https://#{@login_server}" name='relay'>
    <input type='hidden' name='pubcookie_g_req' value="#{input_val}">
    <input type='hidden' name='post_stuff' value="">
    <input type='hidden' name='relay_url' value="https://#{@host}/auth/pubcookie/callback">
    <noscript>
<p align='center'>You do not have Javascript turned on,   please click the button to continue.
<p align='center'>
  <input type='submit' name='go' value='Continue'>
</p>
    </noscript>
  </form>
</html>
HTML
end

#pubcookie_options=(options) ⇒ Object 



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/rack/pubcookie/auth.rb', line 15

def pubcookie_options= options
  @login_server  = options[:login_server]
  @host          = options[:host]
  @appid         = options[:appid]
  @keyfile       = options[:keyfile]
  @granting_cert = options[:granting_cert]

  if @login_server.nil? || @host.nil? || @appid.nil? || @keyfile.nil? ||
      @granting_cert.nil?
    raise 'Need all of :login_server, :host, :appid, :keyfile, and :granting_cert specified to use pubcookie!'
  end

  @granting = OpenSSL::X509::Certificate.new(::File.read(@granting_cert))
  ::File.open(@keyfile, 'rb'){ |f| @key = f.read.bytes.to_a }

  @expires_after ||= options[:expires_after] || 24 * 3600 # 24 hrs
end

#set_pubcookie!(request, response) ⇒ Object 



33
34
35
36
37
38
39
 
# File 'lib/rack/pubcookie/auth.rb', line 33

def set_pubcookie! request, response
  if !request.params['pubcookie_g'].nil? &&
      request.params['pubcookie_g'] != request.cookies['pubcookie_g']
    response.set_cookie 'pubcookie_g', :path => '/', :secure => true,
      :value => request.params['pubcookie_g']
  end
end