Module: Userbin

Defined in:

lib/userbin/events.rb,
lib/userbin/current.rb,
lib/userbin/railtie.rb,
lib/userbin/session.rb,
lib/userbin/userbin.rb,
lib/userbin/version.rb,
lib/userbin/basic_auth.rb,
lib/userbin/configuration.rb,
lib/userbin/authentication.rb,
lib/userbin/rails/auth_helpers.rb,
lib/userbin.rb

Defined Under Namespace

Modules: AuthHelpers Classes: Authentication, BasicAuth, Callback, Configuration, Current, Error, Event, Events, Model, ParseSignedJSON, Railtie, SecurityError, Session, User, VerifySignature

Constant Summary

VERSION =

"0.2.4"

Class Method Summary

• .authenticate!(request, now = Time.now) ⇒ Object

  Provide either a Rack::Request or a Hash containing :signature and :data.

• .authenticate_events!(request, now = Time.now) ⇒ Object
• .authenticated? ⇒ Boolean
• .config ⇒ Object
• .configure(config_hash = nil) {|config| ... } ⇒ Object
• .current ⇒ Object
• .current=(value) ⇒ Object
• .current_user ⇒ Object
• .refresh_session(session_id) ⇒ Object
• .user ⇒ Object
• .valid_signature?(signature, data) ⇒ Boolean

  Checks signature against secret and returns boolean.

Class Method Details

.authenticate!(request, now = Time.now) ⇒ Object

Provide either a Rack::Request or a Hash containing :signature and :data.

# File 'lib/userbin/userbin.rb', line 13

def self.authenticate!(request, now = Time.now)
  signature, data =
    request.cookies.values_at('_ubs', '_ubd')

  if signature && data && valid_signature?(signature, data)

    current = Userbin::Session.new(MultiJson.decode(data))

    if current.authenticated?
      if now > Time.at(current.expires_at / 1000)
        signature, data = refresh_session(current.id)
      end
    end
  end

  tmp = MultiJson.decode(data) if data

  self.current = Userbin::Session.new(tmp)

  [signature, data]
end

.authenticate_events!(request, now = Time.now) ⇒ Object

# File 'lib/userbin/userbin.rb', line 2

def self.authenticate_events!(request, now = Time.now)
  signature, data =
    request.params.values_at('signature', 'data')

  valid_signature?(signature, data)

  [signature, data]
end

.authenticated? ⇒ Boolean

# File 'lib/userbin/userbin.rb', line 52

def self.authenticated?
  current.authenticated? rescue false
end

.config ⇒ Object

# File 'lib/userbin.rb', line 44

def config
  @configuration ||= Userbin::Configuration.new
end

.configure(config_hash = nil) {|config| ... } ⇒ Object

Yields:

• (config)

# File 'lib/userbin.rb', line 34

def configure(config_hash=nil)
  if config_hash
    config_hash.each do |k,v|
      config.send("#{k}=", v)
    end
  end

  yield(config) if block_given?
end

.current ⇒ Object

# File 'lib/userbin/userbin.rb', line 44

def self.current
  Thread.current[:userbin]
end

.current=(value) ⇒ Object

# File 'lib/userbin/userbin.rb', line 48

def self.current=(value)
  Thread.current[:userbin] = value
end

.current_user ⇒ Object

# File 'lib/userbin/userbin.rb', line 56

def self.current_user
  current.user if current
end

.refresh_session(session_id) ⇒ Object

# File 'lib/userbin/userbin.rb', line 35

def self.refresh_session(session_id)
  api_endpoint = ENV["USERBIN_API_ENDPOINT"] || 'https://api.userbin.com'
  uri = URI("#{api_endpoint}/sessions/#{session_id}/refresh")
  uri.user = config.app_id
  uri.password = config.api_secret
  net = Net::HTTP.post_form(uri, {})
  [net['X-Userbin-Signature'], net.body]
end

.user ⇒ Object

# File 'lib/userbin/userbin.rb', line 60

def self.user
  current_user
end

.valid_signature?(signature, data) ⇒ Boolean

Checks signature against secret and returns boolean

Raises:

• (SecurityError)

# File 'lib/userbin/userbin.rb', line 68

def self.valid_signature?(signature, data)
  digest = OpenSSL::Digest::SHA256.new
  valid = signature == OpenSSL::HMAC.hexdigest(digest, config.api_secret, data)
  raise SecurityError, "Invalid signature" unless valid
  valid
end