aptible-auth 0.11.11 → 0.11.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/aptible-auth.gemspec +1 -2
- data/lib/aptible/auth/organization.rb +0 -1
- data/lib/aptible/auth/token.rb +9 -1
- data/lib/aptible/auth/version.rb +1 -1
- data/spec/aptible/auth/token_spec.rb +147 -134
- metadata +6 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 055298f347d9ec42f8dd2dac1ca8169b5bb7b772
|
|
4
|
+
data.tar.gz: 34204507b8e90bff7726e801a29b934a80a3f711
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: adaf0f020213d97b37f6bad3a4b975c9e02fb2ba2cf9fd3b74d08e0265201f947e11dde16ca671a2243ef672b59b5fbc511d8481e77c0c88ee0a5f8d4102124e
|
|
7
|
+
data.tar.gz: ca1d7f97b8bf55a3268939c9b54a7df242986eb857347f71b38471441c03db681da21a571c449c94869c724e5f4c11d6fe3f5ff639476d295ad14ea8c80f14a8
|
data/aptible-auth.gemspec
CHANGED
|
@@ -20,8 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.require_paths = ['lib']
|
|
21
21
|
|
|
22
22
|
spec.add_dependency 'aptible-billing'
|
|
23
|
-
spec.add_dependency 'aptible-resource', '
|
|
24
|
-
spec.add_dependency 'stripe', '>= 1.13.0'
|
|
23
|
+
spec.add_dependency 'aptible-resource', '~> 0.3.8'
|
|
25
24
|
spec.add_dependency 'gem_config'
|
|
26
25
|
spec.add_dependency 'oauth2-aptible', '~> 0.10.0'
|
|
27
26
|
|
data/lib/aptible/auth/token.rb
CHANGED
|
@@ -79,7 +79,15 @@ module Aptible
|
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
def oauth
|
|
82
|
-
options = {
|
|
82
|
+
options = {
|
|
83
|
+
site: root_url,
|
|
84
|
+
token_url: '/tokens',
|
|
85
|
+
connection_opts: {
|
|
86
|
+
headers: {
|
|
87
|
+
'User-Agent' => Aptible::Resource.configuration.user_agent
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
83
91
|
@oauth ||= OAuth2::Client.new(nil, nil, options)
|
|
84
92
|
end
|
|
85
93
|
|
data/lib/aptible/auth/version.rb
CHANGED
|
@@ -1,180 +1,193 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Aptible::Auth::Token do
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
before { subject.stub(:oauth) { oauth } }
|
|
8
|
-
let(:expires_at) { Time.now - Random.rand(1000) }
|
|
9
|
-
before do
|
|
10
|
-
response.stub(:to_hash) do
|
|
11
|
-
{
|
|
12
|
-
access_token: 'access_token',
|
|
13
|
-
refresh_token: nil,
|
|
14
|
-
expires_at: expires_at.to_i
|
|
15
|
-
}
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
describe '.create' do
|
|
20
|
-
it 'should call #authenticate_user if passed :email and :password' do
|
|
21
|
-
Aptible::Auth::Token.any_instance.should_receive(
|
|
22
|
-
:authenticate_user
|
|
23
|
-
).with 'user@example.com', 'foobar', {}
|
|
24
|
-
described_class.create(email: 'user@example.com', password: 'foobar')
|
|
25
|
-
end
|
|
4
|
+
context 'with stubbed oauth client' do
|
|
5
|
+
let(:oauth) { double OAuth2::Client }
|
|
6
|
+
let(:response) { double OAuth2::AccessToken }
|
|
26
7
|
|
|
27
|
-
|
|
28
|
-
Aptible::Auth::Token.any_instance.should_receive(
|
|
29
|
-
:authenticate_client
|
|
30
|
-
).with 'id', 'secret', 'user@example.com', {}
|
|
31
|
-
described_class.create(
|
|
32
|
-
client_id: 'id',
|
|
33
|
-
client_secret: 'secret',
|
|
34
|
-
subject: 'user@example.com'
|
|
35
|
-
)
|
|
36
|
-
end
|
|
8
|
+
let(:expires_at) { Time.now - Random.rand(1000) }
|
|
37
9
|
|
|
38
|
-
|
|
39
|
-
options = { email: 'some email' }
|
|
40
|
-
options_before = options.dup
|
|
41
|
-
expect { described_class.create options }.to raise_error(/Unrecognized/)
|
|
42
|
-
expect(options).to eq(options_before)
|
|
43
|
-
end
|
|
44
|
-
end
|
|
10
|
+
before { subject.stub(:oauth) { oauth } }
|
|
45
11
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
12
|
+
before do
|
|
13
|
+
response.stub(:to_hash) do
|
|
14
|
+
{
|
|
15
|
+
access_token: 'access_token',
|
|
16
|
+
refresh_token: nil,
|
|
17
|
+
expires_at: expires_at.to_i
|
|
18
|
+
}
|
|
19
|
+
end
|
|
49
20
|
end
|
|
50
|
-
end
|
|
51
21
|
|
|
52
|
-
|
|
53
|
-
|
|
22
|
+
describe '.create' do
|
|
23
|
+
it 'should call #authenticate_user if passed :email and :password' do
|
|
24
|
+
Aptible::Auth::Token.any_instance.should_receive(
|
|
25
|
+
:authenticate_user
|
|
26
|
+
).with 'user@example.com', 'foobar', {}
|
|
27
|
+
described_class.create(email: 'user@example.com', password: 'foobar')
|
|
28
|
+
end
|
|
54
29
|
|
|
55
|
-
|
|
30
|
+
it 'should #authenticate_client if passed a client ID and secret' do
|
|
31
|
+
Aptible::Auth::Token.any_instance.should_receive(
|
|
32
|
+
:authenticate_client
|
|
33
|
+
).with 'id', 'secret', 'user@example.com', {}
|
|
34
|
+
described_class.create(
|
|
35
|
+
client_id: 'id',
|
|
36
|
+
client_secret: 'secret',
|
|
37
|
+
subject: 'user@example.com'
|
|
38
|
+
)
|
|
39
|
+
end
|
|
56
40
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
41
|
+
it 'should not alter the hash it receives' do
|
|
42
|
+
options = { email: 'some email' }
|
|
43
|
+
options_before = options.dup
|
|
44
|
+
expect { described_class.create options }.to raise_error(/Unrecognized/)
|
|
45
|
+
expect(options).to eq(options_before)
|
|
46
|
+
end
|
|
61
47
|
end
|
|
62
48
|
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
49
|
+
describe '#initialize' do
|
|
50
|
+
it 'should not raise error if given no arguments' do
|
|
51
|
+
expect { described_class.new }.not_to raise_error
|
|
52
|
+
end
|
|
67
53
|
end
|
|
68
54
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
expect(subject.access_token).to eq 'access_token'
|
|
72
|
-
end
|
|
55
|
+
describe '#authenticate_user' do
|
|
56
|
+
let(:args) { %w(user@example.com foobar) }
|
|
73
57
|
|
|
74
|
-
|
|
75
|
-
subject.authenticate_user(*args)
|
|
76
|
-
expect(subject.headers['Authorization']).to eq 'Bearer access_token'
|
|
77
|
-
end
|
|
58
|
+
before { oauth.stub_chain(:password, :get_token) { response } }
|
|
78
59
|
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
end
|
|
60
|
+
it 'should use the password strategy' do
|
|
61
|
+
params = { scope: 'manage' }
|
|
62
|
+
expect(oauth.password).to receive(:get_token).with(*(args + [params]))
|
|
63
|
+
subject.authenticate_user(*args)
|
|
64
|
+
end
|
|
85
65
|
|
|
86
|
-
|
|
87
|
-
|
|
66
|
+
it 'should allow the token scope to be specified' do
|
|
67
|
+
args << { scope: 'read' }
|
|
68
|
+
expect(oauth.password).to receive(:get_token).with(*args)
|
|
69
|
+
subject.authenticate_user(*args)
|
|
70
|
+
end
|
|
88
71
|
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
algorithm: 'foobar',
|
|
99
|
-
scope: 'manage'
|
|
100
|
-
)
|
|
101
|
-
subject.authenticate_client(*args)
|
|
102
|
-
end
|
|
72
|
+
it 'should set the access_token' do
|
|
73
|
+
subject.authenticate_user(*args)
|
|
74
|
+
expect(subject.access_token).to eq 'access_token'
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
it 'should set the Authorization header' do
|
|
78
|
+
subject.authenticate_user(*args)
|
|
79
|
+
expect(subject.headers['Authorization']).to eq 'Bearer access_token'
|
|
80
|
+
end
|
|
103
81
|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
algorithm: 'foobar',
|
|
110
|
-
scope: 'read'
|
|
111
|
-
)
|
|
112
|
-
subject.authenticate_client(*args)
|
|
82
|
+
it 'should set the expires_at property' do
|
|
83
|
+
subject.authenticate_user(*args)
|
|
84
|
+
expect(subject.expires_at).to be_a Time
|
|
85
|
+
expect(subject.expires_at.to_i).to eq expires_at.to_i
|
|
86
|
+
end
|
|
113
87
|
end
|
|
114
88
|
|
|
115
|
-
|
|
116
|
-
args
|
|
117
|
-
|
|
89
|
+
describe '#authenticate_client' do
|
|
90
|
+
let(:args) { %w(id secret user@example.com) }
|
|
91
|
+
|
|
92
|
+
before do
|
|
93
|
+
subject.stub(:signing_params_from_secret) { { algorithm: 'foobar' } }
|
|
94
|
+
end
|
|
95
|
+
before { oauth.stub_chain(:assertion, :get_token) { response } }
|
|
96
|
+
|
|
97
|
+
it 'should use the assertion strategy' do
|
|
118
98
|
expect(oauth.assertion).to receive(:get_token).with(
|
|
119
99
|
iss: 'id',
|
|
120
100
|
sub: 'user@example.com',
|
|
121
|
-
exp: Time.now.to_i + 1800,
|
|
122
101
|
algorithm: 'foobar',
|
|
123
102
|
scope: 'manage'
|
|
124
103
|
)
|
|
125
104
|
subject.authenticate_client(*args)
|
|
126
105
|
end
|
|
127
|
-
end
|
|
128
106
|
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
107
|
+
it 'should allow the token scope to be specified' do
|
|
108
|
+
args << { scope: 'read' }
|
|
109
|
+
expect(oauth.assertion).to receive(:get_token).with(
|
|
110
|
+
iss: 'id',
|
|
111
|
+
sub: 'user@example.com',
|
|
112
|
+
algorithm: 'foobar',
|
|
113
|
+
scope: 'read'
|
|
114
|
+
)
|
|
115
|
+
subject.authenticate_client(*args)
|
|
116
|
+
end
|
|
133
117
|
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
118
|
+
it 'should replace expires_in in exp' do
|
|
119
|
+
args << { expires_in: 1800 }
|
|
120
|
+
Timecop.freeze do
|
|
121
|
+
expect(oauth.assertion).to receive(:get_token).with(
|
|
122
|
+
iss: 'id',
|
|
123
|
+
sub: 'user@example.com',
|
|
124
|
+
exp: Time.now.to_i + 1800,
|
|
125
|
+
algorithm: 'foobar',
|
|
126
|
+
scope: 'manage'
|
|
127
|
+
)
|
|
128
|
+
subject.authenticate_client(*args)
|
|
129
|
+
end
|
|
130
|
+
end
|
|
139
131
|
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
132
|
+
it 'should set the access_token' do
|
|
133
|
+
subject.authenticate_client(*args)
|
|
134
|
+
expect(subject.access_token).to eq 'access_token'
|
|
135
|
+
end
|
|
143
136
|
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
137
|
+
it 'should set the Authorization header' do
|
|
138
|
+
subject.authenticate_client(*args)
|
|
139
|
+
expect(subject.headers['Authorization']).to eq 'Bearer access_token'
|
|
140
|
+
end
|
|
147
141
|
end
|
|
148
142
|
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
end
|
|
153
|
-
end
|
|
143
|
+
describe '#authenticate_impersonate' do
|
|
144
|
+
let(:args) { ['foo@bar.com', 'aptible:user:email', {}] }
|
|
145
|
+
before { oauth.stub_chain(:token_exchange, :get_token) { response } }
|
|
154
146
|
|
|
155
|
-
|
|
156
|
-
|
|
147
|
+
it 'should set the access_token' do
|
|
148
|
+
subject.authenticate_impersonate(*args)
|
|
149
|
+
expect(subject.access_token).to eq 'access_token'
|
|
150
|
+
end
|
|
157
151
|
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
152
|
+
it 'should set the Authorization header' do
|
|
153
|
+
subject.authenticate_impersonate(*args)
|
|
154
|
+
expect(subject.headers['Authorization']).to eq 'Bearer access_token'
|
|
161
155
|
end
|
|
162
156
|
end
|
|
163
157
|
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
158
|
+
describe '#signing_params_from_secret' do
|
|
159
|
+
let(:private_key_string) { OpenSSL::PKey::RSA.new(512).to_s }
|
|
160
|
+
|
|
161
|
+
subject do
|
|
162
|
+
lambda do |secret|
|
|
163
|
+
described_class.new.send(:signing_params_from_secret, secret)
|
|
164
|
+
end
|
|
165
|
+
end
|
|
168
166
|
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
167
|
+
it 'should return a correct :algorithm' do
|
|
168
|
+
params = subject.call(private_key_string)
|
|
169
|
+
expect(params[:algorithm]).to eq 'RS256'
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
it 'should return a correct :private_key for header/footer keys' do
|
|
173
|
+
params = subject.call(private_key_string)
|
|
174
|
+
expect(params[:private_key]).to be_a OpenSSL::PKey::RSA
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
it 'should return a correct :private_key for Base64-only keys' do
|
|
178
|
+
stripped_key = private_key_string.gsub(/^-.*-$/, '').delete("\n")
|
|
179
|
+
params = subject.call(stripped_key)
|
|
180
|
+
expect(params[:private_key]).to be_a OpenSSL::PKey::RSA
|
|
181
|
+
end
|
|
172
182
|
end
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
describe '#oauth' do
|
|
186
|
+
subject { described_class.new }
|
|
173
187
|
|
|
174
|
-
it '
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
expect(params[:private_key]).to be_a OpenSSL::PKey::RSA
|
|
188
|
+
it 'creates and caches an OAuth2::Client' do
|
|
189
|
+
c = subject.send(:oauth)
|
|
190
|
+
expect(subject.send(:oauth)).to be(c)
|
|
178
191
|
end
|
|
179
192
|
end
|
|
180
193
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aptible-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Frank Macreery
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-12-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aptible-billing
|
|
@@ -28,30 +28,16 @@ dependencies:
|
|
|
28
28
|
name: aptible-resource
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.3.1
|
|
34
|
-
type: :runtime
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - ">="
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.3.1
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: stripe
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - ">="
|
|
31
|
+
- - "~>"
|
|
46
32
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
33
|
+
version: 0.3.8
|
|
48
34
|
type: :runtime
|
|
49
35
|
prerelease: false
|
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
37
|
requirements:
|
|
52
|
-
- - "
|
|
38
|
+
- - "~>"
|
|
53
39
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
40
|
+
version: 0.3.8
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
42
|
name: gem_config
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|