cerner-oauth1a 2.2.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +2 -2
- data/lib/cerner/oauth1a/access_token.rb +4 -2
- data/lib/cerner/oauth1a/access_token_agent.rb +34 -15
- data/lib/cerner/oauth1a/protocol.rb +16 -0
- data/lib/cerner/oauth1a/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97551b442a5cf8e81197726dd7a076fd49ed7e33c5fd2bbf87e27e6368abea4b
|
|
4
|
+
data.tar.gz: de3ec59f5a000715440492c550bebe4f9d3490ce53fd9d88490a08f7539d7208
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a98454061208707ddab9eb7a79b867f8acbcd88fa2d42c9e68411a04fa645004e20d282e39efec0f9e91a7a57d88551588324c933e76b8336313a38c24747964
|
|
7
|
+
data.tar.gz: 6573bfbd3c6ff73b83b957b9b6e784486079b194c9d09c1c4803b16f0336b51376d39ddab369ffdfe5d13ffaa129ecb727256c27f4683169250f7c01fa9498bd
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# v2.3.0
|
|
2
|
+
Added Protection Realm Equivalence feature to Cerner::OAuth1a::AccessTokenAgent,
|
|
3
|
+
which is used by Cerner::OAuth1a::AccessToken#authenticate when comparing realms.
|
|
4
|
+
This allows for realm aliases, so that the OAuth Service can transition hosts.
|
|
5
|
+
|
|
1
6
|
# v2.2.0
|
|
2
7
|
Renamed the cache key prefixes from 'cerner-oauth' cache prefixes to 'cerner-oauth1a'.
|
|
3
8
|
|
data/README.md
CHANGED
|
@@ -22,7 +22,7 @@ for implementing a Ruby-based service.
|
|
|
22
22
|
|
|
23
23
|
# Setup the AccessTokenAgent with an Access Token Service's URL, a Key and a Secret
|
|
24
24
|
agent = Cerner::OAuth1a::AccessTokenAgent.new(
|
|
25
|
-
access_token_url: 'https://api.
|
|
25
|
+
access_token_url: 'https://oauth-api.cerner.com/oauth/access',
|
|
26
26
|
consumer_key: 'CONSUMER_KEY',
|
|
27
27
|
consumer_secret: 'CONSUMER_SECRET'
|
|
28
28
|
)
|
|
@@ -59,7 +59,7 @@ implement that:
|
|
|
59
59
|
authz_header = request['Authorization']
|
|
60
60
|
|
|
61
61
|
# Parse the header value
|
|
62
|
-
access_token = AccessToken.from_authorization_header(authz_header)
|
|
62
|
+
access_token = Cerner::OAuth1a::AccessToken.from_authorization_header(authz_header)
|
|
63
63
|
|
|
64
64
|
# Authenticate the Access Token
|
|
65
65
|
# Note: An AccessTokenAgent, configured with a System Account that has been granted privileges
|
|
@@ -168,7 +168,9 @@ module Cerner
|
|
|
168
168
|
end
|
|
169
169
|
|
|
170
170
|
# Public: Authenticates the #token against the #consumer_key, #signature and side-channel
|
|
171
|
-
# secrets exchange via AccessTokenAgent#retrieve_keys.
|
|
171
|
+
# secrets exchange via AccessTokenAgent#retrieve_keys. If this instance has a #realm set,
|
|
172
|
+
# then it will compare it to the AccessTokenAgent#realm using the AccessTokenAgent#realm_eql?
|
|
173
|
+
# method.
|
|
172
174
|
#
|
|
173
175
|
# access_token_agent - An instance of Cerner::OAuth1a::AccessTokenAgent configured with
|
|
174
176
|
# appropriate credentials to retrieve secrets via
|
|
@@ -182,7 +184,7 @@ module Cerner
|
|
|
182
184
|
def authenticate(access_token_agent)
|
|
183
185
|
raise ArgumentError, 'access_token_agent is nil' unless access_token_agent
|
|
184
186
|
|
|
185
|
-
if @realm &&
|
|
187
|
+
if @realm && !access_token_agent.realm_eql?(@realm)
|
|
186
188
|
raise OAuthError.new('realm does not match provider', nil, 'token_rejected', nil, access_token_agent.realm)
|
|
187
189
|
end
|
|
188
190
|
|
|
@@ -19,14 +19,25 @@ module Cerner
|
|
|
19
19
|
class AccessTokenAgent
|
|
20
20
|
MIME_WWW_FORM_URL_ENCODED = 'application/x-www-form-urlencoded'
|
|
21
21
|
|
|
22
|
+
DEFAULT_REALM_ALIASES = {
|
|
23
|
+
'https://oauth-api.cerner.com' => ['https://api.cernercare.com'].freeze,
|
|
24
|
+
'https://api.cernercare.com' => ['https://oauth-api.cerner.com'].freeze,
|
|
25
|
+
'https://oauth-api.sandboxcerner.com' => ['https://api.sandboxcernercare.com'].freeze,
|
|
26
|
+
'https://api.sandboxcernercare.com' => ['https://oauth-api.sandboxcerner.com'].freeze,
|
|
27
|
+
'https://oauth-api.devcerner.com' => ['https://api.devcernercare.com'].freeze,
|
|
28
|
+
'https://api.devcernercare.com' => ['https://oauth-api.devcerner.com'].freeze
|
|
29
|
+
}.freeze
|
|
30
|
+
|
|
22
31
|
# Returns the URI Access Token URL.
|
|
23
32
|
attr_reader :access_token_url
|
|
24
33
|
# Returns the String Consumer Key.
|
|
25
34
|
attr_reader :consumer_key
|
|
26
35
|
# Returns the String Consumer Secret.
|
|
27
36
|
attr_reader :consumer_secret
|
|
28
|
-
# Returns the String Protection Realm. The realm is root of the access_token_url (
|
|
37
|
+
# Returns the String Protection Realm. The realm is root of the access_token_url (Protocol#realm_for).
|
|
29
38
|
attr_reader :realm
|
|
39
|
+
# Returns the Array of Protection Realm String that are considered equivalent (#realm_eql?) to #realm.
|
|
40
|
+
attr_reader :realm_aliases
|
|
30
41
|
|
|
31
42
|
# Public: Constructs an instance of the agent.
|
|
32
43
|
#
|
|
@@ -55,6 +66,10 @@ module Cerner
|
|
|
55
66
|
# #retrieve_keys. (optional, default: true)
|
|
56
67
|
# :cache_access_tokens - A Boolean for configuring AccessToken caching within
|
|
57
68
|
# #retrieve. (optional, default: true)
|
|
69
|
+
# :realm_aliases - An Array of Strings that provide realm aliases for the
|
|
70
|
+
# realm that's extracted from :access_token_url. If nil,
|
|
71
|
+
# this will be initalized with the DEFAULT_REALM_ALIASES.
|
|
72
|
+
# (optional, default: nil)
|
|
58
73
|
#
|
|
59
74
|
# Raises ArgumentError if access_token_url, consumer_key or consumer_key is nil; if
|
|
60
75
|
# access_token_url is an invalid URI.
|
|
@@ -65,7 +80,8 @@ module Cerner
|
|
|
65
80
|
open_timeout: 5,
|
|
66
81
|
read_timeout: 5,
|
|
67
82
|
cache_keys: true,
|
|
68
|
-
cache_access_tokens: true
|
|
83
|
+
cache_access_tokens: true,
|
|
84
|
+
realm_aliases: nil
|
|
69
85
|
)
|
|
70
86
|
raise ArgumentError, 'consumer_key is nil' unless consumer_key
|
|
71
87
|
raise ArgumentError, 'consumer_secret is nil' unless consumer_secret
|
|
@@ -74,7 +90,9 @@ module Cerner
|
|
|
74
90
|
@consumer_secret = consumer_secret
|
|
75
91
|
|
|
76
92
|
@access_token_url = convert_to_http_uri(access_token_url)
|
|
77
|
-
@realm =
|
|
93
|
+
@realm = Protocol.realm_for(@access_token_url)
|
|
94
|
+
@realm_aliases = realm_aliases
|
|
95
|
+
@realm_aliases ||= DEFAULT_REALM_ALIASES[@realm]
|
|
78
96
|
|
|
79
97
|
@open_timeout = (open_timeout ? open_timeout.to_i : 5)
|
|
80
98
|
@read_timeout = (read_timeout ? read_timeout.to_i : 5)
|
|
@@ -167,6 +185,19 @@ module Cerner
|
|
|
167
185
|
Time.now.to_i
|
|
168
186
|
end
|
|
169
187
|
|
|
188
|
+
# Public: Determines if the passed realm is equivalent to the configured
|
|
189
|
+
# realm by comparing it to the #realm and #realm_aliases.
|
|
190
|
+
#
|
|
191
|
+
# realm - The String to check for equivalence.
|
|
192
|
+
#
|
|
193
|
+
# Returns True if the passed realm is equivalent to the configured realm;
|
|
194
|
+
# False otherwise.
|
|
195
|
+
def realm_eql?(realm)
|
|
196
|
+
return true if @realm.eql?(realm)
|
|
197
|
+
|
|
198
|
+
@realm_aliases.include?(realm)
|
|
199
|
+
end
|
|
200
|
+
|
|
170
201
|
private
|
|
171
202
|
|
|
172
203
|
# Internal: Generate a User-Agent HTTP Header string
|
|
@@ -218,18 +249,6 @@ module Cerner
|
|
|
218
249
|
uri
|
|
219
250
|
end
|
|
220
251
|
|
|
221
|
-
# Internal: Returns a String containing the canonical root url.
|
|
222
|
-
#
|
|
223
|
-
# url - A URL to get the canonical root url String from.
|
|
224
|
-
#
|
|
225
|
-
# raises ArgumentError if url is nil.
|
|
226
|
-
def canonical_root_url_for(url)
|
|
227
|
-
raise ArgumentError, 'url is nil' unless url
|
|
228
|
-
|
|
229
|
-
realm = URI("#{url.scheme}://#{url.host}:#{url.port}")
|
|
230
|
-
realm.to_s
|
|
231
|
-
end
|
|
232
|
-
|
|
233
252
|
# Internal: Prepare a request for #retrieve
|
|
234
253
|
def retrieve_prepare_request(timestamp, nonce, accessor_secret, principal)
|
|
235
254
|
# construct a POST request
|
|
@@ -134,6 +134,22 @@ module Cerner
|
|
|
134
134
|
|
|
135
135
|
default
|
|
136
136
|
end
|
|
137
|
+
|
|
138
|
+
# Public: Returns a String containing a realm value from the URI. The
|
|
139
|
+
# String will be a rooted (path removed) and canonicalized URL of the
|
|
140
|
+
# URL passed.
|
|
141
|
+
#
|
|
142
|
+
# uri - A URI instance containing the URL to construct the realm for.
|
|
143
|
+
#
|
|
144
|
+
# Returns a String containing the realm value.
|
|
145
|
+
#
|
|
146
|
+
# Raises ArgumentError if uri is nil.
|
|
147
|
+
def self.realm_for(uri)
|
|
148
|
+
raise ArgumentError, 'uri is nil' unless uri
|
|
149
|
+
|
|
150
|
+
realm = URI("#{uri.scheme}://#{uri.host}:#{uri.port}")
|
|
151
|
+
realm.to_s
|
|
152
|
+
end
|
|
137
153
|
end
|
|
138
154
|
end
|
|
139
155
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cerner-oauth1a
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Beyer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: |
|
|
14
14
|
A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
|
|
@@ -53,7 +53,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
requirements: []
|
|
56
|
-
rubygems_version: 3.0.
|
|
56
|
+
rubygems_version: 3.0.3
|
|
57
57
|
signing_key:
|
|
58
58
|
specification_version: 4
|
|
59
59
|
summary: Cerner OAuth 1.0a Consumer and Service Provider Library.
|