RubyGems - authrocket - Versions diffs - 2.1.1 → 2.2.0 - Mend

authrocket 2.1.1 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -0
data/lib/authrocket.rb +1 -1
data/lib/authrocket/api/api_config.rb +1 -1
data/lib/authrocket/api/version.rb +1 -1
data/lib/authrocket/jwt_key.rb +11 -0
data/lib/authrocket/realm.rb +3 -1
data/lib/authrocket/session.rb +13 -1
metadata +4 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 25c9714d9a8a39ba10d25bce51b378d643bb2a86
-  data.tar.gz: f6590ea8aed5079f41ddfe62d17c0095188efffb
+  metadata.gz: d4e2ae503388f1035ae5d360035105fd1c1c0162
+  data.tar.gz: 779c34257db659c28b824352e3275c0a9b152c32
 SHA512:
-  metadata.gz: ca3ea43ae527d665af2ffd02ade85e8dac33d895a9d879fa425f13a6b6d0399819c06ea99368189601d7fd80155393d32ddf730788142be2d1b3ab6afe6a4783
-  data.tar.gz: 00183ddbe8d5b9d65da316118da31618dfa57892aa993ba7930470495d08a4d03d66a4b5219bc2807068667072ab67940c9bee667e90a3a6ac591ad0b818a1ba
+  metadata.gz: 9c7a1981b30a3e9b8c841c1a8cb0becf1cf1fb3b1a5157703a946d49e2a845b8004e4832d06619bb3a690970a84070bd59b343ab8abaa8d21b1d1022d7e8e965
+  data.tar.gz: e99d4229fc89e8a6f516998004d72bc678a0554a02533b0a9db98a6ae8a09aae6bf48d6f3ffdc5e8235e76700d0e5133863aac1690e2a18ec1105c3d6ea1f25f

data/CHANGELOG.md CHANGED

@@ -1,16 +1,27 @@
+#### 2.2.0
+- Add Realm#jwt_algo
+- Deprecate Realm#jwt_secret - replaced with Realm#jwt_key
+- Add JwtKey resource
+- Support RS256 signed tokens
 #### 2.1.1
 - Add Realm#jwt_fields
 - Deprecate Realm#jwt_data - replaced by #jwt_fields
 - Parse custom attributes from JWT when available
 #### 2.1.0
 - AuthProvider.authorize, #authorize_token can now return a UserToken
 - Add UserToken#credential_type
 #### 2.0.3
 - Fix error handling for missing jwt_secret
 #### 2.0.2
 - Add Realm#resource_links
 #### 2.0.1

data/lib/authrocket.rb CHANGED

@@ -5,7 +5,7 @@ require 'jwt'
   require "authrocket/api/#{f}"
 end
-%w(app_hook auth_provider credential event login_policy membership notification org realm session user user_token).each do |f|
+%w(app_hook auth_provider credential event jwt_key login_policy membership notification org realm session user user_token).each do |f|
   require "authrocket/#{f}"
 end

data/lib/authrocket/api/api_config.rb CHANGED

@@ -30,7 +30,7 @@ module AuthRocket
     self.instrument_key = 'request.authrocket'
-    self.status_page = 'http://status.notioneer.com/'
+    self.status_page = 'http://status.authrocket.com/'
     self.auth_header_prefix = 'X-Authrocket'

data/lib/authrocket/api/version.rb CHANGED

@@ -1,3 +1,3 @@
 module AuthRocket
-  VERSION = '2.1.1'
+  VERSION = '2.2.0'
 end

data/lib/authrocket/jwt_key.rb ADDED

@@ -0,0 +1,11 @@
+module AuthRocket
+  class JwtKey < Resource
+    crud :all, :find, :create, :delete
+    belongs_to :realm
+    attr :algo, :key, :use
+    attr :expired # readonly
+  end
+end

data/lib/authrocket/realm.rb CHANGED

@@ -5,6 +5,7 @@ module AuthRocket
     has_many :app_hooks
     has_many :auth_providers
     has_many :events
+    has_many :jwt_keys
     has_many :login_policies
     has_many :orgs
     has_many :users
@@ -12,7 +13,8 @@ module AuthRocket
     attr :api_key_minutes, :api_key_policy, :api_key_prefix, :custom, :name
     attr :jwt_fields, :require_unique_emails, :resource_links, :session_minutes
     attr :session_type, :state, :username_validation_human
-    attr :jwt_secret # readonly
+    attr :jwt_key # readonly
+    attr :jwt_secret # readonly, deprecated
     attr :jwt_data # deprecated

data/lib/authrocket/session.rb CHANGED

@@ -1,3 +1,6 @@
+require 'openssl'
+require 'jwt'
 module AuthRocket
   class Session < Resource
     crud :all, :find, :create, :delete
@@ -13,12 +16,21 @@ module AuthRocket
     # options - :within - (in seconds) Maximum time since the token was originally issued
+    #         - credentials: {jwt_secret: StringOrKey} - used to verify the token
+    #         - :algo - one of HS256, RS256 (default: auto-detect based on :jwt_secret)
     def self.from_token(token, options={})
       secret = (options[:credentials]||credentials||{})[:jwt_secret]
       raise Error, "missing :jwt_secret (or AUTHROCKET_JWT_SECRET)" unless secret
       return unless token
-      jwt, _ = JWT.decode token, secret, true, algorithm: 'HS256'
+      algo = options[:algo]
+      if secret.is_a?(String) && secret.length > 256
+        secret = OpenSSL::PKey.read secret
+      end
+      algo ||= 'RS256' if secret.is_a?(OpenSSL::PKey::RSA)
+      algo ||= 'HS256'
+      jwt, _ = JWT.decode token, secret, true, algorithm: algo
       if within = options.delete(:within)
         return if jwt['iat'] < Time.now.to_i - within

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authrocket
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - AuthRocket Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-07 00:00:00.000000000 Z
+date: 2017-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ncore
@@ -90,6 +90,7 @@ files:
 - lib/authrocket/auth_provider.rb
 - lib/authrocket/credential.rb
 - lib/authrocket/event.rb
+- lib/authrocket/jwt_key.rb
 - lib/authrocket/login_policy.rb
 - lib/authrocket/membership.rb
 - lib/authrocket/notification.rb
@@ -118,7 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.10
 signing_key:
 specification_version: 4
 summary: AuthRocket client for Ruby