authrocket 2.4.1 → 3.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +39 -0
- data/LICENSE +1 -1
- data/README.md +72 -62
- data/app/controllers/auth_rocket/ar_controller.rb +11 -33
- data/app/controllers/logins_controller.rb +1 -8
- data/authrocket.gemspec +4 -3
- data/config/routes.rb +0 -1
- data/lib/authrocket.rb +23 -1
- data/lib/authrocket/api/api_config.rb +17 -18
- data/lib/authrocket/api/client.rb +1 -1
- data/lib/authrocket/api/version.rb +1 -1
- data/lib/authrocket/auth_provider.rb +48 -49
- data/lib/authrocket/client_app.rb +14 -0
- data/lib/authrocket/connection.rb +13 -0
- data/lib/authrocket/credential.rb +12 -6
- data/lib/authrocket/domain.rb +19 -0
- data/lib/authrocket/event.rb +2 -3
- data/lib/authrocket/hook.rb +42 -0
- data/lib/authrocket/hook_state.rb +26 -0
- data/lib/authrocket/invitation.rb +35 -0
- data/lib/authrocket/membership.rb +1 -1
- data/lib/authrocket/named_permission.rb +10 -0
- data/lib/authrocket/notification.rb +1 -1
- data/lib/authrocket/oauth2_session.rb +26 -0
- data/lib/authrocket/org.rb +2 -1
- data/lib/authrocket/rails/controller_helper.rb +80 -20
- data/lib/authrocket/rails/engine.rb +6 -1
- data/lib/authrocket/realm.rb +26 -9
- data/lib/authrocket/resource_link.rb +10 -0
- data/lib/authrocket/session.rb +104 -33
- data/lib/authrocket/token.rb +9 -0
- data/lib/authrocket/user.rb +89 -54
- metadata +37 -22
- data/lib/authrocket/app_hook.rb +0 -28
- data/lib/authrocket/login_policy.rb +0 -14
- data/lib/authrocket/user_token.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 496c2639a6c1ce3fbee2aa2630cad8fda1d9e2d4b6dc599b1e67cbaa3aa9e73b
|
4
|
+
data.tar.gz: 4b60926eeb42fe5c1a7676a40b144f097fd117dc6db5083e5c0990347d9e09cd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '08b37f9964636332dd7154a03a5d37074cf7e766dfc48f9add8e96e114ec8a518b9a1324e74a1063931d2e40b4fd07e146675e0f03f28ac5914bf48372b5efd5'
|
7
|
+
data.tar.gz: 4269068e638a0451ca3af856101adf6d90660c0a68a8772e5b5625f3ebf1ec50b56fa8c2e2d69917086cc85f115bfc0f7afce708f580f547aaf837009862f348
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,42 @@
|
|
1
|
+
#### 3.3.0
|
2
|
+
|
3
|
+
- Update Invitation, Hook, Realm, User
|
4
|
+
|
5
|
+
#### 3.2.1
|
6
|
+
|
7
|
+
- Update AuthProvider
|
8
|
+
|
9
|
+
#### 3.2.0
|
10
|
+
|
11
|
+
- Add HookState
|
12
|
+
- Update Connection, Hook
|
13
|
+
|
14
|
+
#### 3.1.0
|
15
|
+
|
16
|
+
- Automatically handle login tokens in an Authorization header
|
17
|
+
eg: Authorization: Bearer {the-token}
|
18
|
+
- Optimize LR JWKS support to match by kid
|
19
|
+
|
20
|
+
#### 3.0.0
|
21
|
+
|
22
|
+
- NOTE: This version includes breaking changes.
|
23
|
+
It is only compatible with AuthRocket 2. Use gem version '~> 2.0' with AuthRocket 1.
|
24
|
+
- Refactor Rails integration
|
25
|
+
- Update resources for AuthRocket 2
|
26
|
+
- Add: ClientApp, Connection, Domain, Invitation, NamedPermission, Oauth2Session, ResourceLink, Token
|
27
|
+
- Remove: LoginPolicy, UserToken,
|
28
|
+
- Rename: AppHook -> Hook
|
29
|
+
- Update most others
|
30
|
+
- Support LR JWKS - retrieve RS256 key when key not pre-configured
|
31
|
+
- Update auth/credentials
|
32
|
+
- Rename ENV AUTHROCKET_JWT_SECRET -> AUTHROCKET_JWT_KEY
|
33
|
+
- Rename ENV AUTHROCKET_LOGIN_URL -> LOGINROCKET_URL
|
34
|
+
- Rename AuthRocket::API.credentials :jwt_secret -> :jwt_key
|
35
|
+
- Update ncore to v3
|
36
|
+
- `#errors` is now always an ActiveModel::Errors instance
|
37
|
+
- <exception>#errors is now an ActiveModel::Errors for all applicable exceptions
|
38
|
+
- Require Ruby >= 2.3
|
39
|
+
|
1
40
|
#### 2.4.1
|
2
41
|
|
3
42
|
- Require ncore 2.2.2+
|
data/LICENSE
CHANGED
data/README.md
CHANGED
@@ -8,7 +8,7 @@ This gem works with both Rails and plain Ruby. It will auto-detect Rails and ena
|
|
8
8
|
|
9
9
|
## Usage - Rails
|
10
10
|
|
11
|
-
AuthRocket includes a streamlined Rails integration that automatically
|
11
|
+
AuthRocket includes a streamlined Rails integration that automatically handles logins and logouts. For a new app, we highly recommend this.
|
12
12
|
|
13
13
|
Note: The streamlined integration requires Rails 4.2+.
|
14
14
|
|
@@ -16,47 +16,55 @@ To your Gemfile, add:
|
|
16
16
|
|
17
17
|
gem 'authrocket', require: 'authrocket/rails'
|
18
18
|
|
19
|
-
Then ensure the following environment
|
19
|
+
Then ensure the following environment variable is set:
|
20
20
|
|
21
|
-
|
22
|
-
|
21
|
+
LOGINROCKET_URL = https://sample.e2.loginrocket.com/
|
22
|
+
|
23
|
+
If you've changed the default JWT key type to HS256, you'll also need this variable:
|
24
|
+
|
25
|
+
AUTHROCKET_JWT_KEY = jsk_SAMPLE
|
23
26
|
|
24
27
|
If you plan to access the AuthRocket API as well, you'll need these variables too:
|
25
28
|
|
26
|
-
AUTHROCKET_API_KEY
|
27
|
-
AUTHROCKET_URL
|
28
|
-
AUTHROCKET_REALM
|
29
|
+
AUTHROCKET_API_KEY = ks_SAMPLE
|
30
|
+
AUTHROCKET_URL = https://api-e2.authrocket.com/v2
|
31
|
+
AUTHROCKET_REALM = rl_SAMPLE # optional
|
29
32
|
|
30
33
|
Finally, add a `before_action` command to any/all controllers or actions that should require a login.
|
31
34
|
|
32
35
|
For example, to protect your entire app:
|
33
36
|
|
34
37
|
class ApplicationController < ActionController::Base
|
35
|
-
before_action :
|
38
|
+
before_action :require_login
|
36
39
|
end
|
37
40
|
|
38
41
|
Selectively exempt certain actions or controllers using the standard `skip_before_action` method:
|
39
42
|
|
40
|
-
class ContactUsController <
|
41
|
-
skip_before_action :
|
43
|
+
class ContactUsController < ApplicationController
|
44
|
+
skip_before_action :require_login, only: [:new, :create]
|
42
45
|
end
|
43
46
|
|
44
|
-
Helpers are provided to create login, signup, and logout links:
|
47
|
+
Helpers are provided to create login, signup, and logout links, as well as for users to manage their profile:
|
45
48
|
|
46
49
|
<%= link_to 'Login', ar_login_url %>
|
47
50
|
<%= link_to 'Signup', ar_signup_url %>
|
48
51
|
<%= link_to 'Logout', logout_path %>
|
52
|
+
<%= link_to 'Manage Profile', ar_profile_url %>
|
49
53
|
|
50
|
-
Both the current
|
54
|
+
Both the current Session and User are available to your controllers and views:
|
51
55
|
|
52
56
|
current_session # => AuthRocket::Session
|
53
57
|
current_user # => AuthRocket::User
|
54
58
|
|
55
|
-
Membership and Org
|
59
|
+
The current Membership and Org (account) are accessible through those helpers as well.
|
60
|
+
|
61
|
+
current_membership
|
62
|
+
current_org
|
56
63
|
|
57
|
-
|
58
|
-
|
59
|
-
|
64
|
+
If a user is a member of more than one org (account), `current_membership` and `current_org` will be reflect the currently selected account. Additional helpers are available to provide appropriate links to your users:
|
65
|
+
|
66
|
+
<%= link_to 'Manage current account', ar_account_url %>
|
67
|
+
<%= link_to 'Switch accounts', ar_accounts_url %>
|
60
68
|
|
61
69
|
See below for customization details.
|
62
70
|
|
@@ -73,14 +81,13 @@ In your Gemfile, add:
|
|
73
81
|
Then set the following environment variables:
|
74
82
|
|
75
83
|
# If accessing the AuthRocket API:
|
76
|
-
AUTHROCKET_API_KEY
|
77
|
-
AUTHROCKET_URL
|
78
|
-
AUTHROCKET_REALM
|
84
|
+
AUTHROCKET_API_KEY = ks_SAMPLE
|
85
|
+
AUTHROCKET_URL = https://api-e2.authrocket.com/v2 # must match your account's provisioned cluster
|
86
|
+
AUTHROCKET_REALM = rl_SAMPLE # optional
|
79
87
|
#
|
80
88
|
# If using JWT-verification of AuthRocket's login tokens:
|
81
|
-
|
89
|
+
AUTHROCKET_JWT_KEY = SAMPLE
|
82
90
|
|
83
|
-
If you're using either Hosted LoginRocket or authrocket.js to manage logins, see Verifing login tokens below. If you plan to use the API to directly authenticate, see the [API docs](https://authrocket.com/docs/api).
|
84
91
|
|
85
92
|
|
86
93
|
|
@@ -88,30 +95,30 @@ If you're using either Hosted LoginRocket or authrocket.js to manage logins, see
|
|
88
95
|
|
89
96
|
By default, AuthRocket automatically loads credentials from environment variables. This is optimal for any 12-factor deployment. Supported variables are:
|
90
97
|
|
91
|
-
`AUTHROCKET_API_KEY =
|
98
|
+
`AUTHROCKET_API_KEY = ks_SAMPLE`
|
92
99
|
Your AuthRocket API key. Required to use the API (but not if only performing JWT verification of login tokens).
|
93
100
|
|
94
|
-
`
|
95
|
-
Used to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. This is a realm-specific value, so like `AUTHROCKET_REALM`, set it on a per-use basis if using multiple realms.
|
96
|
-
|
97
|
-
`AUTHROCKET_LOGIN_URL = https://sample.e1.loginrocket.com/`
|
98
|
-
The LoginRocket URL for your Connected App. Only used by the streamlined Rails integration (for redirects), but still available to use otherwise. If your app uses multiple realms, you'll need to handle this on your own. If you're using a custom domain, this will be that domain and will not contain 'loginrocket.com'.
|
101
|
+
`AUTHROCKET_JWT_KEY = SAMPLE`
|
102
|
+
Used to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. Also not required if LOGINROCKET_URL is set and RS256 keys are being used, as public keys will be auto-retrieved. This is a realm-specific value, so like `AUTHROCKET_REALM`, set it on a per-use basis if using multiple realms.
|
99
103
|
|
100
104
|
`AUTHROCKET_REALM = rl_SAMPLE`
|
101
105
|
Sets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might using multiple realms. In this case, don't set this globally, but include it as part of the `:credentials` set for each API method.
|
102
106
|
|
103
|
-
`AUTHROCKET_URL = https://api-
|
104
|
-
The URL of the AuthRocket API server. This may vary depending on which cluster your
|
107
|
+
`AUTHROCKET_URL = https://api-e2.authrocket.com/v2`
|
108
|
+
The URL of the AuthRocket API server. This may vary depending on which cluster your service is provisioned on.
|
109
|
+
|
110
|
+
`LOGINROCKET_URL = https://SAMPLE.e2.loginrocket.com/`
|
111
|
+
The LoginRocket URL for your Connected App. Used by the streamlined Rails integration (for redirects) and for auto-retrieval of RS256 JWT keys (if AUTHROCKET_JWT_KEY is not set). If your app uses multiple realms, you'll need to handle this on your own. If you're using a custom domain, this will be that domain and will not contain 'loginrocket.com'.
|
105
112
|
|
106
113
|
|
107
114
|
It's also possible to configure AuthRocket using a Rails initializer (or other initialization code).
|
108
115
|
|
109
116
|
AuthRocket::Api.credentials = {
|
110
|
-
api_key: '
|
111
|
-
|
112
|
-
loginrocket_url: 'https://sample.
|
117
|
+
api_key: 'ks_SAMPLE',
|
118
|
+
jwt_key: 'SAMPLE',
|
119
|
+
loginrocket_url: 'https://sample.e2.loginrocket.com/',
|
113
120
|
realm: 'rl_SAMPLE',
|
114
|
-
url: 'https://api-
|
121
|
+
url: 'https://api-e2.authrocket.com/v2'
|
115
122
|
}
|
116
123
|
|
117
124
|
|
@@ -121,53 +128,56 @@ It's also possible to configure AuthRocket using a Rails initializer (or other i
|
|
121
128
|
The built-in Rails integration tries to handle as much for you as possible. However, there may be times when you wish to modify the default behavior.
|
122
129
|
|
123
130
|
|
124
|
-
####
|
131
|
+
#### Logins
|
132
|
+
|
133
|
+
The Rails integration handles logins on any path by detecting the presence of `?token=...`. It will process the login and then immediately redirect back to the same path without `?token=`; this helps prevent browsers and bookmarks from accidentally saving or caching the login token.
|
134
|
+
|
135
|
+
Likewise, the built-in handler for `before_action :require_login` will automatically redirect to LoginRocket when the user is not currently logged in. `?redirect_uri=<current_path>` will be automatically included so that the user returns to the same place post-login. You can override this behavior by replacing `before_login`.
|
125
136
|
|
126
|
-
|
137
|
+
# For example, to force the user to always return to "/manage":
|
138
|
+
def require_login
|
139
|
+
unless current_session
|
140
|
+
redirect_to ar_login_url(redirect_uri: "/manage")
|
141
|
+
end
|
142
|
+
end
|
127
143
|
|
128
|
-
|
144
|
+
AuthRocket will verify the domain + path to redirect to. You can configure this at Realm -> Settings -> Connected Apps -> (edit) -> Login URLs. The first URL listed will be the default, so it should generally be the default "just logged in" path.
|
129
145
|
|
130
|
-
|
146
|
+
Paths are validated as "equal or more specific". That is, if Login URLs contains "https://my.app/manage", then any path starting with "/manage" will be allowed, but "/other" will not be allowed. If you want to allow any path at your domain, add "https://my.app/" (since "/" will match any path).
|
131
147
|
|
132
|
-
```ruby
|
133
|
-
AuthRocket::Api.default_login_path = '/manage'
|
134
|
-
```
|
135
148
|
|
149
|
+
#### Logouts
|
136
150
|
|
137
|
-
|
151
|
+
##### The default post-logout path
|
138
152
|
|
139
|
-
|
153
|
+
Upon logout, the user will be returned to the root path ("/").
|
154
|
+
|
155
|
+
This default path may be changed using an initializer. Create/edit `config/initializers/authrocket.rb` and add:
|
156
|
+
|
157
|
+
AuthRocket::Api.post_logout_path = '/other'
|
158
|
+
|
159
|
+
|
160
|
+
##### /logout route
|
161
|
+
|
162
|
+
The default route for logout is `/logout`. To overrideis, add an initializer for AuthRocket (eg: `config/initializers/authrocket.rb`) and add:
|
140
163
|
|
141
164
|
AuthRocket::Api.use_default_routes = false
|
142
165
|
|
143
166
|
Then add your own routes to `config/routes.rb`:
|
144
167
|
|
145
|
-
get 'mylogin' => 'logins#login'
|
146
168
|
get 'mylogout' => 'logins#logout'
|
147
169
|
|
148
170
|
|
149
|
-
|
171
|
+
##### The logout action
|
150
172
|
|
151
|
-
AuthRocket's default login controller automatically sets
|
173
|
+
AuthRocket's default login controller automatically sets a logout message using `flash`.
|
152
174
|
|
153
|
-
|
175
|
+
You may customize this, or other logout behavior, by creating your own LoginsController and inherit from AuthRocket's controller:
|
154
176
|
|
155
177
|
class LoginsController < AuthRocket::ArController
|
156
|
-
def login
|
157
|
-
super
|
158
|
-
if current_session
|
159
|
-
# @redir will be present if the user's previous URL was able to be
|
160
|
-
# saved. If not, then provide a fallback (eg: root_path,
|
161
|
-
# manager_path, etc).
|
162
|
-
redirect_to @redir || dashboard_path
|
163
|
-
end
|
164
|
-
# else if login failed, a redirect to LoginRocket happens automatically
|
165
|
-
end
|
166
|
-
|
167
178
|
def logout
|
168
179
|
super
|
169
|
-
|
170
|
-
redirect_to root_path, notice: 'You have been logged out.'
|
180
|
+
flash[:notice] = 'You have been logged out.'
|
171
181
|
end
|
172
182
|
end
|
173
183
|
|
@@ -185,7 +195,7 @@ If you're not using the streamlined Rails integration, you'll need to verify the
|
|
185
195
|
AuthRocket's login tokens use the JWT standard and are cryptographically signed. Verifying the signature is extremely fast. Here's are a couple examples of using this:
|
186
196
|
|
187
197
|
def current_user
|
188
|
-
@_current_user ||= AuthRocket::Session.from_token(session[:ar_token])
|
198
|
+
@_current_user ||= AuthRocket::Session.from_token(session[:ar_token])&.user
|
189
199
|
end
|
190
200
|
|
191
201
|
`from_token` returns `nil` if the token is missing, expired, or otherwise invalid.
|
@@ -196,10 +206,10 @@ AuthRocket's login tokens use the JWT standard and are cryptographically signed.
|
|
196
206
|
AuthRocket also supports Managed Sessions, which enables you to enforce logouts, even across apps (single sign-out!). In this instance, the session is regularly verified using the AuthRocket API.
|
197
207
|
|
198
208
|
def current_user
|
199
|
-
@_current_user ||= AuthRocket::Session.retrieve(session[:ar_token])
|
209
|
+
@_current_user ||= AuthRocket::Session.retrieve(session[:ar_token])&.user
|
200
210
|
end
|
201
211
|
|
202
|
-
For better performance (and to avoid API rate limits), you
|
212
|
+
For better performance (and to avoid API rate limits), you will want to cache the results of the API call for 3-15 minutes.
|
203
213
|
|
204
214
|
|
205
215
|
#### Initial login
|
@@ -1,44 +1,22 @@
|
|
1
1
|
class AuthRocket::ArController < ::ApplicationController
|
2
2
|
|
3
|
-
before_action :
|
4
|
-
# ensure :
|
5
|
-
skip_before_action :
|
3
|
+
before_action :require_login, only: []
|
4
|
+
# ensure :require_login is known so it can be skipped
|
5
|
+
skip_before_action :require_login
|
6
6
|
# in case it's globally applied to ApplicationController
|
7
7
|
|
8
|
-
def login
|
9
|
-
if params[:token]
|
10
|
-
if s = AuthRocket::Session.from_token(params[:token])
|
11
|
-
@_current_session = s
|
12
|
-
session[:ar_token] = params[:token]
|
13
|
-
end
|
14
|
-
end
|
15
|
-
if current_session
|
16
|
-
@redir = sanitize_redir || session[:last_url]
|
17
|
-
session[:last_url] = nil
|
18
|
-
# redirect in the child
|
19
|
-
else
|
20
|
-
require_valid_token
|
21
|
-
end
|
22
|
-
end
|
23
8
|
|
24
9
|
def logout
|
25
|
-
if
|
26
|
-
|
10
|
+
if AuthRocket::Api.post_logout_path
|
11
|
+
uri = Addressable::URI.parse full_url_for
|
12
|
+
uri.path = AuthRocket::Api.post_logout_path
|
13
|
+
redirect_to ar_logout_url(redirect_uri: uri.to_s)
|
14
|
+
else
|
15
|
+
redirect_to ar_logout_url
|
27
16
|
end
|
28
|
-
|
29
|
-
# redirect in the child
|
30
|
-
end
|
31
|
-
|
32
|
-
|
33
|
-
private
|
17
|
+
# set flash message in the child
|
34
18
|
|
35
|
-
|
36
|
-
def sanitize_redir(redir=params[:redir])
|
37
|
-
return if redir.blank?
|
38
|
-
u = defined?(Addressable) ? Addressable::URI.parse(redir) : URI.parse(redir)
|
39
|
-
if u
|
40
|
-
[u.path, u.query].compact.join('?')
|
41
|
-
end
|
19
|
+
session[:ar_token] = nil
|
42
20
|
end
|
43
21
|
|
44
22
|
end
|
@@ -1,15 +1,8 @@
|
|
1
1
|
class LoginsController < AuthRocket::ArController
|
2
2
|
|
3
|
-
def login
|
4
|
-
super
|
5
|
-
if current_session
|
6
|
-
redirect_to @redir || AuthRocket::Api.default_login_path
|
7
|
-
end
|
8
|
-
end
|
9
|
-
|
10
3
|
def logout
|
11
4
|
super
|
12
|
-
|
5
|
+
flash[:notice] = 'You have been logged out.'
|
13
6
|
end
|
14
7
|
|
15
8
|
end
|
data/authrocket.gemspec
CHANGED
@@ -18,10 +18,11 @@ Gem::Specification.new do |gem|
|
|
18
18
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
19
19
|
gem.require_paths = ["lib"]
|
20
20
|
|
21
|
-
gem.required_ruby_version = '>=
|
21
|
+
gem.required_ruby_version = '>= 2.3'
|
22
22
|
|
23
|
-
gem.add_dependency '
|
24
|
-
gem.add_dependency '
|
23
|
+
gem.add_dependency 'addressable', '~> 2.5'
|
24
|
+
gem.add_dependency 'ncore', '~> 3.0'
|
25
|
+
gem.add_dependency 'jwt', '~> 2.1'
|
25
26
|
|
26
27
|
gem.add_development_dependency "bundler", "~> 1.3"
|
27
28
|
gem.add_development_dependency "rake"
|
data/config/routes.rb
CHANGED
data/lib/authrocket.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'addressable/uri'
|
1
2
|
require 'ncore'
|
2
3
|
require 'jwt'
|
3
4
|
|
@@ -5,7 +6,28 @@ require 'jwt'
|
|
5
6
|
require "authrocket/api/#{f}"
|
6
7
|
end
|
7
8
|
|
8
|
-
%w(
|
9
|
+
%w(
|
10
|
+
auth_provider
|
11
|
+
client_app
|
12
|
+
connection
|
13
|
+
credential
|
14
|
+
domain
|
15
|
+
event
|
16
|
+
hook
|
17
|
+
hook_state
|
18
|
+
invitation
|
19
|
+
jwt_key
|
20
|
+
membership
|
21
|
+
named_permission
|
22
|
+
notification
|
23
|
+
oauth2_session
|
24
|
+
org
|
25
|
+
realm
|
26
|
+
resource_link
|
27
|
+
session
|
28
|
+
token
|
29
|
+
user
|
30
|
+
).each do |f|
|
9
31
|
require "authrocket/#{f}"
|
10
32
|
end
|
11
33
|
|
@@ -14,19 +14,21 @@ module AuthRocket
|
|
14
14
|
|
15
15
|
if ENV['AUTHROCKET_URI']
|
16
16
|
self.credentials = parse_credentials ENV['AUTHROCKET_URI']
|
17
|
-
elsif ENV['AUTHROCKET_API_KEY']
|
17
|
+
elsif ENV['AUTHROCKET_API_KEY']
|
18
18
|
self.credentials = {
|
19
19
|
api_key: ENV['AUTHROCKET_API_KEY'],
|
20
|
-
account: ENV['AUTHROCKET_ACCOUNT'],
|
21
20
|
realm: ENV['AUTHROCKET_REALM'],
|
22
|
-
|
21
|
+
service: ENV['AUTHROCKET_SERVICE'],
|
23
22
|
}
|
24
23
|
else
|
25
24
|
self.credentials = {}
|
26
25
|
end
|
27
26
|
|
28
|
-
if ENV['
|
29
|
-
self.credentials[:
|
27
|
+
if ENV['AUTHROCKET_JWT_KEY']
|
28
|
+
self.credentials[:jwt_key] ||= ENV['AUTHROCKET_JWT_KEY']
|
29
|
+
end
|
30
|
+
if ENV['LOGINROCKET_URL']
|
31
|
+
self.credentials[:loginrocket_url] = ENV['LOGINROCKET_URL']
|
30
32
|
end
|
31
33
|
|
32
34
|
self.debug = false
|
@@ -34,29 +36,26 @@ module AuthRocket
|
|
34
36
|
self.strict_attributes = true
|
35
37
|
|
36
38
|
|
39
|
+
self.i18n_scope = :authrocket
|
40
|
+
|
37
41
|
self.instrument_key = 'request.authrocket'
|
38
42
|
|
39
43
|
self.status_page = 'https://status.authrocket.com/'
|
40
44
|
|
41
|
-
self.auth_header_prefix = '
|
45
|
+
self.auth_header_prefix = 'Authrocket'
|
42
46
|
|
43
|
-
self.credentials_error_message = %Q{Missing API credentials or URL. Set default credentials using "AuthRocket::Api.credentials = {api_key: YOUR_API_KEY, url:
|
47
|
+
self.credentials_error_message = %Q{Missing API credentials or URL. Set default credentials using "AuthRocket::Api.credentials = {api_key: YOUR_API_KEY, url: AR_API_URL}"}
|
44
48
|
|
45
49
|
|
46
50
|
mattr_accessor :use_default_routes
|
47
51
|
self.use_default_routes = true
|
48
52
|
|
49
|
-
mattr_accessor :
|
50
|
-
self.
|
53
|
+
mattr_accessor :post_logout_path
|
54
|
+
self.post_logout_path = '/'
|
51
55
|
end
|
52
56
|
|
53
57
|
|
54
58
|
class << self
|
55
|
-
# makes AuthRocket::Realm.model_name.param_key do the right thing
|
56
|
-
def use_relative_model_naming?
|
57
|
-
true
|
58
|
-
end
|
59
|
-
|
60
59
|
|
61
60
|
private
|
62
61
|
|
@@ -69,13 +68,13 @@ module AuthRocket
|
|
69
68
|
[url.password, url.user].each do |part|
|
70
69
|
case part
|
71
70
|
when /^jsk_/
|
72
|
-
o[:
|
73
|
-
when /^k(ey|
|
71
|
+
o[:jwt_key] = part
|
72
|
+
when /^k(ey|s)_/
|
74
73
|
o[:api_key] = part
|
75
|
-
when /^org_/
|
76
|
-
o[:account] = part
|
77
74
|
when /^rl_/
|
78
75
|
o[:realm] = part
|
76
|
+
when /^svc_/
|
77
|
+
o[:service] = part
|
79
78
|
end
|
80
79
|
end
|
81
80
|
url.user = url.password = nil
|