atomic_tenant 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1fb823e9a69ae301f4c54a2fdd0212a1ab1a722d8a29693eb19ab368bfe20426
4
- data.tar.gz: 5dfc41443847da7d515de0aea9303d44cacac5ba424fbc9e2837335221c90a59
3
+ metadata.gz: f635499df77d939a16ee1e90ce641fbad5a051b97420b19f954b9fedeb3d045c
4
+ data.tar.gz: f5480ade4fa304414afd1e705a387cc335c5b820a6e59f39ccac3acf1b2fc34c
5
5
  SHA512:
6
- metadata.gz: 178f0e154893bed333c5d1a308b6598c795b5516b9884083fc4303e57949cc623725a282bf7c7d6a01ae1bb334eb9d73bdc1e8fc5ad5986cb015f377eb0bfd11
7
- data.tar.gz: de989225aac86e31b254e23c514bf1714bae793f319e63f48bcb140b3eb1e233e591c481d7b03e4c20325ac66153c147df9243ec0ddfb87051a2b816f1cd6f2c
6
+ metadata.gz: c45f01695bec7b2a71393503597e3efe035737d5a14f217ff35c6ac1a89c58709092546ebbed29a9342ab3d97a4ebb7f4bdc15dfb6756108155e86497357f8c3
7
+ data.tar.gz: 907c96d38bbbde3c68b4de8fd8aa54d5e58a77fa30f47e93887c610cc8e3793d2f47d0f2b91609100f510ef7894bc12d9e8c8de4c76db5a9c97435bb606e7a32
@@ -0,0 +1 @@
1
+ 6817b8d390f3e9c372c1778571991824
@@ -0,0 +1 @@
1
+ zCGS7BXOZ0hz1MyReaEXTOxAsbr+2dDIuA7MveFmoLMxhcpB8Ke+aVyPK6eQ5QuWyNHjX0KTLNFjl22T2TFumPORSqg=--PPpYgiAHaLVdQ7k5--W4gzuV3PDu0RRFOiCv85ig==
@@ -0,0 +1 @@
1
+ m9enHQtifWxwTwrNrikI79tELr3AJbu3UIy2zGCb0DpNoLs6/NyJIPrdvTAF7K+eyqkri0SLiaap1VXWqXuW0B/RcPf8ZQnbOxpnw5DN9EtI8s/lx8hv55+34PuCFYiGZ/RUoN7PakSOZIcyZV2ICM/nFRCtmkbu6+/939Nr3gUwGGmA10xyWORDr4CAQv+mGm/j1Lr9AkW00RK53JzwWS3rnqu19j1JkifrDFDw9Oa8wNaCiy+lPVHjo3rXwTk+SoLktVit7Nv74n5zy9w88YtfZnnqAw6R98m7tnR29A0axA9o92jDuaJMn0lyc4mr2p7LajC/+EV0/QB70pilU5sEHqe1qb6wzLpN+uj0GG2afwB/JyxbOISkvAi9TnfqksI7F1Gk+4IOzPiiN72MR8XuXbxjrnVIpLo0--pu7RLFc9X+G62Q91--8XtFlY9/RyZH9tqUbLT8LQ==
data/config/master.key ADDED
@@ -0,0 +1 @@
1
+ 1d05e1db543548feef108df7c1818523
@@ -12,13 +12,9 @@ module AtomicTenant
12
12
  unverified = JWT.decode(token, nil, false)
13
13
  kid = unverified[HEADER]["kid"]
14
14
  app_instance = ApplicationInstance.find_by!(lti_key: kid)
15
- decoded_token = JWT.decode(
16
- token,
17
- app_instance.lti_secret,
18
- true,
19
- { algorithm: algorithm },
20
- )
21
- [decoded_token, app_instance]
15
+ # We don't validate because we're only setting the tenant for the request. The app
16
+ # must validate the JWT.
17
+ app_instance
22
18
  end
23
19
  end
24
20
  end
@@ -53,18 +53,19 @@ module AtomicTenant
53
53
  env['atomic.validated.application_instance_id'] = instance.id
54
54
  end
55
55
  elsif canvas_migration_hook?(request)
56
- _token, app_instance = AtomicTenant::CanvasContentMigration.decode(encoded_token(request))
56
+ app_instance = AtomicTenant::CanvasContentMigration.decode(encoded_token(request))
57
57
  env['atomic.validated.application_instance_id'] = app_instance.id
58
58
  elsif encoded_token(request).present?
59
59
  token = encoded_token(request)
60
- # TODO: decoded token should be put on request
61
- decoded_token = AtomicTenant::JwtToken.decode(token)
60
+ # We don't validate the token here because this step is only designed to set
61
+ # the tenant for the request. If the token is invalid or expired the app must
62
+ # return 401 or take other action.
63
+ decoded_token = AtomicTenant::JwtToken.decode(token, validate: false)
62
64
  if decoded_token.present? && decoded_token.first.present?
63
65
  if app_instance_id = decoded_token.first['application_instance_id']
64
66
  env['atomic.validated.application_instance_id'] = app_instance_id
65
67
  end
66
68
  end
67
-
68
69
  end
69
70
 
70
71
  rescue StandardError => e
@@ -1,17 +1,19 @@
1
1
  module AtomicTenant
2
2
  module JwtToken
3
3
  class InvalidTokenError < StandardError; end
4
-
4
+
5
5
  ALGORITHM = "HS512".freeze
6
6
 
7
- def self.decode(token, algorithm = ALGORITHM)
7
+ def self.decode(token, algorithm = ALGORITHM, validate: true)
8
8
  decoded_token = JWT.decode(
9
9
  token,
10
10
  AtomicTenant.jwt_secret,
11
- true,
11
+ validate,
12
12
  { algorithm: algorithm },
13
13
  )
14
- raise InvalidTokenError if AtomicTenant.jwt_aud != decoded_token[0]["aud"]
14
+ if AtomicTenant.jwt_aud != decoded_token[0]["aud"]
15
+ return nil
16
+ end
15
17
 
16
18
  decoded_token
17
19
  end
@@ -1,3 +1,3 @@
1
1
  module AtomicTenant
2
- VERSION = '1.2.0'
2
+ VERSION = '1.2.2'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: atomic_tenant
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nick Benoit
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-16 00:00:00.000000000 Z
11
+ date: 2024-01-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: atomic_lti
@@ -52,6 +52,10 @@ files:
52
52
  - app/models/atomic_tenant/lti_deployment.rb
53
53
  - app/models/atomic_tenant/pinned_client_id.rb
54
54
  - app/models/atomic_tenant/pinned_platform_guid.rb
55
+ - config/credentials.yml.enc
56
+ - config/credentials/development.key
57
+ - config/credentials/development.yml.enc
58
+ - config/master.key
55
59
  - config/routes.rb
56
60
  - db/migrate/20220816154357_create_atomic_tenant_lti_deployments.rb
57
61
  - db/migrate/20220816174344_create_atomic_tenant_pinned_platform_guids.rb
@@ -87,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
87
91
  - !ruby/object:Gem::Version
88
92
  version: '0'
89
93
  requirements: []
90
- rubygems_version: 3.4.15
94
+ rubygems_version: 3.1.6
91
95
  signing_key:
92
96
  specification_version: 4
93
97
  summary: Summary of AtomicTenant.