auth0_current_user 0.1.0.4 → 0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c68f7321c197398a01de6ed4cccf77c26e7947efdd808863c33a6c76456e2abb
4
- data.tar.gz: 31de0e2c0e4a7324876035305b53f80107b53206b08c335049bc2b3f7978912a
3
+ metadata.gz: e328e498710b8747cd3b3e6fa46321c0421023a601b67baa4f73b5a6661a4547
4
+ data.tar.gz: 5a7d9ac31f4a0f1497f3cc03a9bf32d14fa055f8ed1db7789d6894c08db0250e
5
5
  SHA512:
6
- metadata.gz: 7ba0f3aac70d35ffbe2f45f58fe893ace7ea1e242669d6e5be1b1279c4484154b89c780b068d0fcf50c5ba079f1bc6d81cedfb7f6dc962528057ff86df5543bf
7
- data.tar.gz: d77ddc5649d3e17ea9d8afa9061a35294e23da56cdb873e7de89194a6980e96249fba4bee2b34ee5be01218fce6707835aa67123ed9b3fea3550cd47b9529a22
6
+ metadata.gz: 15852264e476b984ebf02119c91728cefff2e6c0e67c8c13b774acb70910a65a0875986fd6a54795434c695c56c62320d1b603a466fe0e25aab376836a5c78e2
7
+ data.tar.gz: 81dd34df56d368bdf5ff99fdaefe0d95594d63d623932c887314e50174451e1aa628ecc0bb3caaab160f4088222f80373222733327767a6b9d2f2cffa7bd9066
data/.gitignore CHANGED
@@ -6,3 +6,4 @@
6
6
  /pkg/
7
7
  /spec/reports/
8
8
  /tmp/
9
+ .idea
data/Gemfile.lock CHANGED
@@ -5,7 +5,6 @@ PATH
5
5
  activesupport
6
6
  jwt
7
7
  request_store
8
- uri
9
8
 
10
9
  GEM
11
10
  remote: https://rubygems.org/
@@ -28,7 +27,6 @@ GEM
28
27
  thread_safe (0.3.6)
29
28
  tzinfo (1.2.7)
30
29
  thread_safe (~> 0.1)
31
- uri (0.10.0)
32
30
  zeitwerk (2.4.0)
33
31
 
34
32
  PLATFORMS
data/README.md CHANGED
@@ -1,8 +1,5 @@
1
1
  # Auth0CurrentUser
2
-
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/auth0_current_user`. To experiment with that code, run `bin/console` for an interactive prompt.
4
-
5
- TODO: Delete this and the text above, and describe your gem
2
+ [![Gem Version](https://badge.fury.io/rb/auth0_current_user.svg)](https://badge.fury.io/rb/auth0_current_user)
6
3
 
7
4
  ## Installation
8
5
 
@@ -22,7 +19,26 @@ Or install it yourself as:
22
19
 
23
20
  ## Usage
24
21
 
25
- TODO: Write usage instructions here
22
+ After including the gem in your Gemfile, run `rails g auth0_current_user:install` to install the initializer. This configuration of the gem is dependant on a couple of attributes:
23
+ * `auth0_domain`
24
+ * This is the domain from setting up your Auth0 application.
25
+ * `auth0_audience`
26
+ * This is the api identifier that you chose when creating your api(M2M) application
27
+ * `authenticated_klass`
28
+ * Defaults to `User`, but if you have a different model name for the class that will be logging in and being authenticate, be sure to change that in the initializeer.
29
+ * accepted values are symbols or strings
30
+ * :user, 'user', :User, 'User'
31
+ * :my_user, 'my_user', :MyUser, 'MyUser'
32
+
33
+ To take advantage of the Auth0 authentication there are two flows you can use by simply including the relevant module in which ever controller you wish to lockdown.
34
+ 1. Web
35
+
36
+ a. `include Auth0CurrentUser::WebSecured`
37
+ 3. Api
38
+
39
+ a. `include Auth0CurrentUser::ApiSecured`
40
+
41
+ In either case, you will have access to the `current_user` method. The `WebSecured` will check for `current_user` or `session['userinfo']` and the `ApiSecured` will check against the JsonWebToken being passed in.
26
42
 
27
43
  ## Development
28
44
 
@@ -28,6 +28,5 @@ Gem::Specification.new do |spec|
28
28
  spec.add_dependency 'activesupport'
29
29
  spec.add_dependency 'jwt'
30
30
  spec.add_dependency 'request_store'
31
- spec.add_dependency 'uri'
32
-
31
+
33
32
  end
@@ -0,0 +1,65 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'jwt'
4
+ require 'request_store'
5
+ require 'auth0_current_user/json_web_token'
6
+ require 'auth0_current_user/configuration'
7
+
8
+ module ApiSecured
9
+ extend ActiveSupport::Concern
10
+
11
+ included do
12
+ before_action :authenticate_request!
13
+ end
14
+
15
+ private
16
+
17
+ def authenticate_request!
18
+ token = auth_token
19
+ set_current_user(token)
20
+
21
+ token
22
+ rescue JWT::VerificationError, JWT::DecodeError
23
+ render json: { errors: ['Not Authenticated'] }, status: :unauthorized
24
+ end
25
+
26
+ def http_token
27
+ if request.headers['Authorization'].present?
28
+ request.headers['Authorization'].split(' ').last
29
+ end
30
+ end
31
+
32
+ def auth_token
33
+ ::JsonWebToken.verify(http_token)
34
+ end
35
+
36
+ def get_email(token)
37
+ ::JsonWebToken.get_claim(token, 'email')
38
+ end
39
+
40
+ def set_current_user(token)
41
+ email = get_email(token)
42
+ RequestStore.store[:current_user] ||= Kernel.const_get(authenticated_klass).find_by(email: email)
43
+ end
44
+
45
+ def current_user
46
+ @current_user ||= RequestStore.store[:current_user]
47
+ end
48
+
49
+ def authenticated_klass
50
+ unless configuration.authenticated_klass
51
+ raise NotImplementedError, 'You must define the #authenitcated_klass in config/initializers/auth0_current_user'
52
+ return
53
+ end
54
+
55
+ @authenticated_klass ||= configuration.authenticated_klass.to_s.classify
56
+ rescue StandardError => e
57
+ Rails.logger.error(e.message)
58
+ end
59
+
60
+ def configuration
61
+ @configuration ||= Auth0CurrentUser.configuration
62
+ end
63
+
64
+ end
65
+
@@ -1,11 +1,12 @@
1
1
  module Auth0CurrentUser
2
2
  class Configuration
3
- attr_accessor :auth0_domain, :auth0_audience, :authenticated_klass
3
+ attr_accessor :auth0_domain, :auth0_audience, :authenticated_klass, :client_id
4
4
 
5
5
  def initialize
6
6
  @auth0_domain = nil
7
7
  @auth0_audience = nil
8
8
  @authenticated_klass = :user
9
+ @client_id = nil
9
10
  end
10
11
 
11
12
  end
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  require 'net/http'
3
4
  require 'uri'
4
5
  require 'jwt'
@@ -13,8 +14,8 @@ class JsonWebToken
13
14
  verify_iss: true,
14
15
  aud: configuration.auth0_audience,
15
16
  verify_aud: true) do |header|
16
- jwks_hash[header['kid']]
17
- end
17
+ jwks_hash[header['kid']]
18
+ end
18
19
  end
19
20
 
20
21
  def self.jwks_hash
@@ -22,7 +23,7 @@ class JsonWebToken
22
23
  jwks_keys = Array(JSON.parse(jwks_raw)['keys'])
23
24
  Hash[
24
25
  jwks_keys
25
- .map do |k|
26
+ .map do |k|
26
27
  [
27
28
  k['kid'],
28
29
  OpenSSL::X509::Certificate.new(
@@ -41,3 +42,4 @@ class JsonWebToken
41
42
  @configuration ||= Auth0CurrentUser::Configuration.new
42
43
  end
43
44
  end
45
+
@@ -1,3 +1,3 @@
1
1
  module Auth0CurrentUser
2
- VERSION = "0.1.0.4"
2
+ VERSION = "0.3"
3
3
  end
@@ -0,0 +1,57 @@
1
+ require 'auth0_current_user/configuration'
2
+
3
+ module Auth0CurrentUser
4
+ module WebSecured
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+ before_action :logged_in_using_omniauth?
9
+ helper_method :current_user
10
+ end
11
+
12
+ def current_user
13
+ @_current_user ||= Kernel.const_get(authenticated_klass).find_by(email: email)
14
+ end
15
+
16
+ private
17
+
18
+ def authenticated_klass
19
+ unless configuration.authenticated_klass
20
+ raise NotImplementedError, 'You must define the #authenitcated_klass in config/initializers/auth0_current_user'
21
+ return
22
+ end
23
+
24
+ @_authenticated_klass ||= configuration.authenticated_klass.to_s.classify
25
+ rescue NameError => e
26
+ Rails.logger.error("You must create a #{authenticated_klass} model/migration")
27
+ rescue StandardError => e
28
+ Rails.logger.error(e.message)
29
+ end
30
+
31
+ def configuration
32
+ @_configuration ||= Configuration.new
33
+ end
34
+
35
+ def email
36
+ @_email ||= userinfo['email'] || userinfo['name']
37
+ end
38
+
39
+ def logged_in_using_omniauth?
40
+ redirect_to authorization_endpoint unless session[:userinfo].present? && Time.zone.now < Time.zone.at(userinfo['exp'])
41
+ end
42
+
43
+ def authorization_endpoint
44
+ @_authorization_endpoint ||= "https://#{configuration.auth0_domain}/authorize?response_type=code&client_id=#{configuration.client_id}"
45
+ end
46
+
47
+ def userinfo
48
+ session['userinfo'] || {}
49
+ end
50
+
51
+ def configuration
52
+ @configuration ||= Auth0CurrentUser.configuration
53
+ end
54
+
55
+ end
56
+ end
57
+
@@ -1,6 +1,7 @@
1
1
  require 'auth0_current_user/version'
2
2
  require 'auth0_current_user/configuration'
3
- require 'auth0_current_user/secured'
3
+ require 'auth0_current_user/api_secured'
4
+ require 'auth0_current_user/web_secured'
4
5
 
5
6
  module Auth0CurrentUser
6
7
  class Error < StandardError; end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: auth0_current_user
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.4
4
+ version: '0.3'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Heft
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-04 00:00:00.000000000 Z
11
+ date: 2022-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -52,20 +52,6 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
- - !ruby/object:Gem::Dependency
56
- name: uri
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - ">="
60
- - !ruby/object:Gem::Version
61
- version: '0'
62
- type: :runtime
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - ">="
67
- - !ruby/object:Gem::Version
68
- version: '0'
69
55
  description: Implements Auth0's setup for authentication/authorization along with
70
56
  setting a current_user method.
71
57
  email:
@@ -75,12 +61,6 @@ extensions: []
75
61
  extra_rdoc_files: []
76
62
  files:
77
63
  - ".gitignore"
78
- - ".idea/.gitignore"
79
- - ".idea/.rakeTasks"
80
- - ".idea/auth0_current_user.iml"
81
- - ".idea/misc.xml"
82
- - ".idea/modules.xml"
83
- - ".idea/vcs.xml"
84
64
  - ".tool-versions"
85
65
  - CODE_OF_CONDUCT.md
86
66
  - Gemfile
@@ -92,10 +72,11 @@ files:
92
72
  - bin/console
93
73
  - bin/setup
94
74
  - lib/auth0_current_user.rb
75
+ - lib/auth0_current_user/api_secured.rb
95
76
  - lib/auth0_current_user/configuration.rb
96
77
  - lib/auth0_current_user/json_web_token.rb
97
- - lib/auth0_current_user/secured.rb
98
78
  - lib/auth0_current_user/version.rb
79
+ - lib/auth0_current_user/web_secured.rb
99
80
  - lib/generators/auth0_current_user/install_generator.rb
100
81
  - lib/generators/templates/auth0_current_user.rb
101
82
  homepage: https://github.com/mikeyduece/auth0_current_user
@@ -105,7 +86,7 @@ metadata:
105
86
  homepage_uri: https://github.com/mikeyduece/auth0_current_user
106
87
  source_code_uri: https://github.com/mikeyduece/auth0_current_user
107
88
  changelog_uri: https://github.com/mikeyduece/auth0_current_user
108
- post_install_message:
89
+ post_install_message:
109
90
  rdoc_options: []
110
91
  require_paths:
111
92
  - lib
@@ -121,7 +102,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
121
102
  version: '0'
122
103
  requirements: []
123
104
  rubygems_version: 3.1.2
124
- signing_key:
105
+ signing_key:
125
106
  specification_version: 4
126
107
  summary: Implements Auth0's setup for authentication/authorization along with setting
127
108
  a current_user method.
data/.idea/.gitignore DELETED
@@ -1,8 +0,0 @@
1
- # Default ignored files
2
- /shelf/
3
- /workspace.xml
4
- # Datasource local storage ignored files
5
- /dataSources/
6
- /dataSources.local.xml
7
- # Editor-based HTTP Client requests
8
- /httpRequests/
data/.idea/.rakeTasks DELETED
@@ -1,7 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <Settings><!--This file was automatically generated by Ruby plugin.
3
- You are allowed to:
4
- 1. Remove rake task
5
- 2. Add existing rake tasks
6
- To add existing rake tasks automatically delete this file and reload the project.
7
- --><RakeGroup description="" fullCmd="" taksId="rake"><RakeTask description="Build auth0_current_user-0.1.0.gem into the pkg directory" fullCmd="build" taksId="build" /><RakeTask description="Remove any temporary products" fullCmd="clean" taksId="clean" /><RakeTask description="Remove any generated files" fullCmd="clobber" taksId="clobber" /><RakeTask description="Build and install auth0_current_user-0.1.0.gem into system gems" fullCmd="install" taksId="install" /><RakeGroup description="" fullCmd="" taksId="install"><RakeTask description="Build and install auth0_current_user-0.1.0.gem into system gems without network access" fullCmd="install:local" taksId="local" /></RakeGroup><RakeTask description="Create tag v0.1.0 and build and push auth0_current_user-0.1.0.gem to 'http://rubygems.com'" fullCmd="release[remote]" taksId="release[remote]" /><RakeTask description="" fullCmd="default" taksId="default" /><RakeTask description="" fullCmd="release" taksId="release" /><RakeGroup description="" fullCmd="" taksId="release"><RakeTask description="" fullCmd="release:guard_clean" taksId="guard_clean" /><RakeTask description="" fullCmd="release:rubygem_push" taksId="rubygem_push" /><RakeTask description="" fullCmd="release:source_control_push" taksId="source_control_push" /></RakeGroup></RakeGroup></Settings>
@@ -1,28 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <module type="RUBY_MODULE" version="4">
3
- <component name="ModuleRunConfigurationManager">
4
- <shared />
5
- </component>
6
- <component name="NewModuleRootManager">
7
- <content url="file://$MODULE_DIR$">
8
- <sourceFolder url="file://$MODULE_DIR$/features" isTestSource="true" />
9
- <sourceFolder url="file://$MODULE_DIR$/spec" isTestSource="true" />
10
- <sourceFolder url="file://$MODULE_DIR$/test" isTestSource="true" />
11
- </content>
12
- <orderEntry type="inheritedJdk" />
13
- <orderEntry type="sourceFolder" forTests="false" />
14
- <orderEntry type="library" scope="PROVIDED" name="activesupport (v6.0.3.3, asdf: 2.7.1) [gem]" level="application" />
15
- <orderEntry type="library" scope="PROVIDED" name="bundler (v2.1.4, asdf: 2.7.1) [gem]" level="application" />
16
- <orderEntry type="library" scope="PROVIDED" name="concurrent-ruby (v1.1.7, asdf: 2.7.1) [gem]" level="application" />
17
- <orderEntry type="library" scope="PROVIDED" name="i18n (v1.8.5, asdf: 2.7.1) [gem]" level="application" />
18
- <orderEntry type="library" scope="PROVIDED" name="jwt (v2.2.2, asdf: 2.7.1) [gem]" level="application" />
19
- <orderEntry type="library" scope="PROVIDED" name="minitest (v5.14.2, asdf: 2.7.1) [gem]" level="application" />
20
- <orderEntry type="library" scope="PROVIDED" name="rack (v2.2.3, asdf: 2.7.1) [gem]" level="application" />
21
- <orderEntry type="library" scope="PROVIDED" name="rake (v12.3.3, asdf: 2.7.1) [gem]" level="application" />
22
- <orderEntry type="library" scope="PROVIDED" name="request_store (v1.5.0, asdf: 2.7.1) [gem]" level="application" />
23
- <orderEntry type="library" scope="PROVIDED" name="thread_safe (v0.3.6, asdf: 2.7.1) [gem]" level="application" />
24
- <orderEntry type="library" scope="PROVIDED" name="tzinfo (v1.2.7, asdf: 2.7.1) [gem]" level="application" />
25
- <orderEntry type="library" scope="PROVIDED" name="uri (v0.10.0, asdf: 2.7.1) [gem]" level="application" />
26
- <orderEntry type="library" scope="PROVIDED" name="zeitwerk (v2.4.0, asdf: 2.7.1) [gem]" level="application" />
27
- </component>
28
- </module>
data/.idea/misc.xml DELETED
@@ -1,4 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <project version="4">
3
- <component name="ProjectRootManager" version="2" project-jdk-name="asdf: 2.7.1" project-jdk-type="RUBY_SDK" />
4
- </project>
data/.idea/modules.xml DELETED
@@ -1,8 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <project version="4">
3
- <component name="ProjectModuleManager">
4
- <modules>
5
- <module fileurl="file://$PROJECT_DIR$/.idea/auth0_current_user.iml" filepath="$PROJECT_DIR$/.idea/auth0_current_user.iml" />
6
- </modules>
7
- </component>
8
- </project>
data/.idea/vcs.xml DELETED
@@ -1,6 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <project version="4">
3
- <component name="VcsDirectoryMappings">
4
- <mapping directory="$PROJECT_DIR$" vcs="Git" />
5
- </component>
6
- </project>
@@ -1,66 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'jwt'
4
- require 'request_store'
5
- require 'auth0_current_user/json_web_token'
6
- require 'auth0_current_user/configuration'
7
-
8
- module Auth0CurrentUser
9
- module Secured
10
- extend ActiveSupport::Concern
11
-
12
- included do
13
- before_action :authenticate_request!
14
- end
15
-
16
- private
17
-
18
- def authenticate_request!
19
- token = auth_token
20
- set_current_user(token)
21
-
22
- token
23
- rescue JWT::VerificationError, JWT::DecodeError
24
- render json: { errors: ['Not Authenticated'] }, status: :unauthorized
25
- end
26
-
27
- def http_token
28
- if request.headers['Authorization'].present?
29
- request.headers['Authorization'].split(' ').last
30
- end
31
- end
32
-
33
- def auth_token
34
- JsonWebToken.verify(http_token)
35
- end
36
-
37
- def get_email(token)
38
- JsonWebToken.get_claim(token, 'email')
39
- end
40
-
41
- def set_current_user(token)
42
- email = get_email(token)
43
- RequestStore.store[:current_user] ||= Kernel.const_get(authenticated_klass).find_by(email: email)
44
- end
45
-
46
- def current_user
47
- @current_user ||= RequestStore.store[:current_user]
48
- end
49
-
50
- def authenticated_klass
51
- unless configuration.authenticated_klass
52
- raise NotImplementedError, 'You must define the #authenitcated_klass in config/initializers/auth0_current_user'
53
- return
54
- end
55
-
56
- @authenticated_klass ||= configuration.authenticated_klass.to_s.classify
57
- rescue StandardError => e
58
- Rails.logger.error(e.message)
59
- end
60
-
61
- def configuration
62
- @configuration ||= Configuration.new
63
- end
64
-
65
- end
66
- end