epb-auth-tools 1.0.2 → 1.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/errors.rb +53 -30
- data/lib/http_client.rb +3 -3
- data/lib/token.rb +6 -2
- data/lib/token_processor.rb +1 -0
- metadata +10 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e5484b829fb09391cc9bd9fd4b2a2b0e8fe2e64e3cfdf640d400cecf33d533ea
|
4
|
+
data.tar.gz: 522b5c88d93b5fd00524eea152b443af016f33cbeb820f07d027eb02ed72689b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bdfaa165c58467113a6a82a6429cb577496b3ce7e817c0b341b5a2c0b6e3660efc957ad5450b03fe89082e56aeb99da10e04f2e5a62941b42e68ccb45d1dccac
|
7
|
+
data.tar.gz: a314604c7e518640d2492e9f8c5300d1bf47203dfb36903ec9ba80296a9ff79c7a683a975717a40e5b6c8488c3b5e3109f517f7ac6b2e6de4184beee16f8f541
|
data/lib/errors.rb
CHANGED
@@ -2,35 +2,58 @@
|
|
2
2
|
|
3
3
|
module Auth
|
4
4
|
module Errors
|
5
|
-
class Error < RuntimeError
|
6
|
-
|
7
|
-
|
8
|
-
class
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
class
|
16
|
-
|
17
|
-
|
18
|
-
class
|
19
|
-
|
20
|
-
class
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
class
|
25
|
-
|
26
|
-
class
|
27
|
-
|
28
|
-
class
|
29
|
-
|
30
|
-
class
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
class
|
5
|
+
class Error < RuntimeError
|
6
|
+
end
|
7
|
+
|
8
|
+
class Processor < Auth::Errors::Error
|
9
|
+
end
|
10
|
+
class ProcessorHasNoSecret < Auth::Errors::Error
|
11
|
+
end
|
12
|
+
class ProcessorHasNoIssuer < Auth::Errors::Error
|
13
|
+
end
|
14
|
+
|
15
|
+
class Token < Auth::Errors::Error
|
16
|
+
end
|
17
|
+
|
18
|
+
class TokenMissing < Auth::Errors::Token
|
19
|
+
end
|
20
|
+
class TokenPayloadError < Auth::Errors::Token
|
21
|
+
end
|
22
|
+
class TokenExpired < Auth::Errors::TokenPayloadError
|
23
|
+
end
|
24
|
+
class TokenNotYetValid < Auth::Errors::TokenPayloadError
|
25
|
+
end
|
26
|
+
class TokenHasNoIssuer < Auth::Errors::TokenPayloadError
|
27
|
+
end
|
28
|
+
class TokenHasNoSubject < Auth::Errors::TokenPayloadError
|
29
|
+
end
|
30
|
+
class TokenHasNoIssuedAt < Auth::Errors::TokenPayloadError
|
31
|
+
end
|
32
|
+
class TokenHasNoExpiry < Auth::Errors::TokenPayloadError
|
33
|
+
end
|
34
|
+
class TokenIssuerIncorrect < Auth::Errors::TokenPayloadError
|
35
|
+
end
|
36
|
+
|
37
|
+
class TokenDecodeError < Auth::Errors::Token
|
38
|
+
end
|
39
|
+
class TokenTamperDetected < Auth::Errors::TokenDecodeError
|
40
|
+
end
|
41
|
+
|
42
|
+
class Client < Auth::Errors::Error
|
43
|
+
end
|
44
|
+
|
45
|
+
class ClientHasNoAuthServer < Auth::Errors::Client
|
46
|
+
end
|
47
|
+
class ClientHasNoClientId < Auth::Errors::Client
|
48
|
+
end
|
49
|
+
class ClientHasNoClientSecret < Auth::Errors::Client
|
50
|
+
end
|
51
|
+
class ClientHasNoBaseUri < Auth::Errors::Client
|
52
|
+
end
|
53
|
+
|
54
|
+
class Network < Auth::Errors::Error
|
55
|
+
end
|
56
|
+
class NetworkConnectionFailed < Auth::Errors::Network
|
57
|
+
end
|
35
58
|
end
|
36
59
|
end
|
data/lib/http_client.rb
CHANGED
@@ -25,7 +25,6 @@ module Auth
|
|
25
25
|
authorisation_url = site_url.path + '/oauth/token'
|
26
26
|
site_url = "#{site_url.scheme}://#{site_url.host}:#{site_url.port}"
|
27
27
|
|
28
|
-
|
29
28
|
@base_uri = base_uri
|
30
29
|
@client =
|
31
30
|
auth_client.new client_id,
|
@@ -61,8 +60,9 @@ module Auth
|
|
61
60
|
|
62
61
|
if @authenticated_client.respond_to? method_name
|
63
62
|
response = @authenticated_client.send method_name, *args, &block
|
64
|
-
if response.
|
65
|
-
|
63
|
+
if response.status == 401
|
64
|
+
# a 401 here is assumed to be due to an expired token
|
65
|
+
# otherwise, refreshing the token and calling again should make no difference to the ultimate response
|
66
66
|
refresh
|
67
67
|
response = @authenticated_client.send method_name, *args, &block
|
68
68
|
end
|
data/lib/token.rb
CHANGED
@@ -7,12 +7,16 @@ module Auth
|
|
7
7
|
validate_payload
|
8
8
|
end
|
9
9
|
|
10
|
+
def sub
|
11
|
+
@payload['sub']
|
12
|
+
end
|
13
|
+
|
10
14
|
def scope?(scope)
|
11
|
-
@payload['scopes']
|
15
|
+
@payload['scopes']&.include? scope
|
12
16
|
end
|
13
17
|
|
14
18
|
def scopes?(scopes)
|
15
|
-
scopes.all? { |scope| @payload['scopes']
|
19
|
+
scopes.all? { |scope| @payload['scopes']&.include? scope }
|
16
20
|
end
|
17
21
|
|
18
22
|
def supplemental(property = nil)
|
data/lib/token_processor.rb
CHANGED
@@ -17,6 +17,7 @@ module Auth
|
|
17
17
|
|
18
18
|
payload, _header = jwt_process token
|
19
19
|
|
20
|
+
raise Auth::Errors::TokenExpired unless payload.key?('exp')
|
20
21
|
raise Auth::Errors::TokenHasNoIssuer unless payload.key?('iss')
|
21
22
|
unless payload['iss'] == @jwt_issuer
|
22
23
|
raise Auth::Errors::TokenIssuerIncorrect
|
metadata
CHANGED
@@ -1,16 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: epb-auth-tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lawrence Goldstien <lawrence.goldstien@madetech.com>
|
8
8
|
- Yusuf Sheikh <yusuf@madetech.com>
|
9
9
|
- Jaseera <jaseera@madetech.com>
|
10
|
-
|
10
|
+
- Kevin Keenoy <kevin.keenoy@communities.gov.uk>
|
11
|
+
- Douglas Greenshields <douglas.greenshields@communities.gov.uk>
|
12
|
+
autorequire:
|
11
13
|
bindir: bin
|
12
14
|
cert_chain: []
|
13
|
-
date:
|
15
|
+
date: 2021-06-23 00:00:00.000000000 Z
|
14
16
|
dependencies:
|
15
17
|
- !ruby/object:Gem::Dependency
|
16
18
|
name: jwt
|
@@ -40,8 +42,8 @@ dependencies:
|
|
40
42
|
- - "~>"
|
41
43
|
- !ruby/object:Gem::Version
|
42
44
|
version: '1.4'
|
43
|
-
description:
|
44
|
-
email:
|
45
|
+
description:
|
46
|
+
email:
|
45
47
|
executables: []
|
46
48
|
extensions: []
|
47
49
|
extra_rdoc_files: []
|
@@ -56,7 +58,7 @@ homepage: https://github.com/communitiesuk/epb-auth-tools
|
|
56
58
|
licenses:
|
57
59
|
- MIT
|
58
60
|
metadata: {}
|
59
|
-
post_install_message:
|
61
|
+
post_install_message:
|
60
62
|
rdoc_options: []
|
61
63
|
require_paths:
|
62
64
|
- lib
|
@@ -71,8 +73,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
71
73
|
- !ruby/object:Gem::Version
|
72
74
|
version: '0'
|
73
75
|
requirements: []
|
74
|
-
rubygems_version: 3.0.
|
75
|
-
signing_key:
|
76
|
+
rubygems_version: 3.0.3
|
77
|
+
signing_key:
|
76
78
|
specification_version: 4
|
77
79
|
summary: Tools for authentication and authorisation with JWTs and OAuth
|
78
80
|
test_files: []
|