RubyGems - artsy-auth - Versions diffs - 0.1.8 → 0.2.0 - Mend

artsy-auth 0.1.8 → 0.2.0

Files changed (9) hide show

checksums.yaml +5 -5
data/README.md +10 -3
data/app/views/artsy_auth/sessions/new.erb +20 -0
data/config/routes.rb +1 -0
data/lib/artsy-auth.rb +1 -0
data/lib/artsy-auth/authenticated.rb +1 -1
data/lib/artsy-auth/session_controller.rb +2 -0
data/lib/artsy-auth/version.rb +1 -1
metadata +70 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7a2f2591b274cf4eba66d78b563365f51341cbaf
-  data.tar.gz: 38ba2fbbfe919ef424cfa0c1f8a8b7e07d11fc8c
+SHA256:
+  metadata.gz: 3ba60006edb2e37220a6ba341de9ac26e26e3b4bcec129775a7f08552d40627a
+  data.tar.gz: da6c9ececb084317e0a8745a128e1c0a24ef3c680fb79b3b086c8c1830ff6d5d
 SHA512:
-  metadata.gz: b35055a3b5ab3b5e3de9f1a6e0454d5d45fda0977c2f117a620c0b2e057979fba571c621306117ec1215358c91dc48206a009a13a5c3a97c9e86cfca6e963088
-  data.tar.gz: df30a0ef5f1c67da6ae1635967043770191712fc3118f2ba0ed0d6f4bd91283a911ebced4ba82912f04255579cd4f30efd03ec247457969995a0f0a504690cbb
+  metadata.gz: cb51d56f276740c9268942c544452e2d82f5b07781a1e471a49ae05df13366fe3095c9e6fc926bf196e1287c249af9e89f6fd27f5b86199f4d7db766a393807c
+  data.tar.gz: cab76d066dddfd593a6670bdc56921d744c97173728e156304bbd5f209534b055eb24791c0dfeee6f19372b5ecc738d5785674906e9926461039b5c317649ddb

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# Artsy Authentication [![Build Status](https://travis-ci.org/artsy/artsy-auth.svg?branch=master)](https://travis-ci.org/artsy/artsy-auth)
+# Artsy Authentication [![CircleCI](https://circleci.com/gh/artsy/artsy-auth/tree/master.svg?style=shield)](https://circleci.com/gh/artsy/artsy-auth/tree/master)
 Ruby Gem for adding Artsy's omniauth based authentication to your app.
@@ -17,7 +17,7 @@ Add `artsy_auth.rb` under `config/initializers`. We need to configure `ArtsyAuth
 `callback_url` defines after a successful omniauth handshake, where should we get redirected to.
 ```ruby
-# config/initalizers/artsy_auth.rb
+# config/initializers/artsy_auth.rb
 ArtsyAuth.configure do |config|
   config.artsy_api_url = 'https://stagingapi.artsy.net' # required
   config.callback_url = '/admin' # optional
@@ -34,7 +34,7 @@ mount ArtsyAuth::Engine => '/'
 In order to force authentication, you need to include 'ArtsyAuth::Authenticated' in your controller, you also need to add (override) `authorized_artsy_token?` method there which gets a token and in your app you need to define how do you authorize that token, for example:
 ```ruby
-class ApplicationController < ArtsyAuth::ApplicationController
+class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   protect_from_forgery with: :exception
@@ -51,6 +51,13 @@ class ApplicationController < ArtsyAuth::ApplicationController
 end
 ```
+# Decoding the JWT
+The JWT is signed using a different secret from the client secret for OAuth. For Artsy engineers: get it from the `internal_secret` on your corresponding `ClientApplication` model.
+The JWT contains user information that you can get from an API call to get the `me` user account, you can work around not having the secret by making a request for that against the API.
 # Update From Version < 0.1.7
 In previous versions you would change your `ApplicationController` to inherit from `ArtsyAuth::ApplicationController`, with versions > `0.1.7` you need to `include ArtsyAuth::Authenticated` like the example above.

data/app/views/artsy_auth/sessions/new.erb ADDED Viewed

@@ -0,0 +1,20 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Artsy Auth</title>
+  </head>
+  <body>
+    <p id="placeholder" style="visibility: hidden; text-align: center;">Authenticating...</p>
+    <div style="display: none;">
+      <%= button_to 'Log in via Artsy', '/auth/artsy', form: { id: 'artsy-auth-login-form' } %>
+    </div>
+    <script>
+      document.getElementById("artsy-auth-login-form").submit();
+      setTimeout(function() {
+        document.getElementById("placeholder").style.visibility = "visible";
+      }, 1000);
+    </script>
+  </body>
+</html>

data/config/routes.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 ArtsyAuth::Engine.routes.draw do
   get '/auth/:provider/callback', to: 'sessions#create'
+  get '/auth/:provider/new', to: 'sessions#new'
   get '/sign_out', to: 'sessions#destroy'
 end

data/lib/artsy-auth.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require 'artsy-auth/config'
 require 'artsy-auth/engine'
 require 'artsy-auth/session_controller'
 require 'artsy-auth/version'
+require 'omniauth/rails_csrf_protection'
 module ArtsyAuth
 end

data/lib/artsy-auth/authenticated.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module ArtsyAuth
     def clear_session_and_reauth!
       reset_session
       session[:redirect_to] = request.url
-      redirect_to '/auth/artsy'
+      redirect_to '/auth/artsy/new'
     end
     def authorized_artsy_token?(token)

data/lib/artsy-auth/session_controller.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module ArtsyAuth
   class SessionsController < ActionController::Base
+    def new; end
     def create
       session[:user_id] = auth_hash['uid']
       session[:email] = auth_hash['info']['raw_info']['email']

data/lib/artsy-auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ArtsyAuth
-  VERSION = '0.1.8'.freeze
+  VERSION = '0.2.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: artsy-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.2.0
 platform: ruby
 authors:
 - Artsy
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-07 00:00:00.000000000 Z
+date: 2021-08-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-artsy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -25,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: omniauth-artsy
+  name: omniauth-rails_csrf_protection
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +67,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.2.0
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -80,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -109,7 +151,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: guard-rubocop
+  name: selenium-webdriver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webdrivers
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -131,6 +187,7 @@ extra_rdoc_files: []
 files:
 - README.md
 - Rakefile
+- app/views/artsy_auth/sessions/new.erb
 - config/initializers/omniauth.rb
 - config/routes.rb
 - lib/artsy-auth.rb
@@ -139,10 +196,10 @@ files:
 - lib/artsy-auth/engine.rb
 - lib/artsy-auth/session_controller.rb
 - lib/artsy-auth/version.rb
-homepage: http://artsy.net
+homepage: https://www.artsy.net
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -157,10 +214,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.8
-signing_key:
+rubygems_version: 3.2.23
+signing_key:
 specification_version: 4
-summary: ArtsyAuth is a rails based gem that adds Artsy authentication with authorization
+summary: ArtsyAuth is a Rails engine that adds Artsy authentication with authorization
   to your app.
 test_files: []