gamora 0.6.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.txt +1 -1
- data/README.md +35 -0
- data/app/controllers/concerns/gamora/authorization_url.rb +15 -11
- data/app/controllers/gamora/authentication_controller.rb +2 -2
- data/app/controllers/gamora/callback_controller.rb +0 -1
- data/app/controllers/gamora/unauthentication_controller.rb +2 -2
- data/lib/gamora/authentication/base.rb +12 -10
- data/lib/gamora/authentication/headers.rb +2 -0
- data/lib/gamora/authentication/session.rb +1 -0
- data/lib/gamora/client.rb +13 -5
- data/lib/gamora/user.rb +3 -1
- data/lib/gamora/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e164eceeb7c3a744ed43be46877cb904fff4add871d4a7b4fac25e4837f2f731
|
|
4
|
+
data.tar.gz: cff5f7b7f3ffd07b13d6e6cc0e476ae86c87788bdf47a4e9c9ff4703dfe54d64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b5da9c118a7f13441147ded22bb7bc237e7b51cd583e7355fa65370ef4e71dfa5256150f6ff0b6aad0f0169a1113dc9a8af2514aecff33454bb571391dea74de
|
|
7
|
+
data.tar.gz: ad67d0b0be691f544bd2ffcc277b6a70f036bd20ddbabfd9a48b1f92023f84023e8eaa715b6ccc82a9f8a90f4be975b0ac54a657bc18a14e6fd6e40f4bff6f23
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -38,6 +38,41 @@ end
|
|
|
38
38
|
To see the full list of configuration options please check your gamora
|
|
39
39
|
initializer.
|
|
40
40
|
|
|
41
|
+
## Mount Gamora Engine
|
|
42
|
+
|
|
43
|
+
In order to have the authorization and callback endpoints mount the
|
|
44
|
+
engine in the `config/routes.rb` file:
|
|
45
|
+
|
|
46
|
+
```ruby
|
|
47
|
+
Rails.application.routes.draw do
|
|
48
|
+
...
|
|
49
|
+
mount Gamora::Engine => "/auth"
|
|
50
|
+
|
|
51
|
+
...
|
|
52
|
+
end
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
This will enable the following routes in the parent application:
|
|
56
|
+
|
|
57
|
+
#### `gamora.authorization_path`
|
|
58
|
+
|
|
59
|
+
This endpoint will redirect users to the IDP generating url and query
|
|
60
|
+
params based on the configuration. This endpoint is called automatically
|
|
61
|
+
when the user is not logged in and the application requires users to be
|
|
62
|
+
authenticated.
|
|
63
|
+
|
|
64
|
+
#### `gamora.logout_path`
|
|
65
|
+
|
|
66
|
+
This endpoint allows users to be logged out from the application and the
|
|
67
|
+
IDP. It removes the access and refresh tokens and redirects to IDP in order
|
|
68
|
+
to force users to authenticate again.
|
|
69
|
+
|
|
70
|
+
#### `gamora.callback_path`
|
|
71
|
+
|
|
72
|
+
This endpoint is the responsible to received the auth code provided by
|
|
73
|
+
the IDP and generate and access token. This endpoint is called automatically
|
|
74
|
+
once the user authenticates successfully in the IDP.
|
|
75
|
+
|
|
41
76
|
## User authentication
|
|
42
77
|
|
|
43
78
|
### Web-based applications
|
|
@@ -1,7 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Gamora
|
|
2
4
|
module AuthorizationUrl
|
|
3
5
|
def authorization_url(params, extra_params = {})
|
|
4
|
-
|
|
6
|
+
data =
|
|
7
|
+
default_params
|
|
8
|
+
.merge(extra_params)
|
|
9
|
+
.merge(authorization_params(params))
|
|
10
|
+
.compact_blank
|
|
11
|
+
|
|
12
|
+
Client.from_config.auth_code.authorize_url(data)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def default_params
|
|
18
|
+
{
|
|
5
19
|
scope: Configuration.default_scope,
|
|
6
20
|
theme: Configuration.default_theme,
|
|
7
21
|
prompt: Configuration.default_prompt,
|
|
@@ -9,18 +23,8 @@ module Gamora
|
|
|
9
23
|
branding: Configuration.default_branding,
|
|
10
24
|
ui_locales: Configuration.ui_locales.call
|
|
11
25
|
}
|
|
12
|
-
|
|
13
|
-
data =
|
|
14
|
-
default_params.
|
|
15
|
-
merge(extra_params).
|
|
16
|
-
merge(authorization_params(params)).
|
|
17
|
-
compact_blank
|
|
18
|
-
|
|
19
|
-
Client.from_config.auth_code.authorize_url(data)
|
|
20
26
|
end
|
|
21
27
|
|
|
22
|
-
private
|
|
23
|
-
|
|
24
28
|
def authorization_params(params)
|
|
25
29
|
params.permit(
|
|
26
30
|
:scope,
|
|
@@ -3,6 +3,16 @@
|
|
|
3
3
|
module Gamora
|
|
4
4
|
module Authentication
|
|
5
5
|
module Base
|
|
6
|
+
CLAIMS = {
|
|
7
|
+
sub: :id,
|
|
8
|
+
email: :email,
|
|
9
|
+
given_name: :first_name,
|
|
10
|
+
family_name: :last_name,
|
|
11
|
+
phone_number: :phone_number,
|
|
12
|
+
email_verified: :email_verified,
|
|
13
|
+
phone_number_verified: :phone_number_verified
|
|
14
|
+
}.freeze
|
|
15
|
+
|
|
6
16
|
def authenticate_user!
|
|
7
17
|
claims = resource_owner_claims(access_token)
|
|
8
18
|
assign_current_user_from_claims(claims) if claims.present?
|
|
@@ -33,20 +43,12 @@ module Gamora
|
|
|
33
43
|
end
|
|
34
44
|
|
|
35
45
|
def user_attributes_from_claims(claims)
|
|
36
|
-
claims.transform_keys
|
|
37
|
-
case key
|
|
38
|
-
when :sub then :id
|
|
39
|
-
when :email then :email
|
|
40
|
-
when :given_name then :first_name
|
|
41
|
-
when :family_name then :last_name
|
|
42
|
-
when :phone_number then :phone_number
|
|
43
|
-
else key
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
+
claims.slice(*CLAIMS.keys).transform_keys(CLAIMS)
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
def resource_owner_claims(access_token)
|
|
49
50
|
return {} if access_token.blank?
|
|
51
|
+
|
|
50
52
|
resource_owner_claims!(access_token)
|
|
51
53
|
end
|
|
52
54
|
|
|
@@ -9,6 +9,7 @@ module Gamora
|
|
|
9
9
|
|
|
10
10
|
def validate_authentication!
|
|
11
11
|
return if current_user.present?
|
|
12
|
+
|
|
12
13
|
user_authentication_failed!
|
|
13
14
|
end
|
|
14
15
|
|
|
@@ -16,6 +17,7 @@ module Gamora
|
|
|
16
17
|
pattern = /^Bearer /
|
|
17
18
|
header = request.headers["Authorization"]
|
|
18
19
|
return unless header&.match(pattern)
|
|
20
|
+
|
|
19
21
|
header.gsub(pattern, "")
|
|
20
22
|
end
|
|
21
23
|
|
data/lib/gamora/client.rb
CHANGED
|
@@ -2,10 +2,18 @@
|
|
|
2
2
|
|
|
3
3
|
module Gamora
|
|
4
4
|
class Client < OAuth2::Client
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
class << self
|
|
6
|
+
def from_config
|
|
7
|
+
new(
|
|
8
|
+
Configuration.client_id,
|
|
9
|
+
Configuration.client_secret,
|
|
10
|
+
client_options
|
|
11
|
+
)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def client_options
|
|
9
17
|
{
|
|
10
18
|
site: Configuration.site,
|
|
11
19
|
token_url: Configuration.token_url,
|
|
@@ -14,7 +22,7 @@ module Gamora
|
|
|
14
22
|
userinfo_url: Configuration.userinfo_url,
|
|
15
23
|
authorize_url: Configuration.authorize_url
|
|
16
24
|
}
|
|
17
|
-
|
|
25
|
+
end
|
|
18
26
|
end
|
|
19
27
|
|
|
20
28
|
def userinfo(access_token)
|
data/lib/gamora/user.rb
CHANGED
data/lib/gamora/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gamora
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alejandro Gutiérrez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: oauth2
|
|
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
91
91
|
- !ruby/object:Gem::Version
|
|
92
92
|
version: '0'
|
|
93
93
|
requirements: []
|
|
94
|
-
rubygems_version: 3.
|
|
94
|
+
rubygems_version: 3.4.17
|
|
95
95
|
signing_key:
|
|
96
96
|
specification_version: 4
|
|
97
97
|
summary: OpenID Connect Relying Party for rails apps.
|