RubyGems - authrocket - Versions diffs - 1.2.0 → 1.3.0 - Mend

authrocket 1.2.0 → 1.3.0

Files changed (14) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/README.md +15 -16
data/authrocket.gemspec +2 -1
data/lib/authrocket.rb +3 -2
data/lib/authrocket/api/api_config.rb +6 -1
data/lib/authrocket/api/client.rb +14 -0
data/lib/authrocket/api/version.rb +1 -1
data/lib/authrocket/app_hook.rb +1 -0
data/lib/authrocket/event.rb +1 -0
data/lib/authrocket/realm.rb +4 -2
data/lib/authrocket/session.rb +56 -0
data/lib/authrocket/user.rb +1 -0
metadata +20 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86bb498763a05b226efad50e30a2c6feb5e65fdc
-  data.tar.gz: 36e8b257613ab077c46fbcb1e49f0cb3892e6162
+  metadata.gz: f59945f00ec3c5935d070f1011f55b384227f21a
+  data.tar.gz: b14d874dd31885358b4127c6c6d39bc2d533faac
 SHA512:
-  metadata.gz: 88c49fdef9a6178b0960b509627ebec2cf8ec1c4715db56ffdcbae64efa3915b89d42ea668a01a528039c4f8f6a14555b152fc5e5ffdf594d135c11744241a08
-  data.tar.gz: 1a054adbc2869b9f01ff4ff6fc450813a4a46f9006ff3915dc8586627c1126ed3a0b3fffba8f6a421ed67270816cf17ea4d45806dbde913418f0f76c236775b8
+  metadata.gz: 6e694cddf853fc34fcef928cf6b7d41c22a158674779e1f2a1a24024bc3a222a3581e915c4c8c10ae0105826f5842a70f1472292c3647342965cc83dee4b1f2e
+  data.tar.gz: cee76d864e476184378695b702c9d77cac710f81463a2e1cb7ada82ad9348c6b6579184a0149f41a9155a4e1621042b0a394c226a8a77818cc966935082c4e69

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,8 @@
+#### 1.3.0
+- Add Session resource
+- Deprecate Event.validate_token - Replaced by Session.from_token and Session.find
+- Add missing auth_provider.* events
 #### 1.2.0
 - Add Credential resource

data/README.md CHANGED Viewed

@@ -14,22 +14,26 @@ For installation, add `gem 'authrocket'` to your Gemfile. More details are below
 By default, AuthRocket automatically loads your credentials from environment variables. For such hosting environments, including Heroku, just configure these:
-    AUTHROCKET_ACCOUNT = org_SAMPLE
-    AUTHROCKET_API_KEY = key_SAMPLE
-    AUTHROCKET_URL     = https://api-e1.authrocket.com/v1
-    AUTHROCKET_REALM   = rl_SAMPLE   # optional
+    AUTHROCKET_ACCOUNT    = org_SAMPLE
+    AUTHROCKET_API_KEY    = key_SAMPLE
+    AUTHROCKET_URL        = https://api-e1.authrocket.com/v1
+    AUTHROCKET_REALM      = rl_SAMPLE   # optional
+    AUTHROCKET_JWT_SECRET = jsk_SAMPLE  # optional
 `AUTHROCKET_URL` must be updated based on what cluster your account is provisioned on.
 `AUTHROCKET_REALM` is optional. If you're using a single Realm, it's easiest to add it here as an application-wide default. If you're using multiple Realms with your app, we recommend leaving it out here and setting it as you go.
+`AUTHROCKET_JWT_SECRET` is optional. It only should be included if you've also specified a single realm via AUTHROCKET_REALM *and* you're using hosted logins or authrocket.js. The tokens returned by both are JWT-compatible and can be verified in-app using a matching secret.
 It's possible to configure AuthRocket using a Rails initializer (or other initializaiton code) too.
     AuthRocket::Api.credentials = {
       account: 'org_SAMPLE',
       api_key: 'key_SAMPLE',
       url: 'https://api-e1.authrocket.com/v1',
-      realm: 'rl_SAMPLE'
+      realm: 'rl_SAMPLE',
+      jwt_secret: 'jsk_SAMPLE'
     }
@@ -58,18 +62,15 @@ Let's add a couple methods to your Application Controller, substituting the corr
       #   shown in the Login Policy details.
       def require_user
-        unless session[:ar_user_id]
+        unless current_user
           flash.keep
           redirect_to LOGIN_URL
         end
       end
+      helper_method :current_user
       def current_user
-        @_current_user ||= session[:ar_user_id] && AuthRocket::User.find(session[:ar_user_id])
-      end
-      def current_user_name
-        session[:name]
+        @_current_user ||= AuthRocket::Session.from_token(session[:ar_token]).try(:user)
       end
     end
@@ -85,10 +86,8 @@ Then add login and logout methods:
       def login
         flash.keep
         if params[:token]
-          if login_rec = AuthRocket::Event.validate_token(params[:token])
-            user = login_rec.user
-            session[:ar_user_id] = user.id
-            session[:name] = user.name
+          if AuthRocket::Session.from_token(params[:token], within: 60.seconds)
+            session[:ar_token] = params[:token]
             redirect_to root_path
             return
           end
@@ -97,7 +96,7 @@ Then add login and logout methods:
       end
       def logout
-        session[:ar_user_id] = nil
+        session[:ar_token] = nil
         redirect_to root_path, notice: 'You have been logged out.'
       end
     end

data/authrocket.gemspec CHANGED Viewed

@@ -18,7 +18,8 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
-  gem.add_dependency 'ncore', '~> 1.0'
+  gem.add_dependency 'ncore', '~> 1.2'
+  gem.add_dependency 'jwt', '~> 1.2.0'
   gem.add_development_dependency "bundler", "~> 1.3"
   gem.add_development_dependency "rake"

data/lib/authrocket.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 require 'ncore'
+require 'jwt'
-%w(version api_config).each do |f|
+%w(version client api_config).each do |f|
   require "authrocket/api/#{f}"
 end
-%w(app_hook auth_provider credential event login_policy membership org realm user user_token).each do |f|
+%w(app_hook auth_provider credential event login_policy membership org realm session user user_token).each do |f|
   require "authrocket/#{f}"
 end

data/lib/authrocket/api/api_config.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module AuthRocket
   include NCore::Builder
+  Resource.include AuthRocket::Client
+  SingletonResource.include AuthRocket::Client
   configure do
     self.default_url = ENV['AUTHROCKET_URL']
@@ -16,7 +18,8 @@ module AuthRocket
       self.credentials = {
         api_key: ENV['AUTHROCKET_API_KEY'],
         account: ENV['AUTHROCKET_ACCOUNT'],
-        realm:   ENV['AUTHROCKET_REALM']
+        realm:   ENV['AUTHROCKET_REALM'],
+        jwt_secret: ENV['AUTHROCKET_JWT_SECRET']
       }
     end
@@ -52,6 +55,8 @@ module AuthRocket
           o = {}
           [url.password, url.user].each do |part|
             case part
+            when /^jsk_/
+              o[:jwt_secret] = part
             when /^key_/
               o[:api_key] = part
             when /^org_/

data/lib/authrocket/api/client.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module AuthRocket
+  module Client
+    extend ActiveSupport::Concern
+    module ClassMethods
+      def parse_credentials(creds)
+        creds.with_indifferent_access.except :jwt_secret
+      end
+    end
+  end
+end

data/lib/authrocket/api/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthRocket
-  VERSION = '1.2.0'
+  VERSION = '1.3.0'
 end

data/lib/authrocket/app_hook.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module AuthRocket
           org.*  org.created  org.updated  org.deleted
           membership.*  membership.created  membership.updated  membership.deleted
           app_hook.*  app_hook.created  app_hook.updated  app_hook.deleted
+          auth_provider.* auth_provider.created auth_provider.updated auth_provider.deleted
           login_policy.*  login_policy.created  login_policy.updated  login_policy.deleted
         ).sort
     end

data/lib/authrocket/event.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module AuthRocket
     attr_datetime :event_at
+    # deprecated - use Session.from_token() or Session.find()
     def self.validate_token(token, params={}, api_creds=nil)
       parsed, creds = request(:get, "#{url}/login/#{CGI.escape token}", api_creds, params)
       new(parsed, creds)

data/lib/authrocket/realm.rb CHANGED Viewed

@@ -9,8 +9,10 @@ module AuthRocket
     has_many :orgs
     has_many :users
-    attr :api_key_policy, :api_key_prefix, :custom, :name
-    attr :require_unique_emails, :state, :username_validation_human
+    attr :api_key_policy, :api_key_prefix, :custom, :name # :api_key_minutes
+    attr :jwt_data, :require_unique_emails, :session_minutes, :session_type
+    attr :state, :username_validation_human
+    attr :jwt_secret # readonly
     def reset!(params={})

data/lib/authrocket/session.rb ADDED Viewed

@@ -0,0 +1,56 @@
+module AuthRocket
+  class Session < Resource
+    crud :all, :find, :create, :delete
+    belongs_to :user
+    attr :ip
+    attr :token # readonly
+    attr_datetime :created_at, :expires_at # readonly
+    # options - :within - (in seconds) Maximum time since the token was originally issued
+    def self.from_token(token, options={}, api_creds=nil)
+      secret = (api_creds||credentials)[:jwt_secret]
+      raise Error, "missing :jwt_secret (or AUTHROCKET_JWT_SECRET)" unless secret
+      return unless token
+      jwt, _ = JWT.decode token, secret
+      if within = options.delete(:within)
+        return if jwt['iat'] < Time.now.to_i - within
+      end
+      user = User.new({
+          id: jwt['uid'],
+          username: jwt['un'],
+          first_name: jwt['fn'],
+          last_name: jwt['ln'],
+          name: jwt['n'],
+          memberships: jwt['m'] && jwt['m'].map do |m|
+            Membership.new({
+              permissions: m['p'],
+              user_id: jwt['uid'],
+              org_id: m['oid'],
+              org: m['oid'] && Org.new({
+                id: m['oid'],
+                name: m['o'],
+              }),
+            })
+          end,
+        }, api_creds)
+      session = new({
+          id: jwt['tk'],
+          created_at: jwt['iat'],
+          expires_at: jwt['exp'],
+          token: token,
+          user_id: jwt['uid'],
+          user: user
+        }, api_creds)
+      session
+    rescue JWT::DecodeError, JWT::ExpiredSignature
+      nil
+    end
+  end
+end

data/lib/authrocket/user.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module AuthRocket
     has_many :credentials
     has_many :events
     has_many :memberships
+    has_many :sessions
     attr :api_key # deprecated
     attr :custom, :email, :first_name

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authrocket
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - thomas morgan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-26 00:00:00.000000000 Z
+date: 2015-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ncore
@@ -16,14 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -68,6 +82,7 @@ files:
 - authrocket.gemspec
 - lib/authrocket.rb
 - lib/authrocket/api/api_config.rb
+- lib/authrocket/api/client.rb
 - lib/authrocket/api/log_subscriber.rb
 - lib/authrocket/api/railtie.rb
 - lib/authrocket/api/version.rb
@@ -79,6 +94,7 @@ files:
 - lib/authrocket/membership.rb
 - lib/authrocket/org.rb
 - lib/authrocket/realm.rb
+- lib/authrocket/session.rb
 - lib/authrocket/user.rb
 - lib/authrocket/user_token.rb
 homepage: https://authrocket.com/