authify-api 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +32 -8
- data/Rakefile +1 -1
- data/lib/authify/api/controllers/apikey.rb +3 -3
- data/lib/authify/api/controllers/group.rb +6 -6
- data/lib/authify/api/controllers/identity.rb +4 -4
- data/lib/authify/api/controllers/organization.rb +8 -8
- data/lib/authify/api/controllers/user.rb +12 -12
- data/lib/authify/api/services/jwt_provider.rb +2 -2
- data/lib/authify/api/services/registration.rb +27 -2
- data/lib/authify/api/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3fca257750d3b6838d69bf82accc2509efedec36
|
|
4
|
+
data.tar.gz: 3e7bffd8e96c2eaa0fac52f0f7cbc7511e0d8a4d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0f6224388bec7ae3b38a11c3447950ef5bec48b9505aaade543c9cd517cb643897189bfc077df39fc19a103ab13276b7edb53756981a800b95a4d3b0d43875fe
|
|
7
|
+
data.tar.gz: 1169b5cd8efe0660d3ff7fbf533e1dd086dcea7bc30e7824fadcd80dfeeab3c5daff5267b8a669a1ccbcb1077c2763bc59006539c2cdabcecc8e6cd198b2b69f
|
data/README.md
CHANGED
|
@@ -22,7 +22,9 @@ Nearly all API endpoints available via Authify implement the [{json:api}](http:/
|
|
|
22
22
|
* `GET /jwt/key` - Returns Content Type: `application/json`. This endpoint returns a JSON Object with the key `data` whose value is a PEM-encoded ECDSA public key, which should be used to verify the signature made by the Authify service.
|
|
23
23
|
* `GET /jwt/meta` - Returns Content Type: `application/json`. This endpoint returns a JSON Object with the keys `algorithm`, `issuer`, and `expiration` that describe the kind of JWTs produced by this service.
|
|
24
24
|
* `POST /jwt/token` - Returns (and only accepts) Content Type: `application/json`. This endpoint is used to obtain a [JWT](https://en.wikipedia.org/wiki/JSON_Web_Token). This endpoint expects a JSON Object with either the keys `access_key` and `secret_key` _OR_ `email` and `password`. There is no firm requirement to use either pair for any particular purpose, but for scenarios where the credentials may be stored, the `access_key` and `secret_key` may be used since those can easily be revoked if necessary. Upon successful authentication, the endpoint provides a JSON Object with the key `jwt` and a signed JWT. There should be nothing highly sensitive embedded in the JWT. The JWT defaults to expiring every 15 minutes.
|
|
25
|
-
* `POST /registration/signup` - Returns (and only accepts) Content Type: `application/json`. This endpoint is used to signup for an account with Authify. This endpoint expects a JSON Object, requiring the keys `email` and `password`, with `name` and `via` being optional. If `via` is provided, then it must be a JSON Object with the keys `provider` and `uid`, otherwise it will be ignored. The `via` key is used to add an alternate identity (meaning they logged-in through an integration, like Github). This endpoint returns a JSON Object with the keys `id`, `email`, and `
|
|
25
|
+
* `POST /registration/signup` - Returns (and only accepts) Content Type: `application/json`. This endpoint is used to signup for an account with Authify. This endpoint expects a JSON Object, requiring the keys `email` and `password`, with `name` and `via` being optional. If `via` is provided, then it must be a JSON Object with the keys `provider` and `uid`, otherwise it will be ignored. The `via` key is used to add an alternate identity (meaning they logged-in through an integration, like Github), and is only trusted from trusted delegates (meaning it will be ignored for anonymous calls to this endpoint). This endpoint returns a JSON Object with the keys `id`, `email`, and `verified`, on success. If the user is registered by a trusted delegate *and* `via` options were provided, the users is implicitly trusted and a `jwt` key will also be provided for authentication.
|
|
26
|
+
* `POST /registration/verify` - Returns (and only accepts) Content Type: `application/json`. This endpoint is used to verify a registered user's email address. This endpoint expects a JSON Object, requiring the keys `email`, `password`, and `token`. This endpoint returns a JSON Object with the keys `id`, `email`, `verified`, and `jwt` on success.
|
|
27
|
+
* `POST /registration/forgot_password` - Returns (and only accepts) Content Type: `application/json`. This endpoint serves two related purposes: it is used to trigger resetting a forgotten (or non-existent) password and it is used to actually set the value of a user's password. The difference in which operation is performed is based on the POST data. When provided a JSON Object with only the key `email`, the endpoint sends the user an email with a verification token, returning an empty JSON Object as a result. When provided a JSON Object with the keys `email`, `password`, and `token`, the endpoint verifies that the token matches, then sets the user's password, returning a JSON Object with the keys `id`, `email`, `verified`, and `jwt` on success.
|
|
26
28
|
|
|
27
29
|
All other endpoints adhere to the {json:api} specification and can be found at the following base paths:
|
|
28
30
|
|
|
@@ -60,7 +62,7 @@ The Authify API services supports the following configuration settings, managed
|
|
|
60
62
|
|
|
61
63
|
* `AUTHIFY_DB_URL` - The URL used by [ActiveRecord](http://guides.rubyonrails.org/configuring.html#configuring-a-database) to connect to the database. Currently supports `mysql2://` or `sqlite3://` URLs, though any driver supported by ActiveRecord should work if the required gems are installed. Defaults to `mysql2://root@localhost:3306/authifydb`.
|
|
62
64
|
* `AUTHIFY_PUBKEY_PATH` - The path on the filesystem to the PEM-encoded, public ECDSA key. Defaults to `~/.authify/ssl/public.pem`.
|
|
63
|
-
* `AUTHIFY_PRIVKEY_PATH` - The path on the filesystem to the PEM-encoded, private ECDSA key. Currently, Authify only supports an [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) keys. Options include using a `secp521r1` curve and the [SHA-512](https://en.wikipedia.org/wiki/SHA-2) hashing algorithm (called `ES512`), a `secp384r1` curve and the SHA-384 hashing algorithm (called `ES384`), or a `prime256v1` curve and the SHA-256 hashing algorithm (called `ES256`). See `AUTHIFY_JWT_ALGORITHM` below for information on how to configure Authify's algorithm to match the public and private keys you provide. The keys you specify **must** match the ECDSA algortihm and curve used to create them.
|
|
65
|
+
* `AUTHIFY_PRIVKEY_PATH` - The path on the filesystem to the PEM-encoded, private ECDSA key. Currently, Authify only supports an [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) keys. Options include using a `secp521r1` curve and the [SHA-512](https://en.wikipedia.org/wiki/SHA-2) hashing algorithm (called `ES512`), a `secp384r1` curve and the SHA-384 hashing algorithm (called `ES384`), or a `prime256v1` curve and the SHA-256 hashing algorithm (called `ES256`). See `AUTHIFY_JWT_ALGORITHM` below for information on how to configure Authify's algorithm to match the public and private keys you provide. The keys you specify **must** match the ECDSA algortihm and curve used to create them.
|
|
64
66
|
* `AUTHIFY_JWT_ISSUER` - The name of the issuer ([iss field](https://en.wikipedia.org/wiki/JSON_Web_Token#Standard_fields)) used when creating the JWT. This **must** match on any service that verifies the JWT (meaning any service relying on Authify for authentication), and it **must** be the same for all services that integrate with Authify.
|
|
65
67
|
* `AUTHIFY_JWT_ALGORITHM` - The name of the [JWA](https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40) algorithm to use when loading keys and creating or verifying JWT signatures. Valid values are `ES256`, `ES384`, or `ES512`. Defaults to `ES512`. This **must** match the curve and algorithm used to produce the public and private keys found at `AUTHIFY_PUBKEY_PATH` and `AUTHIFY_PRIVKEY_PATH`, respectively. Note that the curves `prime256v1` (also called NIST P-256) used by `ES256` and `secp384r1` (also called NIST P-384) used by `ES384`, while offering a wider range of compatible SSL libraries, are described as unsafe on [SafeCurves](https://safecurves.cr.yp.to/) for several reasons described there.
|
|
66
68
|
* `AUTHIFY_JWT_EXPIRATION` - How long should a JWT be valid (in minutes). Defaults to 15. Too small of a value will mean a lot more requests to the API; too high increases the possibility of viable keys being captured.
|
|
@@ -108,10 +110,6 @@ curl \
|
|
|
108
110
|
"name": "Some User",
|
|
109
111
|
"email": "someuser@mycompany.com",
|
|
110
112
|
"password": "b@d!dea",
|
|
111
|
-
"via": {
|
|
112
|
-
"provider": "github",
|
|
113
|
-
"uid": "1234567"
|
|
114
|
-
}
|
|
115
113
|
}' \
|
|
116
114
|
https://auth.mycompany.com/registration/signup
|
|
117
115
|
```
|
|
@@ -122,11 +120,37 @@ This will return JSON similar to the following:
|
|
|
122
120
|
{
|
|
123
121
|
"id": 172,
|
|
124
122
|
"email": "someuser@mycompany.com",
|
|
123
|
+
"verified": false
|
|
124
|
+
}
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
As you can see, Authify is stating that while you have registered a user, their email address has not been verified. They should receive an email containing a one-time verification token, valid for an hour. Verify the email by POSTing something similar to:
|
|
128
|
+
|
|
129
|
+
```shell
|
|
130
|
+
curl \
|
|
131
|
+
-H 'Content-Type: application/json' \
|
|
132
|
+
-H 'Accept: application/json' \
|
|
133
|
+
--data \
|
|
134
|
+
'{
|
|
135
|
+
"email": "someuser@mycompany.com",
|
|
136
|
+
"password": "b@d!dea",
|
|
137
|
+
"token": "c7994995c89039ab"
|
|
138
|
+
}' \
|
|
139
|
+
https://auth.mycompany.com/registration/verify
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
This will return JSON similar to the following:
|
|
143
|
+
|
|
144
|
+
```javascript
|
|
145
|
+
{
|
|
146
|
+
"id": 172,
|
|
147
|
+
"email": "someuser@mycompany.com",
|
|
148
|
+
"verified": true,
|
|
125
149
|
"jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiJ9.eyJleHAiOjE0ODY0ODcyODcsImlhdCI6MTQ4NjQ4MzY4NywiaXNzIjoiTXkgQXdlc29tZSBDb21wYW55IEluYy4iLCJzY29wZXMiOlsidXNlcl9hY2Nlc3MiXSwidXNlciI6eyJ1c2VybmFtZSI6ImZvb0BiYXIuY29tIiwidWlkIjoyLCJvcmdhbml6YXRpb25zIjpbXSwiZ3JvdXBzIjpbXX19.AWfPpKX9mP03Djz3-LMneJdEVsXQm_4GOPVCdkfiiBeIR4pVLKTVrNoNdlNgSEkZEeUw1RPsVxpAR7wDgB4cNcYiAP3fNaD8OPyWfOQAV0lTvDUSH3YU39cZAVwvbX9HleOHBLrFGBbui5wSvfi7WZZlH808psiuUAVhBOe7mfrNiHGB"
|
|
126
150
|
}
|
|
127
151
|
```
|
|
128
152
|
|
|
129
|
-
You'll need the JWT (found at key `jwt`) for the next step.
|
|
153
|
+
The user is now verified. You'll need the JWT (found at key `jwt`) for the next step.
|
|
130
154
|
|
|
131
155
|
#### Create an API key set
|
|
132
156
|
|
|
@@ -187,7 +211,7 @@ curl \
|
|
|
187
211
|
-H 'Accept: application/json' \
|
|
188
212
|
-H 'Content-Type: application/json' \
|
|
189
213
|
--data \
|
|
190
|
-
'{
|
|
214
|
+
'{
|
|
191
215
|
"access_key": "5f4abd1c6423ef02d1ec42e1cddaf5f8",
|
|
192
216
|
"secret_key": "fb97aa7d4e48f3e4bbb2930161a423fa8308393426c3612940da03f22cf36879"
|
|
193
217
|
}' \
|
data/Rakefile
CHANGED
|
@@ -18,7 +18,7 @@ module Authify
|
|
|
18
18
|
Models::APIKey.all
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
show(roles: %i
|
|
21
|
+
show(roles: %i[myself admin]) do
|
|
22
22
|
last_modified resource.updated_at
|
|
23
23
|
next resource, exclude: [:secret_key]
|
|
24
24
|
end
|
|
@@ -31,7 +31,7 @@ module Authify
|
|
|
31
31
|
next key.id, key
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
destroy(roles: %i
|
|
34
|
+
destroy(roles: %i[myself admin]) do
|
|
35
35
|
resource.destroy
|
|
36
36
|
end
|
|
37
37
|
|
|
@@ -40,7 +40,7 @@ module Authify
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
has_one :user do
|
|
43
|
-
pluck(roles: %i
|
|
43
|
+
pluck(roles: %i[myself admin]) do
|
|
44
44
|
resource.user
|
|
45
45
|
end
|
|
46
46
|
end
|
|
@@ -19,7 +19,7 @@ module Authify
|
|
|
19
19
|
Models::Group.all
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
show(roles: %i
|
|
22
|
+
show(roles: %i[admin owner]) do
|
|
23
23
|
last_modified resource.updated_at
|
|
24
24
|
next resource
|
|
25
25
|
end
|
|
@@ -30,7 +30,7 @@ module Authify
|
|
|
30
30
|
next g
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
destroy(roles: %i
|
|
33
|
+
destroy(roles: %i[admin owner]) do
|
|
34
34
|
resource.destroy
|
|
35
35
|
end
|
|
36
36
|
|
|
@@ -39,23 +39,23 @@ module Authify
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
has_many :users do
|
|
42
|
-
fetch(roles: %i
|
|
42
|
+
fetch(roles: %i[admin owner]) do
|
|
43
43
|
resource.users
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
-
replace(roles: %i
|
|
46
|
+
replace(roles: %i[admin owner]) do |rios|
|
|
47
47
|
refs = rios.map { |attrs| Models::User.find(attrs) }
|
|
48
48
|
resource.users = refs
|
|
49
49
|
resource.save
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
merge(roles: %i
|
|
52
|
+
merge(roles: %i[admin owner]) do |rios|
|
|
53
53
|
refs = rios.map { |attrs| Models::User.find(attrs) }
|
|
54
54
|
resource.users << refs
|
|
55
55
|
resource.save
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
-
subtract(roles: %i
|
|
58
|
+
subtract(roles: %i[admin owner]) do |rios|
|
|
59
59
|
refs = rios.map { |attrs| Models::User.find(attrs) }
|
|
60
60
|
# This only removes the linkage, not the actual users
|
|
61
61
|
resource.users.delete(refs)
|
|
@@ -14,11 +14,11 @@ module Authify
|
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
index(roles: %i
|
|
17
|
+
index(roles: %i[admin trusted]) do
|
|
18
18
|
Models::Identity.all
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
show(roles: %i
|
|
21
|
+
show(roles: %i[myself admin trusted]) do
|
|
22
22
|
last_modified resource.updated_at
|
|
23
23
|
next resource
|
|
24
24
|
end
|
|
@@ -30,7 +30,7 @@ module Authify
|
|
|
30
30
|
next ident.id, ident
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
destroy(roles: %i
|
|
33
|
+
destroy(roles: %i[myself admin]) do
|
|
34
34
|
resource.destroy
|
|
35
35
|
end
|
|
36
36
|
|
|
@@ -39,7 +39,7 @@ module Authify
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
has_one :user do
|
|
42
|
-
pluck(roles: %i
|
|
42
|
+
pluck(roles: %i[myself admin trusted]) do
|
|
43
43
|
resource.user
|
|
44
44
|
end
|
|
45
45
|
end
|
|
@@ -15,7 +15,7 @@ module Authify
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def modifiable_fields
|
|
18
|
-
%i
|
|
18
|
+
%i[
|
|
19
19
|
name
|
|
20
20
|
public_email
|
|
21
21
|
gravatar_email
|
|
@@ -23,7 +23,7 @@ module Authify
|
|
|
23
23
|
description
|
|
24
24
|
url
|
|
25
25
|
location
|
|
26
|
-
|
|
26
|
+
]
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def filtered_attributes(attributes)
|
|
@@ -41,7 +41,7 @@ module Authify
|
|
|
41
41
|
end
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
-
index(roles: %i
|
|
44
|
+
index(roles: %i[admin user]) do
|
|
45
45
|
Models::Organization.includes(:users, :groups, :admins)
|
|
46
46
|
end
|
|
47
47
|
|
|
@@ -72,29 +72,29 @@ module Authify
|
|
|
72
72
|
next o.id, o
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
update(roles: %i
|
|
75
|
+
update(roles: %i[owner admin]) do |attrs|
|
|
76
76
|
resource.update filtered_attributes(attrs)
|
|
77
77
|
next resource
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
-
destroy(roles: %i
|
|
80
|
+
destroy(roles: %i[owner admin]) do
|
|
81
81
|
resource.destroy
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
has_many :users do
|
|
85
|
-
fetch(roles: %i
|
|
85
|
+
fetch(roles: %i[owner admin member]) do
|
|
86
86
|
resource.users
|
|
87
87
|
end
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
has_many :admins do
|
|
91
|
-
fetch(roles: %i
|
|
91
|
+
fetch(roles: %i[owner admin member]) do
|
|
92
92
|
resource.admins
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
|
|
96
96
|
has_many :groups do
|
|
97
|
-
fetch(roles: %i
|
|
97
|
+
fetch(roles: %i[owner admin member]) do
|
|
98
98
|
resource.groups
|
|
99
99
|
end
|
|
100
100
|
end
|
|
@@ -14,7 +14,7 @@ module Authify
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def modifiable_fields
|
|
17
|
-
%i
|
|
17
|
+
%i[full_name email].tap do |a|
|
|
18
18
|
a << :admin if role.include?(:admin)
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -34,11 +34,11 @@ module Authify
|
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
index(roles: %i
|
|
37
|
+
index(roles: %i[user trusted]) do
|
|
38
38
|
Models::User.all
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
show(roles: %i
|
|
41
|
+
show(roles: %i[user trusted]) do
|
|
42
42
|
last_modified resource.updated_at
|
|
43
43
|
next resource
|
|
44
44
|
end
|
|
@@ -49,7 +49,7 @@ module Authify
|
|
|
49
49
|
next user
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
update(roles: %i
|
|
52
|
+
update(roles: %i[admin myself]) do |attrs|
|
|
53
53
|
# Necessary because #password= is overridden for Models::User
|
|
54
54
|
new_pass = attrs[:password] if attrs && attrs.key?(:password)
|
|
55
55
|
resource.update filtered_attributes(attrs)
|
|
@@ -63,16 +63,16 @@ module Authify
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
has_many :apikeys do
|
|
66
|
-
fetch(roles: %i
|
|
66
|
+
fetch(roles: %i[myself admin]) do
|
|
67
67
|
resource.apikeys
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
-
clear(roles: %i
|
|
70
|
+
clear(roles: %i[myself admin]) do
|
|
71
71
|
resource.apikeys.destroy_all
|
|
72
72
|
resource.save
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
subtract(roles: %i
|
|
75
|
+
subtract(roles: %i[myself admin]) do |rios|
|
|
76
76
|
refs = rios.map { |attrs| Models::APIKey.find(attrs) }
|
|
77
77
|
# This actually calls #destroy on the keys (we don't need orphaned keys)
|
|
78
78
|
resource.apikeys.destroy(refs)
|
|
@@ -81,11 +81,11 @@ module Authify
|
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
has_many :identities do
|
|
84
|
-
fetch(roles: %i
|
|
84
|
+
fetch(roles: %i[myself admin trusted]) do
|
|
85
85
|
resource.identities
|
|
86
86
|
end
|
|
87
87
|
|
|
88
|
-
clear(roles: %i
|
|
88
|
+
clear(roles: %i[myself admin]) do
|
|
89
89
|
resource.identities.destroy_all
|
|
90
90
|
resource.save
|
|
91
91
|
end
|
|
@@ -96,7 +96,7 @@ module Authify
|
|
|
96
96
|
resource.save
|
|
97
97
|
end
|
|
98
98
|
|
|
99
|
-
subtract(roles: %i
|
|
99
|
+
subtract(roles: %i[myself admin]) do |rios|
|
|
100
100
|
refs = rios.map { |attrs| Models::Identity.find(attrs) }
|
|
101
101
|
resource.identities.destroy(refs)
|
|
102
102
|
resource.save
|
|
@@ -104,13 +104,13 @@ module Authify
|
|
|
104
104
|
end
|
|
105
105
|
|
|
106
106
|
has_many :organizations do
|
|
107
|
-
fetch(roles: %i
|
|
107
|
+
fetch(roles: %i[user myself admin]) do
|
|
108
108
|
resource.organizations
|
|
109
109
|
end
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
has_many :groups do
|
|
113
|
-
fetch(roles: %i
|
|
113
|
+
fetch(roles: %i[myself admin]) do
|
|
114
114
|
resource.groups
|
|
115
115
|
end
|
|
116
116
|
end
|
|
@@ -12,11 +12,11 @@ module Authify
|
|
|
12
12
|
before '*' do
|
|
13
13
|
content_type 'application/json'
|
|
14
14
|
headers 'Access-Control-Allow-Origin' => '*',
|
|
15
|
-
'Access-Control-Allow-Methods' => %w
|
|
15
|
+
'Access-Control-Allow-Methods' => %w[
|
|
16
16
|
OPTIONS
|
|
17
17
|
GET
|
|
18
18
|
POST
|
|
19
|
-
|
|
19
|
+
]
|
|
20
20
|
|
|
21
21
|
begin
|
|
22
22
|
unless request.get? || request.options?
|
|
@@ -12,11 +12,11 @@ module Authify
|
|
|
12
12
|
before '*' do
|
|
13
13
|
content_type 'application/json'
|
|
14
14
|
headers 'Access-Control-Allow-Origin' => '*',
|
|
15
|
-
'Access-Control-Allow-Methods' => %w
|
|
15
|
+
'Access-Control-Allow-Methods' => %w[
|
|
16
16
|
OPTIONS
|
|
17
17
|
GET
|
|
18
18
|
POST
|
|
19
|
-
|
|
19
|
+
]
|
|
20
20
|
|
|
21
21
|
begin
|
|
22
22
|
unless request.get? || request.options?
|
|
@@ -63,6 +63,31 @@ module Authify
|
|
|
63
63
|
response.to_json
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
+
post '/forgot_password' do
|
|
67
|
+
email = @parsed_body[:email]
|
|
68
|
+
token = @parsed_body[:token]
|
|
69
|
+
halt(200, '{}') unless Models::User.exists?(email: email)
|
|
70
|
+
halt(403, 'Missing Parameters') unless email
|
|
71
|
+
|
|
72
|
+
found_user = Models::User.find_by_email(email)
|
|
73
|
+
if token && @parsed_body[:password] && found_user.verify(token)
|
|
74
|
+
found_user.verified = true
|
|
75
|
+
found_user.password = @parsed_body[:password]
|
|
76
|
+
found_user.save
|
|
77
|
+
{
|
|
78
|
+
id: found_user.id,
|
|
79
|
+
email: found_user.email,
|
|
80
|
+
verified: found_user.verified?,
|
|
81
|
+
jwt: jwt_token(found_user)
|
|
82
|
+
}.to_json
|
|
83
|
+
else
|
|
84
|
+
found_user.verified = false
|
|
85
|
+
found_user.set_verification_token!
|
|
86
|
+
found_user.save
|
|
87
|
+
halt(200, '{}')
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
|
|
66
91
|
post '/verify' do
|
|
67
92
|
email = @parsed_body[:email]
|
|
68
93
|
password = @parsed_body[:password]
|
data/lib/authify/api/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authify-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Gnagy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-04-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: authify-core
|