cerner-oauth1a 2.0.0.rc2 → 2.0.0.rc3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 64818192ce3e55c68d1dbf2a5cc77bf12225e5b5c80cbc3e121b5212f8e5adaa
-  data.tar.gz: dfff2b1c96e60e9b55dbe5ddd024fb80bfbfe6e30613a88bf564cacfe38f1589
+  metadata.gz: d2a4ccfde185aca59fd7d639c4f15db74883c8932d38cc461b4ec1ad38a86e95
+  data.tar.gz: 051e4b68e33bdff8b347f5ec044e2d2a234455a49d6e9b1eef8487973c87fd3f
 SHA512:
-  metadata.gz: 2482f15305e156725b2989609ec9b4c01d1b0535e1641215f34a769495f453043c2d376f405150ff31bc6fa1e94fe7d64f71ae65a8c619d9b06857b130ac01e7
-  data.tar.gz: 9d5368c0f9662259fcd46ef8a3e53491406efc44a63580461be8b527f35df8578a6f23a7ef15b01ce08170581bccc0daee7d67524dda0f81aa58f9dec02a14bd
+  metadata.gz: 43460c5fe1996222164227d1fb8d98a93b7cedb16cf2dd6703a6e89324daab116a0c8994ebb13249aa8c5f8afa8fa5e708b8448ff0ef0d0d533924920d900688
+  data.tar.gz: 23fcbc356390d70b89dc1df139b6edb680e8077521b6b475916bc85f77312fd6b3e3777be9e30c2bc03bfcbe52179200198cefaada61a2c338335770d7935045

data/README.md

@@ -77,6 +77,17 @@ implement that:
     # (xoauth_principal)
     consumer_principal = access_token.consumer_principal
 
+## Caching
+
+The AccessTokenAgent class provides built-in memory caching. AccessTokens and Keys are cached
+behind their respective retrieve methods. The caching can be disabled via parameters passed to the
+constructor. See the class-level documentation for details.
+
+### Caching in Rails
+
+When the gem is loaded within a Rails application, it will attach a Railtie for initializing the
+cache to use an implementation that stores the AccessTokens and Keys within Rails.cache.
+
 ## References
 * https://wiki.ucern.com/display/public/reference/Cerner%27s+OAuth+Specification
   * http://oauth.net/core/1.0a

data/lib/cerner/oauth1a.rb

@@ -2,6 +2,8 @@
 
 require 'cerner/oauth1a/access_token'
 require 'cerner/oauth1a/access_token_agent'
+require 'cerner/oauth1a/cache'
+require 'cerner/oauth1a/cache_rails' if defined?(::Rails) && defined?(::Rails.cache)
 require 'cerner/oauth1a/keys'
 require 'cerner/oauth1a/protocol'
 require 'cerner/oauth1a/version'

data/lib/cerner/oauth1a/access_token.rb

@@ -211,6 +211,7 @@ module Cerner
       def expired?(now: Time.now, fudge_sec: 300)
         # if @expires_at is nil, return true now
         return true unless @expires_at
+
         now = convert_to_time(now)
         now.tv_sec >= @expires_at.tv_sec - fudge_sec
       end
@@ -254,7 +255,8 @@ module Cerner
           token: @token,
           token_secret: @token_secret,
           signature_method: @signature_method,
-          signature: @signature
+          signature: @signature,
+          consumer_principal: @consumer_principal
         }
       end
 
@@ -267,6 +269,7 @@ module Cerner
       # Returns a Time instance in the UTC time zone.
       def convert_to_time(time)
         raise ArgumentError, 'time is nil' unless time
+
         if time.is_a? Time
           time.utc
         else
@@ -280,14 +283,36 @@ module Cerner
       #
       # Raises OAuthError if the parameter is invalid or expired
       def verify_expiration(expires_on)
-        raise OAuthError.new('token missing ExpiresOn', nil, 'oauth_parameters_rejected', 'oauth_token') unless expires_on
+        unless expires_on
+          raise OAuthError.new(
+            'token missing ExpiresOn',
+            nil,
+            'oauth_parameters_rejected',
+            'oauth_token'
+          )
+        end
+
         expires_on = convert_to_time(expires_on)
         now = convert_to_time(Time.now)
-        raise OAuthError.new('token has expired', nil, 'token_expired') if now.tv_sec >= expires_on.tv_sec
+        if now.tv_sec >= expires_on.tv_sec
+          raise OAuthError.new(
+            'token has expired',
+            nil,
+            'token_expired'
+          )
+        end
       end
 
       def load_keys(access_token_agent, keys_version)
-        raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected', 'oauth_token') unless keys_version
+        unless keys_version
+          raise OAuthError.new(
+            'token missing KeysVersion',
+            nil,
+            'oauth_parameters_rejected',
+            'oauth_token'
+          )
+        end
+
         begin
           access_token_agent.retrieve_keys(keys_version)
         rescue OAuthError
@@ -320,7 +345,12 @@ module Cerner
         begin
           secrets = keys.decrypt_hmac_secrets(hmac_secrets)
         rescue ArgumentError, OpenSSL::PKey::RSAError => e
-          raise OAuthError.new("unable to decrypt HMACSecrets: #{e.message}", nil, 'oauth_parameters_rejected', 'oauth_token')
+          raise OAuthError.new(
+            "unable to decrypt HMACSecrets: #{e.message}",
+            nil,
+            'oauth_parameters_rejected',
+            'oauth_token'
+          )
         end
 
         secrets_parts = Protocol.parse_url_query_string(secrets)

data/lib/cerner/oauth1a/access_token_agent.rb

@@ -76,8 +76,8 @@ module Cerner
         @open_timeout = (open_timeout ? open_timeout.to_i : 5)
         @read_timeout = (read_timeout ? read_timeout.to_i : 5)
 
-        @keys_cache = cache_keys ? Cache.new(max: 10) : nil
-        @access_token_cache = cache_access_tokens ? Cache.new(max: 5) : nil
+        @keys_cache = cache_keys ? Cache.instance : nil
+        @access_token_cache = cache_access_tokens ? Cache.instance : nil
       end
 
       # Public: Retrieves the service provider keys from the configured Access Token service endpoint
@@ -96,14 +96,14 @@ module Cerner
         raise ArgumentError, 'keys_version is nil' unless keys_version
 
         if @keys_cache
-          cache_entry = @keys_cache.get(keys_version)
+          cache_entry = @keys_cache.get('cerner-oauth/keys', keys_version)
           return cache_entry.value if cache_entry
         end
 
         request = retrieve_keys_prepare_request(keys_version)
         response = http_client.request(request)
         keys = retrieve_keys_handle_response(keys_version, response)
-        @keys_cache&.put(keys_version, Cache::KeysEntry.new(keys, Cache::TWENTY_FOUR_HOURS))
+        @keys_cache&.put('cerner-oauth/keys', keys_version, Cache::KeysEntry.new(keys, Cache::TWENTY_FOUR_HOURS))
         keys
       end
 
@@ -120,7 +120,7 @@ module Cerner
       def retrieve(principal = nil)
         cache_key = "#{@consumer_key}&#{principal}"
         if @access_token_cache
-          cache_entry = @access_token_cache.get(cache_key)
+          cache_entry = @access_token_cache.get('cerner-oauth/access-tokens', cache_key)
           return cache_entry.value if cache_entry
         end
 
@@ -132,7 +132,7 @@ module Cerner
         request = retrieve_prepare_request(timestamp, nonce, accessor_secret, principal)
         response = http_client.request(request)
         access_token = retrieve_handle_response(response, timestamp, nonce, accessor_secret)
-        @access_token_cache&.put(cache_key, Cache::AccessTokenEntry.new(access_token))
+        @access_token_cache&.put('cerner-oauth/access-tokens', cache_key, Cache::AccessTokenEntry.new(access_token))
         access_token
       end
 
@@ -191,6 +191,7 @@ module Cerner
       # Raises ArgumentError if access_token_url is nil, invalid or not an HTTP/HTTPS URI
       def convert_to_http_uri(access_token_url)
         raise ArgumentError, 'access_token_url is nil' unless access_token_url
+
         if access_token_url.is_a? URI
           uri = access_token_url
         else
@@ -201,7 +202,9 @@ module Cerner
             raise ArgumentError, 'access_token_url is invalid'
           end
         end
+
         raise ArgumentError, 'access_token_url must be an HTTP or HTTPS URI' unless uri.is_a?(URI::HTTP)
+
         uri
       end
 
@@ -269,8 +272,10 @@ module Cerner
           parsed_response = JSON.parse(response.body)
           aes_key = parsed_response.dig('aesKey', 'secretKey')
           raise OAuthError, 'AES secret key retrieved was invalid' unless aes_key
+
           rsa_key = parsed_response.dig('rsaKey', 'publicKey')
           raise OAuthError, 'RSA public key retrieved was invalid' unless rsa_key
+
           Keys.new(
             version: keys_version,
             aes_secret_key: Base64.decode64(aes_key),

data/lib/cerner/oauth1a/cache.rb

@@ -4,13 +4,33 @@ module Cerner
   module OAuth1a
     # Internal: A simple cache abstraction for use by AccessTokenAgent only.
     class Cache
+      @cache_instance_lock = Mutex.new
+
+      def self.instance=(cache_impl)
+        raise ArgumentError, 'cache_impl must not be nil' unless cache_impl
+
+        @cache_instance_lock.synchronize do
+          @cache_instance = cache_impl
+        end
+      end
+
+      def self.instance
+        @cache_instance_lock.synchronize do
+          return @cache_instance if @cache_instance
+
+          @cache_instance = DefaultCache.new(max: 50)
+        end
+      end
+
       # Internal: A cache entry class for Keys values.
       class KeysEntry
         attr_reader :value
+        attr_reader :expires_in
 
         def initialize(keys, expires_in)
           @value = keys
-          @expires_at = Time.now.utc.to_i + expires_in
+          @expires_in = expires_in
+          @expires_at = Time.now.utc.to_i + @expires_in
         end
 
         def expired?(now)
@@ -26,6 +46,10 @@ module Cerner
           @value = access_token
         end
 
+        def expires_in
+          @value.expires_at.to_i - Time.now.utc.to_i
+        end
+
         def expired?(now)
           @value.expired?(now: now)
         end
@@ -34,45 +58,75 @@ module Cerner
       ONE_HOUR = 3600
       TWENTY_FOUR_HOURS = 24 * ONE_HOUR
 
-      def initialize(max:)
-        @max = max
-        @lock = Mutex.new
-        @entries = {}
-      end
+      # Internal: The default implementation of the Cerner::OAuth1a::Cache interface.
+      # This implementation just maintains a capped list of entries in memory.
+      class DefaultCache < Cerner::OAuth1a::Cache
+        def initialize(max:)
+          super()
+          @max = max
+          @lock = Mutex.new
+          @entries = {}
+        end
 
-      def put(key, entry)
-        @lock.synchronize do
-          now = Time.now.utc.to_i
-          prune_expired(now)
-          @entries[key] = entry
-          prune_size
+        def put(namespace, key, entry)
+          @lock.synchronize do
+            now = Time.now.utc.to_i
+            prune_expired(now)
+            @entries[full_key(namespace, key)] = entry
+            prune_size
+          end
         end
-      end
 
-      def get(key)
-        @lock.synchronize do
-          prune_expired(Time.now.utc.to_i)
-          @entries[key]
+        def get(namespace, key)
+          @lock.synchronize do
+            prune_expired(Time.now.utc.to_i)
+            @entries[full_key(namespace, key)]
+          end
         end
-      end
 
-      private
+        private
 
-      def prune_expired(now)
-        return if @entries.empty?
+        def prune_expired(now)
+          return if @entries.empty?
 
-        @entries.delete_if { |_, v| v.expired?(now) }
+          @entries.delete_if { |_, v| v.expired?(now) }
 
-        nil
-      end
+          nil
+        end
+
+        def prune_size
+          return if @entries.empty? || @entries.size <= @max
 
-      def prune_size
-        return if @entries.empty? || @entries.size <= @max
+          num_to_prune = @entries.size - @max
+          num_to_prune.times { @entries.shift }
 
-        num_to_prune = @entries.size - @max
-        num_to_prune.times { @entries.shift }
+          nil
+        end
+      end
 
-        nil
+      # Internal: The base constructor for the interface.
+      def initialize; end
+
+      # Internal: The abstract operation for putting (storing) data in the cache.
+      #
+      # namespace - The namespace for the cache entries.
+      # key       - The key for the cache entries, which is qualified by namespace.
+      # entry     - The entry to be stored in the cache.
+      def put(namespace, key, entry); end
+
+      # Internal: Retrieves the entry, if available, from the cache store.
+      #
+      # namespace - The namespace for the cache entries.
+      # key       - The key for the cache entries.
+      def get(namespace, key); end
+
+      # Internal: Constructs a single, fully qualified key based on the namespace and key value
+      # passed.
+      #
+      # namespace - The namespace for the cache entries.
+      # key       - The key for the cache entries.
+      def full_key(namespace, key)
+        "#{namespace}:#{key}"
       end
     end
   end

data/lib/cerner/oauth1a/cache_rails.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Cerner
+  module OAuth1a
+
+    # Internal: A Railtie that initializer the cache implementation to use Rails.cache.
+    # This will be picked up automatically if ::Rails and ::Rails.cache are defined.
+    class CacheRailtie < ::Rails::Railtie
+      initializer 'cerner-oauth1a.cache_initialization' do |_app|
+        ::Rails.logger.info "#{CacheRailtie.name}: configuring cache to use Rails.cache"
+        Cerner::OAuth1a::Cache.instance = RailsCache.new(::Rails.cache)
+      end
+    end
+
+    # Internal: An implementation of the Cerner::OAuth1a::Cache interface that utilizes
+    # ::Rails.cache.
+    class RailsCache < Cerner::OAuth1a::Cache
+      # Internal: Constructs an instance with a instance of ActiveSupport::Cache::Store, which
+      # is generally ::Rails.cache.
+      #
+      # rails_cache - An instance of ActiveSupport::Cache::Store.
+      def initialize(rails_cache)
+        @cache = rails_cache
+      end
+
+      # Internal: Writes the entry to the cache store.
+      #
+      # namespace - The namespace for the cache entries.
+      # key       - The key for the cache entries, which is qualified by namespace.
+      # entry     - The entry to be stored in the cache.
+      def put(namespace, key, entry)
+        @cache.write(
+          key,
+          entry,
+          namespace: namespace,
+          expires_in: entry.expires_in,
+          race_condition_ttl: 5
+        )
+      end
+
+      # Internal: Retrieves the entry, if available, from the cache store.
+      #
+      # namespace - The namespace for the cache entries.
+      # key       - The key for the cache entries.
+      def get(namespace, key)
+        @cache.read(key, namespace: namespace)
+      end
+    end
+  end
+end

data/lib/cerner/oauth1a/protocol.rb

@@ -122,9 +122,13 @@ module Cerner
       #   parameter.
       def self.convert_problem_to_http_status(problem, default = :unauthorized)
         return default unless problem
+
         problem = problem.to_s
+
         return :unauthorized if UNAUTHORIZED_PROBLEMS.include?(problem)
+
         return :bad_request if BAD_REQUEST_PROBLEMS.include?(problem)
+
         default
       end
     end

data/lib/cerner/oauth1a/version.rb

@@ -2,6 +2,6 @@
 
 module Cerner
   module OAuth1a
-    VERSION = '2.0.0.rc2'
+    VERSION = '2.0.0.rc3'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cerner-oauth1a
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc2
+  version: 2.0.0.rc3
 platform: ruby
 authors:
 - Nathan Beyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-30 00:00:00.000000000 Z
+date: 2018-12-12 00:00:00.000000000 Z
 dependencies: []
 description: |
   A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
@@ -29,6 +29,7 @@ files:
 - lib/cerner/oauth1a/access_token.rb
 - lib/cerner/oauth1a/access_token_agent.rb
 - lib/cerner/oauth1a/cache.rb
+- lib/cerner/oauth1a/cache_rails.rb
 - lib/cerner/oauth1a/keys.rb
 - lib/cerner/oauth1a/oauth_error.rb
 - lib/cerner/oauth1a/protocol.rb
@@ -53,7 +54,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Cerner OAuth 1.0a Consumer and Service Provider Library.