initial commit

Author: charlieok

CHANGES

@@ -0,0 +1,2 @@
+= 0.1.0 - ???
+* Initial release

MANIFEST

@@ -0,0 +1,7 @@
+CHANGES
+MANIFEST
+README
+Rakefile
+rack-auth-cookie.gemspec
+lib/rack/auth/cookie.rb
+test/test_rack_cookie.rb

README

@@ -0,0 +1,32 @@
+= Description
+The rack-cookie library is a Rack library that uses a cookie as a token to
+authenticate requests from users that have authenticated earlier using some
+other way.
+
+= Prerequisites
+rack 1.0.0 or later
+
+= Usage
+use "Rack::Auth::Cookie", :secret => "foo", :cookie_name => "my_authentication_cookie"
+
+= Default Fields
+The default value for cookie_name is "auth_token"
+
+= Details
+The "secret" option works exactly as in Rails session cookies. This should be
+set to a hard-to-guess value (not "foo"!) to protect against cookie forgery.
+
+This rack library only handles requests that contain a cookie named "auth_token"
+(or whatever name was passed as the :cookie_name option). If that is not present,
+the request is forwarded normally with no changes to the environment.
+
+If the cookie is detected, then it is checked for validity. If valid, then the
+value for 'AUTH_USER' is copied from the cookie data into the environment. If
+invalid, then env['AUTH_USER'] is deleted and env['AUTH_FAIL'] is set to an error message explaining what went wrong.
+
+Note that if env['AUTH_USER'] or env['AUTH_FAIL'] are already set, then the
+request is forwarded normally with no changes to the environment.
+
+= Authors
+Daniel Berger
+Charlie O'Keefe

Rakefile

@@ -0,0 +1,54 @@
+require 'rake'
+require 'rake/testtask'
+require 'rbconfig'
+ 
+desc 'Install the rack-auth-cookie library (non-gem)'
+task :install do
+  dir = File.join(CONFIG['sitelibdir'], 'rack', 'auth')
+  FileUtils.mkdir_p(dir) unless File.exists?(dir)
+  file = 'lib/rack/auth/cookie.rb'
+  FileUtils.cp_r(file, dir, :verbose => true)
+end
+ 
+desc 'Build the gem'
+task :gem do
+  spec = eval(IO.read('rack-auth-cookie.gemspec'))
+  Gem::Builder.new(spec).build
+end
+ 
+desc 'Install the rack-auth-cookie library as a gem'
+task :install_gem => [:gem] do
+   file = Dir["*.gem"].first
+   sh "gem install #{file}"
+end
+ 
+desc 'Export the git archive to a .zip, .gz and .bz2 file in your home directory'
+task :export, :output_file do |t, args|
+  file = args[:output_file]
+ 
+  sh "git archive --prefix #{file}/ --output #{ENV['HOME']}/#{file}.tar master"
+ 
+  Dir.chdir(ENV['HOME']) do
+    sh "gzip -f #{ENV['HOME']}/#{file}.tar"
+  end
+ 
+  sh "git archive --prefix #{file}/ --output #{ENV['HOME']}/#{file}.tar master"
+ 
+  Dir.chdir(ENV['HOME']) do
+    sh "bzip2 -f #{ENV['HOME']}/#{file}.tar"
+  end
+  
+  sh "git archive --prefix #{file}/ --output #{ENV['HOME']}/#{file}.zip --format zip master"
+ 
+  Dir.chdir(ENV['HOME']) do
+    sh "unzip #{file}.zip"
+    Dir.chdir(file) do
+      sh "rake gem"
+    end
+  end
+end
+ 
+Rake::TestTask.new do |t|
+   t.verbose = true
+   t.warning = true
+end

lib/rack/auth/cookie.rb

@@ -0,0 +1,100 @@
+require 'openssl'
+require 'rack/request'
+
+module Rack
+  module Auth
+    class Cookie
+      # Creates a new Rack::Auth::Cookie object. The +cookie_name+ param gives the
+      # name of the cookie used to authenticate the requestor. The default is
+      # 'auth_token'.
+      #
+      def initialize(app, options = {})
+        @app = app
+        @@secret = options[:secret]
+        @@cookie_name = options[:cookie_name] || "auth_token"
+        @@env = {}
+      end
+
+      # The call method we've defined first checks to see if AUTH_USER or
+      # AUTH_FAIL are set in the environment. If either is set, we assume that
+      # the request has already either passed or failed authentication and move on.
+      #
+      # If neither is set, we check for the cookie with the name we've been
+      # configured to use. If present, we attempt to authenticate the user using
+      # the cookie. If successful then AUTH_USER is set to the username.
+      #
+      # If unsuccessful then AUTH_USER is not set and AUTH_FAIL is set to an
+      # appropriate error message.
+      #
+      # It is then up to the application to check for the presence of AUTH_USER
+      # and/or AUTH_FAIL and act as necessary.
+      #
+      def call(env)
+        
+        # Do not authenticate if either one of these is set
+        if env['AUTH_USER'] || env['AUTH_FAIL']
+          return @app.call(env)
+        end
+        
+        request = Rack::Request.new(env)
+        
+        # Only authenticate if there's a cookie in the request named @cookie_name
+        unless request.cookies.has_key?(@@cookie_name)
+          return @app.call(env)
+        end
+        
+        begin
+          # Separate the cookie data and the digest
+          cookie_with_digest = request.cookies[@@cookie_name]
+          cookie_data, digest = cookie_with_digest.split("--")
+          
+          # Make sure the cookie hasn't been tampered with
+          unless digest == self.class.generate_hmac(cookie_data)
+            env['AUTH_FAIL'] = "Invalid cookie digest!"
+            return @app.call(env)
+          end
+          
+          # Unpack the cookie data back to a hash
+          begin
+            cookie_data = cookie_data.unpack("m*").first
+            cookie_data = Marshal.load(cookie_data)
+          rescue
+            env['AUTH_FAIL'] = "Unable to read cookie!"
+            return @app.call(env)
+          end
+          
+          # Put the values from the hash into the environment
+          env['AUTH_USER'] = cookie_data['AUTH_USER']
+          
+          env['AUTH_TYPE'] = "Cookie"
+        rescue => err
+          env.delete('AUTH_USER')
+          env['AUTH_FAIL'] = "Unexpected failure during Cookie authentication"
+        end
+        
+        @app.call(env)
+      end
+      
+      def self.cookie_name
+        @@cookie_name
+      end
+      
+      def self.create_auth_token(env)
+        # Copy relevant auth info for storage in a token
+        auth_info = Hash.new
+        auth_info['AUTH_USER'] = env['AUTH_USER']
+        
+        # Pack the auth_info hash for cookie storage
+        cookie_data = Marshal.dump(auth_info)
+        cookie_data = [cookie_data].pack("m*")
+        
+        # Add a digest value to cookie_data to prevent tampering
+        "#{cookie_data}--#{self.generate_hmac(cookie_data)}"
+      end
+      
+      def self.generate_hmac(data)
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @@secret, data)
+      end
+    end
+  end
+end

rack-auth-cookie.gemspec

@@ -0,0 +1,21 @@
+require 'rubygems'
+
+Gem::Specification.new do |gem|
+  gem.name      = 'rack-auth-cookie'
+  gem.version   = '0.1.0'
+  gem.authors   = ["Daniel Berger", "Charlie O'Keefe"]
+  gem.email     = '[email protected]'
+  gem.homepage  = 'http://www.github.com/charlieok/rack-auth-cookie'
+  gem.summary   = 'A Rack library that authenticates requests using a cookie'
+  gem.test_file = 'test/test_rack_auth_cookie.rb'
+  gem.files     = Dir['**/*'].delete_if{ |item| item.include?('git') } 
+
+  gem.extra_rdoc_files = ['CHANGES', 'README', 'MANIFEST']
+
+  gem.add_dependency('rack', '>= 1.0.0')
+  
+  gem.description = <<-EOF
+    The rack-auth-cookie library provides a Rack middleware interface for
+    authenticating users using a cookie
+  EOF
+end

test/test_rack_auth_cookie.rb

@@ -0,0 +1,18 @@
+require 'test/unit'
+require 'rack/auth/cookie'
+
+class TC_Rack_Auth_Cookie < Test::Unit::TestCase
+  def setup
+    @app  = 1 # Placeholder
+    @env  = 1 # Placeholder
+    @rack = Rack::Auth::Cookie.new(@app)
+  end
+
+  def test_constructor_basic
+    assert_nothing_raised{ Rack::Auth::Cookie.new(@app) }
+  end
+
+  def teardown
+    @rack = nil
+  end
+end