atomic_tenant 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/credentials/development.key +1 -0
- data/config/credentials/development.yml.enc +1 -0
- data/config/credentials.yml.enc +1 -0
- data/config/master.key +1 -0
- data/lib/atomic_tenant/canvas_content_migration.rb +3 -7
- data/lib/atomic_tenant/current_application_instance_middleware.rb +5 -4
- data/lib/atomic_tenant/jwt_token.rb +6 -4
- data/lib/atomic_tenant/version.rb +1 -1
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f635499df77d939a16ee1e90ce641fbad5a051b97420b19f954b9fedeb3d045c
|
|
4
|
+
data.tar.gz: f5480ade4fa304414afd1e705a387cc335c5b820a6e59f39ccac3acf1b2fc34c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c45f01695bec7b2a71393503597e3efe035737d5a14f217ff35c6ac1a89c58709092546ebbed29a9342ab3d97a4ebb7f4bdc15dfb6756108155e86497357f8c3
|
|
7
|
+
data.tar.gz: 907c96d38bbbde3c68b4de8fd8aa54d5e58a77fa30f47e93887c610cc8e3793d2f47d0f2b91609100f510ef7894bc12d9e8c8de4c76db5a9c97435bb606e7a32
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
6817b8d390f3e9c372c1778571991824
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
zCGS7BXOZ0hz1MyReaEXTOxAsbr+2dDIuA7MveFmoLMxhcpB8Ke+aVyPK6eQ5QuWyNHjX0KTLNFjl22T2TFumPORSqg=--PPpYgiAHaLVdQ7k5--W4gzuV3PDu0RRFOiCv85ig==
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
m9enHQtifWxwTwrNrikI79tELr3AJbu3UIy2zGCb0DpNoLs6/NyJIPrdvTAF7K+eyqkri0SLiaap1VXWqXuW0B/RcPf8ZQnbOxpnw5DN9EtI8s/lx8hv55+34PuCFYiGZ/RUoN7PakSOZIcyZV2ICM/nFRCtmkbu6+/939Nr3gUwGGmA10xyWORDr4CAQv+mGm/j1Lr9AkW00RK53JzwWS3rnqu19j1JkifrDFDw9Oa8wNaCiy+lPVHjo3rXwTk+SoLktVit7Nv74n5zy9w88YtfZnnqAw6R98m7tnR29A0axA9o92jDuaJMn0lyc4mr2p7LajC/+EV0/QB70pilU5sEHqe1qb6wzLpN+uj0GG2afwB/JyxbOISkvAi9TnfqksI7F1Gk+4IOzPiiN72MR8XuXbxjrnVIpLo0--pu7RLFc9X+G62Q91--8XtFlY9/RyZH9tqUbLT8LQ==
|
data/config/master.key
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
1d05e1db543548feef108df7c1818523
|
|
@@ -12,13 +12,9 @@ module AtomicTenant
|
|
|
12
12
|
unverified = JWT.decode(token, nil, false)
|
|
13
13
|
kid = unverified[HEADER]["kid"]
|
|
14
14
|
app_instance = ApplicationInstance.find_by!(lti_key: kid)
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
true,
|
|
19
|
-
{ algorithm: algorithm },
|
|
20
|
-
)
|
|
21
|
-
[decoded_token, app_instance]
|
|
15
|
+
# We don't validate because we're only setting the tenant for the request. The app
|
|
16
|
+
# must validate the JWT.
|
|
17
|
+
app_instance
|
|
22
18
|
end
|
|
23
19
|
end
|
|
24
20
|
end
|
|
@@ -53,18 +53,19 @@ module AtomicTenant
|
|
|
53
53
|
env['atomic.validated.application_instance_id'] = instance.id
|
|
54
54
|
end
|
|
55
55
|
elsif canvas_migration_hook?(request)
|
|
56
|
-
|
|
56
|
+
app_instance = AtomicTenant::CanvasContentMigration.decode(encoded_token(request))
|
|
57
57
|
env['atomic.validated.application_instance_id'] = app_instance.id
|
|
58
58
|
elsif encoded_token(request).present?
|
|
59
59
|
token = encoded_token(request)
|
|
60
|
-
#
|
|
61
|
-
|
|
60
|
+
# We don't validate the token here because this step is only designed to set
|
|
61
|
+
# the tenant for the request. If the token is invalid or expired the app must
|
|
62
|
+
# return 401 or take other action.
|
|
63
|
+
decoded_token = AtomicTenant::JwtToken.decode(token, validate: false)
|
|
62
64
|
if decoded_token.present? && decoded_token.first.present?
|
|
63
65
|
if app_instance_id = decoded_token.first['application_instance_id']
|
|
64
66
|
env['atomic.validated.application_instance_id'] = app_instance_id
|
|
65
67
|
end
|
|
66
68
|
end
|
|
67
|
-
|
|
68
69
|
end
|
|
69
70
|
|
|
70
71
|
rescue StandardError => e
|
|
@@ -1,17 +1,19 @@
|
|
|
1
1
|
module AtomicTenant
|
|
2
2
|
module JwtToken
|
|
3
3
|
class InvalidTokenError < StandardError; end
|
|
4
|
-
|
|
4
|
+
|
|
5
5
|
ALGORITHM = "HS512".freeze
|
|
6
6
|
|
|
7
|
-
def self.decode(token, algorithm = ALGORITHM)
|
|
7
|
+
def self.decode(token, algorithm = ALGORITHM, validate: true)
|
|
8
8
|
decoded_token = JWT.decode(
|
|
9
9
|
token,
|
|
10
10
|
AtomicTenant.jwt_secret,
|
|
11
|
-
|
|
11
|
+
validate,
|
|
12
12
|
{ algorithm: algorithm },
|
|
13
13
|
)
|
|
14
|
-
|
|
14
|
+
if AtomicTenant.jwt_aud != decoded_token[0]["aud"]
|
|
15
|
+
return nil
|
|
16
|
+
end
|
|
15
17
|
|
|
16
18
|
decoded_token
|
|
17
19
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: atomic_tenant
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nick Benoit
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-01-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: atomic_lti
|
|
@@ -52,6 +52,10 @@ files:
|
|
|
52
52
|
- app/models/atomic_tenant/lti_deployment.rb
|
|
53
53
|
- app/models/atomic_tenant/pinned_client_id.rb
|
|
54
54
|
- app/models/atomic_tenant/pinned_platform_guid.rb
|
|
55
|
+
- config/credentials.yml.enc
|
|
56
|
+
- config/credentials/development.key
|
|
57
|
+
- config/credentials/development.yml.enc
|
|
58
|
+
- config/master.key
|
|
55
59
|
- config/routes.rb
|
|
56
60
|
- db/migrate/20220816154357_create_atomic_tenant_lti_deployments.rb
|
|
57
61
|
- db/migrate/20220816174344_create_atomic_tenant_pinned_platform_guids.rb
|
|
@@ -87,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
87
91
|
- !ruby/object:Gem::Version
|
|
88
92
|
version: '0'
|
|
89
93
|
requirements: []
|
|
90
|
-
rubygems_version: 3.
|
|
94
|
+
rubygems_version: 3.1.6
|
|
91
95
|
signing_key:
|
|
92
96
|
specification_version: 4
|
|
93
97
|
summary: Summary of AtomicTenant.
|