aptible-auth 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aptible/auth/token.rb +30 -1
- data/lib/aptible/auth/version.rb +1 -1
- data/spec/aptible/auth/token_spec.rb +41 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 944d38b34bbc1c213f954760d6ff5b7a580a4f0a
|
|
4
|
+
data.tar.gz: a7fc6914293f4f159e8e0f3192736355812f1b95
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3ff9d46b6e646a2ed567eb90b90e64ad2f6a248d299c06d175bc64ae4cfa8942ea0718f914d63704712cc2aab563e50d65507e7cf54d115e63ebfd2393641957
|
|
7
|
+
data.tar.gz: 785dbffe0912ee10277e64576a5945d1eca5218cd4964ad94c9dee5e95d1450c7a1149b40dcad6ebfeb417831e80fc73b208dca03bb2126030dac93844f5548c
|
data/lib/aptible/auth/token.rb
CHANGED
|
@@ -23,7 +23,10 @@ module Aptible
|
|
|
23
23
|
|
|
24
24
|
def authenticate_client(id, secret, user, options = {})
|
|
25
25
|
options[:scope] ||= 'manage'
|
|
26
|
-
response = client.assertion.get_token(
|
|
26
|
+
response = client.assertion.get_token({
|
|
27
|
+
iss: id,
|
|
28
|
+
sub: user
|
|
29
|
+
}.merge(signing_params_from_secret(secret).merge(options)))
|
|
27
30
|
parse_oauth_response(response)
|
|
28
31
|
end
|
|
29
32
|
|
|
@@ -45,6 +48,32 @@ module Aptible
|
|
|
45
48
|
@refresh_token = response.refresh_token
|
|
46
49
|
@expires_at = Time.at(response.expires_at)
|
|
47
50
|
end
|
|
51
|
+
|
|
52
|
+
def signing_params_from_secret(secret)
|
|
53
|
+
private_key = parse_private_key(secret)
|
|
54
|
+
{
|
|
55
|
+
private_key: private_key,
|
|
56
|
+
algorithm: "RS#{key_length(private_key) / 2}"
|
|
57
|
+
}
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def parse_private_key(string)
|
|
61
|
+
if string =~ /\A-----/
|
|
62
|
+
OpenSSL::PKey::RSA.new(string)
|
|
63
|
+
else
|
|
64
|
+
formatted_string = <<PRIVATE_KEY
|
|
65
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
66
|
+
#{string.scan(/.{1,64}/).join("\n")}
|
|
67
|
+
-----END RSA PRIVATE KEY-----
|
|
68
|
+
PRIVATE_KEY
|
|
69
|
+
OpenSSL::PKey::RSA.new(formatted_string)
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def key_length(private_key)
|
|
74
|
+
# http://stackoverflow.com/questions/13747212
|
|
75
|
+
private_key.n.num_bytes * 8
|
|
76
|
+
end
|
|
48
77
|
end
|
|
49
78
|
end
|
|
50
79
|
end
|
data/lib/aptible/auth/version.rb
CHANGED
|
@@ -60,18 +60,30 @@ describe Aptible::Auth::Token do
|
|
|
60
60
|
describe '#authenticate_client' do
|
|
61
61
|
let(:args) { %w(id secret user@example.com) }
|
|
62
62
|
|
|
63
|
+
before do
|
|
64
|
+
subject.stub(:signing_params_from_secret) { { algorithm: 'foobar' } }
|
|
65
|
+
end
|
|
63
66
|
before { subject.stub(:client) { client } }
|
|
64
67
|
before { client.stub_chain(:assertion, :get_token) { response } }
|
|
65
68
|
|
|
66
69
|
it 'should use the assertion strategy' do
|
|
67
|
-
|
|
68
|
-
|
|
70
|
+
expect(client.assertion).to receive(:get_token).with(
|
|
71
|
+
iss: 'id',
|
|
72
|
+
sub: 'user@example.com',
|
|
73
|
+
algorithm: 'foobar',
|
|
74
|
+
scope: 'manage'
|
|
75
|
+
)
|
|
69
76
|
subject.authenticate_client(*args)
|
|
70
77
|
end
|
|
71
78
|
|
|
72
79
|
it 'should allow the token scope to be specified' do
|
|
73
80
|
args << { scope: 'read' }
|
|
74
|
-
expect(client.assertion).to receive(:get_token).with(
|
|
81
|
+
expect(client.assertion).to receive(:get_token).with(
|
|
82
|
+
iss: 'id',
|
|
83
|
+
sub: 'user@example.com',
|
|
84
|
+
algorithm: 'foobar',
|
|
85
|
+
scope: 'read'
|
|
86
|
+
)
|
|
75
87
|
subject.authenticate_client(*args)
|
|
76
88
|
end
|
|
77
89
|
|
|
@@ -81,4 +93,30 @@ describe Aptible::Auth::Token do
|
|
|
81
93
|
expect(subject.access_token).to eq 'access_token'
|
|
82
94
|
end
|
|
83
95
|
end
|
|
96
|
+
|
|
97
|
+
describe '#signing_params_from_secret' do
|
|
98
|
+
let(:private_key_string) { OpenSSL::PKey::RSA.new(512).to_s }
|
|
99
|
+
|
|
100
|
+
subject do
|
|
101
|
+
lambda do |secret|
|
|
102
|
+
described_class.new.send(:signing_params_from_secret, secret)
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
it 'should return a correct :algorithm' do
|
|
107
|
+
params = subject.call(private_key_string)
|
|
108
|
+
expect(params[:algorithm]).to eq 'RS256'
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
it 'should return a correct :private_key for header/footer keys' do
|
|
112
|
+
params = subject.call(private_key_string)
|
|
113
|
+
expect(params[:private_key]).to be_a OpenSSL::PKey::RSA
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
it 'should return a correct :private_key for Base64-only keys' do
|
|
117
|
+
stripped_key = private_key_string.gsub(/^-.*-$/, '').gsub("\n", '')
|
|
118
|
+
params = subject.call(stripped_key)
|
|
119
|
+
expect(params[:private_key]).to be_a OpenSSL::PKey::RSA
|
|
120
|
+
end
|
|
121
|
+
end
|
|
84
122
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aptible-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Frank Macreery
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-02-
|
|
11
|
+
date: 2014-02-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gem_config
|