forest_liana 7.6.14 → 7.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/forest_liana/authentication_controller.rb +6 -26
- data/app/services/forest_liana/authentication.rb +5 -5
- data/app/services/forest_liana/oidc_client_manager.rb +7 -8
- data/lib/forest_liana/bootstrapper.rb +12 -4
- data/lib/forest_liana/version.rb +1 -1
- data/lib/generators/forest_liana/install_generator.rb +5 -13
- data/lib/tasks/clear_oidc_data.rake +6 -0
- data/spec/requests/authentications_spec.rb +6 -6
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4f2e246fbfde70dc193c1ff1f71b97d5bb02c5c9ecee0a52073c5909b792e7b6
|
|
4
|
+
data.tar.gz: f267f5d490e264b288a0d0136c34f2e15d185760a2c4849bb7359a457ffb5ce2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 449ecf89de01cfb538b57ac9768989d753e911f2ba67995290307d770a5bca72605e5766f83962d45e12d7052d7878b15a14402c0256687203d0107dc0b17669
|
|
7
|
+
data.tar.gz: eddb63f55196bbbea363d280a2610a0d42150ca554e55b6fcfaf998575041143346e7693bef6442dbd895d24981a185c35d4950f1950fa53cbd35d69aefebe13
|
|
@@ -6,21 +6,11 @@ module ForestLiana
|
|
|
6
6
|
START_AUTHENTICATION_ROUTE = 'authentication'
|
|
7
7
|
CALLBACK_AUTHENTICATION_ROUTE = 'authentication/callback'
|
|
8
8
|
LOGOUT_ROUTE = 'authentication/logout'
|
|
9
|
-
PUBLIC_ROUTES = [
|
|
10
|
-
"/#{START_AUTHENTICATION_ROUTE}",
|
|
11
|
-
"/#{CALLBACK_AUTHENTICATION_ROUTE}",
|
|
12
|
-
"/#{LOGOUT_ROUTE}",
|
|
13
|
-
]
|
|
9
|
+
PUBLIC_ROUTES = %W[/#{START_AUTHENTICATION_ROUTE} /#{CALLBACK_AUTHENTICATION_ROUTE} /#{LOGOUT_ROUTE}]
|
|
14
10
|
|
|
15
11
|
def initialize
|
|
16
12
|
@authentication_service = ForestLiana::Authentication.new()
|
|
17
13
|
end
|
|
18
|
-
|
|
19
|
-
def get_callback_url
|
|
20
|
-
File.join(ForestLiana.application_url, "/forest/#{CALLBACK_AUTHENTICATION_ROUTE}").to_s
|
|
21
|
-
rescue => error
|
|
22
|
-
raise "application_url is not valid or not defined" if error.is_a?(ArgumentError)
|
|
23
|
-
end
|
|
24
14
|
|
|
25
15
|
def get_and_check_rendering_id
|
|
26
16
|
if !params.has_key?('renderingId')
|
|
@@ -28,7 +18,7 @@ module ForestLiana
|
|
|
28
18
|
end
|
|
29
19
|
|
|
30
20
|
rendering_id = params[:renderingId]
|
|
31
|
-
|
|
21
|
+
|
|
32
22
|
if !(rendering_id.instance_of?(String) || rendering_id.instance_of?(Numeric)) || (rendering_id.instance_of?(Numeric) && rendering_id.nan?)
|
|
33
23
|
raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_RENDERING_ID]
|
|
34
24
|
end
|
|
@@ -36,15 +26,10 @@ module ForestLiana
|
|
|
36
26
|
return rendering_id.to_i
|
|
37
27
|
end
|
|
38
28
|
|
|
39
|
-
def start_authentication
|
|
29
|
+
def start_authentication
|
|
40
30
|
begin
|
|
41
31
|
rendering_id = get_and_check_rendering_id()
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
result = @authentication_service.start_authentication(
|
|
45
|
-
callback_url,
|
|
46
|
-
{ 'renderingId' => rendering_id },
|
|
47
|
-
)
|
|
32
|
+
result = @authentication_service.start_authentication({ 'renderingId' => rendering_id })
|
|
48
33
|
|
|
49
34
|
render json: { authorizationUrl: result['authorization_url']}, status: 200
|
|
50
35
|
rescue => error
|
|
@@ -55,12 +40,7 @@ module ForestLiana
|
|
|
55
40
|
|
|
56
41
|
def authentication_callback
|
|
57
42
|
begin
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
token = @authentication_service.verify_code_and_generate_token(
|
|
61
|
-
callback_url,
|
|
62
|
-
params,
|
|
63
|
-
)
|
|
43
|
+
token = @authentication_service.verify_code_and_generate_token(params)
|
|
64
44
|
|
|
65
45
|
response_body = {
|
|
66
46
|
token: token,
|
|
@@ -79,7 +59,7 @@ module ForestLiana
|
|
|
79
59
|
begin
|
|
80
60
|
if cookies.has_key?(:forest_session_token)
|
|
81
61
|
forest_session_token = cookies[:forest_session_token]
|
|
82
|
-
|
|
62
|
+
|
|
83
63
|
if forest_session_token
|
|
84
64
|
response.set_cookie(
|
|
85
65
|
'forest_session_token',
|
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
module ForestLiana
|
|
2
2
|
class Authentication
|
|
3
|
-
def start_authentication(
|
|
4
|
-
client = ForestLiana::OidcClientManager.
|
|
3
|
+
def start_authentication(state)
|
|
4
|
+
client = ForestLiana::OidcClientManager.get_client()
|
|
5
5
|
|
|
6
6
|
authorization_url = client.authorization_uri({
|
|
7
7
|
scope: 'openid email profile',
|
|
8
8
|
state: state.to_s,
|
|
9
9
|
})
|
|
10
|
-
|
|
10
|
+
|
|
11
11
|
{ 'authorization_url' => authorization_url }
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def verify_code_and_generate_token(
|
|
15
|
-
client = ForestLiana::OidcClientManager.
|
|
14
|
+
def verify_code_and_generate_token(params)
|
|
15
|
+
client = ForestLiana::OidcClientManager.get_client()
|
|
16
16
|
|
|
17
17
|
rendering_id = parse_state(params['state'])
|
|
18
18
|
client.authorization_code = params['code']
|
|
@@ -2,33 +2,32 @@ require 'openid_connect'
|
|
|
2
2
|
|
|
3
3
|
module ForestLiana
|
|
4
4
|
class OidcClientManager
|
|
5
|
-
def self.
|
|
5
|
+
def self.get_client
|
|
6
6
|
begin
|
|
7
7
|
configuration = ForestLiana::OidcConfigurationRetriever.retrieve()
|
|
8
8
|
if ForestLiana.forest_client_id.nil?
|
|
9
|
-
client_data = Rails.cache.read("#{
|
|
9
|
+
client_data = Rails.cache.read("#{ForestLiana.env_secret}-client-data") || nil
|
|
10
10
|
if client_data.nil?
|
|
11
11
|
client_credentials = ForestLiana::OidcDynamicClientRegistrator.register({
|
|
12
12
|
token_endpoint_auth_method: 'none',
|
|
13
|
-
redirect_uris: [callback_url],
|
|
14
13
|
registration_endpoint: configuration['registration_endpoint']
|
|
15
14
|
})
|
|
16
|
-
client_data = { :client_id => client_credentials['client_id'], :issuer => configuration['issuer'] }
|
|
17
|
-
Rails.cache.write("#{
|
|
15
|
+
client_data = { :client_id => client_credentials['client_id'], :issuer => configuration['issuer'], :redirect_uri => client_credentials['redirect_uris'][0] }
|
|
16
|
+
Rails.cache.write("#{ForestLiana.env_secret}-client-data", client_data)
|
|
18
17
|
end
|
|
19
18
|
else
|
|
20
|
-
client_data = { :client_id => ForestLiana.forest_client_id, :issuer => configuration['issuer'] }
|
|
19
|
+
client_data = { :client_id => ForestLiana.forest_client_id, :issuer => configuration['issuer'], :redirect_uri => File.join(ForestLiana.application_url, "/forest/authentication/callback").to_s }
|
|
21
20
|
end
|
|
22
21
|
|
|
23
22
|
OpenIDConnect::Client.new(
|
|
24
23
|
identifier: client_data[:client_id],
|
|
25
|
-
redirect_uri:
|
|
24
|
+
redirect_uri: client_data[:redirect_uri],
|
|
26
25
|
host: "#{client_data[:issuer].sub(/^https?\:\/\/(www.)?/,'')}",
|
|
27
26
|
authorization_endpoint: '/oidc/auth',
|
|
28
27
|
token_endpoint: '/oidc/token',
|
|
29
28
|
)
|
|
30
29
|
rescue => error
|
|
31
|
-
Rails.cache.delete("#{
|
|
30
|
+
Rails.cache.delete("#{ForestLiana.env_secret}-client-data")
|
|
32
31
|
raise error
|
|
33
32
|
end
|
|
34
33
|
end
|
|
@@ -18,11 +18,19 @@ module ForestLiana
|
|
|
18
18
|
ForestLiana.auth_secret = ForestLiana.auth_key
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
if ForestLiana.forest_client_id
|
|
22
|
+
FOREST_LOGGER.warn "DEPRECATION WARNING: The use of " \
|
|
23
|
+
"ForestLiana.forest_client_id is deprecated. It's not needed anymore."
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
if Rails.application.secrets.forest_application_url
|
|
27
|
+
FOREST_LOGGER.warn "DEPRECATION WARNING: The use of " \
|
|
28
|
+
"The secret forest_application_url is deprecated. It's not needed anymore."
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
unless Rails.application.config.action_controller.perform_caching || Rails.env.test?
|
|
22
32
|
FOREST_LOGGER.error "You need to enable caching on your environment to use Forest Admin.\n" \
|
|
23
|
-
"For a development environment, run: `rails dev:cache
|
|
24
|
-
"Or setup a static forest_client_id by following this part of the documentation:\n" \
|
|
25
|
-
"https://docs.forestadmin.com/documentation/how-tos/maintain/upgrade-notes-rails/upgrade-to-v6#setup-a-static-clientid"
|
|
33
|
+
"For a development environment, run: `rails dev:cache`"
|
|
26
34
|
end
|
|
27
35
|
|
|
28
36
|
fetch_models
|
data/lib/forest_liana/version.rb
CHANGED
|
@@ -5,7 +5,6 @@ module ForestLiana
|
|
|
5
5
|
desc 'Forest Rails Liana installation generator'
|
|
6
6
|
|
|
7
7
|
argument :env_secret, type: :string, required: true, desc: 'required', banner: 'env_secret'
|
|
8
|
-
argument :application_url, type: :string, required: false, desc: 'optional', banner: 'application_url', default: 'http://localhost:3000'
|
|
9
8
|
|
|
10
9
|
def install
|
|
11
10
|
if ForestLiana.env_secret.present?
|
|
@@ -28,42 +27,35 @@ module ForestLiana
|
|
|
28
27
|
if File.exist? 'config/secrets.yml'
|
|
29
28
|
inject_into_file 'config/secrets.yml', after: "development:\n" do
|
|
30
29
|
" forest_env_secret: #{env_secret}\n" +
|
|
31
|
-
" forest_auth_secret: #{auth_secret}\n"
|
|
32
|
-
" forest_application_url: #{application_url}\n"
|
|
30
|
+
" forest_auth_secret: #{auth_secret}\n"
|
|
33
31
|
end
|
|
34
32
|
|
|
35
33
|
inject_into_file 'config/secrets.yml', after: "staging:\n", force: true do
|
|
36
34
|
" forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
|
|
37
|
-
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
|
|
38
|
-
" forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n"
|
|
35
|
+
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
|
|
39
36
|
end
|
|
40
37
|
|
|
41
38
|
inject_into_file 'config/secrets.yml', after: "production:\n", force: true do
|
|
42
39
|
" forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
|
|
43
|
-
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
|
|
44
|
-
" forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n"
|
|
40
|
+
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
|
|
45
41
|
end
|
|
46
42
|
else
|
|
47
43
|
create_file 'config/secrets.yml' do
|
|
48
44
|
"development:\n" +
|
|
49
45
|
" forest_env_secret: #{env_secret}\n" +
|
|
50
46
|
" forest_auth_secret: #{auth_secret}\n" +
|
|
51
|
-
" forest_application_url: #{application_url}\n" +
|
|
52
47
|
"staging:\n" +
|
|
53
48
|
" forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
|
|
54
49
|
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n" +
|
|
55
|
-
" forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n" +
|
|
56
50
|
"production:\n" +
|
|
57
51
|
" forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
|
|
58
|
-
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
|
|
59
|
-
" forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n"
|
|
52
|
+
" forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
|
|
60
53
|
end
|
|
61
54
|
end
|
|
62
55
|
|
|
63
56
|
initializer 'forest_liana.rb' do
|
|
64
57
|
"ForestLiana.env_secret = Rails.application.secrets.forest_env_secret" +
|
|
65
|
-
"\nForestLiana.auth_secret = Rails.application.secrets.forest_auth_secret"
|
|
66
|
-
"\nForestLiana.application_url = Rails.application.secrets.forest_application_url"
|
|
58
|
+
"\nForestLiana.auth_secret = Rails.application.secrets.forest_auth_secret"
|
|
67
59
|
end
|
|
68
60
|
end
|
|
69
61
|
end
|
|
@@ -14,7 +14,7 @@ describe "Authentications", type: :request do
|
|
|
14
14
|
}', :symbolize_names => false)
|
|
15
15
|
}
|
|
16
16
|
allow(ForestLiana::ForestApiRequester).to receive(:post) {
|
|
17
|
-
instance_double(HTTParty::Response, body: '{ "client_id": "random_id" }', code: 201)
|
|
17
|
+
instance_double(HTTParty::Response, body: '{ "client_id": "random_id", "redirect_uris": ["http://localhost:3000/forest/authentication/callback"] }', code: 201)
|
|
18
18
|
}
|
|
19
19
|
allow_any_instance_of(OpenIDConnect::Client).to receive(:access_token!) {
|
|
20
20
|
OpenIDConnect::AccessToken.new(access_token: 'THE-ACCESS-TOKEN', client: instance_double(OpenIDConnect::Client))
|
|
@@ -22,11 +22,11 @@ describe "Authentications", type: :request do
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
after do
|
|
25
|
-
Rails.cache.delete(
|
|
25
|
+
Rails.cache.delete("#{ForestLiana.env_secret}-client-data")
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
describe "POST /authentication" do
|
|
29
|
-
before() do
|
|
29
|
+
before() do
|
|
30
30
|
post ForestLiana::Engine.routes.url_helpers.authentication_path, params: '{"renderingId":"42"}', headers: {
|
|
31
31
|
'Accept' => 'application/json',
|
|
32
32
|
'Content-Type' => 'application/json',
|
|
@@ -44,10 +44,10 @@ describe "Authentications", type: :request do
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
describe "GET /authentication/callback" do
|
|
47
|
-
before() do
|
|
47
|
+
before() do
|
|
48
48
|
response = '{"data":{"id":666,"attributes":{"first_name":"Alice","last_name":"Doe","email":"alice@forestadmin.com","teams":[1,2,3],"role":"Test","tags":[{"key":"city","value":"Paris"}]}}}'
|
|
49
49
|
allow(ForestLiana::ForestApiRequester).to receive(:get).with(
|
|
50
|
-
"/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query=> {} }
|
|
50
|
+
"/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query => {} }
|
|
51
51
|
).and_return(
|
|
52
52
|
instance_double(HTTParty::Response, :body => response, :code => 200)
|
|
53
53
|
)
|
|
@@ -86,7 +86,7 @@ describe "Authentications", type: :request do
|
|
|
86
86
|
end
|
|
87
87
|
|
|
88
88
|
describe "POST /authentication/logout" do
|
|
89
|
-
before() do
|
|
89
|
+
before() do
|
|
90
90
|
post ForestLiana::Engine.routes.url_helpers.authentication_logout_path, params: { :renderingId => 42 }, :headers => headers
|
|
91
91
|
end
|
|
92
92
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: forest_liana
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.
|
|
4
|
+
version: 7.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sandro Munda
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-09-
|
|
11
|
+
date: 2022-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -316,6 +316,7 @@ files:
|
|
|
316
316
|
- lib/forest_liana/schema_file_updater.rb
|
|
317
317
|
- lib/forest_liana/version.rb
|
|
318
318
|
- lib/generators/forest_liana/install_generator.rb
|
|
319
|
+
- lib/tasks/clear_oidc_data.rake
|
|
319
320
|
- lib/tasks/display_apimap.rake
|
|
320
321
|
- lib/tasks/send_apimap.rake
|
|
321
322
|
- spec/config/initializers/logger_spec.rb
|