authrocket 2.3.1 → 2.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: '046029ce77d53804b8dd7e0a43ef4e6a0fbceb80'
4
- data.tar.gz: c04d04e266dbf858013a805e31cab4dda05e6d93
3
+ metadata.gz: '006539bcc19e88ba57fe083333ba916e1c78cf85'
4
+ data.tar.gz: ced8fb000cdd3228b7682741c2d53a4241574846
5
5
  SHA512:
6
- metadata.gz: 46b7098211e40024714acdffc0ec5ed7be522b3e26d4594410a2da1ab83da844d305c5ce763fd29a88b7f51d45007113f6db43e6cf58e050e27447ea2da2e6d4
7
- data.tar.gz: 2d59534c2be7acf53699096c784d3a1f2cb9e68d4c75b16daf9a39f4cc1420433102485973d3bcfbce0b8aa7b4e9e357fb99d1fec3dcfeb56c6ad5e86a3cf10d
6
+ metadata.gz: 37784e02f496e49a7c5a5215cc6e4c9affcc9786026c0d8a7283baa1a93506b89c8bac5ddf2b9626883ef85f761c5cb9454ec9b742eff45a31407da09a61a160
7
+ data.tar.gz: 4406c773bf27963934be6ed067c6993b5ec49e8a93bcb8eafdef5f9dcee7c67cb14777cf016b9081192e62f4524b2e62596625ff7f2c02dae5c3841718438224
@@ -1,3 +1,7 @@
1
+ #### 2.4.0
2
+
3
+ - Add Rails Engine for expedited setup
4
+
1
5
  #### 2.3.1
2
6
 
3
7
  - Properly self-configure when only using :jwt_secret
data/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2014-2017 Notioneer, Inc.
1
+ Copyright (c) 2014-2018 Notioneer, Inc.
2
2
 
3
3
  MIT License
4
4
 
data/README.md CHANGED
@@ -5,124 +5,224 @@
5
5
  This gem works with both Rails and plain Ruby. It will auto-detect Rails and enable Rails-specific features as appropriate.
6
6
 
7
7
 
8
- ## Usage
9
8
 
10
- For installation, add `gem 'authrocket'` to your Gemfile. More details are below.
9
+ ## Usage - Rails
11
10
 
11
+ AuthRocket includes a streamlined Rails integration that automatically provides login and logout actions, and all relevant handling. For a new app, we highly recommend this.
12
12
 
13
- ### Configuration
13
+ Note: The streamlined integration requires Rails 4.2+.
14
14
 
15
- By default, AuthRocket automatically loads your credentials from environment variables. For such hosting environments, including Heroku, just configure these:
15
+ To your Gemfile, add:
16
+
17
+ gem 'authrocket', require: 'authrocket/rails'
18
+
19
+ Then ensure the following environment variables are set:
20
+
21
+ AUTHROCKET_LOGIN_URL = https://sample.e1.loginrocket.com/
22
+ AUTHROCKET_JWT_SECRET = jsk_SAMPLE
23
+
24
+ If you plan to access the AuthRocket API as well, you'll need these variables too:
16
25
 
17
26
  AUTHROCKET_API_KEY = ko_SAMPLE
18
27
  AUTHROCKET_URL = https://api-e1.authrocket.com/v1
19
28
  AUTHROCKET_REALM = rl_SAMPLE # optional
20
- AUTHROCKET_JWT_SECRET = jsk_SAMPLE # optional
29
+
30
+ Finally, add a `before_action` command to any/all controllers or actions that should require a login.
31
+
32
+ For example, to protect your entire app:
33
+
34
+ class ApplicationController < ActionController::Base
35
+ before_action :require_valid_token
36
+ end
37
+
38
+ Selectively exempt certain actions or controllers using the standard `skip_before_action` method:
39
+
40
+ class ContactUsController < ActionController::Base
41
+ skip_before_action :require_valid_token, only: [:new, :create]
42
+ end
43
+
44
+ Helpers are provided to create login, signup, and logout links:
45
+
46
+ <%= link_to 'Login', ar_login_url %>
47
+ <%= link_to 'Signup', ar_signup_url %>
48
+ <%= link_to 'Logout', logout_path %>
49
+
50
+ Both the current session and user are available to your controllers and views:
51
+
52
+ current_session # => AuthRocket::Session
53
+ current_user # => AuthRocket::User
54
+
55
+ Membership and Org data is accessible through those helpers as well. Be sure to tell AuthRocket to include Membership and/or Org data in the JWT (Realm -> Settings -> Sessions & JWT).
56
+
57
+ current_user.memberships
58
+ current_user.memberships.first.org
59
+ current_user.orgs
60
+
61
+ See below for customization details.
62
+
63
+
64
+
65
+ ## Usage - everywhere else
66
+
67
+ If you aren't using Rails, or if the streamlined integration above is too opinionated, use the gem without the extra Rails integration.
68
+
69
+ In your Gemfile, add:
70
+
71
+ gem 'authrocket'
72
+
73
+ Then set the following environment variables:
74
+
75
+ # If accessing the AuthRocket API:
76
+ AUTHROCKET_API_KEY = ko_SAMPLE
77
+ AUTHROCKET_URL = https://api-e1.authrocket.com/v1 # must match your account's provisioned cluster
78
+ AUTHROCKET_REALM = rl_SAMPLE # optional
79
+ #
80
+ # If using JWT-verification of AuthRocket's login tokens:
81
+ AUTHROCKET_JWT_SECRET = jsk_SAMPLE
82
+
83
+ If you're using either Hosted LoginRocket or authrocket.js to manage logins, see Verifing login tokens below. If you plan to use the API to directly authenticate, see the [API docs](https://authrocket.com/docs/api).
84
+
85
+
21
86
 
22
- `AUTHROCKET_URL` must be updated based on what cluster your account is provisioned on.
87
+ ## Configuration
23
88
 
24
- `AUTHROCKET_REALM` is optional. If you're using a single Realm, it's easiest to add it here as an application-wide default. If you're using multiple Realms with your app, we recommend leaving it out here and setting it as you go.
89
+ By default, AuthRocket automatically loads credentials from environment variables. This is optimal for any 12-factor deployment. Supported variables are:
25
90
 
26
- `AUTHROCKET_JWT_SECRET` is optional. It only should be included if you've also specified a single realm via AUTHROCKET_REALM *and* you're using hosted logins or authrocket.js. The tokens returned by both are JWT-compatible and can be verified in-app using a matching secret.
91
+ `AUTHROCKET_API_KEY = ko_SAMPLE`
92
+ Your AuthRocket API key. Required to use the API (but not if only performing JWT verification of login tokens).
27
93
 
28
- It's possible to configure AuthRocket using a Rails initializer (or other initializaiton code) too.
94
+ `AUTHROCKET_JWT_SECRET = jsk_SAMPLE`
95
+ Used to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. This is a realm-specific value, so like `AUTHROCKET_REALM`, set it on a per-use basis if using multiple realms.
96
+
97
+ `AUTHROCKET_LOGIN_URL = https://sample.e1.loginrocket.com/`
98
+ The LoginRocket URL for your Connected App. Only used by the streamlined Rails integration (for redirects), but still available to use otherwise. If your app uses multiple realms, you'll need to handle this on your own. If you're using a custom domain, this will be that domain and will not contain 'loginrocket.com'.
99
+
100
+ `AUTHROCKET_REALM = rl_SAMPLE`
101
+ Sets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might using multiple realms. In this case, don't set this globally, but include it as part of the `:credentials` set for each API method.
102
+
103
+ `AUTHROCKET_URL = https://api-e1.authrocket.com/v1`
104
+ The URL of the AuthRocket API server. This may vary depending on which cluster your account is provisioned on.
105
+
106
+
107
+ It's also possible to configure AuthRocket using a Rails initializer (or other initialization code).
29
108
 
30
109
  AuthRocket::Api.credentials = {
31
110
  api_key: 'ko_SAMPLE',
32
- url: 'https://api-e1.authrocket.com/v1',
111
+ jwt_secret: 'jsk_SAMPLE',
112
+ loginrocket_url: 'https://sample.e1.loginrocket.com/',
33
113
  realm: 'rl_SAMPLE',
34
- jwt_secret: 'jsk_SAMPLE'
114
+ url: 'https://api-e1.authrocket.com/v1'
35
115
  }
36
116
 
37
117
 
38
- ### Hosted Logins
39
118
 
40
- AuthRocket has a few options to handle logins. One option is to let AuthRocket handle the login process completely, which is what's shown here. Your app only needs to verify the final login token. This example is specific to Rails, but adapt accordingly for Sinatra or any other framework.
119
+ ## Customizing the Rails integration
41
120
 
42
- To get started, login to AuthRocket and add a Login Policy (under Logins/Signups) for your chosen Realm (create your first Realm if you haven't already).
121
+ The built-in Rails integration tries to handle as much for you as possible. However, there may be times when you wish to modify the default behavior.
43
122
 
44
- Be sure to enable Hosted Logins (a separate step) and specify a Login Handler URL. For development purposes, we'll point the Login Handler URL to your local app. Assuming your Rails app is running on port 3000, you'd enter `http://localhost:3000/login`.
45
123
 
46
- After enabling Hosted Logins, take note of the LoginRocket URL. You'll need this below.
124
+ #### The default post-login path
47
125
 
48
- Let's add a couple methods to your Application Controller, substituting the correct value for `LOGIN_URL`:
126
+ After a user logs in (or signs up), they are returned to either the last page they tried to access (if known) or to `'/'` (the default path).
49
127
 
50
- class ApplicationController < ActionController::Base
51
- before_filter :require_user
52
- # This protects *all* of your app. If that's not what
53
- # you want, then just add this to the controllers
54
- # that need to be protected.
128
+ This default path may be changed using an initializer.
55
129
 
56
- private
130
+ Create/edit `config/initializers/authrocket.rb` and add:
57
131
 
58
- LOGIN_URL = 'https://sample.e1.loginrocket.com/'
59
- # This should be your app's own LoginRocket URL, as
60
- # shown in the Login Policy details.
132
+ ```ruby
133
+ AuthRocket::Api.default_login_path = '/manage'
134
+ ```
61
135
 
62
- def require_user
63
- unless current_user
64
- redirect_to LOGIN_URL
65
- end
66
- end
67
136
 
68
- helper_method :current_user
69
- def current_user
70
- @_current_user ||= AuthRocket::Session.from_token(session[:ar_token]).try(:user)
71
- end
72
- end
137
+ #### /login and /logout routes
138
+
139
+ The default routes for login and logout are `/login` and `/logout`, respectively. To override them, add an initializer for AuthRocket (eg: `config/initializers/authrocket.rb`) and add:
140
+
141
+ AuthRocket::Api.use_default_routes = false
73
142
 
74
- Create a Login or Session controller if you don't have one already:
143
+ Then add your own routes to `config/routes.rb`:
75
144
 
76
- rails g controller logins
145
+ get 'mylogin' => 'logins#login'
146
+ get 'mylogout' => 'logins#logout'
77
147
 
78
- Then add login and logout methods:
79
148
 
80
- class LoginsController < ApplicationController
81
- skip_before_filter :require_user
149
+ #### The login controller
82
150
 
151
+ AuthRocket's default login controller automatically sets up the session (by storing the login token in `session[:ar_token]`) and makes a best effort at returning the user to where they were when the login request was triggered.
152
+
153
+ If you require more customization than provided by modifying the default post-login path, as outlined above, you may create your own LoginsController and inherit from AuthRocket's controller:
154
+
155
+ class LoginsController < AuthRocket::ArController
83
156
  def login
84
- if params[:token]
85
- if AuthRocket::Session.from_token(params[:token])
86
- session[:ar_token] = params[:token]
87
- redirect_to root_path
88
- return
89
- end
157
+ super
158
+ if current_session
159
+ # @redir will be present if the user's previous URL was able to be
160
+ # saved. If not, then provide a fallback (eg: root_path,
161
+ # manager_path, etc).
162
+ redirect_to @redir || dashboard_path
90
163
  end
91
- require_user
164
+ # else if login failed, a redirect to LoginRocket happens automatically
92
165
  end
93
166
 
94
167
  def logout
95
- session[:ar_token] = nil
168
+ super
169
+ # Change the path and/or the message.
96
170
  redirect_to root_path, notice: 'You have been logged out.'
97
171
  end
98
172
  end
99
173
 
100
- Finally, update `config/routes.rb`:
174
+ If you wish to replace all of the login logic, create a new, different controller that doesn't inherit from `AuthRocket::ArController` (and also override the routes, as per above). You may wish to look at `ArController` as a reference.
101
175
 
102
- get '/login' => 'logins#login'
103
- get '/logout' => 'logins#logout'
104
176
 
105
- That's it. You're all done!
106
177
 
178
+ ## Verifying login tokens
107
179
 
108
- ### Other Methods
180
+ If you're not using the streamlined Rails integration, you'll need to verify the login tokens (unless you're using the API to authenticate directly).
109
181
 
110
- For full details on the AuthRocket API, including examples for Ruby, see our [documentation](http://authrocket.com/docs).
111
182
 
183
+ #### JWT verification
112
184
 
113
- ## Installation
185
+ AuthRocket's login tokens use the JWT standard and are cryptographically signed. Verifying the signature is extremely fast. Here's are a couple examples of using this:
114
186
 
115
- Add this line to your application's Gemfile:
187
+ def current_user
188
+ @_current_user ||= AuthRocket::Session.from_token(session[:ar_token]).try(:user)
189
+ end
116
190
 
117
- gem 'authrocket'
191
+ `from_token` returns `nil` if the token is missing, expired, or otherwise invalid.
118
192
 
119
- And then execute:
120
193
 
121
- $ bundle
194
+ #### API verification
122
195
 
123
- Or install it yourself as:
196
+ AuthRocket also supports Managed Sessions, which enables you to enforce logouts, even across apps (single sign-out!). In this instance, the session is regularly verified using the AuthRocket API.
197
+
198
+ def current_user
199
+ @_current_user ||= AuthRocket::Session.retrieve(session[:ar_token]).try(:user)
200
+ end
201
+
202
+ For better performance (and to avoid API rate limits), you may want to cache the results of the API call for 3-15 minutes.
203
+
204
+
205
+ #### Initial login
206
+
207
+ Each of the above are designed for ongoing use. The initial login isn't going to be much different though. Here's an example login action:
208
+
209
+ def login
210
+ if params[:token]
211
+ if AuthRocket::Session.from_token(params[:token])
212
+ session[:ar_token] = params[:token]
213
+ redirect_to '/'
214
+ return
215
+ end
216
+ end
217
+ redirect_to AuthRocket::Api.credentials[:loginrocket_url]
218
+ end
219
+
220
+
221
+
222
+ ## Reference
223
+
224
+ For full details on the AuthRocket API, including examples for Ruby, see our [documentation](https://authrocket.com/docs).
124
225
 
125
- $ gem install authrocket
126
226
 
127
227
 
128
228
  ## Contributing
@@ -134,6 +234,7 @@ Or install it yourself as:
134
234
  5. Create new Pull Request
135
235
 
136
236
 
237
+
137
238
  ## License
138
239
 
139
240
  MIT
@@ -0,0 +1,44 @@
1
+ class AuthRocket::ArController < ::ApplicationController
2
+
3
+ before_action :require_valid_token, only: []
4
+ # ensure :require_valid_token is known so it can be skipped
5
+ skip_before_action :require_valid_token
6
+ # in case it's globally applied to ApplicationController
7
+
8
+ def login
9
+ if params[:token]
10
+ if s = AuthRocket::Session.from_token(params[:token])
11
+ @_current_session = s
12
+ session[:ar_token] = params[:token]
13
+ end
14
+ end
15
+ if current_session
16
+ @redir = sanitize_redir || session[:last_url]
17
+ session[:last_url] = nil
18
+ # redirect in the child
19
+ else
20
+ require_valid_token
21
+ end
22
+ end
23
+
24
+ def logout
25
+ if current_session && current_session.id =~ /^kss_/ && AuthRocket::Api.credentials[:api_key]
26
+ AuthRocket::Session.delete current_session.id
27
+ end
28
+ session[:ar_token] = nil
29
+ # redirect in the child
30
+ end
31
+
32
+
33
+ private
34
+
35
+ # sanitize by making it path-only
36
+ def sanitize_redir(redir=params[:redir])
37
+ return if redir.blank?
38
+ u = defined?(Addressable) ? Addressable::URI.parse(redir) : URI.parse(redir)
39
+ if u
40
+ [u.path, u.query].compact.join('?')
41
+ end
42
+ end
43
+
44
+ end
@@ -0,0 +1,15 @@
1
+ class LoginsController < AuthRocket::ArController
2
+
3
+ def login
4
+ super
5
+ if current_session
6
+ redirect_to @redir || AuthRocket::Api.default_login_path
7
+ end
8
+ end
9
+
10
+ def logout
11
+ super
12
+ redirect_to '/', notice: 'You have been logged out.'
13
+ end
14
+
15
+ end
@@ -0,0 +1,8 @@
1
+ Rails.application.routes.draw do
2
+
3
+ if AuthRocket::Api.use_default_routes
4
+ get 'login' => 'logins#login'
5
+ get 'logout' => 'logins#logout'
6
+ end
7
+
8
+ end
@@ -21,6 +21,12 @@ module AuthRocket
21
21
  realm: ENV['AUTHROCKET_REALM'],
22
22
  jwt_secret: ENV['AUTHROCKET_JWT_SECRET']
23
23
  }
24
+ else
25
+ self.credentials = {}
26
+ end
27
+
28
+ if ENV['AUTHROCKET_LOGIN_URL']
29
+ self.credentials[:loginrocket_url] = ENV['AUTHROCKET_LOGIN_URL']
24
30
  end
25
31
 
26
32
  self.debug = false
@@ -35,6 +41,13 @@ module AuthRocket
35
41
  self.auth_header_prefix = 'X-Authrocket'
36
42
 
37
43
  self.credentials_error_message = %Q{Missing API credentials or URL. Set default credentials using "AuthRocket::Api.credentials = {api_key: YOUR_API_KEY, url: AR_REGION_URL}"}
44
+
45
+
46
+ mattr_accessor :use_default_routes
47
+ self.use_default_routes = true
48
+
49
+ mattr_accessor :default_login_path
50
+ self.default_login_path = '/'
38
51
  end
39
52
 
40
53
 
@@ -5,7 +5,7 @@ module AuthRocket
5
5
  module ClassMethods
6
6
 
7
7
  def parse_credentials(creds)
8
- creds.with_indifferent_access.except :jwt_secret
8
+ creds.with_indifferent_access.except :loginrocket_url, :jwt_secret
9
9
  end
10
10
 
11
11
  end
@@ -1,3 +1,3 @@
1
1
  module AuthRocket
2
- VERSION = '2.3.1'
2
+ VERSION = '2.4.0'
3
3
  end
@@ -0,0 +1,5 @@
1
+ require_relative '../authrocket'
2
+
3
+ %w(engine).each do |f|
4
+ require_relative "rails/#{f}"
5
+ end
@@ -0,0 +1,47 @@
1
+ module AuthRocket::ControllerHelper
2
+ extend ActiveSupport::Concern
3
+
4
+ included do
5
+ if respond_to?(:helper_method)
6
+ helper_method :current_session
7
+ helper_method :current_user
8
+ helper_method :ar_login_url
9
+ helper_method :ar_signup_url
10
+ end
11
+ end
12
+
13
+
14
+ def require_valid_token
15
+ unless current_session
16
+ session[:last_url] = request.get? ? url_for(params.to_unsafe_h.except(:domain, :host, :port, :prototcol, :subdomain, :token)) : url_for
17
+ redirect_to ar_login_url + "?redir=#{ERB::Util.url_encode(session[:last_url])}"
18
+ end
19
+ end
20
+
21
+
22
+ def current_session
23
+ @_current_session ||= AuthRocket::Session.from_token(session[:ar_token])
24
+ end
25
+
26
+ def current_user
27
+ current_session.try(:user)
28
+ end
29
+
30
+
31
+ def ar_login_url
32
+ @_login_url = loginrocket_url('login')
33
+ end
34
+
35
+ def ar_signup_url
36
+ @_signup_url = loginrocket_url('signup')
37
+ end
38
+
39
+ def loginrocket_url(path=nil)
40
+ raise "Missing env AUTHROCKET_LOGIN_URL or credentials[:loginrocket_url]" if AuthRocket::Api.credentials[:loginrocket_url].blank?
41
+ s = AuthRocket::Api.credentials[:loginrocket_url].dup
42
+ s.concat('/') unless s.ends_with?('/')
43
+ s.concat(path) if path
44
+ s.freeze
45
+ end
46
+
47
+ end
@@ -0,0 +1,13 @@
1
+ module AuthRocket
2
+ class Engine < ::Rails::Engine
3
+
4
+ initializer "authrocket.helpers" do
5
+ require_relative 'controller_helper'
6
+
7
+ ActiveSupport.on_load(:action_controller) do
8
+ include AuthRocket::ControllerHelper
9
+ end
10
+ end
11
+
12
+ end
13
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authrocket
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.1
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - AuthRocket Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-23 00:00:00.000000000 Z
11
+ date: 2018-01-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ncore
@@ -79,7 +79,10 @@ files:
79
79
  - LICENSE
80
80
  - README.md
81
81
  - Rakefile
82
+ - app/controllers/auth_rocket/ar_controller.rb
83
+ - app/controllers/logins_controller.rb
82
84
  - authrocket.gemspec
85
+ - config/routes.rb
83
86
  - lib/authrocket.rb
84
87
  - lib/authrocket/api/api_config.rb
85
88
  - lib/authrocket/api/client.rb
@@ -95,6 +98,9 @@ files:
95
98
  - lib/authrocket/membership.rb
96
99
  - lib/authrocket/notification.rb
97
100
  - lib/authrocket/org.rb
101
+ - lib/authrocket/rails.rb
102
+ - lib/authrocket/rails/controller_helper.rb
103
+ - lib/authrocket/rails/engine.rb
98
104
  - lib/authrocket/realm.rb
99
105
  - lib/authrocket/session.rb
100
106
  - lib/authrocket/user.rb