authrocket 2.1.1 → 2.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 25c9714d9a8a39ba10d25bce51b378d643bb2a86
-  data.tar.gz: f6590ea8aed5079f41ddfe62d17c0095188efffb
+SHA256:
+  metadata.gz: 8806b7bb2d33bd8f45cdc90f2b3dddac5e1aab15956b54dd6eb5ae435b636287
+  data.tar.gz: 60a546549c2ec30ecfdaee1c9a391bfb0d747909346e78eb5a1ff274f2b9dbc4
 SHA512:
-  metadata.gz: ca3ea43ae527d665af2ffd02ade85e8dac33d895a9d879fa425f13a6b6d0399819c06ea99368189601d7fd80155393d32ddf730788142be2d1b3ab6afe6a4783
-  data.tar.gz: 00183ddbe8d5b9d65da316118da31618dfa57892aa993ba7930470495d08a4d03d66a4b5219bc2807068667072ab67940c9bee667e90a3a6ac591ad0b818a1ba
+  metadata.gz: edb91edfa64deceb771134a84ad3b63719cd7e5a363e9485150d4361cac8162912da86adf9f3a93eb9214901c923f21df19a8c356a8c7085ca47c76f018c484a
+  data.tar.gz: 22031370adff34599aaf30d78a4d075fd023aea255e1c3bb41d014fcc4fee2a157284bcf691ca1fdceed2cdaba844fa9707b980cf290b842059245da9621cef7

data/CHANGELOG.md

@@ -1,16 +1,43 @@
+#### 2.4.1
+
+- Require ncore 2.2.2+
+
+#### 2.4.0
+
+- Add Rails Engine for expedited setup
+
+#### 2.3.1
+
+- Properly self-configure when only using :jwt_secret
+
+#### 2.3.0
+
+- Add support for TOTP MFA
+
+#### 2.2.0
+
+- Add Realm#jwt_algo
+- Deprecate Realm#jwt_secret - replaced with Realm#jwt_key
+- Add JwtKey resource
+- Support RS256 signed tokens
+
 #### 2.1.1
+
 - Add Realm#jwt_fields
 - Deprecate Realm#jwt_data - replaced by #jwt_fields
 - Parse custom attributes from JWT when available
 
 #### 2.1.0
+
 - AuthProvider.authorize, #authorize_token can now return a UserToken
 - Add UserToken#credential_type
 
 #### 2.0.3
+
 - Fix error handling for missing jwt_secret
 
 #### 2.0.2
+
 - Add Realm#resource_links
 
 #### 2.0.1

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2017 Notioneer, Inc.
+Copyright (c) 2014-2020 Notioneer, Inc.
 
 MIT License
 

data/README.md

@@ -5,124 +5,224 @@
 This gem works with both Rails and plain Ruby. It will auto-detect Rails and enable Rails-specific features as appropriate.
 
 
-## Usage
 
-For installation, add `gem 'authrocket'` to your Gemfile. More details are below.
+## Usage - Rails
 
+AuthRocket includes a streamlined Rails integration that automatically provides login and logout actions, and all relevant handling. For a new app, we highly recommend this.
 
-### Configuration
+Note: The streamlined integration requires Rails 4.2+.
 
-By default, AuthRocket automatically loads your credentials from environment variables. For such hosting environments, including Heroku, just configure these:
+To your Gemfile, add:
+
+    gem 'authrocket', require: 'authrocket/rails'
+
+Then ensure the following environment variables are set:
+
+    AUTHROCKET_LOGIN_URL  = https://sample.e1.loginrocket.com/
+    AUTHROCKET_JWT_SECRET = jsk_SAMPLE
+
+If you plan to access the AuthRocket API as well, you'll need these variables too:
 
     AUTHROCKET_API_KEY    = ko_SAMPLE
     AUTHROCKET_URL        = https://api-e1.authrocket.com/v1
     AUTHROCKET_REALM      = rl_SAMPLE   # optional
-    AUTHROCKET_JWT_SECRET = jsk_SAMPLE  # optional
+    
+Finally, add a `before_action` command to any/all controllers or actions that should require a login.
+
+For example, to protect your entire app:
+
+    class ApplicationController < ActionController::Base
+      before_action :require_valid_token
+    end
+
+Selectively exempt certain actions or controllers using the standard `skip_before_action` method:
+
+    class ContactUsController < ActionController::Base
+      skip_before_action :require_valid_token, only: [:new, :create]
+    end
+
+Helpers are provided to create login, signup, and logout links:
+
+    <%= link_to 'Login', ar_login_url %>
+    <%= link_to 'Signup', ar_signup_url %>
+    <%= link_to 'Logout', logout_path %>
+
+Both the current session and user are available to your controllers and views:
+
+    current_session # => AuthRocket::Session
+    current_user    # => AuthRocket::User
+
+Membership and Org data is accessible through those helpers as well. Be sure to tell AuthRocket to include Membership and/or Org data in the JWT (Realm -> Settings -> Sessions & JWT).
+
+    current_user.memberships
+    current_user.memberships.first.org
+    current_user.orgs
+
+See below for customization details.
+
+
+
+## Usage - everywhere else
+
+If you aren't using Rails, or if the streamlined integration above is too opinionated, use the gem without the extra Rails integration.
+
+In your Gemfile, add:
+
+    gem 'authrocket'
+
+Then set the following environment variables:
+
+    # If accessing the AuthRocket API:
+    AUTHROCKET_API_KEY    = ko_SAMPLE
+    AUTHROCKET_URL        = https://api-e1.authrocket.com/v1 # must match your account's provisioned cluster
+    AUTHROCKET_REALM      = rl_SAMPLE   # optional
+    #
+    # If using JWT-verification of AuthRocket's login tokens:
+    AUTHROCKET_JWT_SECRET = jsk_SAMPLE
+
+If you're using either Hosted LoginRocket or authrocket.js to manage logins, see Verifing login tokens below. If you plan to use the API to directly authenticate, see the [API docs](https://authrocket.com/docs/api).
+
+
 
-`AUTHROCKET_URL` must be updated based on what cluster your account is provisioned on.
+## Configuration
 
-`AUTHROCKET_REALM` is optional. If you're using a single Realm, it's easiest to add it here as an application-wide default. If you're using multiple Realms with your app, we recommend leaving it out here and setting it as you go.
+By default, AuthRocket automatically loads credentials from environment variables. This is optimal for any 12-factor deployment. Supported variables are:
 
-`AUTHROCKET_JWT_SECRET` is optional. It only should be included if you've also specified a single realm via AUTHROCKET_REALM *and* you're using hosted logins or authrocket.js. The tokens returned by both are JWT-compatible and can be verified in-app using a matching secret.
+`AUTHROCKET_API_KEY = ko_SAMPLE`
+Your AuthRocket API key. Required to use the API (but not if only performing JWT verification of login tokens).
 
-It's possible to configure AuthRocket using a Rails initializer (or other initializaiton code) too.
+`AUTHROCKET_JWT_SECRET = jsk_SAMPLE`
+Used to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. This is a realm-specific value, so like `AUTHROCKET_REALM`, set it on a per-use basis if using multiple realms.
+
+`AUTHROCKET_LOGIN_URL = https://sample.e1.loginrocket.com/`
+The LoginRocket URL for your Connected App. Only used by the streamlined Rails integration (for redirects), but still available to use otherwise. If your app uses multiple realms, you'll need to handle this on your own. If you're using a custom domain, this will be that domain and will not contain 'loginrocket.com'.
+
+`AUTHROCKET_REALM = rl_SAMPLE`
+Sets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might using multiple realms. In this case, don't set this globally, but include it as part of the `:credentials` set for each API method.
+
+`AUTHROCKET_URL = https://api-e1.authrocket.com/v1`
+The URL of the AuthRocket API server. This may vary depending on which cluster your account is provisioned on.
+
+
+It's also possible to configure AuthRocket using a Rails initializer (or other initialization code). 
 
     AuthRocket::Api.credentials = {
       api_key: 'ko_SAMPLE',
-      url: 'https://api-e1.authrocket.com/v1',
+      jwt_secret: 'jsk_SAMPLE',
+      loginrocket_url: 'https://sample.e1.loginrocket.com/',
       realm: 'rl_SAMPLE',
-      jwt_secret: 'jsk_SAMPLE'
+      url: 'https://api-e1.authrocket.com/v1'
     }
 
 
-### Hosted Logins
 
-AuthRocket has a few options to handle logins. One option is to let AuthRocket handle the login process completely, which is what's shown here. Your app only needs to verify the final login token. This example is specific to Rails, but adapt accordingly for Sinatra or any other framework.
+## Customizing the Rails integration
 
-To get started, login to AuthRocket and add a Login Policy (under Logins/Signups) for your chosen Realm (create your first Realm if you haven't already). 
+The built-in Rails integration tries to handle as much for you as possible. However, there may be times when you wish to modify the default behavior.
 
-Be sure to enable Hosted Logins (a separate step) and specify a Login Handler URL. For development purposes, we'll point the Login Handler URL to your local app. Assuming your Rails app is running on port 3000, you'd enter `http://localhost:3000/login`.
 
-After enabling Hosted Logins, take note of the LoginRocket URL. You'll need this below.
+#### The default post-login path
 
-Let's add a couple methods to your Application Controller, substituting the correct value for `LOGIN_URL`:
+After a user logs in (or signs up), they are returned to either the last page they tried to access (if known) or to `'/'` (the default path).
 
-    class ApplicationController < ActionController::Base
-      before_filter :require_user
-      # This protects *all* of your app. If that's not what
-      #   you want, then just add this to the controllers
-      #   that need to be protected.
+This default path may be changed using an initializer.
 
-      private
+Create/edit `config/initializers/authrocket.rb` and add:
 
-      LOGIN_URL = 'https://sample.e1.loginrocket.com/'
-      # This should be your app's own LoginRocket URL, as
-      #   shown in the Login Policy details.
+```ruby
+AuthRocket::Api.default_login_path = '/manage'
+```
 
-      def require_user
-        unless current_user
-          redirect_to LOGIN_URL
-        end
-      end
 
-      helper_method :current_user
-      def current_user
-        @_current_user ||= AuthRocket::Session.from_token(session[:ar_token]).try(:user)
-      end
-    end
+#### /login and /logout routes
+
+The default routes for login and logout are `/login` and `/logout`, respectively. To override them, add an initializer for AuthRocket (eg: `config/initializers/authrocket.rb`) and add:
+
+    AuthRocket::Api.use_default_routes = false
 
-Create a Login or Session controller if you don't have one already:
+Then add your own routes to `config/routes.rb`:
 
-    rails g controller logins
+    get 'mylogin' => 'logins#login'
+    get 'mylogout' => 'logins#logout'
 
-Then add login and logout methods:
 
-    class LoginsController < ApplicationController
-      skip_before_filter :require_user
+#### The login controller
 
+AuthRocket's default login controller automatically sets up the session (by storing the login token in `session[:ar_token]`) and makes a best effort at returning the user to where they were when the login request was triggered.
+
+If you require more customization than provided by modifying the default post-login path, as outlined above, you may create your own LoginsController and inherit from AuthRocket's controller:
+
+    class LoginsController < AuthRocket::ArController
       def login
-        if params[:token]
-          if AuthRocket::Session.from_token(params[:token])
-            session[:ar_token] = params[:token]
-            redirect_to root_path
-            return
-          end
+        super
+        if current_session
+          # @redir will be present if the user's previous URL was able to be
+          # saved. If not, then provide a fallback (eg: root_path,
+          # manager_path, etc).
+          redirect_to @redir || dashboard_path
         end
-        require_user
+        # else if login failed, a redirect to LoginRocket happens automatically
       end
 
       def logout
-        session[:ar_token] = nil
+        super
+        # Change the path and/or the message.
         redirect_to root_path, notice: 'You have been logged out.'
       end
     end
 
-Finally, update `config/routes.rb`:
+If you wish to replace all of the login logic, create a new, different controller that doesn't inherit from `AuthRocket::ArController` (and also override the routes, as per above). You may wish to look at `ArController` as a reference.
 
-    get '/login' => 'logins#login'
-    get '/logout' => 'logins#logout'
 
-That's it. You're all done!
 
+## Verifying login tokens
 
-### Other Methods
+If you're not using the streamlined Rails integration, you'll need to verify the login tokens (unless you're using the API to authenticate directly).
 
-For full details on the AuthRocket API, including examples for Ruby, see our [documentation](http://authrocket.com/docs).
 
+#### JWT verification
 
-## Installation
+AuthRocket's login tokens use the JWT standard and are cryptographically signed. Verifying the signature is extremely fast. Here's are a couple examples of using this:
 
-Add this line to your application's Gemfile:
+    def current_user
+      @_current_user ||= AuthRocket::Session.from_token(session[:ar_token]).try(:user)
+    end
 
-    gem 'authrocket'
+`from_token` returns `nil` if the token is missing, expired, or otherwise invalid.
 
-And then execute:
 
-    $ bundle
+#### API verification
 
-Or install it yourself as:
+AuthRocket also supports Managed Sessions, which enables you to enforce logouts, even across apps (single sign-out!). In this instance, the session is regularly verified using the AuthRocket API.
+
+    def current_user
+      @_current_user ||= AuthRocket::Session.retrieve(session[:ar_token]).try(:user)
+    end
+
+For better performance (and to avoid API rate limits), you may want to cache the results of the API call for 3-15 minutes.
+
+
+#### Initial login
+
+Each of the above are designed for ongoing use. The initial login isn't going to be much different though. Here's an example login action:
+
+    def login
+      if params[:token]
+        if AuthRocket::Session.from_token(params[:token])
+          session[:ar_token] = params[:token]
+          redirect_to '/'
+          return
+        end
+      end
+      redirect_to AuthRocket::Api.credentials[:loginrocket_url]
+    end
+
+
+
+## Reference
+
+For full details on the AuthRocket API, including examples for Ruby, see our [documentation](https://authrocket.com/docs).
 
-    $ gem install authrocket
 
 
 ## Contributing
@@ -134,6 +234,7 @@ Or install it yourself as:
 5. Create new Pull Request
 
 
+
 ## License
 
 MIT

data/app/controllers/auth_rocket/ar_controller.rb

@@ -0,0 +1,44 @@
+class AuthRocket::ArController < ::ApplicationController
+
+  before_action :require_valid_token, only: []
+    # ensure :require_valid_token is known so it can be skipped
+  skip_before_action :require_valid_token
+    # in case it's globally applied to ApplicationController
+
+  def login
+    if params[:token]
+      if s = AuthRocket::Session.from_token(params[:token])
+        @_current_session = s
+        session[:ar_token] = params[:token]
+      end
+    end
+    if current_session
+      @redir = sanitize_redir || session[:last_url]
+      session[:last_url] = nil
+      # redirect in the child
+    else
+      require_valid_token
+    end
+  end
+
+  def logout
+    if current_session && current_session.id =~ /^kss_/ && AuthRocket::Api.credentials[:api_key]
+      AuthRocket::Session.delete current_session.id
+    end
+    session[:ar_token] = nil
+    # redirect in the child
+  end
+
+
+  private
+
+  # sanitize by making it path-only
+  def sanitize_redir(redir=params[:redir])
+    return if redir.blank?
+    u = defined?(Addressable) ? Addressable::URI.parse(redir) : URI.parse(redir)
+    if u
+      [u.path, u.query].compact.join('?')
+    end
+  end
+
+end

data/app/controllers/logins_controller.rb

@@ -0,0 +1,15 @@
+class LoginsController < AuthRocket::ArController
+
+  def login
+    super
+    if current_session
+      redirect_to @redir || AuthRocket::Api.default_login_path
+    end
+  end
+
+  def logout
+    super
+    redirect_to '/', notice: 'You have been logged out.'
+  end
+
+end

data/authrocket.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |gem|
 
   gem.required_ruby_version = '>= 1.9'
 
-  gem.add_dependency 'ncore', '~> 2.0'
+  gem.add_dependency 'ncore', '>= 2.2.2', '< 3'
   gem.add_dependency 'jwt', '~> 1.5.0'
 
   gem.add_development_dependency "bundler", "~> 1.3"

data/config/routes.rb

@@ -0,0 +1,8 @@
+Rails.application.routes.draw do
+
+  if AuthRocket::Api.use_default_routes
+    get 'login' => 'logins#login'
+    get 'logout' => 'logins#logout'
+  end
+
+end

data/lib/authrocket.rb

@@ -5,7 +5,7 @@ require 'jwt'
   require "authrocket/api/#{f}"
 end
 
-%w(app_hook auth_provider credential event login_policy membership notification org realm session user user_token).each do |f|
+%w(app_hook auth_provider credential event jwt_key login_policy membership notification org realm session user user_token).each do |f|
   require "authrocket/#{f}"
 end
 

data/lib/authrocket/api/api_config.rb

@@ -14,13 +14,19 @@ module AuthRocket
 
     if ENV['AUTHROCKET_URI']
       self.credentials = parse_credentials ENV['AUTHROCKET_URI']
-    elsif ENV['AUTHROCKET_API_KEY']
+    elsif ENV['AUTHROCKET_API_KEY'] || ENV['AUTHROCKET_JWT_SECRET']
       self.credentials = {
         api_key: ENV['AUTHROCKET_API_KEY'],
         account: ENV['AUTHROCKET_ACCOUNT'],
         realm:   ENV['AUTHROCKET_REALM'],
         jwt_secret: ENV['AUTHROCKET_JWT_SECRET']
       }
+    else
+      self.credentials = {}
+    end
+
+    if ENV['AUTHROCKET_LOGIN_URL']
+      self.credentials[:loginrocket_url] = ENV['AUTHROCKET_LOGIN_URL']
     end
 
     self.debug = false
@@ -30,11 +36,18 @@ module AuthRocket
 
     self.instrument_key = 'request.authrocket'
 
-    self.status_page = 'http://status.notioneer.com/'
+    self.status_page = 'https://status.authrocket.com/'
 
     self.auth_header_prefix = 'X-Authrocket'
 
     self.credentials_error_message = %Q{Missing API credentials or URL. Set default credentials using "AuthRocket::Api.credentials = {api_key: YOUR_API_KEY, url: AR_REGION_URL}"}
+
+
+    mattr_accessor :use_default_routes
+    self.use_default_routes = true
+
+    mattr_accessor :default_login_path
+    self.default_login_path = '/'
   end
 
 

data/lib/authrocket/api/client.rb

@@ -5,7 +5,7 @@ module AuthRocket
     module ClassMethods
 
       def parse_credentials(creds)
-        creds.with_indifferent_access.except :jwt_secret
+        creds.with_indifferent_access.except :loginrocket_url, :jwt_secret
       end
 
     end

data/lib/authrocket/api/version.rb

@@ -1,3 +1,3 @@
 module AuthRocket
-  VERSION = '2.1.1'
+  VERSION = '2.4.1'
 end

data/lib/authrocket/app_hook.rb

@@ -18,7 +18,7 @@ module AuthRocket
           realm.created  realm.updated  realm.deleted
           user.created  user.updated  user.deleted
             user.email.verification_requested  user.email.verified
-            user.login.succeeded  user.login.failed
+            user.login.succeeded  user.login.failed  user.login.initiated
             user.password_token.created  user.password_token.consumed  user.password_token.failed
         ).sort
     end

data/lib/authrocket/credential.rb

@@ -8,7 +8,17 @@ module AuthRocket
     attr :credential_type
     attr :api_key
     attr :password, :password_confirmation
+    attr :name, :otp_secret, :provisioning_uri, :state
     attr :access_token, :provider_user_id, :token_expires_at
 
+
+    # code - required
+    def verify(code, attribs={})
+      params = parse_request_params(attribs.merge(code: code), json_root: json_root).merge credentials: api_creds
+      parsed, _ = request(:post, url+'/verify', params)
+      load(parsed)
+      errors.empty? ? self : false
+    end
+
   end
 end

data/lib/authrocket/jwt_key.rb

@@ -0,0 +1,11 @@
+module AuthRocket
+  class JwtKey < Resource
+    crud :all, :find, :create, :delete
+
+    belongs_to :realm
+
+    attr :algo, :key, :use
+    attr :expired # readonly
+
+  end
+end

data/lib/authrocket/rails.rb

@@ -0,0 +1,5 @@
+require_relative '../authrocket'
+
+%w(engine).each do |f|
+  require_relative "rails/#{f}"
+end

data/lib/authrocket/rails/controller_helper.rb

@@ -0,0 +1,47 @@
+module AuthRocket::ControllerHelper
+  extend ActiveSupport::Concern
+
+  included do
+    if respond_to?(:helper_method)
+      helper_method :current_session
+      helper_method :current_user
+      helper_method :ar_login_url
+      helper_method :ar_signup_url
+    end
+  end
+
+
+  def require_valid_token
+    unless current_session
+      session[:last_url] = request.get? ? url_for(params.to_unsafe_h.except(:domain, :host, :port, :prototcol, :subdomain, :token)) : url_for
+      redirect_to ar_login_url + "?redir=#{ERB::Util.url_encode(session[:last_url])}"
+    end
+  end
+
+
+  def current_session
+    @_current_session ||= AuthRocket::Session.from_token(session[:ar_token])
+  end
+
+  def current_user
+    current_session.try(:user)
+  end
+
+
+  def ar_login_url
+    @_login_url = loginrocket_url('login')
+  end
+
+  def ar_signup_url
+    @_signup_url = loginrocket_url('signup')
+  end
+
+  def loginrocket_url(path=nil)
+    raise "Missing env AUTHROCKET_LOGIN_URL or credentials[:loginrocket_url]" if AuthRocket::Api.credentials[:loginrocket_url].blank?
+    s = AuthRocket::Api.credentials[:loginrocket_url].dup
+    s.concat('/') unless s.ends_with?('/')
+    s.concat(path) if path
+    s.freeze
+  end
+
+end

data/lib/authrocket/rails/engine.rb

@@ -0,0 +1,13 @@
+module AuthRocket
+  class Engine < ::Rails::Engine
+
+    initializer "authrocket.helpers" do
+      require_relative 'controller_helper'
+
+      ActiveSupport.on_load(:action_controller) do
+        include AuthRocket::ControllerHelper
+      end
+    end
+
+  end
+end

data/lib/authrocket/realm.rb

@@ -5,6 +5,7 @@ module AuthRocket
     has_many :app_hooks
     has_many :auth_providers
     has_many :events
+    has_many :jwt_keys
     has_many :login_policies
     has_many :orgs
     has_many :users
@@ -12,7 +13,8 @@ module AuthRocket
     attr :api_key_minutes, :api_key_policy, :api_key_prefix, :custom, :name
     attr :jwt_fields, :require_unique_emails, :resource_links, :session_minutes
     attr :session_type, :state, :username_validation_human
-    attr :jwt_secret # readonly
+    attr :jwt_key # readonly
+    attr :jwt_secret # readonly, deprecated
     attr :jwt_data # deprecated
 
 

data/lib/authrocket/session.rb

@@ -1,3 +1,6 @@
+require 'openssl'
+require 'jwt'
+
 module AuthRocket
   class Session < Resource
     crud :all, :find, :create, :delete
@@ -13,12 +16,21 @@ module AuthRocket
 
 
     # options - :within - (in seconds) Maximum time since the token was originally issued
+    #         - credentials: {jwt_secret: StringOrKey} - used to verify the token
+    #         - :algo - one of HS256, RS256 (default: auto-detect based on :jwt_secret)
     def self.from_token(token, options={})
       secret = (options[:credentials]||credentials||{})[:jwt_secret]
       raise Error, "missing :jwt_secret (or AUTHROCKET_JWT_SECRET)" unless secret
       return unless token
 
-      jwt, _ = JWT.decode token, secret, true, algorithm: 'HS256'
+      algo = options[:algo]
+      if secret.is_a?(String) && secret.length > 256
+        secret = OpenSSL::PKey.read secret
+      end
+      algo ||= 'RS256' if secret.is_a?(OpenSSL::PKey::RSA)
+      algo ||= 'HS256'
+
+      jwt, _ = JWT.decode token, secret, true, algorithm: algo
 
       if within = options.delete(:within)
         return if jwt['iat'] < Time.now.to_i - within

data/lib/authrocket/user.rb

@@ -51,6 +51,17 @@ module AuthRocket
         new(parsed, creds)
       end
 
+      # params - {username: '...', token: 'kli_...', code: '000000'}
+      def authenticate_code(params)
+        params = parse_request_params(params, json_root: json_root)
+        username = params[json_root].delete(:username) || '--'
+        parsed, creds = request(:post, "#{url}/#{CGI.escape username}/authenticate_code", params)
+        if parsed[:errors].any?
+          raise ValidationError, parsed[:errors]
+        end
+        new(parsed, creds)
+      end
+
       def generate_password_token(username, params={})
         params = parse_request_params(params)
         parsed, creds = request(:post, "#{url}/#{CGI.escape username}/generate_password_token", params)

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: authrocket
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.4.1
 platform: ruby
 authors:
 - AuthRocket Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-07 00:00:00.000000000 Z
+date: 2020-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ncore
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.2
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.2
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -79,7 +85,10 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- app/controllers/auth_rocket/ar_controller.rb
+- app/controllers/logins_controller.rb
 - authrocket.gemspec
+- config/routes.rb
 - lib/authrocket.rb
 - lib/authrocket/api/api_config.rb
 - lib/authrocket/api/client.rb
@@ -90,10 +99,14 @@ files:
 - lib/authrocket/auth_provider.rb
 - lib/authrocket/credential.rb
 - lib/authrocket/event.rb
+- lib/authrocket/jwt_key.rb
 - lib/authrocket/login_policy.rb
 - lib/authrocket/membership.rb
 - lib/authrocket/notification.rb
 - lib/authrocket/org.rb
+- lib/authrocket/rails.rb
+- lib/authrocket/rails/controller_helper.rb
+- lib/authrocket/rails/engine.rb
 - lib/authrocket/realm.rb
 - lib/authrocket/session.rb
 - lib/authrocket/user.rb
@@ -117,8 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: AuthRocket client for Ruby