clerk-sdk-ruby 3.2.0 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -1
- data/lib/clerk/authenticatable.rb +10 -0
- data/lib/clerk/constants.rb +10 -0
- data/lib/clerk/rack_middleware_v2.rb +45 -0
- data/lib/clerk/version.rb +1 -1
- data/lib/clerk.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7744ad750d46b3102978f5b07956bb4f9b6a34635282fc3b0e082a98be92da47
|
|
4
|
+
data.tar.gz: 30e879ce6e9f2945a85451b9141b077f5d3ea31dbe4d30b16ceda2fe18a7aa32
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a0c95f53c97b59dcf24ff4963b746a75e6f20ed4d26118aecaad0b04e43f8ca694b96d4f73017d62e03d58e8a0128f05161dd6825c7c89b3e2bb5cda6f291d76
|
|
7
|
+
data.tar.gz: d1f6220cfbd9d28114631d09d896f883eda94ec8589531099ff8033995e598ed92866cec7b1797d2c3534d487218eea1173be80f56b11594209132e653a26feb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,17 @@
|
|
|
1
1
|
## unreleased
|
|
2
2
|
|
|
3
|
+
## 3.3.0 - 2024-11-22
|
|
4
|
+
|
|
5
|
+
- changed: Align reverification names with other SDKs [https://github.com/clerk/clerk-sdk-ruby/pull/73]
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
## 3.3.0.beta1 - 2024-11-04
|
|
9
|
+
|
|
10
|
+
- feat: Add helpers for Step Up auth / re-verification [https://github.com/clerk/clerk-sdk-ruby/pull/72]
|
|
11
|
+
|
|
3
12
|
## 3.2.0 - 2024-04-08
|
|
4
13
|
|
|
5
|
-
- fix: Infinite redirect loop when client_uat=0 and __session exists
|
|
14
|
+
- fix: Infinite redirect loop when client_uat=0 and `__session` exists [https://github.com/clerk/clerk-sdk-ruby/pull/55]
|
|
6
15
|
|
|
7
16
|
## 3.1.0 - 2024-03-19
|
|
8
17
|
|
|
@@ -73,6 +73,16 @@ module Clerk
|
|
|
73
73
|
!!clerk_verified_session_claims
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
+
def clerk_user_needs_reverification?(params=StepUp::PRESETS[:strict])
|
|
77
|
+
!request.env['clerk'].is_user_reverified?(params)
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def clerk_render_reverification(missing_config=nil)
|
|
81
|
+
payload = request.env['clerk'].reverification_error_payload(missing_config)
|
|
82
|
+
|
|
83
|
+
render status: 403, json: payload
|
|
84
|
+
end
|
|
85
|
+
|
|
76
86
|
def clerk_sign_in_url
|
|
77
87
|
ENV.fetch("CLERK_SIGN_IN_URL")
|
|
78
88
|
end
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
module Clerk
|
|
2
|
+
module StepUp
|
|
3
|
+
PRESETS = {
|
|
4
|
+
strict_mfa: { after_minutes: 10, level: :multi_factor },
|
|
5
|
+
strict: { after_minutes: 10, level: :second_factor },
|
|
6
|
+
moderate: { after_minutes: 60, level: :second_factor },
|
|
7
|
+
lax: { after_minutes: 1440, level: :second_factor }
|
|
8
|
+
}
|
|
9
|
+
end
|
|
10
|
+
end
|
|
@@ -60,6 +60,51 @@ module Clerk
|
|
|
60
60
|
@session_claims["org_permissions"]
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
+
# Returns true if the session needs to perform step up verification
|
|
64
|
+
def is_user_reverified?(params)
|
|
65
|
+
return false if session_claims.nil?
|
|
66
|
+
|
|
67
|
+
fva = session_claims["fva"]
|
|
68
|
+
level = params[:level]
|
|
69
|
+
after_minutes = Integer(params[:after_minutes])
|
|
70
|
+
|
|
71
|
+
# the feature is disabled
|
|
72
|
+
return true if fva.nil?
|
|
73
|
+
|
|
74
|
+
return false if after_minutes.nil? || level.nil?
|
|
75
|
+
|
|
76
|
+
factor1_age, factor2_age = fva
|
|
77
|
+
is_valid_factor1 = factor1_age != -1 && after_minutes > factor1_age
|
|
78
|
+
is_valid_factor2 = factor2_age != -1 && after_minutes > factor2_age
|
|
79
|
+
|
|
80
|
+
case level
|
|
81
|
+
when :first_factor
|
|
82
|
+
is_valid_factor1
|
|
83
|
+
when :second_factor
|
|
84
|
+
factor2_age == -1 ? is_valid_factor1 : is_valid_factor2
|
|
85
|
+
when :multi_factor
|
|
86
|
+
factor2_age == -1 ? is_valid_factor1 : is_valid_factor1 && is_valid_factor2
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def reverification_error_payload(missing_config)
|
|
91
|
+
{
|
|
92
|
+
clerk_error: {
|
|
93
|
+
type: "forbidden",
|
|
94
|
+
reason: "reverification-error",
|
|
95
|
+
metadata: { reverification: missing_config, }
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def reverification_response(missing_config=nil)
|
|
101
|
+
[
|
|
102
|
+
403,
|
|
103
|
+
{ "Content-Type" => "application/json" },
|
|
104
|
+
[reverification_error_payload(missing_config).to_json],
|
|
105
|
+
]
|
|
106
|
+
end
|
|
107
|
+
|
|
63
108
|
private
|
|
64
109
|
|
|
65
110
|
def fetch_user(user_id)
|
data/lib/clerk/version.rb
CHANGED
data/lib/clerk.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clerk-sdk-ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Clerk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -109,6 +109,7 @@ files:
|
|
|
109
109
|
- docs/clerk-logo-light.png
|
|
110
110
|
- lib/clerk.rb
|
|
111
111
|
- lib/clerk/authenticatable.rb
|
|
112
|
+
- lib/clerk/constants.rb
|
|
112
113
|
- lib/clerk/errors.rb
|
|
113
114
|
- lib/clerk/jwks_cache.rb
|
|
114
115
|
- lib/clerk/rack_middleware.rb
|
|
@@ -152,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
153
|
- !ruby/object:Gem::Version
|
|
153
154
|
version: '0'
|
|
154
155
|
requirements: []
|
|
155
|
-
rubygems_version: 3.
|
|
156
|
+
rubygems_version: 3.5.3
|
|
156
157
|
signing_key:
|
|
157
158
|
specification_version: 4
|
|
158
159
|
summary: Clerk SDK for Ruby.
|