RubyGems - authrocket - Versions diffs - 1.2.0 → 1.3.0 - Mend

authrocket 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/README.md +15 -16
data/authrocket.gemspec +2 -1
data/lib/authrocket.rb +3 -2
data/lib/authrocket/api/api_config.rb +6 -1
data/lib/authrocket/api/client.rb +14 -0
data/lib/authrocket/api/version.rb +1 -1
data/lib/authrocket/app_hook.rb +1 -0
data/lib/authrocket/event.rb +1 -0
data/lib/authrocket/realm.rb +4 -2
data/lib/authrocket/session.rb +56 -0
data/lib/authrocket/user.rb +1 -0
metadata +20 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86bb498763a05b226efad50e30a2c6feb5e65fdc
-  data.tar.gz: 36e8b257613ab077c46fbcb1e49f0cb3892e6162
+  metadata.gz: f59945f00ec3c5935d070f1011f55b384227f21a
+  data.tar.gz: b14d874dd31885358b4127c6c6d39bc2d533faac
 SHA512:
-  metadata.gz: 88c49fdef9a6178b0960b509627ebec2cf8ec1c4715db56ffdcbae64efa3915b89d42ea668a01a528039c4f8f6a14555b152fc5e5ffdf594d135c11744241a08
-  data.tar.gz: 1a054adbc2869b9f01ff4ff6fc450813a4a46f9006ff3915dc8586627c1126ed3a0b3fffba8f6a421ed67270816cf17ea4d45806dbde913418f0f76c236775b8
+  metadata.gz: 6e694cddf853fc34fcef928cf6b7d41c22a158674779e1f2a1a24024bc3a222a3581e915c4c8c10ae0105826f5842a70f1472292c3647342965cc83dee4b1f2e
+  data.tar.gz: cee76d864e476184378695b702c9d77cac710f81463a2e1cb7ada82ad9348c6b6579184a0149f41a9155a4e1621042b0a394c226a8a77818cc966935082c4e69

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,8 @@
+#### 1.3.0
+- Add Session resource
+- Deprecate Event.validate_token - Replaced by Session.from_token and Session.find
+- Add missing auth_provider.* events
 #### 1.2.0
 - Add Credential resource

data/README.md CHANGED Viewed

@@ -14,22 +14,26 @@ For installation, add `gem 'authrocket'` to your Gemfile. More details are below
 By default, AuthRocket automatically loads your credentials from environment variables. For such hosting environments, including Heroku, just configure these:
-    AUTHROCKET_ACCOUNT = org_SAMPLE
-    AUTHROCKET_API_KEY = key_SAMPLE
-    AUTHROCKET_URL     = https://api-e1.authrocket.com/v1
-    AUTHROCKET_REALM   = rl_SAMPLE   # optional
+    AUTHROCKET_ACCOUNT    = org_SAMPLE
+    AUTHROCKET_API_KEY    = key_SAMPLE
+    AUTHROCKET_URL        = https://api-e1.authrocket.com/v1
+    AUTHROCKET_REALM      = rl_SAMPLE   # optional
+    AUTHROCKET_JWT_SECRET = jsk_SAMPLE  # optional
 `AUTHROCKET_URL` must be updated based on what cluster your account is provisioned on.
 `AUTHROCKET_REALM` is optional. If you're using a single Realm, it's easiest to add it here as an application-wide default. If you're using multiple Realms with your app, we recommend leaving it out here and setting it as you go.
+`AUTHROCKET_JWT_SECRET` is optional. It only should be included if you've also specified a single realm via AUTHROCKET_REALM *and* you're using hosted logins or authrocket.js. The tokens returned by both are JWT-compatible and can be verified in-app using a matching secret.
 It's possible to configure AuthRocket using a Rails initializer (or other initializaiton code) too.
     AuthRocket::Api.credentials = {
       account: 'org_SAMPLE',
       api_key: 'key_SAMPLE',
       url: 'https://api-e1.authrocket.com/v1',
-      realm: 'rl_SAMPLE'
+      realm: 'rl_SAMPLE',
+      jwt_secret: 'jsk_SAMPLE'
     }
@@ -58,18 +62,15 @@ Let's add a couple methods to your Application Controller, substituting the corr
       #   shown in the Login Policy details.
       def require_user
-        unless session[:ar_user_id]
+        unless current_user
           flash.keep
           redirect_to LOGIN_URL
         end
       end
+      helper_method :current_user
       def current_user
-        @_current_user ||= session[:ar_user_id] && AuthRocket::User.find(session[:ar_user_id])
-      end
-      def current_user_name
-        session[:name]
+        @_current_user ||= AuthRocket::Session.from_token(session[:ar_token]).try(:user)
       end
     end
@@ -85,10 +86,8 @@ Then add login and logout methods:
       def login
         flash.keep
         if params[:token]
-          if login_rec = AuthRocket::Event.validate_token(params[:token])
-            user = login_rec.user
-            session[:ar_user_id] = user.id
-            session[:name] = user.name
+          if AuthRocket::Session.from_token(params[:token], within: 60.seconds)
+            session[:ar_token] = params[:token]
             redirect_to root_path
             return
           end
@@ -97,7 +96,7 @@ Then add login and logout methods:
       end
       def logout
-        session[:ar_user_id] = nil
+        session[:ar_token] = nil
         redirect_to root_path, notice: 'You have been logged out.'
       end
     end

data/authrocket.gemspec CHANGED Viewed

@@ -18,7 +18,8 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
-  gem.add_dependency 'ncore', '~> 1.0'
+  gem.add_dependency 'ncore', '~> 1.2'
+  gem.add_dependency 'jwt', '~> 1.2.0'
   gem.add_development_dependency "bundler", "~> 1.3"
   gem.add_development_dependency "rake"

data/lib/authrocket.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 require 'ncore'
+require 'jwt'
-%w(version api_config).each do |f|
+%w(version client api_config).each do |f|
   require "authrocket/api/#{f}"
 end
-%w(app_hook auth_provider credential event login_policy membership org realm user user_token).each do |f|
+%w(app_hook auth_provider credential event login_policy membership org realm session user user_token).each do |f|
   require "authrocket/#{f}"
 end

data/lib/authrocket/api/api_config.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module AuthRocket
   include NCore::Builder
+  Resource.include AuthRocket::Client
+  SingletonResource.include AuthRocket::Client
   configure do
     self.default_url = ENV['AUTHROCKET_URL']
@@ -16,7 +18,8 @@ module AuthRocket
       self.credentials = {
         api_key: ENV['AUTHROCKET_API_KEY'],
         account: ENV['AUTHROCKET_ACCOUNT'],
-        realm:   ENV['AUTHROCKET_REALM']
+        realm:   ENV['AUTHROCKET_REALM'],
+        jwt_secret: ENV['AUTHROCKET_JWT_SECRET']
       }
     end
@@ -52,6 +55,8 @@ module AuthRocket
           o = {}
           [url.password, url.user].each do |part|
             case part
+            when /^jsk_/
+              o[:jwt_secret] = part
             when /^key_/
               o[:api_key] = part
             when /^org_/

data/lib/authrocket/api/client.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module AuthRocket
+  module Client
+    extend ActiveSupport::Concern
+    module ClassMethods
+      def parse_credentials(creds)
+        creds.with_indifferent_access.except :jwt_secret
+      end
+    end
+  end
+end

data/lib/authrocket/api/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthRocket
-  VERSION = '1.2.0'
+  VERSION = '1.3.0'
 end

data/lib/authrocket/app_hook.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module AuthRocket
           org.*  org.created  org.updated  org.deleted
           membership.*  membership.created  membership.updated  membership.deleted
           app_hook.*  app_hook.created  app_hook.updated  app_hook.deleted
+          auth_provider.* auth_provider.created auth_provider.updated auth_provider.deleted
           login_policy.*  login_policy.created  login_policy.updated  login_policy.deleted
         ).sort
     end

data/lib/authrocket/event.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module AuthRocket
     attr_datetime :event_at
+    # deprecated - use Session.from_token() or Session.find()
     def self.validate_token(token, params={}, api_creds=nil)
       parsed, creds = request(:get, "#{url}/login/#{CGI.escape token}", api_creds, params)
       new(parsed, creds)

data/lib/authrocket/realm.rb CHANGED Viewed

@@ -9,8 +9,10 @@ module AuthRocket
     has_many :orgs
     has_many :users
-    attr :api_key_policy, :api_key_prefix, :custom, :name
-    attr :require_unique_emails, :state, :username_validation_human
+    attr :api_key_policy, :api_key_prefix, :custom, :name # :api_key_minutes
+    attr :jwt_data, :require_unique_emails, :session_minutes, :session_type
+    attr :state, :username_validation_human
+    attr :jwt_secret # readonly
     def reset!(params={})

data/lib/authrocket/session.rb ADDED Viewed

@@ -0,0 +1,56 @@
+module AuthRocket
+  class Session < Resource
+    crud :all, :find, :create, :delete
+    belongs_to :user
+    attr :ip
+    attr :token # readonly
+    attr_datetime :created_at, :expires_at # readonly
+    # options - :within - (in seconds) Maximum time since the token was originally issued
+    def self.from_token(token, options={}, api_creds=nil)
+      secret = (api_creds||credentials)[:jwt_secret]
+      raise Error, "missing :jwt_secret (or AUTHROCKET_JWT_SECRET)" unless secret
+      return unless token
+      jwt, _ = JWT.decode token, secret
+      if within = options.delete(:within)
+        return if jwt['iat'] < Time.now.to_i - within
+      end
+      user = User.new({
+          id: jwt['uid'],
+          username: jwt['un'],
+          first_name: jwt['fn'],
+          last_name: jwt['ln'],
+          name: jwt['n'],
+          memberships: jwt['m'] && jwt['m'].map do |m|
+            Membership.new({
+              permissions: m['p'],
+              user_id: jwt['uid'],
+              org_id: m['oid'],
+              org: m['oid'] && Org.new({
+                id: m['oid'],
+                name: m['o'],
+              }),
+            })
+          end,
+        }, api_creds)
+      session = new({
+          id: jwt['tk'],
+          created_at: jwt['iat'],
+          expires_at: jwt['exp'],
+          token: token,
+          user_id: jwt['uid'],
+          user: user
+        }, api_creds)
+      session
+    rescue JWT::DecodeError, JWT::ExpiredSignature
+      nil
+    end
+  end
+end

data/lib/authrocket/user.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module AuthRocket
     has_many :credentials
     has_many :events
     has_many :memberships
+    has_many :sessions
     attr :api_key # deprecated
     attr :custom, :email, :first_name

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authrocket
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - thomas morgan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-26 00:00:00.000000000 Z
+date: 2015-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ncore
@@ -16,14 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -68,6 +82,7 @@ files:
 - authrocket.gemspec
 - lib/authrocket.rb
 - lib/authrocket/api/api_config.rb
+- lib/authrocket/api/client.rb
 - lib/authrocket/api/log_subscriber.rb
 - lib/authrocket/api/railtie.rb
 - lib/authrocket/api/version.rb
@@ -79,6 +94,7 @@ files:
 - lib/authrocket/membership.rb
 - lib/authrocket/org.rb
 - lib/authrocket/realm.rb
+- lib/authrocket/session.rb
 - lib/authrocket/user.rb
 - lib/authrocket/user_token.rb
 homepage: https://authrocket.com/