firebase_token_auth 1.3.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d96a4c3041301e5af29e38a8a70454e2628c9edf5e7ad936d910790ca40613ce
-  data.tar.gz: 18827a9a5f2ea0826dd9981b524e1836c2a3c244ce85b794722ad2b6a1b93a69
+  metadata.gz: 458419a9cc0f07b5c6d11037ef5a932cee6918b8f0d656dea8a16c57d42ff7bf
+  data.tar.gz: 5b8c715921349dfa20f5c5b8129c324edd75af04c4461360a01e1a918ba9a857
 SHA512:
-  metadata.gz: c2a5bf310a1b9aad1c2aac7eb562bc4968ea69b1cdd80ee3a0682388b2dd1a2d57ea1f26f521e332789d6cf6df01504a45c64f9d1493dcb98a0ccf3da16f67eb
-  data.tar.gz: ae028494a05b1979755e6f17e38edf1d51fbbe9dc03adac85ef6b5b3b3ac1adb540ac1694f0f6b9b6331318a0c85bb59a9f54027919a65162d6e0826a810cfa7
+  metadata.gz: 8dbc7ccb903400b3c5606ccbfdb0668e7efba7debe2b0320655d621d67cd45f5ddd941e429071bdc6f5df2d27e85ad1fbedbdcd3841e4dd5a67367c530580b2c
+  data.tar.gz: 0771c7af336de27b1559398d7cb356fd5922e8847524be8c6aef2b478b92b6c6d68419446127e4b856d7365cd785d7110e754a9d5ca4f135a9f68b80b9f67fe4

data/.github/workflows/test.yml

@@ -1,15 +1,17 @@
 name: rspec
 
-on: push
+on:
+  workflow_dispatch:
+  push:
 
 jobs:
   rspec:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ 2.4, 2.5, 2.6, 2.7, "3.0" ]
+        ruby: [ 2.6, 2.7, "3.0", 3.1, 3.2 ]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
@@ -22,7 +24,7 @@ jobs:
           gem --version
           gem install -N bundler -v 2
 
-      - uses: actions/cache@v1
+      - uses: actions/cache@v3
         with:
           path: vendor/bundle
           key: ${{ runner.os }}-gem-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
@@ -46,11 +48,10 @@ jobs:
           GOOGLE_PRIVATE_KEY: ${{ secrets.GOOGLE_PRIVATE_KEY }}
 
       - name: slack notification
-        uses: 8398a7/action-slack@v2
+        uses: 8398a7/action-slack@v3
         if: always()
         with:
           status: ${{ job.status }}
           author_name: 'github action firebase_token_auth build'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

data/README.md

@@ -91,6 +91,26 @@ puts c_token
 # => "eyJhbGciOXXX.eyJpc3MiOiJmaXJlYmFzXXXX.v7y7LoBXXXXX" # dummy
 ```
 
+### verify custom token
+```ruby
+require 'firebase_token_auth'
+
+FirebaseTokenAuth.configure do |config|
+  config.project_id = 'your_project_id'
+  config.json_key_io = "#{Rails.root}/path/to/service_account_credentials.json"
+end
+
+client = FirebaseTokenAuth.build
+result = client.verify_custom_token(custom_token)
+
+puts result
+# => {:expires_in=>3600,
+#   :id_token=>"<id_token>",
+#   :is_new_user=>"<true/false>",
+#   :kind=>"identitytoolkit#VerifyCustomTokenResponse",
+#   :refresh_token=>"<refresh_token>"}
+```
+
 ### fetch users info from firebase
 ```ruby
 require 'firebase_token_auth'

data/firebase_token_auth.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.description   = 'Firebase Authentication API wrapper for serverside. It support custom token auth. Of course it has id_token verify feature.'
   spec.homepage      = 'https://github.com/miyataka/firebase_token_auth'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.6.0')
 
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = spec.homepage

data/lib/firebase_token_auth/admin_client.rb

@@ -20,6 +20,15 @@ module FirebaseTokenAuth
       service.set_account_info(request)
     end
 
+    def verify_custom_token(custom_token)
+      request = Google::Apis::IdentitytoolkitV3::VerifyCustomTokenRequest.new(
+        token: custom_token,
+        return_secure_token: true
+      )
+
+      service.verify_custom_token(request)
+    end
+
     private
 
       def permit_attributes(attr_hash)

data/lib/firebase_token_auth/client.rb

@@ -47,10 +47,14 @@ module FirebaseTokenAuth
                   iat: now_seconds,
                   exp: now_seconds + (60 * 60),
                   uid: uid }
-      payload.merge!({ claim: additional_claims }) if additional_claims
+      payload.merge!({ claims: additional_claims }) if additional_claims
       JWT.encode(payload, configuration.private_key, ALGORITHM)
     end
 
+    def verify_custom_token(custom_token)
+      admin_client.verify_custom_token(custom_token).to_h
+    end
+
     def user_search_by_email(email)
       admin_client.get_account_info({ email: [email] })&.users&.map(&:to_h)
     end

data/lib/firebase_token_auth/configuration.rb

@@ -29,7 +29,7 @@ module FirebaseTokenAuth
 
       @auth = if json_key_io
                 io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
-                io.rewind if io.respond_to?(:read) 
+                io.rewind if io.respond_to?(:read)
                 Google::Auth::ServiceAccountCredentials.make_creds(
                   json_key_io: io,
                   scope: scope
@@ -41,7 +41,7 @@ module FirebaseTokenAuth
 
       if json_key_io
         json_io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
-        json_io.rewind if json_key_io.respond_to?(:read) 
+        json_io.rewind if json_key_io.respond_to?(:read)
         parsed = JSON.parse(json_io.read)
         @private_key = OpenSSL::PKey::RSA.new(parsed['private_key'])
         @client_email = parsed['client_email']

data/lib/firebase_token_auth/validator.rb

@@ -14,11 +14,16 @@ module FirebaseTokenAuth
       raise ValidationError, 'Firebase ID token has no "sub" (subject) claim.' unless payload['sub'].is_a?(String)
       raise ValidationError, 'Firebase ID token has an empty string "sub" (subject) claim.' if payload['sub'].empty?
       raise ValidationError, 'Firebase ID token has "sub" (subject) claim longer than 128 characters.' if payload['sub'].size > 128
+      raise ValidationError, 'Firebase ID token has expired.' if expired?(payload['exp'])
     end
 
     def extract_kid(id_token)
       decoded = JWT.decode(id_token, nil, false, algorithm: ALGORITHM)
       [decoded[1]['kid'], decoded]
     end
+
+    def expired?(exp)
+      exp.to_i <= Time.now.to_i
+    end
   end
 end

data/lib/firebase_token_auth/version.rb

@@ -1,3 +1,3 @@
 module FirebaseTokenAuth
-  VERSION = '1.3.0'.freeze
+  VERSION = '1.5.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firebase_token_auth
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.5.0
 platform: ruby
 authors:
 - miyataka
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-19 00:00:00.000000000 Z
+date: 2023-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-identitytoolkit_v3
@@ -50,7 +50,6 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -80,14 +79,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: Firebase Authentication API wrapper for serverside. It support custom token

data/.travis.yml

@@ -1,6 +0,0 @@
----
-language: ruby
-cache: bundler
-rvm:
-  - 2.7.0
-before_install: gem install bundler -v 2.1.4