fb-jwt-auth 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ff3e7406a923af4e7374f7855ddce3de5bbe9e46267b63a2d06c92a74f3ec13a
4
- data.tar.gz: 1a0db0196134bed15fec85fb83006f0254f5dc0b2e96f02644b4d452499a121c
3
+ metadata.gz: f86d88c60d096a604b4c0e3bd40acb9e6869c99011f91f14eb9488b7e9d4f4ae
4
+ data.tar.gz: f79a60753d8fee05024b3303a6d03d1fb28d13db6d788a3b3ca24e2c16a8707f
5
5
  SHA512:
6
- metadata.gz: 9ef0173a6261f0b8f8377f1987ab3d8c16b7364f25209ab10094240a096e2b9ef24f35944f12ad81a06a85357da1e48c76899285dcd40f8210254993da44a81b
7
- data.tar.gz: aee6abbd74914c5ba92158c5e6eb3ba3b62bd55e36bd5fa57d2877fb76a5ebd806317072a5ee8d6fd91b7318af788ec89da4bf15ad421d66426a908636b8d1c0
6
+ metadata.gz: 52b523c492ba637761d84f15c0d374e1920d1c0e7210cf8fbbfefee2df9efcee10abaf75a6f9942266794c509616717da55cadb38916c48d31372cb0c7b92c6f
7
+ data.tar.gz: 9870d7e4d6854fb21cc07fc8903661fca1fac308ce716866bd2d9bbee95fdfafe32deb47c3f54fbb14112ae88b25e2262fbec35ebe34a5d0ddd95de8f40c20ee
@@ -0,0 +1,63 @@
1
+ version: 2.1
2
+ orbs:
3
+ slack: circleci/slack@3.4.2
4
+
5
+ jobs:
6
+ test:
7
+ docker:
8
+ - image: cimg/ruby:2.7.2
9
+ steps:
10
+ - checkout
11
+ - run:
12
+ name: Install
13
+ command: bundle install
14
+ - run:
15
+ name: Test
16
+ command: bundle exec rspec
17
+ - slack/status: &slack_status
18
+ fail_only: true
19
+ only_for_branches: main
20
+ failure_message: ":facepalm: Failed job $CIRCLE_JOB :homer-disappear:"
21
+ include_job_number_field: false
22
+ publish:
23
+ docker:
24
+ - image: cimg/ruby:2.7.2
25
+ steps:
26
+ - checkout
27
+ - run:
28
+ name: Install
29
+ command: bundle install
30
+ - run:
31
+ name: Setup Rubygems
32
+ command: |
33
+ mkdir ~/.gem
34
+ echo -e "---\r\n:rubygems_api_key: $RUBYGEMS_API_KEY" > ~/.gem/credentials
35
+ chmod 0600 /home/circleci/.gem/credentials
36
+ - run:
37
+ name: Publish to Rubygems
38
+ command: |
39
+ set -e
40
+
41
+ VERSION=$(ruby -e "require './lib/fb/jwt/auth/version.rb'; puts Fb::Jwt::Auth::VERSION")
42
+ PUBLISHED_VERSION=$(curl https://rubygems.org/api/v1/versions/fb-jwt-auth/latest.json | sed -e 's/[{}]/''/g' | sed s/\"//g | awk -v RS=',' -F: '$1=="version"{print $2}')
43
+
44
+ if [ "$VERSION" != "$PUBLISHED_VERSION" ]
45
+ then
46
+ bundle exec gem build fb-jwt-auth.gemspec
47
+ bundle exec gem push fb-jwt-auth-*.gem
48
+ curl -X POST -H 'Content-type: application/json' --data "{\"text\":\":woohoo: Successfully published ${CIRCLE_PROJECT_REPONAME} ${VERSION} :ship_it_parrot:\"}" "$SLACK_WEBHOOK"
49
+ fi
50
+ - slack/status: *slack_status
51
+
52
+ workflows:
53
+ commit-workflow:
54
+ jobs:
55
+ - test
56
+ - publish:
57
+ requires:
58
+ - test
59
+ filters:
60
+ tags:
61
+ only: /.*/
62
+ branches:
63
+ only: main
@@ -0,0 +1,9 @@
1
+ # v0.2.0
2
+
3
+ * Add service token cache v3 implementation
4
+ * All necessary information (iat, sub and application, namespace) should be on
5
+ the access token
6
+
7
+ # v0.1.0
8
+
9
+ * Add service token cache v2 implementation
data/README.md CHANGED
@@ -18,11 +18,29 @@ Or install it yourself as:
18
18
 
19
19
  ## Usage
20
20
 
21
- ```
21
+ ```ruby
22
22
  Fb::Jwt::Auth.configure do |config|
23
+ # Service token cache domain
24
+ #
23
25
  config.service_token_cache_root_url = ENV['SERVICE_TOKEN_CACHE_ROOT_URL']
24
26
  end
27
+ ```
28
+
29
+ ### Using other endpoint versions
25
30
 
31
+ Service token cache can have different versions of authenticating a service.
32
+
33
+ You can configure the version:
34
+
35
+ ```ruby
36
+ Fb::Jwt::Auth.configure do |config|
37
+ config.service_token_cache_api_version = :v3
38
+ end
39
+ ```
40
+
41
+ ### Verifying the token
42
+
43
+ ```ruby
26
44
  Fb::Jwt::Auth.new(
27
45
  access_token: request.headers['x-access-token-v2'],
28
46
  key: 'fb-editor', # service name
@@ -6,13 +6,7 @@ require 'active_support/core_ext'
6
6
  module Fb
7
7
  module Jwt
8
8
  class Auth
9
- def self.service_token_cache_root_url=(value)
10
- @@service_token_cache_root_url = value
11
- end
12
-
13
- def self.service_token_cache_root_url
14
- @@service_token_cache_root_url
15
- end
9
+ cattr_accessor :service_token_cache_root_url, :service_token_cache_api_version
16
10
 
17
11
  def self.configure(&block)
18
12
  yield self
@@ -29,9 +23,15 @@ module Fb
29
23
  class TokenExpiredError < StandardError
30
24
  end
31
25
 
26
+ class IssuerNotPresentError < StandardError
27
+ end
28
+
29
+ class NamespaceNotPresentError < StandardError
30
+ end
31
+
32
32
  attr_accessor :token, :key, :leeway, :logger
33
33
 
34
- def initialize(token:, key:, leeway:, logger:)
34
+ def initialize(token:, key: nil, leeway:, logger:)
35
35
  @token = token
36
36
  @key = key
37
37
  @leeway = leeway
@@ -41,15 +41,11 @@ module Fb
41
41
  def verify!
42
42
  raise TokenNotPresentError if token.nil?
43
43
 
44
+ application_details = find_application_info
45
+
44
46
  begin
45
- hmac_secret = public_key(key)
46
- payload, _header = JWT.decode(
47
- token,
48
- hmac_secret,
49
- true,
50
- exp_leeway: leeway,
51
- algorithm: 'RS256'
52
- )
47
+ hmac_secret = public_key(application_details)
48
+ payload, _header = decode(hmac_secret: hmac_secret)
53
49
  rescue StandardError => e
54
50
  error_message = "Couldn't parse that token - error #{e}"
55
51
  logger.debug(error_message)
@@ -71,8 +67,33 @@ module Fb
71
67
  payload
72
68
  end
73
69
 
74
- def public_key
75
- OpenSSL::PKey::RSA.new(ServiceTokenClient.new(key).public_key)
70
+ def decode(verify: true, hmac_secret: nil)
71
+ JWT.decode(
72
+ token,
73
+ hmac_secret,
74
+ verify,
75
+ exp_leeway: leeway,
76
+ algorithm: 'RS256'
77
+ )
78
+ end
79
+
80
+ def find_application_info
81
+ return { application: key } if key
82
+
83
+ payload, _header = decode(verify: false)
84
+ application = payload['iss']
85
+ namespace = payload['namespace']
86
+
87
+ raise IssuerNotPresentError unless application
88
+ raise NamespaceNotPresentError unless namespace
89
+
90
+ { application: application, namespace: namespace}
91
+ end
92
+
93
+ def public_key(attributes)
94
+ OpenSSL::PKey::RSA.new(
95
+ ServiceTokenClient.new(attributes).public_key
96
+ )
76
97
  end
77
98
  end
78
99
  end
@@ -5,11 +5,18 @@ require 'base64'
5
5
  class Fb::Jwt::Auth::ServiceTokenClient
6
6
  class ServiceTokenCacheError < StandardError; end
7
7
 
8
- attr_accessor :key, :root_url
8
+ ENDPOINTS = {
9
+ v2: '/service/v2/%{application}',
10
+ v3: '/v3/applications/%{application}/namespaces/%{namespace}'
11
+ }
9
12
 
10
- def initialize(key)
11
- @key = key
13
+ attr_accessor :application, :namespace, :root_url, :api_version
14
+
15
+ def initialize(application:, namespace: nil)
16
+ @application = application
17
+ @namespace = namespace
12
18
  @root_url = Fb::Jwt::Auth.service_token_cache_root_url
19
+ @api_version = Fb::Jwt::Auth.service_token_cache_api_version || :v2
13
20
  end
14
21
 
15
22
  def public_key
@@ -32,6 +39,14 @@ class Fb::Jwt::Auth::ServiceTokenClient
32
39
  private
33
40
 
34
41
  def public_key_uri
35
- URI.join(@root_url, '/service/v2/', key)
42
+ URI.join(root_url, version_url)
43
+ end
44
+
45
+ def version_url
46
+ if api_version == :v3
47
+ ENDPOINTS[api_version] % { application: application, namespace: namespace }
48
+ else
49
+ ENDPOINTS[api_version] % { application: application }
50
+ end
36
51
  end
37
52
  end
@@ -1,7 +1,7 @@
1
1
  module Fb
2
2
  module Jwt
3
3
  class Auth
4
- VERSION = "0.1.0"
4
+ VERSION = "0.2.0"
5
5
  end
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fb-jwt-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Form builder developers
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-21 00:00:00.000000000 Z
11
+ date: 2020-10-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -59,6 +59,7 @@ executables: []
59
59
  extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
+ - ".circleci/config.yml"
62
63
  - ".gitignore"
63
64
  - ".rspec"
64
65
  - ".ruby-version"
@@ -81,7 +82,7 @@ metadata:
81
82
  homepage_uri: https://github.com/ministryofjustice/fb-jwt-auth
82
83
  source_code_uri: https://github.com/ministryofjustice/fb-jwt-auth
83
84
  changelog_uri: https://github.com/ministryofjustice/fb-jwt-auth/blob/main/Changelog.md
84
- post_install_message:
85
+ post_install_message:
85
86
  rdoc_options: []
86
87
  require_paths:
87
88
  - lib
@@ -97,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
97
98
  version: '0'
98
99
  requirements: []
99
100
  rubygems_version: 3.1.4
100
- signing_key:
101
+ signing_key:
101
102
  specification_version: 4
102
103
  summary: JWT authentication done in form builder team
103
104
  test_files: []