artsy-auth 0.1.5 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8ada8281ebccc37c590fadc4437297c9532f5b53
-  data.tar.gz: 268546c0ec15eba63341d8d0d4aabecee9087b8a
+SHA256:
+  metadata.gz: 3ba60006edb2e37220a6ba341de9ac26e26e3b4bcec129775a7f08552d40627a
+  data.tar.gz: da6c9ececb084317e0a8745a128e1c0a24ef3c680fb79b3b086c8c1830ff6d5d
 SHA512:
-  metadata.gz: 3c08d5cdbec65dc6a8619ce954be786fe7ec7da2c12952141ed60fc9e721432abdc73912f024d19e2f75a3f3781ff9521f54d5a1e0033aabbef3a7d014cc6a06
-  data.tar.gz: f1e554ba44a8262bbcb33273986a7ec537bb0666956a7068ca5d8fe2cfa1241b267e59e515c910bad2753b0cc3b7cb99d15527decc83555aa48b6da589e55fec
+  metadata.gz: cb51d56f276740c9268942c544452e2d82f5b07781a1e471a49ae05df13366fe3095c9e6fc926bf196e1287c249af9e89f6fd27f5b86199f4d7db766a393807c
+  data.tar.gz: cab76d066dddfd593a6670bdc56921d744c97173728e156304bbd5f209534b055eb24791c0dfeee6f19372b5ecc738d5785674906e9926461039b5c317649ddb

data/README.md

@@ -1,9 +1,9 @@
-# Artsy Authentication [![Build Status](https://travis-ci.org/artsy/artsy-auth.svg?branch=master)](https://travis-ci.org/artsy/artsy-auth)
+# Artsy Authentication [![CircleCI](https://circleci.com/gh/artsy/artsy-auth/tree/master.svg?style=shield)](https://circleci.com/gh/artsy/artsy-auth/tree/master)
 
 Ruby Gem for adding Artsy's omniauth based authentication to your app.
 
 ## Installation
-Add following line to your Gemfile
+Add following line to your Gemfile.
 
 ```
 gem 'artsy-auth'
@@ -13,14 +13,13 @@ gem 'artsy-auth'
 Artsy Auth is based on [`Rails::Engine`](http://api.rubyonrails.org/classes/Rails/Engine.html).
 
 ### Configure
-Add `artsy_auth.rb` under `config/initializers`. We need to configure `ArtsyAuth` to use proper Artsy `application_id` and `application_secret`. Also it needs `artsy_url` which will be used to redirect `sign_out` to proper location, and `artsy_api_url` for login.
+Add `artsy_auth.rb` under `config/initializers`. We need to configure `ArtsyAuth` to use proper Artsy `application_id` and `application_secret`. Also it needs `artsy_api_url` which will be used to redirect `sign_in` and `sign_out` to proper location.
 `callback_url` defines after a successful omniauth handshake, where should we get redirected to.
 
 ```ruby
-# config/initalizers/artsy_auth.rb
+# config/initializers/artsy_auth.rb
 ArtsyAuth.configure do |config|
   config.artsy_api_url = 'https://stagingapi.artsy.net' # required
-  config.artsy_url = 'https://staging.artsy.net' # required
   config.callback_url = '/admin' # optional
   config.application_id = '321322131' # required
   config.application_secret = '123123asdasd' # required
@@ -33,26 +32,34 @@ You also need to mount session related endpoints to your app, in your `config/ro
 mount ArtsyAuth::Engine => '/'
 ```
 
-In order to force authentication, you need to change your `ApplicationController` to inherit from ` ArtsyAuth::ApplicationController`, you also need to add (override) `authorize?` method there which gets a token and in your app you need to define how do you authorize that token, for example:
+In order to force authentication, you need to include 'ArtsyAuth::Authenticated' in your controller, you also need to add (override) `authorized_artsy_token?` method there which gets a token and in your app you need to define how do you authorize that token, for example:
 ```ruby
-class ApplicationController < ArtsyAuth::ApplicationController
+class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   protect_from_forgery with: :exception
 
-  # override applicaiton to decode token and allow only users with `tester` role
-  def authorized?(token)
+  # This will make sure calls to this controller have proper session data
+  # if they don't it will redirect them to oauth url and once authenticated
+  # on successful authentication we'll call authorized_artsy_token
+  include ArtsyAuth::Authenticated
+
+  # override application to decode token and allow only users with `tester` role
+  def authorized_artsy_token?(token)
     decoded_token, _headers = JWT.decode(token, 'some-secret')
     decoded_token['roles'].include? 'tester'
   end
 end
 ```
-Note that this will add authentication to all of your controllers, if you want to skip Artsy's authentication for specific controller you can skip it in your controller by adding:
-```ruby
-class TestController
-  skip_before_action :require_artsy_authentication
-end
-```
 
+# Decoding the JWT
+
+The JWT is signed using a different secret from the client secret for OAuth. For Artsy engineers: get it from the `internal_secret` on your corresponding `ClientApplication` model.
+
+The JWT contains user information that you can get from an API call to get the `me` user account, you can work around not having the secret by making a request for that against the API.
+
+
+# Update From Version < 0.1.7
+In previous versions you would change your `ApplicationController` to inherit from `ArtsyAuth::ApplicationController`, with versions > `0.1.7` you need to `include ArtsyAuth::Authenticated` like the example above.
 
 # Contributing
 

data/app/views/artsy_auth/sessions/new.erb

@@ -0,0 +1,20 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Artsy Auth</title>
+  </head>
+  <body>
+    <p id="placeholder" style="visibility: hidden; text-align: center;">Authenticating...</p>
+    <div style="display: none;">
+      <%= button_to 'Log in via Artsy', '/auth/artsy', form: { id: 'artsy-auth-login-form' } %>
+    </div>
+
+    <script>
+      document.getElementById("artsy-auth-login-form").submit();
+      setTimeout(function() {
+        document.getElementById("placeholder").style.visibility = "visible";
+      }, 1000);
+    </script>
+  </body>
+</html>

data/config/routes.rb

@@ -1,4 +1,5 @@
 ArtsyAuth::Engine.routes.draw do
   get '/auth/:provider/callback', to: 'sessions#create'
+  get '/auth/:provider/new', to: 'sessions#new'
   get '/sign_out', to: 'sessions#destroy'
 end

data/lib/artsy-auth.rb

@@ -1,8 +1,9 @@
+require 'artsy-auth/authenticated'
 require 'artsy-auth/config'
 require 'artsy-auth/engine'
-require 'artsy-auth/version'
-require 'artsy-auth/application_controller'
 require 'artsy-auth/session_controller'
+require 'artsy-auth/version'
+require 'omniauth/rails_csrf_protection'
 
 module ArtsyAuth
 end

data/lib/artsy-auth/{application_controller.rb → authenticated.rb}

@@ -1,10 +1,16 @@
 module ArtsyAuth
-  class ApplicationController < ActionController::Base
-    before_action :require_artsy_authentication
+  module Authenticated
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :require_artsy_authentication
+    end
+
+    private
 
     def require_artsy_authentication
       if session[:access_token]
-        head(:forbidden) unless authorized? session[:access_token]
+        head(:forbidden) unless authorized_artsy_token? session[:access_token]
       else
         clear_session_and_reauth! unless session[:access_token]
       end
@@ -13,10 +19,10 @@ module ArtsyAuth
     def clear_session_and_reauth!
       reset_session
       session[:redirect_to] = request.url
-      redirect_to '/auth/artsy'
+      redirect_to '/auth/artsy/new'
     end
 
-    def authorized?(token)
+    def authorized_artsy_token?(token)
       raise NotImplementedError
     end
   end

data/lib/artsy-auth/config.rb

@@ -3,14 +3,12 @@ module ArtsyAuth
     extend self
 
     attr_accessor :artsy_api_url
-    attr_accessor :artsy_url
     attr_accessor :application_id
     attr_accessor :application_secret
     attr_accessor :callback_url
 
     def reset
       self.artsy_api_url = nil
-      self.artsy_url = nil
       self.callback_url = '/'
       self.application_id = nil
       self.application_secret = nil

data/lib/artsy-auth/session_controller.rb

@@ -1,6 +1,7 @@
 module ArtsyAuth
-  class SessionsController < ApplicationController
-    skip_before_action :require_artsy_authentication
+  class SessionsController < ActionController::Base
+    def new; end
+
     def create
       session[:user_id] = auth_hash['uid']
       session[:email] = auth_hash['info']['raw_info']['email']
@@ -10,7 +11,7 @@ module ArtsyAuth
 
     def destroy
       reset_session
-      redirect_to "#{ArtsyAuth.config.artsy_url}/users/sign_out"
+      redirect_to "#{ArtsyAuth.config.artsy_api_url}/users/sign_out"
     end
 
     protected
@@ -19,4 +20,4 @@ module ArtsyAuth
       request.env['omniauth.auth']
     end
   end
-end
+end

data/lib/artsy-auth/version.rb

@@ -1,3 +1,3 @@
 module ArtsyAuth
-  VERSION = '0.1.5'.freeze
+  VERSION = '0.2.0'.freeze
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: artsy-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.2.0
 platform: ruby
 authors:
 - Artsy
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-04-03 00:00:00.000000000 Z
+date: 2021-08-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-artsy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -25,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: omniauth-artsy
+  name: omniauth-rails_csrf_protection
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +67,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.2.0
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -80,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -109,7 +151,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: guard-rubocop
+  name: selenium-webdriver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webdrivers
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -131,18 +187,19 @@ extra_rdoc_files: []
 files:
 - README.md
 - Rakefile
+- app/views/artsy_auth/sessions/new.erb
 - config/initializers/omniauth.rb
 - config/routes.rb
 - lib/artsy-auth.rb
-- lib/artsy-auth/application_controller.rb
+- lib/artsy-auth/authenticated.rb
 - lib/artsy-auth/config.rb
 - lib/artsy-auth/engine.rb
 - lib/artsy-auth/session_controller.rb
 - lib/artsy-auth/version.rb
-homepage: http://artsy.net
+homepage: https://www.artsy.net
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -157,10 +214,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.8
-signing_key: 
+rubygems_version: 3.2.23
+signing_key:
 specification_version: 4
-summary: ArtsyAuth is a rails based gem that adds Artsy authentication with authorization
+summary: ArtsyAuth is a Rails engine that adds Artsy authentication with authorization
   to your app.
 test_files: []