RubyGems - artsy-auth - Versions diffs - 0.1.8 → 0.2.0 - Mend

artsy-auth 0.1.8 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +5 -5
data/README.md +10 -3
data/app/views/artsy_auth/sessions/new.erb +20 -0
data/config/routes.rb +1 -0
data/lib/artsy-auth.rb +1 -0
data/lib/artsy-auth/authenticated.rb +1 -1
data/lib/artsy-auth/session_controller.rb +2 -0
data/lib/artsy-auth/version.rb +1 -1
metadata +70 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7a2f2591b274cf4eba66d78b563365f51341cbaf
-  data.tar.gz: 38ba2fbbfe919ef424cfa0c1f8a8b7e07d11fc8c
+SHA256:
+  metadata.gz: 3ba60006edb2e37220a6ba341de9ac26e26e3b4bcec129775a7f08552d40627a
+  data.tar.gz: da6c9ececb084317e0a8745a128e1c0a24ef3c680fb79b3b086c8c1830ff6d5d
 SHA512:
-  metadata.gz: b35055a3b5ab3b5e3de9f1a6e0454d5d45fda0977c2f117a620c0b2e057979fba571c621306117ec1215358c91dc48206a009a13a5c3a97c9e86cfca6e963088
-  data.tar.gz: df30a0ef5f1c67da6ae1635967043770191712fc3118f2ba0ed0d6f4bd91283a911ebced4ba82912f04255579cd4f30efd03ec247457969995a0f0a504690cbb
+  metadata.gz: cb51d56f276740c9268942c544452e2d82f5b07781a1e471a49ae05df13366fe3095c9e6fc926bf196e1287c249af9e89f6fd27f5b86199f4d7db766a393807c
+  data.tar.gz: cab76d066dddfd593a6670bdc56921d744c97173728e156304bbd5f209534b055eb24791c0dfeee6f19372b5ecc738d5785674906e9926461039b5c317649ddb

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# Artsy Authentication [![Build Status](https://travis-ci.org/artsy/artsy-auth.svg?branch=master)](https://travis-ci.org/artsy/artsy-auth)
+# Artsy Authentication [![CircleCI](https://circleci.com/gh/artsy/artsy-auth/tree/master.svg?style=shield)](https://circleci.com/gh/artsy/artsy-auth/tree/master)
 Ruby Gem for adding Artsy's omniauth based authentication to your app.
@@ -17,7 +17,7 @@ Add `artsy_auth.rb` under `config/initializers`. We need to configure `ArtsyAuth
 `callback_url` defines after a successful omniauth handshake, where should we get redirected to.
 ```ruby
-# config/initalizers/artsy_auth.rb
+# config/initializers/artsy_auth.rb
 ArtsyAuth.configure do |config|
   config.artsy_api_url = 'https://stagingapi.artsy.net' # required
   config.callback_url = '/admin' # optional
@@ -34,7 +34,7 @@ mount ArtsyAuth::Engine => '/'
 In order to force authentication, you need to include 'ArtsyAuth::Authenticated' in your controller, you also need to add (override) `authorized_artsy_token?` method there which gets a token and in your app you need to define how do you authorize that token, for example:
 ```ruby
-class ApplicationController < ArtsyAuth::ApplicationController
+class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   protect_from_forgery with: :exception
@@ -51,6 +51,13 @@ class ApplicationController < ArtsyAuth::ApplicationController
 end
 ```
+# Decoding the JWT
+The JWT is signed using a different secret from the client secret for OAuth. For Artsy engineers: get it from the `internal_secret` on your corresponding `ClientApplication` model.
+The JWT contains user information that you can get from an API call to get the `me` user account, you can work around not having the secret by making a request for that against the API.
 # Update From Version < 0.1.7
 In previous versions you would change your `ApplicationController` to inherit from `ArtsyAuth::ApplicationController`, with versions > `0.1.7` you need to `include ArtsyAuth::Authenticated` like the example above.

data/app/views/artsy_auth/sessions/new.erb ADDED Viewed

@@ -0,0 +1,20 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Artsy Auth</title>
+  </head>
+  <body>
+    <p id="placeholder" style="visibility: hidden; text-align: center;">Authenticating...</p>
+    <div style="display: none;">
+      <%= button_to 'Log in via Artsy', '/auth/artsy', form: { id: 'artsy-auth-login-form' } %>
+    </div>
+    <script>
+      document.getElementById("artsy-auth-login-form").submit();
+      setTimeout(function() {
+        document.getElementById("placeholder").style.visibility = "visible";
+      }, 1000);
+    </script>
+  </body>
+</html>

data/config/routes.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 ArtsyAuth::Engine.routes.draw do
   get '/auth/:provider/callback', to: 'sessions#create'
+  get '/auth/:provider/new', to: 'sessions#new'
   get '/sign_out', to: 'sessions#destroy'
 end

data/lib/artsy-auth.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require 'artsy-auth/config'
 require 'artsy-auth/engine'
 require 'artsy-auth/session_controller'
 require 'artsy-auth/version'
+require 'omniauth/rails_csrf_protection'
 module ArtsyAuth
 end

data/lib/artsy-auth/authenticated.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module ArtsyAuth
     def clear_session_and_reauth!
       reset_session
       session[:redirect_to] = request.url
-      redirect_to '/auth/artsy'
+      redirect_to '/auth/artsy/new'
     end
     def authorized_artsy_token?(token)

data/lib/artsy-auth/session_controller.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module ArtsyAuth
   class SessionsController < ActionController::Base
+    def new; end
     def create
       session[:user_id] = auth_hash['uid']
       session[:email] = auth_hash['info']['raw_info']['email']

data/lib/artsy-auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ArtsyAuth
-  VERSION = '0.1.8'.freeze
+  VERSION = '0.2.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: artsy-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.2.0
 platform: ruby
 authors:
 - Artsy
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-07 00:00:00.000000000 Z
+date: 2021-08-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-artsy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -25,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: omniauth-artsy
+  name: omniauth-rails_csrf_protection
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +67,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.2.0
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -80,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -109,7 +151,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: guard-rubocop
+  name: selenium-webdriver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webdrivers
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -131,6 +187,7 @@ extra_rdoc_files: []
 files:
 - README.md
 - Rakefile
+- app/views/artsy_auth/sessions/new.erb
 - config/initializers/omniauth.rb
 - config/routes.rb
 - lib/artsy-auth.rb
@@ -139,10 +196,10 @@ files:
 - lib/artsy-auth/engine.rb
 - lib/artsy-auth/session_controller.rb
 - lib/artsy-auth/version.rb
-homepage: http://artsy.net
+homepage: https://www.artsy.net
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -157,10 +214,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.8
-signing_key:
+rubygems_version: 3.2.23
+signing_key:
 specification_version: 4
-summary: ArtsyAuth is a rails based gem that adds Artsy authentication with authorization
+summary: ArtsyAuth is a Rails engine that adds Artsy authentication with authorization
   to your app.
 test_files: []