auth0_current_user 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b17d5fc0d9110bac480f41841b521209c9050301345637a5bd094be02be98515
-  data.tar.gz: 585b48bd66b46d4e5fbd6a12cd8fd634800131acead3c235692dc081733a18f1
+  metadata.gz: 04b57d13c9018a8184b2474ecf1f3031a5d0b87a961f07ac6dcd4db03689f2ee
+  data.tar.gz: '0393295868660f4f19c785e2c9cf21343f12df603394b98919a2b9e1557c51eb'
 SHA512:
-  metadata.gz: 8c68d89ce3c6866e8dc10ac6043d2ad34895ea551080700089012e7ec43bb084108efc8a945c7a279a8b89ab345384b2a362677e9d3e7e326b2be59bdb64d297
-  data.tar.gz: 0cc0ddb2ef2b808b3eecc282577dfb81c26622e2b72928fa68947b02b29c42ba32e8a656e4596e21ff58602965989ed3acf92a68c207da7b1be8c3f47b9f5808
+  metadata.gz: e23a9950bc5514039fb35b0cc8671e192e22629864521449e235260c12cbc350cef1de9093d22cea16b6794c9f2d1431dbef66557f028fd2ff42d17190b8c43d
+  data.tar.gz: ff233b630c6ec27000d1f3a46f15047648158c73602e7e451687095527c4051e24d3f8c744d0b428b4ea0dc7d4cd917fb6893cbe55f646b1e86544429ae44311

data/README.md

@@ -30,9 +30,15 @@ After including the gem in your Gemfile, run `rails g auth0_current_user:install
       * :user, 'user', :User, 'User'
       * :my_user, 'my_user', :MyUser, 'MyUser'
 
-To take advantage of the Auth0 authenticating add `include Auth0CurrentUser::Secured` to your base controller or and controller that you wish to be locked down for authentication.
+To take advantage of the Auth0 authentication there are two flows you can use by simply including the relevant module in which ever controller you wish to lockdown.
+1. Web
 
-Once the `Secured` module is included in your controller, that will give you access to the `#current_user` method. It will find the `authenticated_klass` by it's email and using [Request Store](https://github.com/steveklabnik/request_store), store the user to be available either globally throught the store or in the controllers and views with the `#current_user` method.
+   a. `include Auth0CurrentUser::WebSecured` 
+3. Api
+
+   a. `include Auth0CurrentUser::ApiSecured` 
+  
+In either case, you will have access to the `current_user` method. The `WebSecured` will check for `current_user` or `session['userinfo']` and the `ApiSecured` will check against the JsonWebToken being passed in.
 
 ## Development
 

data/lib/auth0_current_user/version.rb

@@ -1,3 +1,3 @@
 module Auth0CurrentUser
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end

data/lib/auth0_current_user/web_secured.rb

@@ -3,12 +3,12 @@ module Auth0CurrentUser
     extend ActiveSupport::Concern
 
     included do
-      helper_method :current_user
       before_action :logged_in_using_omniauth?
+      helper_method :current_user
     end
 
     def current_user
-      @_current_user ||= RequestStore.store[:current_user] ||= Kernel.const_get(authenticated_klass).find_by(email: email) 
+      @_current_user ||= Kernel.const_get(authenticated_klass).find_by(email: email)
     end
 
     private
@@ -19,7 +19,7 @@ module Auth0CurrentUser
         return
       end
 
-      @authenticated_klass ||= configuration.authenticated_klass.to_s.classify
+      @_authenticated_klass ||= configuration.authenticated_klass.to_s.classify
     rescue NameError => e
       Rails.logger.error("You must create a #{authenticated_klass} model/migration")
     rescue StandardError => e
@@ -27,15 +27,19 @@ module Auth0CurrentUser
     end
 
     def configuration
-      @configuration ||= Configuration.new
+      @_configuration ||= Configuration.new
     end
 
     def email
-      @_email ||= session.dig(:userinfo, :email)
+      @_email ||= userinfo['email'] || userinfo['name']
     end
 
     def logged_in_using_omniauth?
-      redirect_to '/' unless current_user || session[:userinfo].present?
+      redirect_to '/' unless session[:userinfo].present? && Time.zone.now < Time.zone.at(userinfo['exp'])
+    end
+
+    def userinfo
+      session['userinfo'] || {}
     end
 
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth0_current_user
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Mike Heft