authentic-rb 1.0.4 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authentic/key_manager.rb +5 -1
  3. data/lib/authentic/key_store.rb +8 -0
  4. data/lib/authentic/validator.rb +29 -10
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 338211c4681854410e4b120cb9f3dd51485ffc6056fded46f513b94de6cbd353
4
- data.tar.gz: 41b9ceb7f8d3dbc9300d20ab3c748f71305866b56ba33f8fdc35e3d74b7c8858
3
+ metadata.gz: 569cb68126c88d020f7a3a97f492a197f104054c766d0725de7650842fbc935d
4
+ data.tar.gz: 4276afbae6032bd9d2ed20ca93a3c9e1d2af1a3c59a4cefe6e67e39ee0895a7a
5
5
  SHA512:
6
- metadata.gz: fc100141cc28b0a20f4a131cba993ab52662ca222645babb4f46e720bbf07efa21f4326565744c95725af490595aa4a36bf35230efb83eec695aaab43049bec9
7
- data.tar.gz: 58d89a5b690c77f9975ae4abf18b3195854bae27789e47b43faf7a4aebda957f97370a2daa8b8e35c85b7ba34a02c5c8aa8674c4f1b363cf3a8c0bea4056dd33
6
+ metadata.gz: f68c71db7fa9f9c129b740b9599b25f3500735a2bd7bb16056a1e8a0ab5c3889abd47cf81804c8d2b6790d61e0ba7b113fb6a2eb54a32a396fb37a9b121815a9
7
+ data.tar.gz: 50eba9c344040ce7f91e63d350eadfd096334937aa6eb0b11ddb54da2772dae61c31c297cb880c8dbf9d4b0e1ceb71279b24c71ae40d3b6a60af53a7bd145c3d
data/lib/authentic/key_manager.rb CHANGED
@@ -10,10 +10,14 @@ module Authentic
10
10
  attr_reader :store, :well_known
11
11
 
12
12
  def initialize(max_age)
13
- @store = KeyStore.new(max_age || '10h')
13
+ @store = KeyStore.new(max_age)
14
14
  @well_known = '/.well-known/openid-configuration'
15
15
  end
16
16
 
17
+ def cache_max_age(max_age)
18
+ @store.configure_max_age(max_age)
19
+ end
20
+
17
21
  # Public: retrieves JWK.
18
22
  #
19
23
  # jwt - JSON::JWT.
data/lib/authentic/key_store.rb CHANGED
@@ -11,10 +11,18 @@ module Authentic
11
11
 
12
12
  def initialize(max_age, data = {})
13
13
  @data = data
14
+ configure_max_age(max_age)
15
+ end
16
+
17
+ def configure_max_age(max_age)
14
18
  @max_age = max_age
15
19
  @max_age_seconds = human_time_to_seconds
16
20
  end
17
21
 
22
+ def reset_all
23
+ @data = {}
24
+ end
25
+
18
26
  # Public: Sets data, and wraps it in OIDCKey class if not presented as that type.
19
27
  #
20
28
  # iss - issuer
data/lib/authentic/validator.rb CHANGED
@@ -8,9 +8,11 @@ module Authentic
8
8
  # Public: validate JWTs against JWKs using iss whitelist in an environment variable.
9
9
  #
10
10
  # token - raw JWT.
11
+ # opts - Optionally pass configuration options.
11
12
  #
12
13
  # Returns boolean.
13
- def self.valid?(token)
14
+ def self.valid?(token, opts = {})
15
+ Validator.configure(opts) unless opts.empty?
14
16
  Validator.new.valid?(token)
15
17
  end
16
18
 
@@ -18,23 +20,40 @@ module Authentic
18
20
  # raises an error for invalid JWTs, errors requesting JWKs, the lack of valid JWKs, or non white listed ISS.
19
21
  #
20
22
  # token - raw JWT.
23
+ # opts - Optionally pass configuration options.
21
24
  #
22
25
  # Returns nothing.
23
- def self.ensure_valid(token)
26
+ def self.ensure_valid(token, opts = {})
27
+ Validator.configure(opts) unless opts.empty?
24
28
  Validator.new.ensure_valid(token)
25
29
  end
26
30
 
27
31
  # Public: validates JWTs against JWKs.
28
32
  class Validator
29
- attr_reader :iss_whitelist, :manager, :opts
33
+ @@manager = KeyManager.new('10h')
34
+ @@iss_whitelist = []
30
35
 
31
- def initialize(options = {})
32
- @opts = options
33
- @iss_whitelist = opts.fetch(:iss_whitelist) { ENV['AUTHENTIC_ISS_WHITELIST']&.split(',') }
34
- valid_opts = !iss_whitelist&.empty?
36
+ # Public: Configures iss_whitelist and cache_max_age
37
+ #
38
+ # opts - options to configure the validator with
39
+ #
40
+ # Returns nothing.
41
+ def self.configure(opts)
42
+ @@iss_whitelist = opts[:iss_whitelist]
43
+ @@manager.cache_max_age(opts.fetch(:cache_max_age, '10h'))
44
+ end
45
+
46
+ def initialize
47
+ # Default iss whitelist if it is empty
48
+ @@iss_whitelist = @@iss_whitelist&.empty? ? ENV['AUTHENTIC_ISS_WHITELIST']&.split(',') : @@iss_whitelist
49
+
50
+ valid_opts = !@@iss_whitelist&.empty?
35
51
  raise IncompleteOptions unless valid_opts
52
+ end
36
53
 
37
- @manager = KeyManager.new opts[:cache_max_age]
54
+ # Private: resets key manager cache
55
+ def reset_cache
56
+ @@manager.store.reset_all
38
57
  end
39
58
 
40
59
  # Public: validates JWT, returns true if valid, false if not.
@@ -59,7 +78,7 @@ module Authentic
59
78
  jwt = decode_jwt token
60
79
 
61
80
  begin
62
- key = manager.get jwt
81
+ key = @@manager.get jwt
63
82
 
64
83
  # Slightly more accurate to raise a key error here for nil key,
65
84
  # rather then verify raising an error that would lead to InvalidToken
@@ -82,7 +101,7 @@ module Authentic
82
101
  raise InvalidToken, 'invalid nil JWT provided' unless token
83
102
 
84
103
  JSON::JWT.decode(token, :skip_verification).tap do |jwt|
85
- raise InvalidToken, 'JWT iss was not located in provided whitelist' unless iss_whitelist.index jwt[:iss]
104
+ raise InvalidToken, 'JWT iss was not located in provided whitelist' unless @@iss_whitelist.index jwt[:iss]
86
105
  end
87
106
  rescue JSON::JWT::InvalidFormat
88
107
  raise InvalidToken, 'invalid JWT format'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentic-rb
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Articulate
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-11-26 00:00:00.000000000 Z
12
+ date: 2019-01-14 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json-jwt