cerner-oauth1a 2.2.0 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +2 -2
- data/lib/cerner/oauth1a/access_token.rb +4 -2
- data/lib/cerner/oauth1a/access_token_agent.rb +34 -15
- data/lib/cerner/oauth1a/protocol.rb +16 -0
- data/lib/cerner/oauth1a/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97551b442a5cf8e81197726dd7a076fd49ed7e33c5fd2bbf87e27e6368abea4b
|
|
4
|
+
data.tar.gz: de3ec59f5a000715440492c550bebe4f9d3490ce53fd9d88490a08f7539d7208
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a98454061208707ddab9eb7a79b867f8acbcd88fa2d42c9e68411a04fa645004e20d282e39efec0f9e91a7a57d88551588324c933e76b8336313a38c24747964
|
|
7
|
+
data.tar.gz: 6573bfbd3c6ff73b83b957b9b6e784486079b194c9d09c1c4803b16f0336b51376d39ddab369ffdfe5d13ffaa129ecb727256c27f4683169250f7c01fa9498bd
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# v2.3.0
|
|
2
|
+
Added Protection Realm Equivalence feature to Cerner::OAuth1a::AccessTokenAgent,
|
|
3
|
+
which is used by Cerner::OAuth1a::AccessToken#authenticate when comparing realms.
|
|
4
|
+
This allows for realm aliases, so that the OAuth Service can transition hosts.
|
|
5
|
+
|
|
1
6
|
# v2.2.0
|
|
2
7
|
Renamed the cache key prefixes from 'cerner-oauth' cache prefixes to 'cerner-oauth1a'.
|
|
3
8
|
|
data/README.md
CHANGED
|
@@ -22,7 +22,7 @@ for implementing a Ruby-based service.
|
|
|
22
22
|
|
|
23
23
|
# Setup the AccessTokenAgent with an Access Token Service's URL, a Key and a Secret
|
|
24
24
|
agent = Cerner::OAuth1a::AccessTokenAgent.new(
|
|
25
|
-
access_token_url: 'https://api.
|
|
25
|
+
access_token_url: 'https://oauth-api.cerner.com/oauth/access',
|
|
26
26
|
consumer_key: 'CONSUMER_KEY',
|
|
27
27
|
consumer_secret: 'CONSUMER_SECRET'
|
|
28
28
|
)
|
|
@@ -59,7 +59,7 @@ implement that:
|
|
|
59
59
|
authz_header = request['Authorization']
|
|
60
60
|
|
|
61
61
|
# Parse the header value
|
|
62
|
-
access_token = AccessToken.from_authorization_header(authz_header)
|
|
62
|
+
access_token = Cerner::OAuth1a::AccessToken.from_authorization_header(authz_header)
|
|
63
63
|
|
|
64
64
|
# Authenticate the Access Token
|
|
65
65
|
# Note: An AccessTokenAgent, configured with a System Account that has been granted privileges
|
|
@@ -168,7 +168,9 @@ module Cerner
|
|
|
168
168
|
end
|
|
169
169
|
|
|
170
170
|
# Public: Authenticates the #token against the #consumer_key, #signature and side-channel
|
|
171
|
-
# secrets exchange via AccessTokenAgent#retrieve_keys.
|
|
171
|
+
# secrets exchange via AccessTokenAgent#retrieve_keys. If this instance has a #realm set,
|
|
172
|
+
# then it will compare it to the AccessTokenAgent#realm using the AccessTokenAgent#realm_eql?
|
|
173
|
+
# method.
|
|
172
174
|
#
|
|
173
175
|
# access_token_agent - An instance of Cerner::OAuth1a::AccessTokenAgent configured with
|
|
174
176
|
# appropriate credentials to retrieve secrets via
|
|
@@ -182,7 +184,7 @@ module Cerner
|
|
|
182
184
|
def authenticate(access_token_agent)
|
|
183
185
|
raise ArgumentError, 'access_token_agent is nil' unless access_token_agent
|
|
184
186
|
|
|
185
|
-
if @realm &&
|
|
187
|
+
if @realm && !access_token_agent.realm_eql?(@realm)
|
|
186
188
|
raise OAuthError.new('realm does not match provider', nil, 'token_rejected', nil, access_token_agent.realm)
|
|
187
189
|
end
|
|
188
190
|
|
|
@@ -19,14 +19,25 @@ module Cerner
|
|
|
19
19
|
class AccessTokenAgent
|
|
20
20
|
MIME_WWW_FORM_URL_ENCODED = 'application/x-www-form-urlencoded'
|
|
21
21
|
|
|
22
|
+
DEFAULT_REALM_ALIASES = {
|
|
23
|
+
'https://oauth-api.cerner.com' => ['https://api.cernercare.com'].freeze,
|
|
24
|
+
'https://api.cernercare.com' => ['https://oauth-api.cerner.com'].freeze,
|
|
25
|
+
'https://oauth-api.sandboxcerner.com' => ['https://api.sandboxcernercare.com'].freeze,
|
|
26
|
+
'https://api.sandboxcernercare.com' => ['https://oauth-api.sandboxcerner.com'].freeze,
|
|
27
|
+
'https://oauth-api.devcerner.com' => ['https://api.devcernercare.com'].freeze,
|
|
28
|
+
'https://api.devcernercare.com' => ['https://oauth-api.devcerner.com'].freeze
|
|
29
|
+
}.freeze
|
|
30
|
+
|
|
22
31
|
# Returns the URI Access Token URL.
|
|
23
32
|
attr_reader :access_token_url
|
|
24
33
|
# Returns the String Consumer Key.
|
|
25
34
|
attr_reader :consumer_key
|
|
26
35
|
# Returns the String Consumer Secret.
|
|
27
36
|
attr_reader :consumer_secret
|
|
28
|
-
# Returns the String Protection Realm. The realm is root of the access_token_url (
|
|
37
|
+
# Returns the String Protection Realm. The realm is root of the access_token_url (Protocol#realm_for).
|
|
29
38
|
attr_reader :realm
|
|
39
|
+
# Returns the Array of Protection Realm String that are considered equivalent (#realm_eql?) to #realm.
|
|
40
|
+
attr_reader :realm_aliases
|
|
30
41
|
|
|
31
42
|
# Public: Constructs an instance of the agent.
|
|
32
43
|
#
|
|
@@ -55,6 +66,10 @@ module Cerner
|
|
|
55
66
|
# #retrieve_keys. (optional, default: true)
|
|
56
67
|
# :cache_access_tokens - A Boolean for configuring AccessToken caching within
|
|
57
68
|
# #retrieve. (optional, default: true)
|
|
69
|
+
# :realm_aliases - An Array of Strings that provide realm aliases for the
|
|
70
|
+
# realm that's extracted from :access_token_url. If nil,
|
|
71
|
+
# this will be initalized with the DEFAULT_REALM_ALIASES.
|
|
72
|
+
# (optional, default: nil)
|
|
58
73
|
#
|
|
59
74
|
# Raises ArgumentError if access_token_url, consumer_key or consumer_key is nil; if
|
|
60
75
|
# access_token_url is an invalid URI.
|
|
@@ -65,7 +80,8 @@ module Cerner
|
|
|
65
80
|
open_timeout: 5,
|
|
66
81
|
read_timeout: 5,
|
|
67
82
|
cache_keys: true,
|
|
68
|
-
cache_access_tokens: true
|
|
83
|
+
cache_access_tokens: true,
|
|
84
|
+
realm_aliases: nil
|
|
69
85
|
)
|
|
70
86
|
raise ArgumentError, 'consumer_key is nil' unless consumer_key
|
|
71
87
|
raise ArgumentError, 'consumer_secret is nil' unless consumer_secret
|
|
@@ -74,7 +90,9 @@ module Cerner
|
|
|
74
90
|
@consumer_secret = consumer_secret
|
|
75
91
|
|
|
76
92
|
@access_token_url = convert_to_http_uri(access_token_url)
|
|
77
|
-
@realm =
|
|
93
|
+
@realm = Protocol.realm_for(@access_token_url)
|
|
94
|
+
@realm_aliases = realm_aliases
|
|
95
|
+
@realm_aliases ||= DEFAULT_REALM_ALIASES[@realm]
|
|
78
96
|
|
|
79
97
|
@open_timeout = (open_timeout ? open_timeout.to_i : 5)
|
|
80
98
|
@read_timeout = (read_timeout ? read_timeout.to_i : 5)
|
|
@@ -167,6 +185,19 @@ module Cerner
|
|
|
167
185
|
Time.now.to_i
|
|
168
186
|
end
|
|
169
187
|
|
|
188
|
+
# Public: Determines if the passed realm is equivalent to the configured
|
|
189
|
+
# realm by comparing it to the #realm and #realm_aliases.
|
|
190
|
+
#
|
|
191
|
+
# realm - The String to check for equivalence.
|
|
192
|
+
#
|
|
193
|
+
# Returns True if the passed realm is equivalent to the configured realm;
|
|
194
|
+
# False otherwise.
|
|
195
|
+
def realm_eql?(realm)
|
|
196
|
+
return true if @realm.eql?(realm)
|
|
197
|
+
|
|
198
|
+
@realm_aliases.include?(realm)
|
|
199
|
+
end
|
|
200
|
+
|
|
170
201
|
private
|
|
171
202
|
|
|
172
203
|
# Internal: Generate a User-Agent HTTP Header string
|
|
@@ -218,18 +249,6 @@ module Cerner
|
|
|
218
249
|
uri
|
|
219
250
|
end
|
|
220
251
|
|
|
221
|
-
# Internal: Returns a String containing the canonical root url.
|
|
222
|
-
#
|
|
223
|
-
# url - A URL to get the canonical root url String from.
|
|
224
|
-
#
|
|
225
|
-
# raises ArgumentError if url is nil.
|
|
226
|
-
def canonical_root_url_for(url)
|
|
227
|
-
raise ArgumentError, 'url is nil' unless url
|
|
228
|
-
|
|
229
|
-
realm = URI("#{url.scheme}://#{url.host}:#{url.port}")
|
|
230
|
-
realm.to_s
|
|
231
|
-
end
|
|
232
|
-
|
|
233
252
|
# Internal: Prepare a request for #retrieve
|
|
234
253
|
def retrieve_prepare_request(timestamp, nonce, accessor_secret, principal)
|
|
235
254
|
# construct a POST request
|
|
@@ -134,6 +134,22 @@ module Cerner
|
|
|
134
134
|
|
|
135
135
|
default
|
|
136
136
|
end
|
|
137
|
+
|
|
138
|
+
# Public: Returns a String containing a realm value from the URI. The
|
|
139
|
+
# String will be a rooted (path removed) and canonicalized URL of the
|
|
140
|
+
# URL passed.
|
|
141
|
+
#
|
|
142
|
+
# uri - A URI instance containing the URL to construct the realm for.
|
|
143
|
+
#
|
|
144
|
+
# Returns a String containing the realm value.
|
|
145
|
+
#
|
|
146
|
+
# Raises ArgumentError if uri is nil.
|
|
147
|
+
def self.realm_for(uri)
|
|
148
|
+
raise ArgumentError, 'uri is nil' unless uri
|
|
149
|
+
|
|
150
|
+
realm = URI("#{uri.scheme}://#{uri.host}:#{uri.port}")
|
|
151
|
+
realm.to_s
|
|
152
|
+
end
|
|
137
153
|
end
|
|
138
154
|
end
|
|
139
155
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cerner-oauth1a
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Beyer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: |
|
|
14
14
|
A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
|
|
@@ -53,7 +53,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
requirements: []
|
|
56
|
-
rubygems_version: 3.0.
|
|
56
|
+
rubygems_version: 3.0.3
|
|
57
57
|
signing_key:
|
|
58
58
|
specification_version: 4
|
|
59
59
|
summary: Cerner OAuth 1.0a Consumer and Service Provider Library.
|