fb-jwt-auth 0.2.2 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +2 -2
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +18 -0
  5. data/README.md +10 -0
  6. data/lib/fb/jwt/auth.rb +17 -4
  7. data/lib/fb/jwt/auth/service_access_token.rb +43 -0
  8. data/lib/fb/jwt/auth/service_token_client.rb +9 -2
  9. data/lib/fb/jwt/auth/version.rb +1 -1
  10. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a361b57c2b001ce5d99eae92c8c90536a478d0e27e5d93417dfa157dfc92fc54
4
- data.tar.gz: e9ec232adbdc8bc109a9f6e27e57fb5ac17a2289d69ba029dbde7b6f71f928b0
3
+ metadata.gz: 206e6cea51b7085e81edf9e3abbab0d328d947797d7eda4f9ddc33b63559f3ce
4
+ data.tar.gz: ab5e1d4604fe50e8d41ade6996ec55faec9f3803612d4e9dc8f6a63930fc05a9
5
5
  SHA512:
6
- metadata.gz: d742d7ede999d0695a3d72da858c8c8314382b31539f4df7156c97c5ea01e45e0b4833952b05eeffd97fc172b6a675726829282e2ad594654d445dacf5220e9d
7
- data.tar.gz: 45366b1a2238884d9b1cd5818dde5ef5f63340461d15867eb86b7e6852f132876baf3174c14397e25cc0d7d4b0093fa9867628b05a85015d95693ad583b69b86
6
+ metadata.gz: 6ee2f83dda3dc556684729d306b2e33b5493b637e27a997bf8559a730b4cd8d6e5e00366f7d84284cef05f56e8bad861a941ad8a2c1390fcf5c0badd072a2a72
7
+ data.tar.gz: 0b4c2bedf35ea43dee2e0ccb1b0d67b547b7d121c1930b48d1e3a44a018f980f472423edd4f9a556cf78977957261423f0eaa144cf890c1de53cdd087d7e48bc
data/.circleci/config.yml CHANGED
@@ -5,7 +5,7 @@ orbs:
5
5
  jobs:
6
6
  test:
7
7
  docker:
8
- - image: cimg/ruby:2.7.2
8
+ - image: cimg/ruby:2.7.3
9
9
  steps:
10
10
  - checkout
11
11
  - run:
@@ -21,7 +21,7 @@ jobs:
21
21
  include_job_number_field: false
22
22
  publish:
23
23
  docker:
24
- - image: cimg/ruby:2.7.2
24
+ - image: cimg/ruby:2.7.3
25
25
  steps:
26
26
  - checkout
27
27
  - run:
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.7.2
1
+ 2.7.3
data/Changelog.md CHANGED
@@ -1,3 +1,21 @@
1
+ # 0.7.0
2
+ * Use Ruby 2.7.3
3
+
4
+ # 0.6.0
5
+ * Supplier issuer to service token client
6
+
7
+ # 0.5.0
8
+ * Do not base64 decode private key
9
+
10
+ # 0.4.0
11
+ * Generate the access token
12
+
13
+ # 0.3.0
14
+ * Request non cached version of public key if first validition fails
15
+
16
+ # v0.2.2
17
+ * Add token not present exception when token is empty
18
+
1
19
  # v0.2.1
2
20
  * Add better error messages
3
21
 
data/README.md CHANGED
@@ -25,6 +25,16 @@ Fb::Jwt::Auth.configure do |config|
25
25
  config.service_token_cache_root_url = ENV['SERVICE_TOKEN_CACHE_ROOT_URL']
26
26
  end
27
27
  ```
28
+ In order to generate the service access token we need to use `Fb::Jwt::Auth::ServiceAccessToken.new.generate` or if you require a subject, `Fb::Jwt::Auth::ServiceAccessToken.new(subject: subject).generate`
29
+
30
+ In the case you need to configure the service access token as a client
31
+ ```ruby
32
+ Fb::Jwt::Auth.configure do |config|
33
+ config.issuer = 'fb-editor'
34
+ config.namespace = 'formbuilder-saas-test'
35
+ config.encoded_private_key = 'base64 encoded private key'
36
+ end
37
+ ```
28
38
 
29
39
  ### Using other endpoint versions
30
40
 
data/lib/fb/jwt/auth.rb CHANGED
@@ -1,18 +1,23 @@
1
1
  require 'fb/jwt/auth/version'
2
2
  require 'openssl'
3
3
  require 'jwt'
4
- require 'active_support/core_ext'
4
+ require 'active_support/all'
5
5
 
6
6
  module Fb
7
7
  module Jwt
8
8
  class Auth
9
- cattr_accessor :service_token_cache_root_url, :service_token_cache_api_version
9
+ cattr_accessor :service_token_cache_root_url,
10
+ :service_token_cache_api_version,
11
+ :encoded_private_key,
12
+ :issuer,
13
+ :namespace
10
14
 
11
15
  def self.configure(&block)
12
16
  yield self
13
17
  end
14
18
 
15
19
  autoload :ServiceTokenClient, 'fb/jwt/auth/service_token_client'
20
+ autoload :ServiceAccessToken, 'fb/jwt/auth/service_access_token'
16
21
 
17
22
  class TokenNotPresentError < StandardError
18
23
  end
@@ -44,8 +49,7 @@ module Fb
44
49
  application_details = find_application_info
45
50
 
46
51
  begin
47
- hmac_secret = public_key(application_details)
48
- payload, _header = decode(hmac_secret: hmac_secret)
52
+ payload, _header = retrieve_and_decode_public_key(application_details)
49
53
  rescue StandardError => e
50
54
  error_message = "Token is not valid: error #{e}"
51
55
  logger.debug(error_message)
@@ -67,6 +71,15 @@ module Fb
67
71
  payload
68
72
  end
69
73
 
74
+ def retrieve_and_decode_public_key(application_details)
75
+ hmac_secret = public_key(application_details)
76
+ decode(hmac_secret: hmac_secret)
77
+ rescue JWT::VerificationError
78
+ logger.debug('First validation failed. Requesting non cached public key')
79
+ hmac_secret = public_key(application_details.merge(ignore_cache: true))
80
+ decode(hmac_secret: hmac_secret)
81
+ end
82
+
70
83
  def decode(verify: true, hmac_secret: nil)
71
84
  JWT.decode(
72
85
  token,
data/lib/fb/jwt/auth/service_access_token.rb ADDED
@@ -0,0 +1,43 @@
1
+ module Fb
2
+ module Jwt
3
+ class Auth
4
+ class ServiceAccessToken
5
+ attr_reader :encoded_private_key,
6
+ :issuer,
7
+ :subject,
8
+ :namespace
9
+
10
+ def initialize(subject: nil, issuer: nil)
11
+ @subject = subject
12
+ @encoded_private_key = Fb::Jwt::Auth.encoded_private_key
13
+ @namespace = Fb::Jwt::Auth.namespace
14
+ @issuer = issuer || Fb::Jwt::Auth.issuer
15
+ end
16
+
17
+ def generate
18
+ return '' if encoded_private_key.blank?
19
+
20
+ private_key = OpenSSL::PKey::RSA.new(encoded_private_key.chomp)
21
+
22
+ JWT.encode(
23
+ token,
24
+ private_key,
25
+ 'RS256'
26
+ )
27
+ end
28
+
29
+ private
30
+
31
+ def token
32
+ payload = {
33
+ iss: issuer,
34
+ iat: Time.current.to_i
35
+ }
36
+ payload[:sub] = subject if subject.present?
37
+ payload[:namespace] = namespace if namespace.present?
38
+ payload
39
+ end
40
+ end
41
+ end
42
+ end
43
+ end
data/lib/fb/jwt/auth/service_token_client.rb CHANGED
@@ -12,9 +12,10 @@ class Fb::Jwt::Auth::ServiceTokenClient
12
12
 
13
13
  attr_accessor :application, :namespace, :root_url, :api_version
14
14
 
15
- def initialize(application:, namespace: nil)
15
+ def initialize(application:, namespace: nil, ignore_cache: false)
16
16
  @application = application
17
17
  @namespace = namespace
18
+ @ignore_cache = ignore_cache
18
19
  @root_url = Fb::Jwt::Auth.service_token_cache_root_url
19
20
  @api_version = Fb::Jwt::Auth.service_token_cache_api_version || :v2
20
21
  end
@@ -38,8 +39,14 @@ class Fb::Jwt::Auth::ServiceTokenClient
38
39
 
39
40
  private
40
41
 
42
+ attr_reader :ignore_cache
43
+
41
44
  def public_key_uri
42
- URI.join(root_url, version_url)
45
+ URI.join(root_url, "#{version_url}#{query_param}")
46
+ end
47
+
48
+ def query_param
49
+ ignore_cache ? '?ignore_cache=true' : ''
43
50
  end
44
51
 
45
52
  def version_url
data/lib/fb/jwt/auth/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Fb
2
2
  module Jwt
3
3
  class Auth
4
- VERSION = "0.2.2"
4
+ VERSION = "0.7.0"
5
5
  end
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fb-jwt-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Form builder developers
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-29 00:00:00.000000000 Z
11
+ date: 2021-05-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -73,6 +73,7 @@ files:
73
73
  - bin/setup
74
74
  - fb-jwt-auth.gemspec
75
75
  - lib/fb/jwt/auth.rb
76
+ - lib/fb/jwt/auth/service_access_token.rb
76
77
  - lib/fb/jwt/auth/service_token_client.rb
77
78
  - lib/fb/jwt/auth/version.rb
78
79
  homepage: https://github.com/ministryofjustice/fb-jwt-auth
@@ -97,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
97
98
  - !ruby/object:Gem::Version
98
99
  version: '0'
99
100
  requirements: []
100
- rubygems_version: 3.1.4
101
+ rubygems_version: 3.2.15
101
102
  signing_key:
102
103
  specification_version: 4
103
104
  summary: JWT authentication done in form builder team