RubyGems - epb-auth-tools - Versions diffs - 1.0.7 → 1.0.11 - Mend

epb-auth-tools 1.0.7 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1b1fb574665a72ca0bdc7ee114645deac275e7ec17f4b41fa080ca4c8831fa3
-  data.tar.gz: 0d0baaf4cc5df70f8e762b2451a40dd6b016d1e45329c3afd6447b2ad8857cd4
+  metadata.gz: 98143d27f89eda42d073be36aeebd2fa9820218f27a7448faaf2c968f22fe74e
+  data.tar.gz: 5baa025fef34595bed597a7ac79e1b9097a263d6d42c1112431923b9d26b041e
 SHA512:
-  metadata.gz: e9765ef35a90762641b91bc6c80f1dc43c9928bec457ec5e7a678376b8277f909da2bcb002422ac87d55d1989cea2a0fac414a0ee94c14f44f9d438733be8ca0
-  data.tar.gz: 9ebc8a9003fb3db97592f929ab571633bbfa25d17ace369fbb3c6a5bee51956db63068da593dedff1d38eefe3c36e7547024538ff913bf9a7296d1aa6efa40f2
+  metadata.gz: 3bb82ad8a2b5e383cdc319a308833ea773a5ca02cb6cee35bad542109b1e4583f6616e631f9afbde756d44408be8827783160c51a9312c85c8e88fa7914eeabb
+  data.tar.gz: 380e83b5a4cd97cb55234df83c2eb3c1fbf006656266a49d31f59cf60d11ced9b9939071707246fe3ffcb9051e863cb4f5af767f0d54bd3418e52bee204d4e5b

data/lib/epb-auth-tools.rb CHANGED Viewed

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 module Auth
-  require_relative 'errors'
-  require_relative 'http_client'
-  require_relative 'token'
-  require_relative 'token_processor'
+  require_relative "errors"
+  require_relative "http_client"
+  require_relative "token"
+  require_relative "token_processor"
-  require_relative 'sinatra/conditional'
+  require_relative "sinatra/conditional"
 end

data/lib/errors.rb CHANGED Viewed

@@ -7,8 +7,10 @@ module Auth
     class Processor < Auth::Errors::Error
     end
     class ProcessorHasNoSecret < Auth::Errors::Error
     end
     class ProcessorHasNoIssuer < Auth::Errors::Error
     end
@@ -17,25 +19,34 @@ module Auth
     class TokenMissing < Auth::Errors::Token
     end
     class TokenPayloadError < Auth::Errors::Token
     end
     class TokenExpired < Auth::Errors::TokenPayloadError
     end
     class TokenNotYetValid < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoIssuer < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoSubject < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoIssuedAt < Auth::Errors::TokenPayloadError
     end
     class TokenHasNoExpiry < Auth::Errors::TokenPayloadError
     end
     class TokenIssuerIncorrect < Auth::Errors::TokenPayloadError
     end
     class TokenDecodeError < Auth::Errors::Token
     end
     class TokenTamperDetected < Auth::Errors::TokenDecodeError
     end
@@ -44,15 +55,19 @@ module Auth
     class ClientHasNoAuthServer < Auth::Errors::Client
     end
     class ClientHasNoClientId < Auth::Errors::Client
     end
     class ClientHasNoClientSecret < Auth::Errors::Client
     end
     class ClientHasNoBaseUri < Auth::Errors::Client
     end
     class Network < Auth::Errors::Error
     end
     class NetworkConnectionFailed < Auth::Errors::Network
     end
   end

data/lib/http_client.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'oauth2'
+require "oauth2"
 module Auth
   class HttpClient
@@ -21,14 +21,15 @@ module Auth
       @authenticated_client = nil
       site_url = URI.parse(auth_server)
-      token_url = site_url.path + '/oauth/token'
-      authorisation_url = site_url.path + '/oauth/token'
+      token_url = "#{site_url.path}/oauth/token"
+      authorisation_url = "#{site_url.path}/oauth/token"
       site_url = "#{site_url.scheme}://#{site_url.host}:#{site_url.port}"
       @base_uri = base_uri
       @client =
         auth_client.new client_id,
                         client_secret,
+                        auth_scheme: :request_body,
                         site: site_url,
                         token_url: token_url,
                         authorisation_url: authorisation_url,
@@ -60,8 +61,9 @@ module Auth
       if @authenticated_client.respond_to? method_name
         response = @authenticated_client.send method_name, *args, &block
-        if response.body.is_a?(::Hash) &&
-             response.body[:error] == 'Auth::Errors::TokenExpired'
+        if response.status == 401
+          # a 401 here is assumed to be due to an expired token
+          # otherwise, refreshing the token and calling again should make no difference to the ultimate response
           refresh
           response = @authenticated_client.send method_name, *args, &block
         end

data/lib/sinatra/conditional.rb CHANGED Viewed

@@ -4,9 +4,9 @@ module Auth
   module Sinatra
     class Conditional
       def self.process_request(env)
-        jwt_token = env.fetch('HTTP_AUTHORIZATION', '').slice(7..-1)
+        jwt_token = env.fetch("HTTP_AUTHORIZATION", "").slice(7..-1)
         processor =
-          Auth::TokenProcessor.new ENV['JWT_SECRET'], ENV['JWT_ISSUER']
+          Auth::TokenProcessor.new ENV["JWT_SECRET"], ENV["JWT_ISSUER"]
         processor.process jwt_token
       end
     end

data/lib/token.rb CHANGED Viewed

@@ -8,38 +8,34 @@ module Auth
     end
     def sub
-      @payload['sub']
+      @payload["sub"]
     end
     def scope?(scope)
-      @payload['scopes']&.include? scope
+      @payload["scopes"]&.include? scope
     end
     def scopes?(scopes)
-      scopes.all? { |scope| @payload['scopes']&.include? scope }
+      scopes.all? { |scope| @payload["scopes"]&.include? scope }
     end
     def supplemental(property = nil)
-      unless property.nil? || @payload['sup'][property].nil?
-        return @payload['sup'][property]
-      end
+      return @payload["sup"][property] unless property.nil? || @payload["sup"][property].nil?
-      @payload['sup']
+      @payload["sup"]
     end
     def encode(jwt_secret)
-      JWT.encode @payload, jwt_secret, 'HS256'
+      JWT.encode @payload, jwt_secret, "HS256"
     end
-    private
+  private
     def validate_payload
-      raise Auth::Errors::TokenHasNoIssuer unless @payload.key?('iss')
-      raise Auth::Errors::TokenHasNoIssuedAt unless @payload.key?('iat')
-      unless @payload['iat'] <= Time.now.to_i
-        raise Auth::Errors::TokenNotYetValid
-      end
-      raise Auth::Errors::TokenHasNoSubject unless @payload.key?('sub')
+      raise Auth::Errors::TokenHasNoIssuer unless @payload.key?("iss")
+      raise Auth::Errors::TokenHasNoIssuedAt unless @payload.key?("iat")
+      raise Auth::Errors::TokenNotYetValid unless @payload["iat"] <= Time.now.to_i
+      raise Auth::Errors::TokenHasNoSubject unless @payload.key?("sub")
     end
   end
 end

data/lib/token_processor.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'jwt'
+require "jwt"
 module Auth
   class TokenProcessor
@@ -17,19 +17,17 @@ module Auth
       payload, _header = jwt_process token
-      raise Auth::Errors::TokenExpired unless payload.key?('exp')
-      raise Auth::Errors::TokenHasNoIssuer unless payload.key?('iss')
-      unless payload['iss'] == @jwt_issuer
-        raise Auth::Errors::TokenIssuerIncorrect
-      end
+      raise Auth::Errors::TokenExpired unless payload.key?("exp")
+      raise Auth::Errors::TokenHasNoIssuer unless payload.key?("iss")
+      raise Auth::Errors::TokenIssuerIncorrect unless payload["iss"] == @jwt_issuer
       Auth::Token.new payload
     end
-    private
+  private
     def jwt_process(token)
-      options = { algorithm: 'HS256', iss: @jwt_issuer }
+      options = { algorithm: "HS256", iss: @jwt_issuer }
       JWT.decode token, @jwt_secret, true, options
     rescue JWT::ExpiredSignature

metadata CHANGED Viewed

@@ -1,17 +1,19 @@
 --- !ruby/object:Gem::Specification
 name: epb-auth-tools
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.11
 platform: ruby
 authors:
 - Lawrence Goldstien <lawrence.goldstien@madetech.com>
 - Yusuf Sheikh <yusuf@madetech.com>
 - Jaseera <jaseera@madetech.com>
-- Kevin Keenoy <kevin.keenoy@communities.gov.uk>
+- Kevin Keenoy <kevin.keenoy@levellingup.gov.uk>
+- Douglas Greenshields <douglas.greenshields@levellingup.gov.uk>
+- Aga Dufrat <aga.dufrat@levellingup.gov.uk>
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-11 00:00:00.000000000 Z
+date: 2022-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -19,28 +21,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description:
 email:
 executables: []
@@ -65,14 +73,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Tools for authentication and authorisation with JWTs and OAuth