atomic_tenant 1.2.0 → 1.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1fb823e9a69ae301f4c54a2fdd0212a1ab1a722d8a29693eb19ab368bfe20426
-  data.tar.gz: 5dfc41443847da7d515de0aea9303d44cacac5ba424fbc9e2837335221c90a59
+  metadata.gz: f635499df77d939a16ee1e90ce641fbad5a051b97420b19f954b9fedeb3d045c
+  data.tar.gz: f5480ade4fa304414afd1e705a387cc335c5b820a6e59f39ccac3acf1b2fc34c
 SHA512:
-  metadata.gz: 178f0e154893bed333c5d1a308b6598c795b5516b9884083fc4303e57949cc623725a282bf7c7d6a01ae1bb334eb9d73bdc1e8fc5ad5986cb015f377eb0bfd11
-  data.tar.gz: de989225aac86e31b254e23c514bf1714bae793f319e63f48bcb140b3eb1e233e591c481d7b03e4c20325ac66153c147df9243ec0ddfb87051a2b816f1cd6f2c
+  metadata.gz: c45f01695bec7b2a71393503597e3efe035737d5a14f217ff35c6ac1a89c58709092546ebbed29a9342ab3d97a4ebb7f4bdc15dfb6756108155e86497357f8c3
+  data.tar.gz: 907c96d38bbbde3c68b4de8fd8aa54d5e58a77fa30f47e93887c610cc8e3793d2f47d0f2b91609100f510ef7894bc12d9e8c8de4c76db5a9c97435bb606e7a32

data/config/credentials/development.key

@@ -0,0 +1 @@
+6817b8d390f3e9c372c1778571991824

data/config/credentials/development.yml.enc

@@ -0,0 +1 @@
+zCGS7BXOZ0hz1MyReaEXTOxAsbr+2dDIuA7MveFmoLMxhcpB8Ke+aVyPK6eQ5QuWyNHjX0KTLNFjl22T2TFumPORSqg=--PPpYgiAHaLVdQ7k5--W4gzuV3PDu0RRFOiCv85ig==

data/config/credentials.yml.enc

@@ -0,0 +1 @@
+m9enHQtifWxwTwrNrikI79tELr3AJbu3UIy2zGCb0DpNoLs6/NyJIPrdvTAF7K+eyqkri0SLiaap1VXWqXuW0B/RcPf8ZQnbOxpnw5DN9EtI8s/lx8hv55+34PuCFYiGZ/RUoN7PakSOZIcyZV2ICM/nFRCtmkbu6+/939Nr3gUwGGmA10xyWORDr4CAQv+mGm/j1Lr9AkW00RK53JzwWS3rnqu19j1JkifrDFDw9Oa8wNaCiy+lPVHjo3rXwTk+SoLktVit7Nv74n5zy9w88YtfZnnqAw6R98m7tnR29A0axA9o92jDuaJMn0lyc4mr2p7LajC/+EV0/QB70pilU5sEHqe1qb6wzLpN+uj0GG2afwB/JyxbOISkvAi9TnfqksI7F1Gk+4IOzPiiN72MR8XuXbxjrnVIpLo0--pu7RLFc9X+G62Q91--8XtFlY9/RyZH9tqUbLT8LQ==

data/config/master.key

@@ -0,0 +1 @@
+1d05e1db543548feef108df7c1818523

data/lib/atomic_tenant/canvas_content_migration.rb

@@ -12,13 +12,9 @@ module AtomicTenant
       unverified = JWT.decode(token, nil, false)
       kid = unverified[HEADER]["kid"]
       app_instance = ApplicationInstance.find_by!(lti_key: kid)
-      decoded_token = JWT.decode(
-        token,
-        app_instance.lti_secret,
-        true,
-        { algorithm: algorithm },
-      )
-      [decoded_token, app_instance]
+      # We don't validate because we're only setting the tenant for the request. The app
+      # must validate the JWT.
+      app_instance
     end
   end
 end

data/lib/atomic_tenant/current_application_instance_middleware.rb

@@ -53,18 +53,19 @@ module AtomicTenant
             env['atomic.validated.application_instance_id'] = instance.id
           end
         elsif canvas_migration_hook?(request)
-          _token, app_instance = AtomicTenant::CanvasContentMigration.decode(encoded_token(request))
+          app_instance = AtomicTenant::CanvasContentMigration.decode(encoded_token(request))
           env['atomic.validated.application_instance_id'] = app_instance.id
         elsif encoded_token(request).present?
           token = encoded_token(request)
-          # TODO: decoded token should be put on request
-          decoded_token = AtomicTenant::JwtToken.decode(token)
+          # We don't validate the token here because this step is only designed to set
+          # the tenant for the request. If the token is invalid or expired the app must
+          # return 401 or take other action.
+          decoded_token = AtomicTenant::JwtToken.decode(token, validate: false)
           if decoded_token.present? && decoded_token.first.present?
             if app_instance_id = decoded_token.first['application_instance_id']
               env['atomic.validated.application_instance_id'] = app_instance_id
             end
           end
-
         end
 
       rescue StandardError => e

data/lib/atomic_tenant/jwt_token.rb

@@ -1,17 +1,19 @@
 module AtomicTenant
   module JwtToken
     class InvalidTokenError < StandardError; end
- 
+
     ALGORITHM = "HS512".freeze
 
-    def self.decode(token,  algorithm = ALGORITHM)
+    def self.decode(token,  algorithm = ALGORITHM, validate: true)
       decoded_token = JWT.decode(
         token,
         AtomicTenant.jwt_secret,
-        true,
+        validate,
         { algorithm: algorithm },
       )
-      raise InvalidTokenError if AtomicTenant.jwt_aud != decoded_token[0]["aud"]
+      if AtomicTenant.jwt_aud != decoded_token[0]["aud"]
+        return nil
+      end
 
       decoded_token
     end

data/lib/atomic_tenant/version.rb

@@ -1,3 +1,3 @@
 module AtomicTenant
-  VERSION = '1.2.0'
+  VERSION = '1.2.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: atomic_tenant
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.2
 platform: ruby
 authors:
 - Nick Benoit
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-16 00:00:00.000000000 Z
+date: 2024-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: atomic_lti
@@ -52,6 +52,10 @@ files:
 - app/models/atomic_tenant/lti_deployment.rb
 - app/models/atomic_tenant/pinned_client_id.rb
 - app/models/atomic_tenant/pinned_platform_guid.rb
+- config/credentials.yml.enc
+- config/credentials/development.key
+- config/credentials/development.yml.enc
+- config/master.key
 - config/routes.rb
 - db/migrate/20220816154357_create_atomic_tenant_lti_deployments.rb
 - db/migrate/20220816174344_create_atomic_tenant_pinned_platform_guids.rb
@@ -87,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.15
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Summary of AtomicTenant.