apple_id 1.3.0 → 1.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a849c5014ce8f45fc143ad955ef8ce22ff7639955dcce14ce58812cfa0e0a523
-  data.tar.gz: 1b5dfa5e7179bf7102887e48f9870d510648fb6a5dbf246b15ba6ae7a0f8f76d
+  metadata.gz: 2fee18e5a9878a0458806d26573fc4434ced6d9cec92700189c8f31077874280
+  data.tar.gz: 18bbca83bb744fe286e908785418eb0583fa3f3b3f059dbba56f4166be3bb496
 SHA512:
-  metadata.gz: 220695160a1be005b4cfbd1e4e214966ab5b5fd7af1c9819eef95339a81fe2af2482ee9e30b595991c093bbd51505135d343b28ab2c74138abce3f9e311ca2ef
-  data.tar.gz: 10bed7c9835616114fa2ac2929a515ba4fe30c2552c589ca2a15c207bfe57547cdc775dc543cae91dc20e6b04641240e50e303dc590f47ba67a6e255bab57913
+  metadata.gz: 3d01d0cf6e69b4146b58c9d2a5354bdf235bd836b3778fcc90d89d2d760c40272182df367f665cf1e8137a397921867df7d3bfc4fec056bd3b48724773f8b371
+  data.tar.gz: 8d2410bbd7134dde8a58ab157717d35880b397810c5769ab2bf673f1d6a1b4c11658f781f29e51f6f6d705d3bf8d9bc3763da8ce444969d1f7e6682918029a98

data/VERSION

@@ -1 +1 @@
-1.3.0
+1.4.2

data/apple_id.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'rack-oauth2', '~> 1.21'
+  spec.add_runtime_dependency 'rack-oauth2', '~> 1.21.2'
   spec.add_runtime_dependency 'openid_connect', '~> 1.3.0'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'

data/lib/apple_id/event_token/event.rb

@@ -0,0 +1,35 @@
+module AppleID
+  class EventToken::Event < OpenIDConnect::ConnectObject
+    attr_required :type, :sub, :event_time
+
+    module Type
+      EMAIL_ENABLED   = 'email-enabled'
+      EMAIL_DISABLED  = 'email-disabled'
+      CONSENT_REVOKED = 'consent-revoked'
+      ACCOUNT_DELETED = 'account-delete'
+    end
+
+    def email_enabled?
+      type == Type::EMAIL_ENABLED
+    end
+
+    def email_disabled?
+      type == Type::EMAIL_DISABLED
+    end
+
+    def consent_revoked?
+      type == Type::CONSENT_REVOKED
+    end
+
+    def account_deleted?
+      type == Type::ACCOUNT_DELETED
+    end
+    alias_method :account_delete?, :account_deleted?
+
+    class << self
+      def decode(json_string)
+        new JSON.parse(json_string).with_indifferent_access
+      end
+    end
+  end
+end

data/lib/apple_id/event_token.rb

@@ -0,0 +1,60 @@
+module AppleID
+  class EventToken < OpenIDConnect::ConnectObject
+    class VerificationFailed < Error; end
+
+    attr_required :iss, :aud, :exp, :iat, :jti, :events
+    alias_method :original_jwt, :raw_attributes
+    alias_method :event, :events
+
+    def initialize(attributes = {})
+      super
+      @events = Event.decode attributes[:events]
+    end
+
+    def verify!(verify_signature: true, client: nil)
+      verify_signature! if verify_signature
+      verify_claims! client
+      self
+    end
+
+    class << self
+      def decode(jwt_string)
+        new JSON::JWT.decode jwt_string, :skip_verification
+      end
+    end
+
+    private
+
+    def verify_signature!
+      original_jwt.verify! JWKS.fetch(original_jwt.kid)
+    rescue
+      raise VerificationFailed, 'Signature Verification Failed'
+    end
+
+    def verify_claims!(client)
+      aud = if client.respond_to?(:identifier)
+        client.identifier
+      else
+        client
+      end
+
+      failure_reasons = []
+      if self.iss != ISSUER
+        failure_reasons << :iss
+      end
+      if aud.present? && self.aud != aud
+        failure_reasons << :aud
+      end
+      if Time.now.to_i < iat
+        failure_reasons << :iat
+      end
+      if Time.now.to_i >= exp
+        failure_reasons << :exp
+      end
+
+      if failure_reasons.present?
+        raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
+      end
+    end
+  end
+end

data/lib/apple_id/id_token.rb

@@ -1,6 +1,6 @@
 module AppleID
   class IdToken < OpenIDConnect::ResponseObject::IdToken
-    class VerificationFailed < StandardError; end
+    class VerificationFailed < Error; end
 
     attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
     attr_accessor :original_jwt_string

data/lib/apple_id.rb

@@ -8,6 +8,8 @@ module AppleID
     ::File.join(::File.dirname(__FILE__), '../VERSION')
   ).chomp
 
+  class Error < StandardError; end
+
   def self.logger
     @@logger
   end
@@ -56,4 +58,6 @@ require 'apple_id/access_token'
 require 'apple_id/id_token'
 require 'apple_id/id_token/real_user_status'
 require 'apple_id/jwks'
+require 'apple_id/event_token'
+require 'apple_id/event_token/event'
 require 'apple_id/api/user_migration'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apple_id
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.2
 platform: ruby
 authors:
 - nov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-07-12 00:00:00.000000000 Z
+date: 2022-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack-oauth2
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: 1.21.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: 1.21.2
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -146,6 +146,8 @@ files:
 - lib/apple_id/access_token.rb
 - lib/apple_id/api/user_migration.rb
 - lib/apple_id/client.rb
+- lib/apple_id/event_token.rb
+- lib/apple_id/event_token/event.rb
 - lib/apple_id/id_token.rb
 - lib/apple_id/id_token/real_user_status.rb
 - lib/apple_id/jwks.rb