clerk-sdk-ruby 3.1.0 → 3.3.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/Gemfile.lock +9 -11
- data/lib/clerk/authenticatable.rb +10 -0
- data/lib/clerk/constants.rb +10 -0
- data/lib/clerk/rack_middleware_v2.rb +50 -5
- data/lib/clerk/version.rb +1 -1
- data/lib/clerk.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3610550618f6e172b7e27eb9bb64e8a1c95b06b0f802f55b7ee8b9dfb06759a8
|
|
4
|
+
data.tar.gz: 2af0974d0977d33036b9e4a6f940ea6778c876597de0e9c54fdc390f4fe88224
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60be7cafb11ba31d1a059e0b04950f8711c4377f3c9ba7277454513727d251d3896e76607f5c7b61dbf29393f2cebdac87b32e4ea621747b9e140e4c243ff7e3
|
|
7
|
+
data.tar.gz: d9ef3b2f0ff6d52dbc7b1755c9092d594d065c07a0039acf5c49ca217b375bee30a4607fab964cfdaf72eb934ef05c34c2663bdc68d32d4190fd8f508f54df5c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,18 @@
|
|
|
1
1
|
## unreleased
|
|
2
2
|
|
|
3
|
+
## 3.3.0.beta1 - 2024-11-04
|
|
4
|
+
|
|
5
|
+
- feat: Add helpers for Step Up auth / re-verification [https://github.com/clerk/clerk-sdk-ruby/pull/72]
|
|
6
|
+
|
|
7
|
+
## 3.2.0 - 2024-04-08
|
|
8
|
+
|
|
9
|
+
- fix: Infinite redirect loop when client_uat=0 and __session exists [https://github.com/clerk/clerk-sdk-ruby/pull/55]
|
|
10
|
+
|
|
3
11
|
## 3.1.0 - 2024-03-19
|
|
4
12
|
|
|
5
13
|
- fix: Incompatible __client_uat & __session should show interstitial (#51) [https://github.com/clerk/clerk-sdk-ruby/pull/51]
|
|
6
14
|
- fix: Incorrect check that lead to infinite redirect loop introduced by (#51) [https://github.com/clerk/clerk-sdk-ruby/pull/51]
|
|
7
15
|
|
|
8
|
-
|
|
9
16
|
## 3.0.0 - 2024-01-09
|
|
10
17
|
|
|
11
18
|
Note: this is identical to 2.12.0, which was yanked because it contained a
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
clerk-sdk-ruby (3.
|
|
4
|
+
clerk-sdk-ruby (3.2.0)
|
|
5
5
|
concurrent-ruby (~> 1.1)
|
|
6
6
|
faraday (>= 1.4.1, < 3.0)
|
|
7
7
|
jwt (~> 2.5)
|
|
@@ -9,21 +9,19 @@ PATH
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
11
11
|
specs:
|
|
12
|
-
base64 (0.
|
|
12
|
+
base64 (0.1.1)
|
|
13
13
|
byebug (11.1.3)
|
|
14
|
-
concurrent-ruby (1.2.
|
|
15
|
-
faraday (2.
|
|
16
|
-
faraday-net_http (>= 2.0, < 3.2)
|
|
17
|
-
faraday-net_http (3.1.0)
|
|
18
|
-
net-http
|
|
19
|
-
jwt (2.8.1)
|
|
14
|
+
concurrent-ruby (1.2.2)
|
|
15
|
+
faraday (2.7.11)
|
|
20
16
|
base64
|
|
17
|
+
faraday-net_http (>= 2.0, < 3.1)
|
|
18
|
+
ruby2_keywords (>= 0.0.4)
|
|
19
|
+
faraday-net_http (3.0.2)
|
|
20
|
+
jwt (2.7.1)
|
|
21
21
|
minitest (5.20.0)
|
|
22
|
-
net-http (0.4.1)
|
|
23
|
-
uri
|
|
24
22
|
rake (13.1.0)
|
|
23
|
+
ruby2_keywords (0.0.5)
|
|
25
24
|
timecop (0.9.8)
|
|
26
|
-
uri (0.13.0)
|
|
27
25
|
|
|
28
26
|
PLATFORMS
|
|
29
27
|
arm64-darwin-22
|
|
@@ -73,6 +73,16 @@ module Clerk
|
|
|
73
73
|
!!clerk_verified_session_claims
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
+
def clerk_user_needs_reverification?(params=StepUp::PRESETS[:strict])
|
|
77
|
+
!request.env['clerk'].is_user_reverified?(params)
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def clerk_render_reverification(missing_config=nil)
|
|
81
|
+
payload = request.env['clerk'].reverification_mismatch_payload(missing_config)
|
|
82
|
+
|
|
83
|
+
render status: 403, json: payload
|
|
84
|
+
end
|
|
85
|
+
|
|
76
86
|
def clerk_sign_in_url
|
|
77
87
|
ENV.fetch("CLERK_SIGN_IN_URL")
|
|
78
88
|
end
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
module Clerk
|
|
2
|
+
module StepUp
|
|
3
|
+
PRESETS = {
|
|
4
|
+
very_strict: { after_minutes: 10, level: :multi_factor },
|
|
5
|
+
strict: { after_minutes: 10, level: :second_factor },
|
|
6
|
+
moderate: { after_minutes: 60, level: :second_factor },
|
|
7
|
+
lax: { after_minutes: 1440, level: :second_factor }
|
|
8
|
+
}
|
|
9
|
+
end
|
|
10
|
+
end
|
|
@@ -60,6 +60,51 @@ module Clerk
|
|
|
60
60
|
@session_claims["org_permissions"]
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
+
# Returns true if the session needs to perform step up verification
|
|
64
|
+
def is_user_reverified?(params)
|
|
65
|
+
return false if session_claims.nil?
|
|
66
|
+
|
|
67
|
+
fva = session_claims["fva"]
|
|
68
|
+
level = params[:level]
|
|
69
|
+
after_minutes = Integer(params[:after_minutes])
|
|
70
|
+
|
|
71
|
+
# the feature is disabled
|
|
72
|
+
return true if fva.nil?
|
|
73
|
+
|
|
74
|
+
return false if after_minutes.nil? || level.nil?
|
|
75
|
+
|
|
76
|
+
factor1_age, factor2_age = fva
|
|
77
|
+
is_valid_factor1 = factor1_age != -1 && after_minutes > factor1_age
|
|
78
|
+
is_valid_factor2 = factor2_age != -1 && after_minutes > factor2_age
|
|
79
|
+
|
|
80
|
+
case level
|
|
81
|
+
when :first_factor
|
|
82
|
+
is_valid_factor1
|
|
83
|
+
when :second_factor
|
|
84
|
+
factor2_age == -1 ? is_valid_factor1 : is_valid_factor2
|
|
85
|
+
when :multi_factor
|
|
86
|
+
factor2_age == -1 ? is_valid_factor1 : is_valid_factor1 && is_valid_factor2
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def reverification_mismatch_payload(missing_config)
|
|
91
|
+
{
|
|
92
|
+
clerk_error: {
|
|
93
|
+
type: "forbidden",
|
|
94
|
+
reason: "reverification-mismatch",
|
|
95
|
+
metadata: { reverification: missing_config, }
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def reverification_response(missing_config=nil)
|
|
101
|
+
[
|
|
102
|
+
403,
|
|
103
|
+
{ "Content-Type" => "application/json" },
|
|
104
|
+
[reverification_mismatch_payload(missing_config).to_json],
|
|
105
|
+
]
|
|
106
|
+
end
|
|
107
|
+
|
|
63
108
|
private
|
|
64
109
|
|
|
65
110
|
def fetch_user(user_id)
|
|
@@ -176,15 +221,15 @@ module Clerk
|
|
|
176
221
|
return unknown(interstitial: true)
|
|
177
222
|
end
|
|
178
223
|
|
|
179
|
-
# Show interstitial when there is client_uat is incompatible with cookie token
|
|
180
|
-
has_cookie_token_without_client = (client_uat == "0" || client_uat.to_s.empty?) && cookie_token
|
|
181
|
-
has_client_without_cookie_token = (client_uat.to_s != "0" && client_uat.to_s != "") && cookie_token.to_s.empty?
|
|
182
|
-
return unknown(interstitial: true) if has_cookie_token_without_client || has_client_without_cookie_token
|
|
183
|
-
|
|
184
224
|
if client_uat == "0"
|
|
185
225
|
return signed_out(env)
|
|
186
226
|
end
|
|
187
227
|
|
|
228
|
+
# Show interstitial when there is client_uat is incompatible with cookie token
|
|
229
|
+
has_cookie_token_without_client = client_uat.to_s.empty? && cookie_token
|
|
230
|
+
has_client_without_cookie_token = client_uat.to_s != "" && cookie_token.to_s.empty?
|
|
231
|
+
return unknown(interstitial: true) if has_cookie_token_without_client || has_client_without_cookie_token
|
|
232
|
+
|
|
188
233
|
begin
|
|
189
234
|
token = verify_token(cookie_token)
|
|
190
235
|
return signed_out(env) if !token
|
data/lib/clerk/version.rb
CHANGED
data/lib/clerk.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clerk-sdk-ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.3.0.beta1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Clerk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -109,6 +109,7 @@ files:
|
|
|
109
109
|
- docs/clerk-logo-light.png
|
|
110
110
|
- lib/clerk.rb
|
|
111
111
|
- lib/clerk/authenticatable.rb
|
|
112
|
+
- lib/clerk/constants.rb
|
|
112
113
|
- lib/clerk/errors.rb
|
|
113
114
|
- lib/clerk/jwks_cache.rb
|
|
114
115
|
- lib/clerk/rack_middleware.rb
|
|
@@ -152,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
153
|
- !ruby/object:Gem::Version
|
|
153
154
|
version: '0'
|
|
154
155
|
requirements: []
|
|
155
|
-
rubygems_version: 3.
|
|
156
|
+
rubygems_version: 3.5.3
|
|
156
157
|
signing_key:
|
|
157
158
|
specification_version: 4
|
|
158
159
|
summary: Clerk SDK for Ruby.
|