authify-middleware 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a70bafbe49d2c12644453de94990825f565e184e
4
- data.tar.gz: 8954a67e93e6daa587c6f0ab0d2065e336c10e23
3
+ metadata.gz: ca1abb9985205ef5498ff6ee21bd3545d2823a01
4
+ data.tar.gz: d55bff436475c78126b6d3e7f52b436e38b11b6c
5
5
  SHA512:
6
- metadata.gz: 3542bcf9d3e0bf90fb72fa4f8c10373be28a617053761d76eafabc26da331259c40bc9caf0f5eca1c2764068474430dd776f9c733586113afd0667212d998626
7
- data.tar.gz: 450d421ab9252df77ad97a96c1d371f0474de5178b9afb4f66a50725db15c1f2a61132381c6c9edd14a8147563815e9be5e2648cd27caf6e99098925c294fde4
6
+ metadata.gz: 7486aa62b037bc13ed3fcf7784c458a56559dc72d281bc3518260a3b2a2416c7332ede384cec9bd0c0c23fe702e8d8c92649c3e29a2f5a9a36195cfce83e93b7
7
+ data.tar.gz: 6e3d8ee82ab128677ff52212518a3b8da10f4dd051f42235f7cd3d4710e2b8163ec7ea277d1ac3150960f3b710571e8aa147dae6c6acdfa8cfb8f58d252a574c
@@ -9,39 +9,45 @@ module Authify
9
9
  end
10
10
 
11
11
  # rubocop:disable Metrics/MethodLength
12
+ # rubocop:disable Metrics/AbcSize
12
13
  def call(env)
13
- options = { algorithm: 'ES256', iss: CONFIG[:jwt][:issuer] }
14
- bearer = env.fetch('HTTP_AUTHORIZATION', '').slice(7..-1)
15
- payload, _header = JWT.decode bearer, public_key, true, options
14
+ payload = process_token
16
15
 
17
16
  env[:scopes] = payload['scopes']
18
17
  env[:user] = payload['user']
19
-
18
+ env[:authenticated] = Time.now
19
+ rescue JWT::DecodeError => e
20
+ env[:authenticated] = false
21
+ env[:authentication_errors] ||= []
22
+ env[:authentication_errors] << e
23
+ rescue JWT::ExpiredSignature => e
24
+ env[:authenticated] = false
25
+ env[:authentication_errors] ||= []
26
+ env[:authentication_errors] << e
27
+ rescue JWT::InvalidIssuerError => e
28
+ env[:authenticated] = false
29
+ env[:authentication_errors] ||= []
30
+ env[:authentication_errors] << e
31
+ rescue JWT::InvalidIatError => e
32
+ env[:authenticated] = false
33
+ env[:authentication_errors] ||= []
34
+ env[:authentication_errors] << e
35
+ ensure
20
36
  @app.call env
21
- rescue JWT::DecodeError
22
- [
23
- 401,
24
- { 'Content-Type' => 'text/plain' },
25
- ['A token must be passed.']
26
- ]
27
- rescue JWT::ExpiredSignature
28
- [
29
- 403,
30
- { 'Content-Type' => 'text/plain' },
31
- ['The token has expired.']
32
- ]
33
- rescue JWT::InvalidIssuerError
34
- [
35
- 403,
36
- { 'Content-Type' => 'text/plain' },
37
- ['The token does not have a valid issuer.']
38
- ]
39
- rescue JWT::InvalidIatError
40
- [
41
- 403,
42
- { 'Content-Type' => 'text/plain' },
43
- ['The token does not have a valid "issued at" time.']
44
- ]
37
+ end
38
+
39
+ private
40
+
41
+ def process_token
42
+ options = {
43
+ algorithm: 'ES256',
44
+ verify_iss: true,
45
+ verify_iat: true,
46
+ iss: CONFIG[:jwt][:issuer]
47
+ }
48
+
49
+ bearer = env.fetch('HTTP_AUTHORIZATION', '').slice(7..-1)
50
+ JWT.decode(bearer, public_key, true, options)[0]
45
51
  end
46
52
  end
47
53
  end
@@ -3,7 +3,7 @@ module Authify
3
3
  VERSION = [
4
4
  0, # Major
5
5
  0, # Minor
6
- 2 # Patch
6
+ 3 # Patch
7
7
  ].join('.')
8
8
  end
9
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authify-middleware
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Gnagy
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-02-03 00:00:00.000000000 Z
11
+ date: 2017-02-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack