access_token_agent 3.1.0 → 3.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f927f5c7b9e229be4e384f66103ac838b240945f
-  data.tar.gz: a8913390a677bd3e6d8f8c8e38f9456c8d4eec74
+  metadata.gz: dc26e506a5e724e2f3fb483ffb8a8b7b74447e35
+  data.tar.gz: 31cce846d3c53a66737d2f5cb603dcf269ea3119
 SHA512:
-  metadata.gz: 05f95b2828d254c18f8c2873f9c11177a48a290847738d50389bdb02c540a50e03574e7bcb2a9acfedfd377334b8b42b1c1538588775cdbbe95133b60545a400
-  data.tar.gz: 7fd13b9d23077fe8b5de3d5e42fd86e9903c0c2fe5fe46b6d626c08ad466f52b1ba5be23e021f82b59e15f21227f3594b1ceceea1a181107c97e9070796b5784
+  metadata.gz: 560a1ce6c00cf31738b7d3c2d6ae7ee2ef0b9b9857e01aa620d299197f8cdba74daaf031a2cb5b7eee60d4f6c77e5f581ed86ed9e1a1279fb5ac83132d9a91a1
+  data.tar.gz: e5afd37637915dbe189fe7630b3b092e8cb588262f8c64167685711f9e2e0dc644bbbd08fc2f5d02a9333c35566dc5da2f36e29e17e607bdb20acd808cc17af5

data/.gitignore

@@ -0,0 +1,6 @@
+Gemfile.lock
+coverage/
+tmp/
+
+.ruby-gemset
+access_token_agent-*.gem

data/.rubocop.yml

@@ -0,0 +1,44 @@
+AllCops:
+  TargetRubyVersion: 2.1
+  Exclude:
+    - 'db/schema.rb'
+    - 'doc/**/*'
+    - 'Gemfile'
+    - '*.gemspec'
+
+Style/AsciiComments:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+# Encoding comments are not neccessary in all 2.x versions of ruby, since
+# UTF-8 has become the default encoding.
+Style/Encoding:
+  EnforcedStyle: never
+  Enabled: true
+
+# This cop tries to make you use module_funtion instead of extend self
+# This is bad because both have their own use-case and should not be used
+# and sometimes cannot be used to do the same thing
+Style/ModuleFunction:
+  Enabled: false
+# While it is very often useful to separate numbers after every three digits
+# for readability, this mostly doesn't make sense if the number doesn't
+# represent an amount but rather an identifier. Thus the use of underscores
+# every three digits is recommended but not enforced.
+Style/NumericLiterals:
+  Enabled: false
+
+# Do not force the same one letter variable names for all occurences of inject
+Style/SingleLineBlockParams:
+  Enabled: false
+
+# No significant improvement in speed or memory usage apparent. Readability is
+# atrocious.
+Performance/Casecmp:
+  Enabled: false
+
+# Not safe in a rails context, since Relation.count is != Enumerable.count
+Performance/Count:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+2.1.10

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+script:
+  - bundle exec rspec
+  - bundle exec rubocop

data/CHANGELOG.md

@@ -0,0 +1,25 @@
+## 3.1.1
+
+- Fix broken gem release (missing files)
+
+## 3.1.0
+
+- Raise `AccessTokenAgent::ConnectionError` if the auth service could not be reached.
+
+## 3.0.0
+
+- Rename fake_authenticate parameter to fake_auth
+    - This is compatible with the file format that AuthConnector already expects
+
+## 2.0.1
+
+- Remove obsolete class Credentials
+
+## 2.0.0
+
+- Rename base_uri parameter to host
+    - This is compatible with the file format that AuthConnector already expects
+
+## 1.0.0
+
+- initial Release

data/Gemfile

@@ -0,0 +1,5 @@
+# encoding: UTF-8
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in auth_connector.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Beko Käuferportal GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,64 @@
+[![Build Status](https://travis-ci.org/kaeuferportal/access_token_agent.svg?branch=master)](https://travis-ci.org/kaeuferportal/access_token_agent)
+
+# AccessTokenAgent
+
+Handles authentication against an OAuth2 provider.
+
+Retrieves an access token from the authentication server using the
+OAuth2 [client credentials flow](https://tools.ietf.org/html/rfc6749#section-4.4).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'access_token_agent', '~> 3.1'
+```
+
+And then execute:
+
+    $ bundle
+
+## Configuration
+
+Create an instance of AccessTokenAgent::Connector with the desired
+configuration and use that instance to authenticate.
+
+Needs the following parameters:
+
+* `host` - the server address where the auth provider is running.
+* `client_id` - the client_id of the application using this gem.
+* `client_secret` - the client_secret of the application using this gem.
+
+Optional parameters:
+
+* `fake_auth` - if true, do not connect to the auth service and return
+   an empty access token (`nil`).
+
+### Example
+
+```ruby
+AccessTokenAgent::Connector.new(host: 'https://auth.kaeuferportal.de',
+                                client_id: 'my_client',
+                                client_secret: 'very_secure_and_secret')
+```
+
+## Usage
+
+Setup an AcccessTokenAgent::Connector instance (see Configuration) and call
+authenticate on it to receive your access_token.
+
+```
+@access_token_agent.authenticate
+```
+
+When no valid AccessToken is present a call to authenticate returns one of the
+following:
+ - a Bearer Token if the credentials are valid (auth response code 200)
+ - raises an UnauthorizedError if the credentials are invalid (auth response
+   code 401)
+ - raises an Error if the auth response code is neither 200 nor 401
+
+As long as a valid AccessToken is present a call to authenticate simply returns
+that AccessToken. An AccessToken is valid for a limited time. The exact value is
+determined by the auth response which contains an `expires_at` parameter.

data/access_token_agent.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+
+Gem::Specification.new do |s|
+  s.name        = 'access_token_agent'
+  s.version     = '3.1.1'
+  s.date        = '2016-04-08'
+  s.summary     = 'Handles authentication against an OAuth2 provider'
+  s.homepage    = 'https://github.com/kaeuferportal/access_token_agent'
+  s.description = 'Retrieves an access token from an OAuth2 provider' \
+                  'using the supplied credentials.'
+  s.authors     = ['Beko Käuferportal GmbH']
+  s.email       = 'oss@kaeuferportal.de'
+  s.license     = 'MIT'
+  s.files       = `git ls-files -z`.split("\x0")
+                                   .reject { |f| f.match(%r{^spec/}) }
+
+  s.add_development_dependency 'bundler', '~> 1.11'
+  s.add_development_dependency 'rspec', '~> 3.4'
+  s.add_development_dependency 'pry', '~> 0.10'
+  s.add_development_dependency 'rubocop', '~> 0.39'
+  s.add_development_dependency 'vcr', '~> 3.0'
+  s.add_development_dependency 'webmock', '~> 1.24'
+  s.add_development_dependency 'simplecov', '~> 0.11'
+end

data/lib/access_token_agent/connection_error.rb

@@ -0,0 +1,7 @@
+module AccessTokenAgent
+  class ConnectionError < Error
+    def initialize
+      super('Could not connect to the auth service.')
+    end
+  end
+end

data/lib/access_token_agent/connector.rb

@@ -0,0 +1,53 @@
+require 'net/http'
+
+module AccessTokenAgent
+  class Connector
+    def initialize(host:,
+                   client_id:,
+                   client_secret:,
+                   fake_auth: false)
+      @host = host
+      @client_id = client_id
+      @client_secret = client_secret
+      @fake_auth = fake_auth
+    end
+
+    def authenticate
+      return if @fake_auth
+      fetch_token unless @known_token && @known_token.valid?
+      @known_token.value
+    end
+
+    def fetch_token
+      @known_token = Token.new(from_auth)
+    end
+
+    def from_auth
+      response = request
+      case response.code
+      when '200' then JSON.parse(response.body)
+      when '401' then raise UnauthorizedError
+      else
+        raise Error, "status: #{response.code}, body: #{response.body}"
+      end
+    rescue Errno::ECONNREFUSED
+      raise ConnectionError
+    end
+
+    def request
+      request = Net::HTTP::Post.new(auth_uri)
+      request.basic_auth @client_id, @client_secret
+      request.form_data = { 'grant_type' => 'client_credentials' }
+      use_tls = auth_uri.scheme == 'https'
+      Net::HTTP.start(auth_uri.hostname,
+                      auth_uri.port,
+                      use_ssl: use_tls) do |http|
+        http.request(request)
+      end
+    end
+
+    def auth_uri
+      @auth_uri ||= URI("#{@host}/oauth/token")
+    end
+  end
+end

data/lib/access_token_agent/error.rb

@@ -0,0 +1,2 @@
+class Error < StandardError
+end

data/lib/access_token_agent/invalid_token_type_error.rb

@@ -0,0 +1,5 @@
+class InvalidTokenTypeError < Error
+  def initialize(token_type)
+    super("Expected token_type to be 'bearer', but was '#{token_type}'.")
+  end
+end

data/lib/access_token_agent/token.rb

@@ -0,0 +1,21 @@
+require 'access_token_agent/invalid_token_type_error'
+
+module AccessTokenAgent
+  class Token
+    attr_reader :value, :expires_at
+
+    EXPIRY_MARGIN = 60 # seconds
+
+    def initialize(auth_response)
+      unless auth_response['token_type'] == 'bearer'
+        raise InvalidTokenTypeError, auth_response['token_type']
+      end
+      @value = auth_response['access_token']
+      @expires_at = Time.now + auth_response['expires_in']
+    end
+
+    def valid?
+      @expires_at - EXPIRY_MARGIN > Time.now
+    end
+  end
+end

data/lib/access_token_agent/unauthorized_error.rb

@@ -0,0 +1,7 @@
+module AccessTokenAgent
+  class UnauthorizedError < Error
+    def initialize
+      super('The credentials are invalid.')
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: access_token_agent
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - Beko Käuferportal GmbH
@@ -114,7 +114,22 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".ruby-version"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.md
+- README.md
+- access_token_agent.gemspec
 - lib/access_token_agent.rb
+- lib/access_token_agent/connection_error.rb
+- lib/access_token_agent/connector.rb
+- lib/access_token_agent/error.rb
+- lib/access_token_agent/invalid_token_type_error.rb
+- lib/access_token_agent/token.rb
+- lib/access_token_agent/unauthorized_error.rb
 homepage: https://github.com/kaeuferportal/access_token_agent
 licenses:
 - MIT
@@ -135,7 +150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.2.5
 signing_key: 
 specification_version: 4
 summary: Handles authentication against an OAuth2 provider