authentic-jwt 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c9553910f0f78a9ff6cd893059e887bf5455a3b3
-  data.tar.gz: d6b336cabdb1df56705a9f879838938313ba1e4a
+  metadata.gz: 2d47cc96f2011f46a63cc6602fbfae477240a1dc
+  data.tar.gz: 63eeff8a50676a80103712872d970d75741e47a3
 SHA512:
-  metadata.gz: 5cc805a9829594ea77750b7a1b97cfa8e3bc3a4479ad5dc7c83ff63d38c19ccde34c22be37dcc5943e53418db397f63ec17faa08e9fa71e8dd5986b53da20a9f
-  data.tar.gz: 6c5eb72edca91f1adfe558f9cef58eec3e9293af0a4035ed9ffb9473259028364a6029a3b2be38bc04faa0721a23e49703055cab9e12b3f9cc1904d2b8bf87fd
+  metadata.gz: 03502527e816c6bb758f5107b2d966bd8dd0f14a3b244677cb4b72a20aa495d37c558eb63e9c56299b6b7546e38c6576fd632efa28e8722ce3be6a9c813e0eb2
+  data.tar.gz: 85798e18d003ac3fb6e64b82c6df6f0b9ed22dffc52c8fa4a208985b3ade832b02f1a32d06bd59a44cf01759dce77f16266f0101e5f8c4dc17f0057b3e0c1b93

data/Gemfile

@@ -1,3 +1,5 @@
 source "https://rubygems.org"
 
 gemspec
+
+gem "google-protobuf", "3.2.0.rc2"

data/authentic-jwt.gemspec

@@ -18,6 +18,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "google-protobuf"
   spec.add_dependency "jwt"
   spec.add_dependency "multi_json"
 

data/definitions/payload.proto

@@ -0,0 +1,72 @@
+syntax = "proto3";
+
+package AuthenticJwt;
+
+message Payload {
+  enum Role {
+    UNSUBSCRIBED = 0;
+    SUBSCRIBER   = 10;
+    CONTRIBUTOR  = 20;
+    AUTHOR       = 30;
+    EDITOR       = 40;
+    PARTNER      = 70;
+    ADMIN        = 80;
+    INTERNAL     = 90;
+  }
+
+  message Partner {
+    // string iss = 1;
+    // string sub = 2;
+    reserved 1 to 2;
+    string aud = 3;
+    // int32 exp = 4;
+    // int32 nbf = 5;
+    // int32 iat = 6;
+    // string jti = 7;
+    reserved 4 to 9;
+    repeated Role roles = 10;
+  }
+
+  message Account {
+    // string iss = 1;
+    // string sub = 2;
+    reserved 1 to 2;
+    string aud = 3;
+    // int32 exp = 4;
+    // int32 nbf = 5;
+    // int32 iat = 6;
+    // string jti = 7;
+    reserved 4 to 9;
+    repeated Role roles = 10;
+  }
+
+  message External {
+    string iss = 1;
+    // string sub = 2;
+    // string aud = 3;
+    // int32 exp = 4;
+    // int32 nbf = 5;
+    // int32 iat = 6;
+    // string jti = 7;
+    // repeated Role roles = 10;
+    reserved 2 to 10;
+    string access_token = 11;
+    string refresh_token = 12;
+  }
+
+  // string iss = 1;
+  reserved 1;
+  string sub = 2;
+  // string aud = 3;
+  // int32 exp = 4;
+  // int32 nbf = 5;
+  // int32 iat = 6;
+  // string jti = 7;
+  reserved 3 to 9;
+  repeated Role roles = 10;
+  string name = 11;
+  string email = 12;
+  repeated Partner partners = 13;
+  repeated Account accounts = 14;
+  repeated External external = 15;
+}

data/lib/authentic-jwt.rb

@@ -1,3 +1,4 @@
 require "authentic_jwt/version"
 require "authentic_jwt/errors"
+require "authentic_jwt/payload_pb"
 require "authentic_jwt/role"

data/lib/authentic_jwt/grape/auth_methods.rb

@@ -3,10 +3,9 @@ module AuthenticJwt
     module AuthMethods
       attr_accessor :jwt_payload
 
-      def jwt_user_id
+      def jwt_sub
         return unless jwt_payload
-        return unless jwt_payload["id"]
-        jwt_payload["id"].to_i
+        jwt_payload["sub"]
       end
     end
   end

data/lib/authentic_jwt/grape/middleware.rb

@@ -22,9 +22,9 @@ module AuthenticJwt
 
         return unless account_id
 
-        raise Forbidden, "Account has no role" unless account_role
+        raise Forbidden, "Account has no role" unless account_roles.any?
 
-        raise Forbidden, "Account role is too low" unless acceptable_roles.include?(account_role)
+        raise Forbidden, "Account role is too low" unless (acceptable_roles & account_roles).any?
       end
 
       protected
@@ -77,17 +77,17 @@ module AuthenticJwt
       def account_id
         result = ENV[ACCOUNT_ID_ENV_VAR].to_s
         return if result.empty?
-        result.to_i
+        result
       end
 
       def account_payload
         return unless jwt_payload
-        jwt_payload["accounts"].detect { |account| account["id"] == account_id }
+        jwt_payload["accounts"].detect { |account| account["aud"] == account_id }
       end
 
-      def account_role
+      def account_roles
         return unless account_payload
-        account_payload["role"]
+        account_payload["roles"].collect(&:downcase)
       end
 
       def acceptable_roles

data/lib/authentic_jwt/payload_pb.rb

@@ -0,0 +1,47 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: payload.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "AuthenticJwt.Payload" do
+    optional :sub, :string, 2
+    repeated :roles, :enum, 10, "AuthenticJwt.Payload.Role"
+    optional :name, :string, 11
+    optional :email, :string, 12
+    repeated :partners, :message, 13, "AuthenticJwt.Payload.Partner"
+    repeated :accounts, :message, 14, "AuthenticJwt.Payload.Account"
+    repeated :external, :message, 15, "AuthenticJwt.Payload.External"
+  end
+  add_message "AuthenticJwt.Payload.Partner" do
+    optional :aud, :string, 3
+    repeated :roles, :enum, 10, "AuthenticJwt.Payload.Role"
+  end
+  add_message "AuthenticJwt.Payload.Account" do
+    optional :aud, :string, 3
+    repeated :roles, :enum, 10, "AuthenticJwt.Payload.Role"
+  end
+  add_message "AuthenticJwt.Payload.External" do
+    optional :iss, :string, 1
+    optional :access_token, :string, 11
+    optional :refresh_token, :string, 12
+  end
+  add_enum "AuthenticJwt.Payload.Role" do
+    value :UNSUBSCRIBED, 0
+    value :SUBSCRIBER, 10
+    value :CONTRIBUTOR, 20
+    value :AUTHOR, 30
+    value :EDITOR, 40
+    value :PARTNER, 70
+    value :ADMIN, 80
+    value :INTERNAL, 90
+  end
+end
+
+module AuthenticJwt
+  Payload = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload").msgclass
+  Payload::Partner = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.Partner").msgclass
+  Payload::Account = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.Account").msgclass
+  Payload::External = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.External").msgclass
+  Payload::Role = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.Role").enummodule
+end

data/lib/authentic_jwt/role.rb

@@ -21,14 +21,9 @@ module AuthenticJwt
     READ  = ["subscriber"].freeze
     WRITE = ["contributor", "author", "editor", "partner", "admin", "internal"].freeze
 
-    MAPPING = {
-      "subscriber"  => 10,
-      "contributor" => 20,
-      "author"      => 30,
-      "editor"      => 40,
-      "partner"     => 70,
-      "admin"       => 80,
-      "internal"    => 90
-    }.freeze
+    MAPPING = AuthenticJwt::Payload::Role.constants.inject({}) do |memo, const|
+      memo[const.to_s.downcase] = AuthenticJwt::Payload::Role.const_get(const)
+      memo
+    end.freeze
   end
 end

data/lib/authentic_jwt/version.rb

@@ -1,3 +1,3 @@
 module AuthenticJwt
-  VERSION = "0.0.2".freeze
+  VERSION = "0.0.3".freeze
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: authentic-jwt
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Authentic Limited
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-01-22 00:00:00.000000000 Z
+date: 2017-02-06 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: google-protobuf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -126,11 +140,13 @@ files:
 - authentic-jwt.gemspec
 - bin/console
 - bin/setup
+- definitions/payload.proto
 - lib/authentic-jwt.rb
 - lib/authentic_jwt/errors.rb
 - lib/authentic_jwt/grape/auth_methods.rb
 - lib/authentic_jwt/grape/extension.rb
 - lib/authentic_jwt/grape/middleware.rb
+- lib/authentic_jwt/payload_pb.rb
 - lib/authentic_jwt/role.rb
 - lib/authentic_jwt/version.rb
 homepage: https://github.com/mytours/authentic-jwt