authentic-jwt 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/authentic-jwt.gemspec +1 -0
- data/definitions/payload.proto +72 -0
- data/lib/authentic-jwt.rb +1 -0
- data/lib/authentic_jwt/grape/auth_methods.rb +2 -3
- data/lib/authentic_jwt/grape/middleware.rb +6 -6
- data/lib/authentic_jwt/payload_pb.rb +47 -0
- data/lib/authentic_jwt/role.rb +4 -9
- data/lib/authentic_jwt/version.rb +1 -1
- metadata +18 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2d47cc96f2011f46a63cc6602fbfae477240a1dc
|
4
|
+
data.tar.gz: 63eeff8a50676a80103712872d970d75741e47a3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 03502527e816c6bb758f5107b2d966bd8dd0f14a3b244677cb4b72a20aa495d37c558eb63e9c56299b6b7546e38c6576fd632efa28e8722ce3be6a9c813e0eb2
|
7
|
+
data.tar.gz: 85798e18d003ac3fb6e64b82c6df6f0b9ed22dffc52c8fa4a208985b3ade832b02f1a32d06bd59a44cf01759dce77f16266f0101e5f8c4dc17f0057b3e0c1b93
|
data/Gemfile
CHANGED
data/authentic-jwt.gemspec
CHANGED
@@ -0,0 +1,72 @@
|
|
1
|
+
syntax = "proto3";
|
2
|
+
|
3
|
+
package AuthenticJwt;
|
4
|
+
|
5
|
+
message Payload {
|
6
|
+
enum Role {
|
7
|
+
UNSUBSCRIBED = 0;
|
8
|
+
SUBSCRIBER = 10;
|
9
|
+
CONTRIBUTOR = 20;
|
10
|
+
AUTHOR = 30;
|
11
|
+
EDITOR = 40;
|
12
|
+
PARTNER = 70;
|
13
|
+
ADMIN = 80;
|
14
|
+
INTERNAL = 90;
|
15
|
+
}
|
16
|
+
|
17
|
+
message Partner {
|
18
|
+
// string iss = 1;
|
19
|
+
// string sub = 2;
|
20
|
+
reserved 1 to 2;
|
21
|
+
string aud = 3;
|
22
|
+
// int32 exp = 4;
|
23
|
+
// int32 nbf = 5;
|
24
|
+
// int32 iat = 6;
|
25
|
+
// string jti = 7;
|
26
|
+
reserved 4 to 9;
|
27
|
+
repeated Role roles = 10;
|
28
|
+
}
|
29
|
+
|
30
|
+
message Account {
|
31
|
+
// string iss = 1;
|
32
|
+
// string sub = 2;
|
33
|
+
reserved 1 to 2;
|
34
|
+
string aud = 3;
|
35
|
+
// int32 exp = 4;
|
36
|
+
// int32 nbf = 5;
|
37
|
+
// int32 iat = 6;
|
38
|
+
// string jti = 7;
|
39
|
+
reserved 4 to 9;
|
40
|
+
repeated Role roles = 10;
|
41
|
+
}
|
42
|
+
|
43
|
+
message External {
|
44
|
+
string iss = 1;
|
45
|
+
// string sub = 2;
|
46
|
+
// string aud = 3;
|
47
|
+
// int32 exp = 4;
|
48
|
+
// int32 nbf = 5;
|
49
|
+
// int32 iat = 6;
|
50
|
+
// string jti = 7;
|
51
|
+
// repeated Role roles = 10;
|
52
|
+
reserved 2 to 10;
|
53
|
+
string access_token = 11;
|
54
|
+
string refresh_token = 12;
|
55
|
+
}
|
56
|
+
|
57
|
+
// string iss = 1;
|
58
|
+
reserved 1;
|
59
|
+
string sub = 2;
|
60
|
+
// string aud = 3;
|
61
|
+
// int32 exp = 4;
|
62
|
+
// int32 nbf = 5;
|
63
|
+
// int32 iat = 6;
|
64
|
+
// string jti = 7;
|
65
|
+
reserved 3 to 9;
|
66
|
+
repeated Role roles = 10;
|
67
|
+
string name = 11;
|
68
|
+
string email = 12;
|
69
|
+
repeated Partner partners = 13;
|
70
|
+
repeated Account accounts = 14;
|
71
|
+
repeated External external = 15;
|
72
|
+
}
|
data/lib/authentic-jwt.rb
CHANGED
@@ -22,9 +22,9 @@ module AuthenticJwt
|
|
22
22
|
|
23
23
|
return unless account_id
|
24
24
|
|
25
|
-
raise Forbidden, "Account has no role" unless
|
25
|
+
raise Forbidden, "Account has no role" unless account_roles.any?
|
26
26
|
|
27
|
-
raise Forbidden, "Account role is too low" unless acceptable_roles.
|
27
|
+
raise Forbidden, "Account role is too low" unless (acceptable_roles & account_roles).any?
|
28
28
|
end
|
29
29
|
|
30
30
|
protected
|
@@ -77,17 +77,17 @@ module AuthenticJwt
|
|
77
77
|
def account_id
|
78
78
|
result = ENV[ACCOUNT_ID_ENV_VAR].to_s
|
79
79
|
return if result.empty?
|
80
|
-
result
|
80
|
+
result
|
81
81
|
end
|
82
82
|
|
83
83
|
def account_payload
|
84
84
|
return unless jwt_payload
|
85
|
-
jwt_payload["accounts"].detect { |account| account["
|
85
|
+
jwt_payload["accounts"].detect { |account| account["aud"] == account_id }
|
86
86
|
end
|
87
87
|
|
88
|
-
def
|
88
|
+
def account_roles
|
89
89
|
return unless account_payload
|
90
|
-
account_payload["
|
90
|
+
account_payload["roles"].collect(&:downcase)
|
91
91
|
end
|
92
92
|
|
93
93
|
def acceptable_roles
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: payload.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
|
+
add_message "AuthenticJwt.Payload" do
|
8
|
+
optional :sub, :string, 2
|
9
|
+
repeated :roles, :enum, 10, "AuthenticJwt.Payload.Role"
|
10
|
+
optional :name, :string, 11
|
11
|
+
optional :email, :string, 12
|
12
|
+
repeated :partners, :message, 13, "AuthenticJwt.Payload.Partner"
|
13
|
+
repeated :accounts, :message, 14, "AuthenticJwt.Payload.Account"
|
14
|
+
repeated :external, :message, 15, "AuthenticJwt.Payload.External"
|
15
|
+
end
|
16
|
+
add_message "AuthenticJwt.Payload.Partner" do
|
17
|
+
optional :aud, :string, 3
|
18
|
+
repeated :roles, :enum, 10, "AuthenticJwt.Payload.Role"
|
19
|
+
end
|
20
|
+
add_message "AuthenticJwt.Payload.Account" do
|
21
|
+
optional :aud, :string, 3
|
22
|
+
repeated :roles, :enum, 10, "AuthenticJwt.Payload.Role"
|
23
|
+
end
|
24
|
+
add_message "AuthenticJwt.Payload.External" do
|
25
|
+
optional :iss, :string, 1
|
26
|
+
optional :access_token, :string, 11
|
27
|
+
optional :refresh_token, :string, 12
|
28
|
+
end
|
29
|
+
add_enum "AuthenticJwt.Payload.Role" do
|
30
|
+
value :UNSUBSCRIBED, 0
|
31
|
+
value :SUBSCRIBER, 10
|
32
|
+
value :CONTRIBUTOR, 20
|
33
|
+
value :AUTHOR, 30
|
34
|
+
value :EDITOR, 40
|
35
|
+
value :PARTNER, 70
|
36
|
+
value :ADMIN, 80
|
37
|
+
value :INTERNAL, 90
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
module AuthenticJwt
|
42
|
+
Payload = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload").msgclass
|
43
|
+
Payload::Partner = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.Partner").msgclass
|
44
|
+
Payload::Account = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.Account").msgclass
|
45
|
+
Payload::External = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.External").msgclass
|
46
|
+
Payload::Role = Google::Protobuf::DescriptorPool.generated_pool.lookup("AuthenticJwt.Payload.Role").enummodule
|
47
|
+
end
|
data/lib/authentic_jwt/role.rb
CHANGED
@@ -21,14 +21,9 @@ module AuthenticJwt
|
|
21
21
|
READ = ["subscriber"].freeze
|
22
22
|
WRITE = ["contributor", "author", "editor", "partner", "admin", "internal"].freeze
|
23
23
|
|
24
|
-
MAPPING = {
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
"editor" => 40,
|
29
|
-
"partner" => 70,
|
30
|
-
"admin" => 80,
|
31
|
-
"internal" => 90
|
32
|
-
}.freeze
|
24
|
+
MAPPING = AuthenticJwt::Payload::Role.constants.inject({}) do |memo, const|
|
25
|
+
memo[const.to_s.downcase] = AuthenticJwt::Payload::Role.const_get(const)
|
26
|
+
memo
|
27
|
+
end.freeze
|
33
28
|
end
|
34
29
|
end
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authentic-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Authentic Limited
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-02-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: google-protobuf
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: jwt
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -126,11 +140,13 @@ files:
|
|
126
140
|
- authentic-jwt.gemspec
|
127
141
|
- bin/console
|
128
142
|
- bin/setup
|
143
|
+
- definitions/payload.proto
|
129
144
|
- lib/authentic-jwt.rb
|
130
145
|
- lib/authentic_jwt/errors.rb
|
131
146
|
- lib/authentic_jwt/grape/auth_methods.rb
|
132
147
|
- lib/authentic_jwt/grape/extension.rb
|
133
148
|
- lib/authentic_jwt/grape/middleware.rb
|
149
|
+
- lib/authentic_jwt/payload_pb.rb
|
134
150
|
- lib/authentic_jwt/role.rb
|
135
151
|
- lib/authentic_jwt/version.rb
|
136
152
|
homepage: https://github.com/mytours/authentic-jwt
|