authrocket 3.4.0 → 3.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/LICENSE +1 -1
- data/README.md +20 -15
- data/app/controllers/auth_rocket/ar_controller.rb +2 -2
- data/lib/authrocket/api/railtie.rb +4 -0
- data/lib/authrocket/api/version.rb +1 -1
- data/lib/authrocket/auth_provider.rb +1 -1
- data/lib/authrocket/domain.rb +1 -1
- data/lib/authrocket/hook.rb +4 -2
- data/lib/authrocket/invitation.rb +1 -0
- data/lib/authrocket/jwt_key.rb +1 -1
- data/lib/authrocket/rails/controller_helper.rb +1 -1
- data/lib/authrocket/realm.rb +1 -0
- data/lib/authrocket/user.rb +2 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0091238e7b30cdeac87c32da2c3e6f9b302c98c14388cbe0eec5b82511afc66a'
|
4
|
+
data.tar.gz: 2a375445950752f9a32c685a79ac60e19944723f7e6120939cc3955f1cd80efa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 775584612d24370160e79f06aadb4509138133285af8b74272e36b872574c1291348311131e9161573fdc05f798e2342017bb3b914c975b1d712dc3894a106d3
|
7
|
+
data.tar.gz: 4f4901b367c1cc29d277dd0952de589a8edbb540c540021d21f7e96257295ffe1c0deea9ccbc12580dd02aa38884eb8e9d6e99a71f6c60ad8ec502395a33c380
|
data/CHANGELOG.md
CHANGED
data/LICENSE
CHANGED
data/README.md
CHANGED
@@ -102,7 +102,7 @@ Your AuthRocket API key. Required to use the API (but not if only performing JWT
|
|
102
102
|
Used to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. Also not required if LOGINROCKET_URL is set and RS256 keys are being used, as public keys will be auto-retrieved. This is a realm-specific value, so like `AUTHROCKET_REALM`, set it on a per-use basis if using multiple realms.
|
103
103
|
|
104
104
|
`AUTHROCKET_REALM = rl_SAMPLE`
|
105
|
-
Sets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might
|
105
|
+
Sets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might use multiple realms. In this case, don't set this globally, but include it as part of the `:credentials` set for each API method.
|
106
106
|
|
107
107
|
`AUTHROCKET_URL = https://api-e2.authrocket.com/v2`
|
108
108
|
The URL of the AuthRocket API server. This may vary depending on which cluster your service is provisioned on.
|
@@ -130,18 +130,18 @@ The built-in Rails integration tries to handle as much for you as possible. Howe
|
|
130
130
|
|
131
131
|
#### Logins
|
132
132
|
|
133
|
-
The Rails integration handles logins on any path by detecting the presence of `?token=...`. It will process the login and then immediately redirect back to the same path without `?token
|
133
|
+
The Rails integration handles logins on any path by detecting the presence of `?token=...`. It will process the login and then immediately redirect back to the same path without `?token=`. This helps prevent browsers and bookmarks from accidentally saving or caching the login token.
|
134
134
|
|
135
135
|
Likewise, the built-in handler for `before_action :require_login` will automatically redirect to LoginRocket when the user is not currently logged in. `?redirect_uri=<current_path>` will be automatically included so that the user returns to the same place post-login. You can override this behavior by replacing `before_login`.
|
136
136
|
|
137
137
|
# For example, to force the user to always return to "/manage":
|
138
138
|
def require_login
|
139
139
|
unless current_session
|
140
|
-
redirect_to ar_login_url(redirect_uri: "/manage")
|
140
|
+
redirect_to ar_login_url(redirect_uri: "/manage"), allow_other_host: true
|
141
141
|
end
|
142
142
|
end
|
143
143
|
|
144
|
-
AuthRocket will verify the domain + path to redirect to. You can configure this at Realm -> Settings -> Connected Apps -> (edit) -> Login URLs. The first URL listed will be the default, so it should generally
|
144
|
+
AuthRocket will verify the domain + path to redirect to. You can configure this at Realm -> Settings -> Connected Apps -> (edit) -> Login URLs. The first URL listed will be the default, so it should generally match your "just logged in" path.
|
145
145
|
|
146
146
|
Paths are validated as "equal or more specific". That is, if Login URLs contains "https://my.app/manage", then any path starting with "/manage" will be allowed, but "/other" will not be allowed. If you want to allow any path at your domain, add "https://my.app/" (since "/" will match any path).
|
147
147
|
|
@@ -163,7 +163,7 @@ The default route for logout is `/logout`. To override it, add an initializer fo
|
|
163
163
|
|
164
164
|
AuthRocket::Api.use_default_routes = false
|
165
165
|
|
166
|
-
Then add your own
|
166
|
+
Then add your own route to `config/routes.rb`:
|
167
167
|
|
168
168
|
get 'mylogout' => 'logins#logout'
|
169
169
|
|
@@ -172,7 +172,7 @@ Then add your own routes to `config/routes.rb`:
|
|
172
172
|
|
173
173
|
AuthRocket's default login controller automatically sets a logout message using `flash`.
|
174
174
|
|
175
|
-
You may customize this, or other logout behavior, by creating your own LoginsController and
|
175
|
+
You may customize this, or other logout behavior, by creating your own LoginsController and inheriting from AuthRocket's controller:
|
176
176
|
|
177
177
|
class LoginsController < AuthRocket::ArController
|
178
178
|
def logout
|
@@ -181,18 +181,18 @@ You may customize this, or other logout behavior, by creating your own LoginsCon
|
|
181
181
|
end
|
182
182
|
end
|
183
183
|
|
184
|
-
If you wish to replace all of the login logic, create a new
|
184
|
+
If you wish to replace all of the login logic, create a new controller that doesn't inherit from `AuthRocket::ArController` (and also override the routes, as per above). You may wish to look at `ArController` as a reference.
|
185
185
|
|
186
186
|
|
187
187
|
|
188
188
|
## Verifying login tokens
|
189
189
|
|
190
|
-
If you're not using the streamlined Rails integration, you'll need to verify
|
190
|
+
If you're not using the streamlined Rails integration, you'll need to verify login tokens on your own (unless you're using the API to authenticate directly).
|
191
191
|
|
192
192
|
|
193
193
|
#### JWT verification
|
194
194
|
|
195
|
-
AuthRocket's login tokens use the JWT standard and are cryptographically signed. Verifying the signature is extremely fast. Here's
|
195
|
+
AuthRocket's login tokens use the JWT standard and are cryptographically signed. Verifying the signature is extremely fast. Here's an example:
|
196
196
|
|
197
197
|
def current_user
|
198
198
|
@_current_user ||= AuthRocket::Session.from_token(session[:ar_token])&.user
|
@@ -211,7 +211,7 @@ AuthRocket also supports Managed Sessions, which enables you to enforce logouts,
|
|
211
211
|
|
212
212
|
For better performance (and to avoid API rate limits), you will want to cache the results of the API call for 3-15 minutes.
|
213
213
|
|
214
|
-
If
|
214
|
+
If using Rails, `Rails.cache` is used by default. Otherwise, you must configure a cache store for AuthRocket. In either case, see Caching below.
|
215
215
|
|
216
216
|
|
217
217
|
#### Initial login
|
@@ -226,7 +226,7 @@ Each of the above are designed for ongoing use. The initial login isn't going to
|
|
226
226
|
return
|
227
227
|
end
|
228
228
|
end
|
229
|
-
redirect_to AuthRocket::Api.credentials[:loginrocket_url]
|
229
|
+
redirect_to AuthRocket::Api.credentials[:loginrocket_url], allow_other_host: true
|
230
230
|
end
|
231
231
|
|
232
232
|
|
@@ -251,7 +251,7 @@ To set a global locale for your app, add this to your AuthRocket initializer:
|
|
251
251
|
|
252
252
|
#### Per-request locale
|
253
253
|
|
254
|
-
If your app supports multiple locales, then you'll likely want to set the locale on a per-request basis. Add a `headers: {accept_language: 'en'}`
|
254
|
+
If your app supports multiple locales, then you'll likely want to set the locale on a per-request basis. Add a `headers: {accept_language: 'en'}` argument to relevant API calls:
|
255
255
|
|
256
256
|
AuthRocket::User.create(
|
257
257
|
email: 'jdoe@example.com',
|
@@ -267,7 +267,7 @@ The AuthRocket gem is capable of caching the results of GET requests. Since auth
|
|
267
267
|
|
268
268
|
To enable caching, a cache store must be configured. On Rails, `authrocket` automatically uses Rails.cache, so simply ensure that's setup appropriately.
|
269
269
|
|
270
|
-
If not using Rails (or if you
|
270
|
+
If not using Rails (or if you wish to use a different cache store even when using Rails), add this to your AuthRocket initializer:
|
271
271
|
|
272
272
|
cache_options = {} # app specific
|
273
273
|
AuthRocket::Api.cache_store = RedisCacheStore.new(cache_options)
|
@@ -291,9 +291,14 @@ Next, enable the cache for specific API calls:
|
|
291
291
|
|
292
292
|
|
293
293
|
|
294
|
-
##
|
294
|
+
## Usage
|
295
295
|
|
296
|
-
|
296
|
+
Documentation is provided on our site:
|
297
|
+
|
298
|
+
* [Rails Integration Guide](https://authrocket.com/docs/integration/rails)
|
299
|
+
* [Ruby Integration Guide](https://authrocket.com/docs/integration/ruby)
|
300
|
+
* [Ruby SDK Docs](https://authrocket.com/docs/sdks/ruby) (Expands on this README)
|
301
|
+
* [API Docs with Ruby examples](https://authrocket.com/docs/api#core-api)
|
297
302
|
|
298
303
|
|
299
304
|
|
@@ -10,9 +10,9 @@ class AuthRocket::ArController < ::ApplicationController
|
|
10
10
|
if AuthRocket::Api.post_logout_path
|
11
11
|
uri = Addressable::URI.parse full_url_for
|
12
12
|
uri.path = AuthRocket::Api.post_logout_path
|
13
|
-
redirect_to ar_logout_url(redirect_uri: uri.to_s)
|
13
|
+
redirect_to ar_logout_url(redirect_uri: uri.to_s), allow_other_host: true
|
14
14
|
else
|
15
|
-
redirect_to ar_logout_url
|
15
|
+
redirect_to ar_logout_url, allow_other_host: true
|
16
16
|
end
|
17
17
|
# set flash message in the child
|
18
18
|
|
@@ -40,7 +40,7 @@ module AuthRocket
|
|
40
40
|
NCore::Collection.new.tap do |coll|
|
41
41
|
coll.metadata = parsed[:metadata]
|
42
42
|
parsed[:data].each do |hash|
|
43
|
-
coll << factory(hash
|
43
|
+
coll << factory({data: hash, metadata: parsed[:metadata]}, creds)
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
data/lib/authrocket/domain.rb
CHANGED
data/lib/authrocket/hook.rb
CHANGED
@@ -14,12 +14,13 @@ module AuthRocket
|
|
14
14
|
|
15
15
|
def self.event_types
|
16
16
|
%w( invitation.org.created invitation.org.updated invitation.org.invited invitation.org.accepted invitation.org.expired
|
17
|
+
invitation.preverify.created invitation.preverify.updated invitation.preverify.invited invitation.preverify.accepted invitation.preverify.expired
|
17
18
|
invitation.referral.created invitation.referral.updated invitation.referral.invited invitation.referral.accepted invitation.referral.expired
|
18
19
|
invitation.request.created invitation.request.updated invitation.request.invited invitation.request.accepted invitation.request.expired
|
19
20
|
membership.created membership.updated membership.deleted
|
20
21
|
org.created org.updated org.closed
|
21
22
|
user.created user.updated user.deleted
|
22
|
-
user.email.verifying user.email.verified
|
23
|
+
user.email.updating user.email.verifying user.email.verified
|
23
24
|
user.login.succeeded user.login.failed user.login.initiated
|
24
25
|
user.password.resetting user.password.updated
|
25
26
|
user.profile.updated
|
@@ -28,10 +29,11 @@ module AuthRocket
|
|
28
29
|
|
29
30
|
def self.email_event_types
|
30
31
|
%w( invitation.org.invited invitation.org.accepted
|
32
|
+
invitation.preverify.invited
|
31
33
|
invitation.referral.invited
|
32
34
|
invitation.request.invited
|
33
35
|
user.created
|
34
|
-
user.email.verifying user.email.verified
|
36
|
+
user.email.updating user.email.verifying user.email.verified
|
35
37
|
user.login.succeeded user.login.failed
|
36
38
|
user.password.resetting user.password.updated
|
37
39
|
user.profile.updated
|
data/lib/authrocket/jwt_key.rb
CHANGED
data/lib/authrocket/realm.rb
CHANGED
@@ -19,6 +19,7 @@ module AuthRocket
|
|
19
19
|
attr :available_locales, :default_locale
|
20
20
|
attr :email_verification, :org_mode, :signup
|
21
21
|
attr :name_field, :org_name_field, :password_field, :username_field
|
22
|
+
attr :allowed_origins, :lr_features
|
22
23
|
attr :branding, :color_1, :logo, :logo_icon, :privacy_policy, :stylesheet, :terms_of_service
|
23
24
|
attr :access_token_minutes, :jwt_algo, :jwt_minutes, :jwt_scopes, :session_minutes
|
24
25
|
attr :jwt_key # readonly
|
data/lib/authrocket/user.rb
CHANGED
@@ -9,8 +9,8 @@ module AuthRocket
|
|
9
9
|
has_many :memberships
|
10
10
|
has_many :sessions
|
11
11
|
|
12
|
-
attr :custom, :email, :email_verification, :first_name, :last_name
|
13
|
-
attr :reference, :state, :username
|
12
|
+
attr :custom, :email, :email_pending, :email_verification, :first_name, :last_name
|
13
|
+
attr :locale, :name, :reference, :state, :username
|
14
14
|
attr :password, :password_confirmation # writeonly
|
15
15
|
attr_datetime :created_at, :last_login_at
|
16
16
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authrocket
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- AuthRocket Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-02-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
145
145
|
- !ruby/object:Gem::Version
|
146
146
|
version: '0'
|
147
147
|
requirements: []
|
148
|
-
rubygems_version: 3.
|
148
|
+
rubygems_version: 3.3.26
|
149
149
|
signing_key:
|
150
150
|
specification_version: 4
|
151
151
|
summary: AuthRocket client for Ruby
|