RubyGems - epb-auth-tools - Versions diffs - 1.0.7 → 1.0.11 - Mend

epb-auth-tools 1.0.7 → 1.0.11

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1b1fb574665a72ca0bdc7ee114645deac275e7ec17f4b41fa080ca4c8831fa3
-  data.tar.gz: 0d0baaf4cc5df70f8e762b2451a40dd6b016d1e45329c3afd6447b2ad8857cd4
+  metadata.gz: 98143d27f89eda42d073be36aeebd2fa9820218f27a7448faaf2c968f22fe74e
+  data.tar.gz: 5baa025fef34595bed597a7ac79e1b9097a263d6d42c1112431923b9d26b041e
 SHA512:
-  metadata.gz: e9765ef35a90762641b91bc6c80f1dc43c9928bec457ec5e7a678376b8277f909da2bcb002422ac87d55d1989cea2a0fac414a0ee94c14f44f9d438733be8ca0
-  data.tar.gz: 9ebc8a9003fb3db97592f929ab571633bbfa25d17ace369fbb3c6a5bee51956db63068da593dedff1d38eefe3c36e7547024538ff913bf9a7296d1aa6efa40f2
+  metadata.gz: 3bb82ad8a2b5e383cdc319a308833ea773a5ca02cb6cee35bad542109b1e4583f6616e631f9afbde756d44408be8827783160c51a9312c85c8e88fa7914eeabb
+  data.tar.gz: 380e83b5a4cd97cb55234df83c2eb3c1fbf006656266a49d31f59cf60d11ced9b9939071707246fe3ffcb9051e863cb4f5af767f0d54bd3418e52bee204d4e5b

data/lib/epb-auth-tools.rb CHANGED Viewed

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 module Auth
-  require_relative 'errors'
-  require_relative 'http_client'
-  require_relative 'token'
-  require_relative 'token_processor'
+  require_relative "errors"
+  require_relative "http_client"
+  require_relative "token"
+  require_relative "token_processor"
-  require_relative 'sinatra/conditional'
+  require_relative "sinatra/conditional"
 end

data/lib/errors.rb CHANGED Viewed

@@ -7,8 +7,10 @@ module Auth
     class Processor < Auth::Errors::Error
     end
     class ProcessorHasNoSecret < Auth::Errors::Error
     end
     class ProcessorHasNoIssuer < Auth::Errors::Error
     end
@@ -17,25 +19,34 @@ module Auth
     class TokenMissing < Auth::Errors::Token
     end
     class TokenPayloadError < Auth::Errors::Token
     end
     class TokenExpired < Auth::Errors::TokenPayloadError
     end
     class TokenNotYetValid < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoIssuer < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoSubject < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoIssuedAt < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoExpiry < Auth::Errors::TokenPayloadError
     end
     class TokenIssuerIncorrect < Auth::Errors::TokenPayloadError
     end
     class TokenDecodeError < Auth::Errors::Token
     end
     class TokenTamperDetected < Auth::Errors::TokenDecodeError
     end
@@ -44,15 +55,19 @@ module Auth
     class ClientHasNoAuthServer < Auth::Errors::Client
     end
     class ClientHasNoClientId < Auth::Errors::Client
     end
     class ClientHasNoClientSecret < Auth::Errors::Client
     end
     class ClientHasNoBaseUri < Auth::Errors::Client
     end
     class Network < Auth::Errors::Error
     end
     class NetworkConnectionFailed < Auth::Errors::Network
     end
   end

data/lib/http_client.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'oauth2'
+require "oauth2"
 module Auth
   class HttpClient
@@ -21,14 +21,15 @@ module Auth
       @authenticated_client = nil
       site_url = URI.parse(auth_server)
-      token_url = site_url.path + '/oauth/token'
-      authorisation_url = site_url.path + '/oauth/token'
+      token_url = "#{site_url.path}/oauth/token"
+      authorisation_url = "#{site_url.path}/oauth/token"
       site_url = "#{site_url.scheme}://#{site_url.host}:#{site_url.port}"
       @base_uri = base_uri
       @client =
         auth_client.new client_id,
                         client_secret,
+                        auth_scheme: :request_body,
                         site: site_url,
                         token_url: token_url,
                         authorisation_url: authorisation_url,
@@ -60,8 +61,9 @@ module Auth
       if @authenticated_client.respond_to? method_name
         response = @authenticated_client.send method_name, *args, &block
-        if response.body.is_a?(::Hash) &&
-             response.body[:error] == 'Auth::Errors::TokenExpired'
+        if response.status == 401
+          # a 401 here is assumed to be due to an expired token
+          # otherwise, refreshing the token and calling again should make no difference to the ultimate response
           refresh
           response = @authenticated_client.send method_name, *args, &block
         end

data/lib/sinatra/conditional.rb CHANGED Viewed

@@ -4,9 +4,9 @@ module Auth
   module Sinatra
     class Conditional
       def self.process_request(env)
-        jwt_token = env.fetch('HTTP_AUTHORIZATION', '').slice(7..-1)
+        jwt_token = env.fetch("HTTP_AUTHORIZATION", "").slice(7..-1)
         processor =
-          Auth::TokenProcessor.new ENV['JWT_SECRET'], ENV['JWT_ISSUER']
+          Auth::TokenProcessor.new ENV["JWT_SECRET"], ENV["JWT_ISSUER"]
         processor.process jwt_token
       end
     end

data/lib/token.rb CHANGED Viewed

@@ -8,38 +8,34 @@ module Auth
     end
     def sub
-      @payload['sub']
+      @payload["sub"]
     end
     def scope?(scope)
-      @payload['scopes']&.include? scope
+      @payload["scopes"]&.include? scope
     end
     def scopes?(scopes)
-      scopes.all? { |scope| @payload['scopes']&.include? scope }
+      scopes.all? { |scope| @payload["scopes"]&.include? scope }
     end
     def supplemental(property = nil)
-      unless property.nil? || @payload['sup'][property].nil?
-        return @payload['sup'][property]
-      end
+      return @payload["sup"][property] unless property.nil? || @payload["sup"][property].nil?
-      @payload['sup']
+      @payload["sup"]
     end
     def encode(jwt_secret)
-      JWT.encode @payload, jwt_secret, 'HS256'
+      JWT.encode @payload, jwt_secret, "HS256"
     end
-    private
+  private
     def validate_payload
-      raise Auth::Errors::TokenHasNoIssuer unless @payload.key?('iss')
-      raise Auth::Errors::TokenHasNoIssuedAt unless @payload.key?('iat')
-      unless @payload['iat'] <= Time.now.to_i
-        raise Auth::Errors::TokenNotYetValid
-      end
-      raise Auth::Errors::TokenHasNoSubject unless @payload.key?('sub')
+      raise Auth::Errors::TokenHasNoIssuer unless @payload.key?("iss")
+      raise Auth::Errors::TokenHasNoIssuedAt unless @payload.key?("iat")
+      raise Auth::Errors::TokenNotYetValid unless @payload["iat"] <= Time.now.to_i
+      raise Auth::Errors::TokenHasNoSubject unless @payload.key?("sub")
     end
   end
 end

data/lib/token_processor.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'jwt'
+require "jwt"
 module Auth
   class TokenProcessor
@@ -17,19 +17,17 @@ module Auth
       payload, _header = jwt_process token
-      raise Auth::Errors::TokenExpired unless payload.key?('exp')
-      raise Auth::Errors::TokenHasNoIssuer unless payload.key?('iss')
-      unless payload['iss'] == @jwt_issuer
-        raise Auth::Errors::TokenIssuerIncorrect
-      end
+      raise Auth::Errors::TokenExpired unless payload.key?("exp")
+      raise Auth::Errors::TokenHasNoIssuer unless payload.key?("iss")
+      raise Auth::Errors::TokenIssuerIncorrect unless payload["iss"] == @jwt_issuer
       Auth::Token.new payload
     end
-    private
+  private
     def jwt_process(token)
-      options = { algorithm: 'HS256', iss: @jwt_issuer }
+      options = { algorithm: "HS256", iss: @jwt_issuer }
       JWT.decode token, @jwt_secret, true, options
     rescue JWT::ExpiredSignature

metadata CHANGED Viewed

@@ -1,17 +1,19 @@
 --- !ruby/object:Gem::Specification
 name: epb-auth-tools
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.11
 platform: ruby
 authors:
 - Lawrence Goldstien <lawrence.goldstien@madetech.com>
 - Yusuf Sheikh <yusuf@madetech.com>
 - Jaseera <jaseera@madetech.com>
-- Kevin Keenoy <kevin.keenoy@communities.gov.uk>
+- Kevin Keenoy <kevin.keenoy@levellingup.gov.uk>
+- Douglas Greenshields <douglas.greenshields@levellingup.gov.uk>
+- Aga Dufrat <aga.dufrat@levellingup.gov.uk>
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-11 00:00:00.000000000 Z
+date: 2022-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -19,28 +21,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description:
 email:
 executables: []
@@ -65,14 +73,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Tools for authentication and authorisation with JWTs and OAuth