epb-auth-tools 1.0.8 → 1.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e5484b829fb09391cc9bd9fd4b2a2b0e8fe2e64e3cfdf640d400cecf33d533ea
-  data.tar.gz: 522b5c88d93b5fd00524eea152b443af016f33cbeb820f07d027eb02ed72689b
+  metadata.gz: 51ff1680c92485230dcdd83f6d87a7346f7cd74e1f4d4df5cc556df606b39e60
+  data.tar.gz: c1179b6b77dfcf84f70f962c3a82229f1bbdc08dede87c232441d52eee6eed02
 SHA512:
-  metadata.gz: bdfaa165c58467113a6a82a6429cb577496b3ce7e817c0b341b5a2c0b6e3660efc957ad5450b03fe89082e56aeb99da10e04f2e5a62941b42e68ccb45d1dccac
-  data.tar.gz: a314604c7e518640d2492e9f8c5300d1bf47203dfb36903ec9ba80296a9ff79c7a683a975717a40e5b6c8488c3b5e3109f517f7ac6b2e6de4184beee16f8f541
+  metadata.gz: afeedf14c33ef8d100f06afdcea24fc5825b327c1723044517b46739f255924d48dd51d545f024c409fac97b63647a206c8912a7cccaddae9464414b9457df56
+  data.tar.gz: 0f65a346cf7aeec3ca38a032e6daa26261283ab7451781231beae77ce966870b96e6661d38182800c8bdc0e2cd469de7528a8118058aeafa77d107711f0e0547

data/lib/epb-auth-tools.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 module Auth
-  require_relative 'errors'
-  require_relative 'http_client'
-  require_relative 'token'
-  require_relative 'token_processor'
+  require_relative "errors"
+  require_relative "http_client"
+  require_relative "token"
+  require_relative "token_processor"
 
-  require_relative 'sinatra/conditional'
+  require_relative "sinatra/conditional"
 end

data/lib/errors.rb

@@ -7,8 +7,10 @@ module Auth
 
     class Processor < Auth::Errors::Error
     end
+
     class ProcessorHasNoSecret < Auth::Errors::Error
     end
+
     class ProcessorHasNoIssuer < Auth::Errors::Error
     end
 
@@ -17,25 +19,34 @@ module Auth
 
     class TokenMissing < Auth::Errors::Token
     end
+
     class TokenPayloadError < Auth::Errors::Token
     end
+
     class TokenExpired < Auth::Errors::TokenPayloadError
     end
+
     class TokenNotYetValid < Auth::Errors::TokenPayloadError
     end
+
     class TokenHasNoIssuer < Auth::Errors::TokenPayloadError
     end
+
     class TokenHasNoSubject < Auth::Errors::TokenPayloadError
     end
+
     class TokenHasNoIssuedAt < Auth::Errors::TokenPayloadError
     end
+
     class TokenHasNoExpiry < Auth::Errors::TokenPayloadError
     end
+
     class TokenIssuerIncorrect < Auth::Errors::TokenPayloadError
     end
 
     class TokenDecodeError < Auth::Errors::Token
     end
+
     class TokenTamperDetected < Auth::Errors::TokenDecodeError
     end
 
@@ -44,15 +55,19 @@ module Auth
 
     class ClientHasNoAuthServer < Auth::Errors::Client
     end
+
     class ClientHasNoClientId < Auth::Errors::Client
     end
+
     class ClientHasNoClientSecret < Auth::Errors::Client
     end
+
     class ClientHasNoBaseUri < Auth::Errors::Client
     end
 
     class Network < Auth::Errors::Error
     end
+
     class NetworkConnectionFailed < Auth::Errors::Network
     end
   end

data/lib/http_client.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'oauth2'
+require "oauth2"
 
 module Auth
   class HttpClient
@@ -21,8 +21,8 @@ module Auth
       @authenticated_client = nil
 
       site_url = URI.parse(auth_server)
-      token_url = site_url.path + '/oauth/token'
-      authorisation_url = site_url.path + '/oauth/token'
+      token_url = "#{site_url.path}/oauth/token"
+      authorisation_url = "#{site_url.path}/oauth/token"
       site_url = "#{site_url.scheme}://#{site_url.host}:#{site_url.port}"
 
       @base_uri = base_uri

data/lib/sinatra/conditional.rb

@@ -4,9 +4,9 @@ module Auth
   module Sinatra
     class Conditional
       def self.process_request(env)
-        jwt_token = env.fetch('HTTP_AUTHORIZATION', '').slice(7..-1)
+        jwt_token = env.fetch("HTTP_AUTHORIZATION", "").slice(7..-1)
         processor =
-          Auth::TokenProcessor.new ENV['JWT_SECRET'], ENV['JWT_ISSUER']
+          Auth::TokenProcessor.new ENV["JWT_SECRET"], ENV["JWT_ISSUER"]
         processor.process jwt_token
       end
     end

data/lib/token.rb

@@ -8,38 +8,34 @@ module Auth
     end
 
     def sub
-      @payload['sub']
+      @payload["sub"]
     end
 
     def scope?(scope)
-      @payload['scopes']&.include? scope
+      @payload["scopes"]&.include? scope
     end
 
     def scopes?(scopes)
-      scopes.all? { |scope| @payload['scopes']&.include? scope }
+      scopes.all? { |scope| @payload["scopes"]&.include? scope }
     end
 
     def supplemental(property = nil)
-      unless property.nil? || @payload['sup'][property].nil?
-        return @payload['sup'][property]
-      end
+      return @payload["sup"][property] unless property.nil? || @payload["sup"][property].nil?
 
-      @payload['sup']
+      @payload["sup"]
     end
 
     def encode(jwt_secret)
-      JWT.encode @payload, jwt_secret, 'HS256'
+      JWT.encode @payload, jwt_secret, "HS256"
     end
 
-    private
+  private
 
     def validate_payload
-      raise Auth::Errors::TokenHasNoIssuer unless @payload.key?('iss')
-      raise Auth::Errors::TokenHasNoIssuedAt unless @payload.key?('iat')
-      unless @payload['iat'] <= Time.now.to_i
-        raise Auth::Errors::TokenNotYetValid
-      end
-      raise Auth::Errors::TokenHasNoSubject unless @payload.key?('sub')
+      raise Auth::Errors::TokenHasNoIssuer unless @payload.key?("iss")
+      raise Auth::Errors::TokenHasNoIssuedAt unless @payload.key?("iat")
+      raise Auth::Errors::TokenNotYetValid unless @payload["iat"] <= Time.now.to_i
+      raise Auth::Errors::TokenHasNoSubject unless @payload.key?("sub")
     end
   end
 end

data/lib/token_processor.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'jwt'
+require "jwt"
 
 module Auth
   class TokenProcessor
@@ -17,19 +17,17 @@ module Auth
 
       payload, _header = jwt_process token
 
-      raise Auth::Errors::TokenExpired unless payload.key?('exp')
-      raise Auth::Errors::TokenHasNoIssuer unless payload.key?('iss')
-      unless payload['iss'] == @jwt_issuer
-        raise Auth::Errors::TokenIssuerIncorrect
-      end
+      raise Auth::Errors::TokenExpired unless payload.key?("exp")
+      raise Auth::Errors::TokenHasNoIssuer unless payload.key?("iss")
+      raise Auth::Errors::TokenIssuerIncorrect unless payload["iss"] == @jwt_issuer
 
       Auth::Token.new payload
     end
 
-    private
+  private
 
     def jwt_process(token)
-      options = { algorithm: 'HS256', iss: @jwt_issuer }
+      options = { algorithm: "HS256", iss: @jwt_issuer }
 
       JWT.decode token, @jwt_secret, true, options
     rescue JWT::ExpiredSignature

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: epb-auth-tools
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.9
 platform: ruby
 authors:
 - Lawrence Goldstien <lawrence.goldstien@madetech.com>
 - Yusuf Sheikh <yusuf@madetech.com>
 - Jaseera <jaseera@madetech.com>
-- Kevin Keenoy <kevin.keenoy@communities.gov.uk>
-- Douglas Greenshields <douglas.greenshields@communities.gov.uk>
+- Kevin Keenoy <kevin.keenoy@levellingup.gov.uk>
+- Douglas Greenshields <douglas.greenshields@levellingup.gov.uk>
+- Aga Dufrat <aga.dufrat@levellingup.gov.uk>
 autorequire:
 bindir: bin
 cert_chain: []
@@ -20,14 +21,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -66,14 +67,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Tools for authentication and authorisation with JWTs and OAuth