aha_builder_core 1.0.16 → 1.0.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 040e466bb6704c03036a10c3b1242abe7180212e6c34319ff6377d090f1f5373
-  data.tar.gz: 8fae9ac629308b1f7ecf306f3f5fee5b362f181fab5dd2a2f75502e0ed22dccf
+  metadata.gz: 30124379c106a7a57827a0d4ef2a0b32d60d4805cb9e791ce52f7813fd95d002
+  data.tar.gz: 1c189283a64adcde157dd6fee5fe641f7fd87ddbe9599f866028bfe4281a985f
 SHA512:
-  metadata.gz: 16711e2de018b08fdedcb47a92d5e1a6a3ea3862d88d786c8ce609d76de9f620293760cbb74bb7cff68d243133ee0ad6041020c02e98ee7d6210d68ea234b7a3
-  data.tar.gz: 883be935bafe88f56091079f1b38cdcc3104b115d3f1d3e633bb78d501e9c0b9d7df9b3010416162343b7c943623eb124645bbf2282dc8336b5be2c691308534
+  metadata.gz: d5b490c19d61cc5bcef3987b68bcada8e177393b382546e35d4c11c34647fb5c5897801cc5efbb89b60b0b18b828845a122a4e8faeb817d1c5f0e01f1e010c71
+  data.tar.gz: 48a9e14a55b43af0f588038a7ff72caec4cf894511fa8b522b3d0da20f410887f9a83ed56d6c3a0745a6848e903aef8ef1c284163412adecc3ac49f0a354847a

data/README.md

@@ -1,10 +1,6 @@
 # Aha Builder Core Client
 
-Ruby client for Aha! Builder core which provides application services:
-
-* Authentication services for login and signup using email/password, social logins (Google, Github, Microsoft), SAML SSO and password reset.
-* Email sending API.
-* User guide content API.
+Ruby client for Aha! Builder core authentication services which provides login and signup using email/password, social logins (Google, Github, Microsoft), SAML SSO and password reset.
 
 ## Installation
 
@@ -118,10 +114,15 @@ end
 
 ### Logout
 
+Implement logout by making a Ruby call to the library.
+
 ```ruby
 Aha::Auth.logout(session_token: session_token)
 ```
 
+After logout the user should be redirected back to the login page. The front-end
+should not use XHR for the logout request since it can't handle a redirect.
+
 ## User Management
 
 Server-to-server operations (requires `api_key`):
@@ -205,20 +206,3 @@ Each page hash contains:
 - `position` - Sort order (integer)
 - `children_count` - Number of child pages
 - `content_html` - HTML content (only in `load_page` response)
-
-## Email Sending
-
-Aha! Builder core provides a mail API that can be used as an ActionMailer delivery method.
-
-### ActionMailer Integration
-
-Configure your Rails application to send emails through Aha! Builder core:
-
-```ruby
-# config/initializers/action_mailer.rb
-ActionMailer::Base.add_delivery_method :aha_mail, Aha::Mail::DeliveryMethod
-
-# config/environments/production.rb
-config.action_mailer.delivery_method = :aha_mail
-```
-

data/lib/aha/auth/client.rb

@@ -49,27 +49,27 @@ module Aha
       # @param refresh_token [String, nil] Optional refresh token for automatic refresh
       # @return [Session] Session validation result
       def validate_session(session_token, refresh_token: nil)
+        claims = nil
+
         begin
           claims = decode_and_verify_token(session_token)
-          return Session.from_claims(claims) if claims
         rescue ExpiredTokenError
           # Token has expired, attempt refresh
         end
 
-        if refresh_token
-          begin
-            tokens = authenticate_with_refresh_token(refresh_token: refresh_token)
-            new_claims = decode_and_verify_token(tokens[:session_token])
-
-            return Session.from_claims(
-              new_claims || claims,
-              refreshed: true,
-              new_session_token: tokens[:session_token],
-              new_refresh_token: tokens[:refresh_token]
-            )
-          rescue Error
-            return Session.invalid
+        if claims
+          # Valid session - check if we should proactively refresh based on lifetime
+          if refresh_token && token_needs_refresh?(claims)
+            # If refresh fails, we still want to return the existing session as valid
+            # until it fully expires, so we don't disrupt active users
+            return attempt_refresh(refresh_token) || Session.from_claims(claims)
           end
+
+          return Session.from_claims(claims)
+        end
+
+        if refresh_token
+          return attempt_refresh(refresh_token) || Session.invalid
         end
 
         Session.invalid
@@ -101,6 +101,36 @@ module Aha
 
       private
 
+      def attempt_refresh(refresh_token)
+        tokens = authenticate_with_refresh_token(refresh_token: refresh_token)
+        new_claims = decode_and_verify_token(tokens[:session_token])
+        Session.from_claims(
+          new_claims,
+          refreshed: true,
+          new_session_token: tokens[:session_token],
+          new_refresh_token: tokens[:refresh_token]
+        )
+      rescue Error => e
+        Rails.logger.error("Session refresh failed: #{e.message}")
+        nil
+      end
+
+      # Determine if a token is approaching expiration and should be proactively refreshed
+      #
+      # @param claims [Hash] The decoded JWT claims
+      # @return [Boolean] true if the token should be refreshed
+      def token_needs_refresh?(claims)
+        iat = claims["iat"]
+        exp = claims["exp"]
+        return false unless iat && exp
+
+        lifetime = exp - iat
+        return false if lifetime <= 0
+
+        elapsed = Time.now.to_i - iat
+        elapsed.to_f / lifetime >= @configuration.refresh_lifetime_fraction
+      end
+
       def decode_and_verify_token(token)
         # First decode without verification to get the header
         header = JWT.decode(token, nil, false).last

data/lib/aha/auth/configuration.rb

@@ -15,8 +15,9 @@ module Aha
       # How long to cache JWKS keys (default: 1 hour)
       attr_accessor :jwks_cache_ttl
 
-      # Number of seconds before token expiry to trigger refresh (default: 120)
-      attr_accessor :refresh_threshold
+      # Fraction of token lifetime after which to attempt proactive refresh (default: 0.5)
+      # e.g. at 0.5, a 15-minute token triggers refresh after 7.5 minutes
+      attr_accessor :refresh_lifetime_fraction
 
       # HTTP timeout in seconds (default: 30)
       attr_accessor :timeout
@@ -30,9 +31,9 @@ module Aha
       def initialize
         @server_url = ENV.fetch("AHA_CORE_SERVER_URL", "https://secure.aha.io/api/core")
         @api_key = ENV.fetch("AHA_CORE_API_KEY", nil)
-        @client_id = ENV.fetch("APPLICATION_ID", nil)
+        @client_id = "#{ENV.fetch("APPLICATION_ID", nil)}.#{Rails.env.development? ? 'dev' : 'prod'}"
         @jwks_cache_ttl = 3600 # 1 hour
-        @refresh_threshold = 120 # 2 minutes
+        @refresh_lifetime_fraction = 0.5
         @timeout = 30
         @enable_logging = false
         @logger = Rails.logger

data/lib/aha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Aha
-  VERSION = "1.0.16"
+  VERSION = "1.0.18"
 end

data/lib/aha_builder_core.rb

@@ -2,4 +2,3 @@
 
 require_relative "aha/auth"
 require_relative "aha/user_guide"
-require_relative "aha/mail"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aha_builder_core
 version: !ruby/object:Gem::Version
-  version: 1.0.16
+  version: 1.0.18
 platform: ruby
 authors:
 - Aha! Labs Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-14 00:00:00.000000000 Z
+date: 2026-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -123,8 +123,6 @@ files:
 - lib/aha/auth/token_cache.rb
 - lib/aha/auth/user.rb
 - lib/aha/auth/users_resource.rb
-- lib/aha/mail.rb
-- lib/aha/mail/delivery_method.rb
 - lib/aha/user_guide.rb
 - lib/aha/version.rb
 - lib/aha_builder_core.rb
@@ -151,7 +149,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.3.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/lib/aha/mail/delivery_method.rb

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-
-module Aha
-  module Mail
-    class DeliveryMethod
-      attr_accessor :settings
-
-      def initialize(settings = {})
-        @settings = settings
-      end
-
-      def deliver!(mail)
-        # Extract mail attributes
-        mail_params = {
-          from: format_addresses(mail.from).first,
-          to: format_addresses(mail.to),
-          cc: format_addresses(mail.cc),
-          bcc: format_addresses(mail.bcc),
-          reply_to: format_addresses(mail.reply_to),
-          subject: mail.subject,
-        }
-
-        # Determine content type and body
-        if mail.multipart?
-          # For multipart messages, prefer HTML over plain text
-          html_part = mail.html_part
-          text_part = mail.text_part
-
-          if html_part
-            mail_params[:body] = html_part.body.decoded
-            mail_params[:content_type] = "text/html"
-          elsif text_part
-            mail_params[:body] = text_part.body.decoded
-            mail_params[:content_type] = "text/plain"
-          else
-            mail_params[:body] = mail.body.decoded
-            mail_params[:content_type] = mail.content_type
-          end
-        else
-          mail_params[:body] = mail.body.decoded
-          mail_params[:content_type] = mail.content_type || "text/plain"
-        end
-
-        # Send via the Aha::Mail API
-        Aha::Mail.send_mail(mail_params)
-      rescue StandardError => e
-        # ActionMailer expects delivery methods to raise exceptions on failure
-        raise "Failed to deliver mail via Aha::Mail: #{e.message}"
-      end
-
-      private
-
-      def format_addresses(addresses)
-        return [] if addresses.nil?
-
-        Array(addresses).map do |address|
-          if address.is_a?(::Mail::Address)
-            address.to_s
-          else
-            address
-          end
-        end.compact
-      end
-    end
-  end
-end

data/lib/aha/mail.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "mail/delivery_method"
-
-module Aha
-  module Mail
-    class << self
-      def send_mail(mail_params)
-        client.send(:post, "/api/core/mail/send", mail: mail_params)
-      end
-
-      private
-
-      def client
-        Aha::Auth.send(:client)
-      end
-    end
-  end
-end