RubyGems - devise_auth0 - Versions diffs - 1.0.0 - Mend

devise_auth0 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +30 -0
data/LICENSE.md +22 -0
data/app/controllers/devise/auth0_callbacks_controller.rb +23 -0
data/lib/devise/auth0/client.rb +17 -0
data/lib/devise/auth0/controllers/helpers.rb +43 -0
data/lib/devise/auth0/exceptions.rb +23 -0
data/lib/devise/auth0/helpers.rb +25 -0
data/lib/devise/auth0/rails/routes.rb +37 -0
data/lib/devise/auth0/rails.rb +50 -0
data/lib/devise/auth0/token.rb +126 -0
data/lib/devise/auth0/version.rb +13 -0
data/lib/devise/auth0.rb +62 -0
data/lib/devise/hooks/auth0.rb +7 -0
data/lib/devise/models/auth0.rb +210 -0
data/lib/devise/strategies/auth0.rb +43 -0
data/lib/devise_auth0.rb +3 -0
metadata +484 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c18b3f8598776472a2f76cf1b1dfa63b00f53cf0490a8088d663a4f54ecbef5b
+  data.tar.gz: 04a20bad11da869d3b9724f68d66a4b2382e3c26c98d481f9425c1589a756330
+SHA512:
+  metadata.gz: 8efc4197e1280051359ba69c9ddb8ed62fc70617eeaf65ddb518256ad6e1f11711cfee3651154cd4f9930e3401cc3ad29c68d8e0ad512df80a8e32e3b0c0d72d
+  data.tar.gz: b373a943d168c14277870c54eff0227077a5c8cfc6c14aaaab60de05a5782068aaf9efc3e5a769ccd87e840db54509385552f01cc53c8ac8c0dcfd352aab786b

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,30 @@
+# Changelog
+## 1.0.0 (2023-09-08)
+### Tests
+* Fixes rspec-rails issues on rails edge ([ea4a050](https://github.com/itsmechlark/devise-auth0/commit/ea4a050528196936960d38b29edfb36a6e6cfcf1))
+### Miscellaneous
+* Bump changelog-enforcer to v3 ([5ffcab8](https://github.com/itsmechlark/devise-auth0/commit/5ffcab87952644b40cf73f45bce8cb2bd82ab534))
+* Bump rubocop-shopify to v2.14 ([9102709](https://github.com/itsmechlark/devise-auth0/commit/91027094bbc243ef05fb10bfe2b9da91189ca8a4))
+* Change Rubocop code scanning name ([ccae036](https://github.com/itsmechlark/devise-auth0/commit/ccae036e25f8f5d3d9fe0341e81d6b5b53af2df9))
+* CI/CD workflow ([b82655d](https://github.com/itsmechlark/devise-auth0/commit/b82655d9a7af844f1a62d558e65799ef796951fc))
+* Code scanning ([a2f9d1b](https://github.com/itsmechlark/devise-auth0/commit/a2f9d1b98994be941abfdba41346976cb717ba5a))
+* Configure version file on release config ([53b3b5b](https://github.com/itsmechlark/devise-auth0/commit/53b3b5b4b88bc52bddee7bcee4cba1e889d21eda))
+* Fixes Code Scanning permissions ([765f698](https://github.com/itsmechlark/devise-auth0/commit/765f698abe70f30a16b84549bb6256c22379d0fd))
+* Fixes release please config ([fb8aba4](https://github.com/itsmechlark/devise-auth0/commit/fb8aba487088409c783c7022845be9677e22dd04))
+* Fixes rubocop lint ([e02858b](https://github.com/itsmechlark/devise-auth0/commit/e02858b561f3d99691524795d43ae84fd5d8b978))
+* Install bundler on DevContainer startup ([9ad89e4](https://github.com/itsmechlark/devise-auth0/commit/9ad89e43b1b1a99f06250c7bdc5b6006cd505cca))
+* Move changelog type to release config ([01b4d9e](https://github.com/itsmechlark/devise-auth0/commit/01b4d9e02c981a3adc6c69fd64e9331838c3f618))
+* Release Please config ([08af26d](https://github.com/itsmechlark/devise-auth0/commit/08af26d4002d3e89cb210cabd89ea768039193bc))
+* Remove changelog ([bb7befe](https://github.com/itsmechlark/devise-auth0/commit/bb7befec90baad2c9f6f4671cb830a9e42491e11))
+* Remove old changelog ([fae0a6c](https://github.com/itsmechlark/devise-auth0/commit/fae0a6cdad32a043c53820c78277df2c6acc872a))
+* Support DevContainers ([5b937c9](https://github.com/itsmechlark/devise-auth0/commit/5b937c9696fea630eabaa9f4d745e4c64418e753))
+* Test against Ruby 3.2 ([185bae5](https://github.com/itsmechlark/devise-auth0/commit/185bae5d12b17409e6ed62d0aa7be9870ca9c424))
+* Update Changelog ([6df1d33](https://github.com/itsmechlark/devise-auth0/commit/6df1d33cf6810b752efc5bc4bf6d3f8691117847))
+* Use Python 3.8 for codespell ([a6a8f35](https://github.com/itsmechlark/devise-auth0/commit/a6a8f3556ae54dd1ed0608eaa431772ef2ff1977))

data/LICENSE.md ADDED Viewed

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+Copyright (c) 2023 John Chlark Sumatra
+Copyright (c) 2022 First Circle Growth Finance Corp.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/app/controllers/devise/auth0_callbacks_controller.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module Devise
+  class Auth0CallbacksController < Devise::OmniauthCallbacksController
+    def callback
+      user = resource_class.from_auth0_omniauth(request.env["omniauth.auth"])
+      if user&.persisted?
+        set_flash_message(:notice, :success, kind: "Auth0") if is_navigational_format?
+        sign_in_and_redirect(user, event: :authentication)
+      else
+        session["devise.auth0_data"] = request.env["omniauth.auth"].except(:extra)
+        redirect_to(after_omniauth_callback_path_for(resource_name))
+      end
+    end
+    private
+    def after_omniauth_callback_path_for(scope)
+      new_session_path(scope)
+    end
+  end
+end

data/lib/devise/auth0/client.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require "auth0"
+module Devise
+  module Auth0
+    class Client < ::Auth0::Client
+      def initialize(config)
+        super(
+          client_id: config.client_id,
+          client_secret: config.client_secret,
+          domain: config.domain,
+        )
+      end
+    end
+  end
+end

data/lib/devise/auth0/controllers/helpers.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+require "devise/auth0/exceptions"
+module Devise
+  module Auth0
+    module Controllers
+      # Those helpers are convenience methods added to ApplicationController.
+      module Helpers
+        extend ActiveSupport::Concern
+        included do
+          if respond_to?(:devise_group)
+            devise_group :auth0, contains: Devise.mappings.keys
+          end
+          if respond_to?(:helper_method)
+            helper_method :can?, :cannot?
+          end
+        end
+        def authorize!(*args)
+          options = args.extract_options!
+          message = options[:message]
+          if cannot?(*args)
+            raise AccessDenied.new(message, *args)
+          end
+          args
+        end
+        def can?(*args)
+          !!current_auth0&.can?(*args)
+        end
+        def cannot?(*args)
+          !!current_auth0&.cannot?(*args)
+        end
+      end
+    end
+  end
+end

data/lib/devise/auth0/exceptions.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module Devise
+  module Auth0
+    # A general CanCan exception
+    class Error < StandardError; end
+    class AccessDenied < Error
+      attr_reader :action, :subject
+      def initialize(message = nil, action = nil, resource_class = nil)
+        @message = message.presence || I18n.t(
+          :"unauthorized.default",
+          default: "You are not authorized to access this page.",
+        )
+        @action = action
+        @resource_class = resource_class
+        super(@message)
+      end
+    end
+  end
+end

data/lib/devise/auth0/helpers.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module Devise
+  module Auth0
+    # Helpers to parse token from a request and to a response
+    module Helpers
+      AUTH_METHOD = "Bearer"
+      class << self
+        # Parses the token from a rack request
+        #
+        # @param env [Hash] rack env hash
+        # @return [String] JWT token
+        # @return [nil] if token is not present
+        def get_auth(env)
+          auth = env["HTTP_AUTHORIZATION"].presence
+          return unless auth
+          method, token = auth.split
+          method == AUTH_METHOD ? token : nil
+        end
+      end
+    end
+  end
+end

data/lib/devise/auth0/rails/routes.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module ActionDispatch
+  module Routing
+    class Mapper
+      protected
+      def devise_auth0_callback(mapping, controllers) # :nodoc:
+        return unless mapping.to.auth0_config.omniauth
+        path_prefix = Devise.omniauth_path_prefix || "/#{mapping.fullpath}/auth".squeeze("/")
+        set_omniauth_path_prefix!(path_prefix)
+        match(
+          "/auth/auth0",
+          to: "#{controllers[:auth0_callbacks]}#passthru",
+          as: :auth0_omniauth_authorize,
+          via: [:get, :post],
+        )
+        match(
+          "/auth/auth0/failure",
+          to: "#{controllers[:auth0_callbacks]}#failure",
+          as: :auth0_omniauth_failure,
+          via: [:get, :post],
+        )
+        match(
+          "/auth/auth0/callback",
+          to: "#{controllers[:auth0_callbacks]}#callback",
+          as: :auth0_omniauth_callback,
+          via: [:get, :post],
+        )
+      end
+    end
+  end
+end

data/lib/devise/auth0/rails.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require "omniauth-auth0"
+require "omniauth/rails_csrf_protection"
+require "devise/auth0/rails/routes"
+require "devise/auth0/controllers/helpers"
+module Devise
+  module Auth0
+    class Engine < ::Rails::Engine
+      initializer "devise.auth0.cache", after: "initialize_cache" do |_app|
+        Devise.auth0.cache = Rails.cache
+      end
+      initializer "devise.auth0", before: "devise.omniauth" do |_app|
+        config = Devise.auth0
+        if config.omniauth
+          Devise.setup do |devise|
+            devise.omniauth(
+              :auth0,
+              config.client_id,
+              config.client_secret,
+              config.custom_domain,
+              {
+                authorize_params: {
+                  audience: config.aud.join(","),
+                  scope: config.scope,
+                },
+              },
+            )
+          end
+          # Patches the existing devise failure app to ensure a right mapping is used.
+          # Read more: devise/omniauth.rb
+          ::OmniAuth.config.on_failure = proc do |env|
+            env["devise.mapping"] = ::Devise::Mapping.find_by_path!(env["PATH_INFO"], :fullpath)
+            controller_name  = ActiveSupport::Inflector.camelize(env["devise.mapping"].controllers[:omniauth_callbacks])
+            controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
+            controller_klass.action(:failure).call(env)
+          end
+        end
+        ActiveSupport.on_load(:action_controller) do
+          include Devise::Auth0::Controllers::Helpers
+        end
+      end
+    end
+  end
+end

data/lib/devise/auth0/token.rb ADDED Viewed

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+require "faraday"
+require "faraday/http_cache"
+require "jwt"
+module Devise
+  module Auth0
+    # Helpers to parse token from a request and to a response
+    class Token
+      class << self
+        def parse(auth, resource_class)
+          token = new(auth, resource_class)
+          token.verify
+          token
+        end
+      end
+      def initialize(auth, resource_class)
+        @auth = auth.presence
+        @resource_class = resource_class
+      end
+      def provider
+        auth0_id&.split("|")&.first
+      end
+      def uid
+        auth0_id&.split("|")&.last
+      end
+      def auth0_id
+        return if verify.nil?
+        return "auth0|#{verify[0]["azp"]}" if bot?
+        verify[0]["sub"]
+      end
+      def user
+        @user ||= if bot?
+          {
+            "user_id" => uid,
+            "email" => "#{uid}@#{config.domain}",
+          }
+        else
+          ::Devise.auth0.cache.fetch("devise-auth0/#{auth0_id}", expires_in: ::Devise.auth0.cache_expires_in) do
+            client.user(auth0_id)
+          end
+        end
+      end
+      def bot?
+        return false if verify.nil?
+        verify[0]["gty"] == "client-credentials"
+      end
+      def scopes
+        return [] if verify.nil?
+        verify[0]["scope"].to_s.split(" ")
+      end
+      def permissions
+        return [] if verify.nil?
+        verify[0]["permissions"].presence || []
+      end
+      def verify
+        @payload ||= JWT.decode(
+          @auth,
+          nil,
+          true, # Verify the signature of this token
+          algorithms: config.algorithm,
+          iss: issuer,
+          verify_iss: true,
+          aud: config.aud,
+          verify_aud: true,
+        ) do |header|
+          jwks_hash[header["kid"]]
+        end
+      rescue JWT::DecodeError
+        nil
+      end
+      def valid?
+        !verify.nil?
+      end
+      private
+      def config
+        @resource_class.auth0_config
+      end
+      def client
+        @resource_class.auth0_client
+      end
+      def issuer
+        "https://#{config.custom_domain.presence || config.domain.presence}/"
+      end
+      def jwks_hash
+        conn = ::Faraday.new("https://#{config.custom_domain}") do |f|
+          f.use(:http_cache, store: ::Devise.auth0.cache)
+          f.request(:retry, max: 3)
+          f.adapter(::Faraday.default_adapter)
+        end
+        jwks_keys = JSON.parse(conn.get("/.well-known/jwks.json").body)["keys"]
+        Hash[
+          jwks_keys
+            .map do |k|
+            [
+              k["kid"],
+              OpenSSL::X509::Certificate.new(
+                Base64.decode64(k["x5c"].first),
+              ).public_key,
+            ]
+          end
+        ]
+      end
+    end
+  end
+end

data/lib/devise/auth0/version.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module Devise
+  module Auth0
+    VERSION = "1.0.0"
+    class << self
+      def gem_version
+        Gem::Version.new(VERSION)
+      end
+    end
+  end
+end

data/lib/devise/auth0.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+require "devise"
+require "dry-configurable"
+require "devise/auth0/client"
+# Authentication library
+module Devise
+  # Yields to Devise::Auth0.config
+  class << self
+    def auth0
+      return Devise::Auth0.config unless block_given?
+      yield(Devise::Auth0.config)
+    end
+  end
+  module Models
+    autoload :Auth0, "devise/models/auth0"
+  end
+  module Strategies
+    autoload :Auth0, "devise/strategies/auth0"
+  end
+  # Auth0 extension for devise
+  module Auth0
+    extend ::Dry::Configurable
+    setting(:algorithm, default: "RS256")
+    setting(
+      :aud,
+      default: ENV["AUTH0_AUDIENCE"].presence,
+      constructor: ->(aud) { aud.is_a?(Array) ? aud : aud.to_s.split(",") },
+    )
+    setting(:client_id, default: ENV["AUTH0_CLIENT_ID"].presence)
+    setting(:client_secret, default: ENV["AUTH0_CLIENT_SECRET"].presence)
+    setting(:custom_domain, default: ENV["AUTH0_CUSTOM_DOMAIN"].presence)
+    setting(:domain, default: ENV["AUTH0_DOMAIN"].presence)
+    setting(:omniauth, default: false)
+    setting(:scope, default: "openid")
+    setting(:email_domains_allowlist, default: [])
+    setting(:email_domains_blocklist, default: [])
+    setting(:cache)
+    setting(:cache_expires_in, default: 15.minutes)
+    class << self
+      def logout(record)
+        record.class.auth0_client.grants(user_id: record.auth0_id).each do |grant|
+          record.class.auth0_client.delete_grant(grant["id"], record.auth0_id)
+        end
+      end
+    end
+  end
+  add_module(:auth0, strategy: true, controller: :auth0_callbacks, route: { auth0_callback: [:callback] })
+end
+require "devise/auth0/version"
+require "devise/auth0/rails"
+require "devise/strategies/auth0"

data/lib/devise/hooks/auth0.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+Warden::Manager.before_logout do |record, _warden, _options|
+  if record.respond_to?(:auth0_id)
+    Devise::Auth0.logout(record)
+  end
+end

data/lib/devise/models/auth0.rb ADDED Viewed

@@ -0,0 +1,210 @@
+# frozen_string_literal: true
+require "mail"
+require "devise/hooks/auth0"
+module Devise
+  module Models
+    module Auth0
+      extend ActiveSupport::Concern
+      included do
+        validates :uid, allow_blank: true, uniqueness: { scope: :provider, message: "should happen once per provider" }
+        with_options if: -> { respond_to?(:email) } do
+          validates :email, uniqueness: true
+          validate :email_domain_allowed, :email_domain_disallowed
+        end
+      end
+      class << self
+        def required_fields(klass)
+          []
+        end
+      end
+      def email_domain_allowed
+        return if self.class.auth0_config.email_domains_allowlist.empty?
+        m = Mail::Address.new(email)
+        return if m.domain.nil?
+        unless self.class.auth0_config.email_domains_allowlist.include?(m.domain)
+          errors.add(:email, :not_allowed)
+        end
+      end
+      def email_domain_disallowed
+        return if self.class.auth0_config.email_domains_blocklist.empty?
+        m = Mail::Address.new(email)
+        return if m.domain.nil?
+        if self.class.auth0_config.email_domains_blocklist.include?(m.domain)
+          errors.add(:email, :not_allowed)
+        end
+      end
+      def can?(action, resource_class = nil)
+        scope = [action]
+        if resource_class.is_a?(String)
+          scope << resource_class
+        elsif resource_class
+          resource_name = resource_class.name.underscore.split("/")
+          resource_name[-1] = resource_name[-1].pluralize
+          scope << resource_name.join("/")
+        end
+        auth0_scopes.include?(scope.join(":"))
+      end
+      # Convenience method which works the same as "can?" but returns the opposite value.
+      #
+      #   cannot? :destroy, @project
+      #
+      def cannot?(*args)
+        !can?(*args)
+      end
+      def auth0_scopes=(scopes)
+        ::Devise.auth0.cache.write(
+          "devise-auth0/#{auth0_id}/scopes",
+          scopes,
+          expires_in: ::Devise.auth0.cache_expires_in,
+        )
+      end
+      def auth0_scopes
+        ::Devise.auth0.cache.fetch("devise-auth0/#{auth0_id}/scopes", expires_in: ::Devise.auth0.cache_expires_in) do
+          if bot?
+            self.class.auth0_client.client_grants(
+              client_id: uid,
+              audience: self.class.auth0_config.aud,
+            ).first.try(:[], "scope")
+          else
+            user = self.class.auth0_client.users_by_email(email).find do |u|
+              u["identities"].any? { |i| i["user_id"] == uid }
+            end
+            return [] if user.nil?
+            permissions = []
+            page = 0
+            loop do
+              response_data = self.class.auth0_client
+                .get_user_permissions(
+                  user["user_id"],
+                  { page: page, per_page: 100, include_totals: true },
+                )
+              response_data["permissions"].select do |permission|
+                self.class.auth0_config.aud.include?(permission["resource_server_identifier"])
+              end.each do |permission|
+                permissions << permission["permission_name"]
+              end
+              break if response_data["start"] / 100 == response_data["total"] / 100
+              page += 1
+            end
+            permissions
+          end
+        end
+      end
+      def auth0_id
+        "#{provider}|#{uid}"
+      end
+      def after_auth0_token_created(token)
+      end
+      def after_auth0_token(token)
+        set_auth_id(token.provider, token.uid)
+      end
+      def after_auth0_omniauth_created(auth)
+      end
+      def after_auth0_omniauth(auth)
+        set_auth_id(auth.provider, auth.uid)
+      end
+      private
+      def set_auth_id(provider, uid)
+        return if self.provider == provider && self.uid == uid
+        self.provider = provider
+        self.uid = uid.include?("|") ? uid.split("|").last : uid
+        save
+      end
+      module ClassMethods
+        Devise::Models.config(self, :auth0_options)
+        def from_auth0_token(token)
+          user = where(
+            auth0_where_conditions(
+              provider: token.provider,
+              uid: token.uid,
+              email: token.user["email"],
+            ),
+          ).first_or_create do |user|
+            user.provider = token.provider
+            user.uid = token.uid
+            user.email = token.user["email"] if user.respond_to?(:email=)
+            user.password = Devise.friendly_token[0, 20] if user.respond_to?(:password=)
+            user.bot = token.bot? if user.respond_to?(:bot=)
+            user.after_auth0_token_created(token)
+          end
+          user.auth0_scopes = token.scopes.dup.concat(token.permissions).uniq
+          user.after_auth0_token(token)
+          user
+        end
+        def parse_auth0_token(token)
+          ::Devise::Auth0::Token.parse(token, self)
+        end
+        def from_auth0_omniauth(auth)
+          return unless auth0_config.omniauth
+          uid = auth.uid.include?("|") ? auth.uid.split("|").last : auth.uid
+          user = where(
+            auth0_where_conditions(
+              provider: auth.provider,
+              uid: uid,
+              email: auth.info.email,
+            ),
+          ).first_or_create do |user|
+            user.provider = auth.provider
+            user.uid = uid
+            user.email = auth.info.email if user.respond_to?(:email=)
+            user.password = Devise.friendly_token[0, 20] if user.respond_to?(:password=)
+            user.after_auth0_omniauth_created(auth)
+          end
+          user.after_auth0_omniauth(auth)
+          user
+        end
+        def auth0_where_conditions(provider:, uid:, email: nil)
+          sql = arel_table[:provider].eq(provider).and(arel_table[:uid].eq(uid))
+          sql = sql.or(arel_table[:email].eq(email)) if email && column_names.include?("email")
+          sql
+        end
+        def auth0_config
+          return @auth0_config unless @auth0_config.nil?
+          @auth0_config ||= ::Devise.auth0.pristine
+          @auth0_config.update(::Devise.auth0.values)
+          @auth0_config.update(auth0_options) if defined?(@auth0_options)
+          @auth0_config.finalize!
+          @auth0_config
+        end
+        def auth0_client
+          @auth0_client ||= ::Devise::Auth0::Client.new(auth0_config)
+        end
+      end
+    end
+  end
+end

data/lib/devise/strategies/auth0.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+require "devise/strategies/base"
+require_relative "../auth0/helpers"
+require_relative "../auth0/token"
+module Devise
+  module Strategies
+    # Warden strategy to authenticate an user through a JWT token in the
+    # `Authorization` request header
+    class Auth0 < Devise::Strategies::Base
+      def valid?
+        !auth.nil?
+      end
+      def store?
+        false
+      end
+      def authenticate!
+        if token.valid?
+          resource = mapping.to.from_auth0_token(token)
+          return success!(resource) if resource.persisted?
+        end
+        fail!(:invalid)
+      end
+      private
+      def token
+        @token ||= mapping.to.parse_auth0_token(auth)
+      end
+      def auth
+        @auth ||= ::Devise::Auth0::Helpers.get_auth(env)
+      end
+    end
+  end
+end
+Warden::Strategies.add(:auth0, Devise::Strategies::Auth0)

data/lib/devise_auth0.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require "devise/auth0"

metadata ADDED Viewed

@@ -0,0 +1,484 @@
+--- !ruby/object:Gem::Specification
+name: devise_auth0
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- John Chlark Sumatra
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-09-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: auth0
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.6'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.8'
+- !ruby/object:Gem::Dependency
+  name: dry-configurable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.10.0
+- !ruby/object:Gem::Dependency
+  name: faraday-http-cache
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: net-smtp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-auth0
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-rails_csrf_protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: code-scanning-rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: multipart-parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rack_session_access
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-shopify
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.21.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.21.2
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+description: Auth0 authentication for devise
+email:
+- clark@sumatra.com.ph
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.md
+files:
+- CHANGELOG.md
+- LICENSE.md
+- app/controllers/devise/auth0_callbacks_controller.rb
+- lib/devise/auth0.rb
+- lib/devise/auth0/client.rb
+- lib/devise/auth0/controllers/helpers.rb
+- lib/devise/auth0/exceptions.rb
+- lib/devise/auth0/helpers.rb
+- lib/devise/auth0/rails.rb
+- lib/devise/auth0/rails/routes.rb
+- lib/devise/auth0/token.rb
+- lib/devise/auth0/version.rb
+- lib/devise/hooks/auth0.rb
+- lib/devise/models/auth0.rb
+- lib/devise/strategies/auth0.rb
+- lib/devise_auth0.rb
+homepage: https://github.com/itsmechlark/devise_auth0
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/itsmechlark/devise_auth0
+  changelog_uri: https://github.com/itsmechlark/devise_auth0/releases/tag/v1.0.0
+  source_code_uri: https://github.com/itsmechlark/devise_auth0/tree/v1.0.0
+  bug_tracker_uri: https://github.com/itsmechlark/devise_auth0/issues
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key:
+specification_version: 4
+summary: Auth0 authentication for devise
+test_files: []