gamora 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.txt +1 -1
- data/README.md +35 -0
- data/app/controllers/concerns/gamora/authorization_url.rb +15 -11
- data/app/controllers/gamora/authentication_controller.rb +2 -2
- data/app/controllers/gamora/callback_controller.rb +0 -1
- data/app/controllers/gamora/unauthentication_controller.rb +2 -2
- data/lib/gamora/authentication/base.rb +12 -10
- data/lib/gamora/authentication/headers.rb +2 -0
- data/lib/gamora/authentication/session.rb +1 -0
- data/lib/gamora/client.rb +13 -5
- data/lib/gamora/user.rb +3 -1
- data/lib/gamora/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e164eceeb7c3a744ed43be46877cb904fff4add871d4a7b4fac25e4837f2f731
|
|
4
|
+
data.tar.gz: cff5f7b7f3ffd07b13d6e6cc0e476ae86c87788bdf47a4e9c9ff4703dfe54d64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b5da9c118a7f13441147ded22bb7bc237e7b51cd583e7355fa65370ef4e71dfa5256150f6ff0b6aad0f0169a1113dc9a8af2514aecff33454bb571391dea74de
|
|
7
|
+
data.tar.gz: ad67d0b0be691f544bd2ffcc277b6a70f036bd20ddbabfd9a48b1f92023f84023e8eaa715b6ccc82a9f8a90f4be975b0ac54a657bc18a14e6fd6e40f4bff6f23
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -38,6 +38,41 @@ end
|
|
|
38
38
|
To see the full list of configuration options please check your gamora
|
|
39
39
|
initializer.
|
|
40
40
|
|
|
41
|
+
## Mount Gamora Engine
|
|
42
|
+
|
|
43
|
+
In order to have the authorization and callback endpoints mount the
|
|
44
|
+
engine in the `config/routes.rb` file:
|
|
45
|
+
|
|
46
|
+
```ruby
|
|
47
|
+
Rails.application.routes.draw do
|
|
48
|
+
...
|
|
49
|
+
mount Gamora::Engine => "/auth"
|
|
50
|
+
|
|
51
|
+
...
|
|
52
|
+
end
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
This will enable the following routes in the parent application:
|
|
56
|
+
|
|
57
|
+
#### `gamora.authorization_path`
|
|
58
|
+
|
|
59
|
+
This endpoint will redirect users to the IDP generating url and query
|
|
60
|
+
params based on the configuration. This endpoint is called automatically
|
|
61
|
+
when the user is not logged in and the application requires users to be
|
|
62
|
+
authenticated.
|
|
63
|
+
|
|
64
|
+
#### `gamora.logout_path`
|
|
65
|
+
|
|
66
|
+
This endpoint allows users to be logged out from the application and the
|
|
67
|
+
IDP. It removes the access and refresh tokens and redirects to IDP in order
|
|
68
|
+
to force users to authenticate again.
|
|
69
|
+
|
|
70
|
+
#### `gamora.callback_path`
|
|
71
|
+
|
|
72
|
+
This endpoint is the responsible to received the auth code provided by
|
|
73
|
+
the IDP and generate and access token. This endpoint is called automatically
|
|
74
|
+
once the user authenticates successfully in the IDP.
|
|
75
|
+
|
|
41
76
|
## User authentication
|
|
42
77
|
|
|
43
78
|
### Web-based applications
|
|
@@ -1,7 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Gamora
|
|
2
4
|
module AuthorizationUrl
|
|
3
5
|
def authorization_url(params, extra_params = {})
|
|
4
|
-
|
|
6
|
+
data =
|
|
7
|
+
default_params
|
|
8
|
+
.merge(extra_params)
|
|
9
|
+
.merge(authorization_params(params))
|
|
10
|
+
.compact_blank
|
|
11
|
+
|
|
12
|
+
Client.from_config.auth_code.authorize_url(data)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def default_params
|
|
18
|
+
{
|
|
5
19
|
scope: Configuration.default_scope,
|
|
6
20
|
theme: Configuration.default_theme,
|
|
7
21
|
prompt: Configuration.default_prompt,
|
|
@@ -9,18 +23,8 @@ module Gamora
|
|
|
9
23
|
branding: Configuration.default_branding,
|
|
10
24
|
ui_locales: Configuration.ui_locales.call
|
|
11
25
|
}
|
|
12
|
-
|
|
13
|
-
data =
|
|
14
|
-
default_params.
|
|
15
|
-
merge(extra_params).
|
|
16
|
-
merge(authorization_params(params)).
|
|
17
|
-
compact_blank
|
|
18
|
-
|
|
19
|
-
Client.from_config.auth_code.authorize_url(data)
|
|
20
26
|
end
|
|
21
27
|
|
|
22
|
-
private
|
|
23
|
-
|
|
24
28
|
def authorization_params(params)
|
|
25
29
|
params.permit(
|
|
26
30
|
:scope,
|
|
@@ -3,6 +3,16 @@
|
|
|
3
3
|
module Gamora
|
|
4
4
|
module Authentication
|
|
5
5
|
module Base
|
|
6
|
+
CLAIMS = {
|
|
7
|
+
sub: :id,
|
|
8
|
+
email: :email,
|
|
9
|
+
given_name: :first_name,
|
|
10
|
+
family_name: :last_name,
|
|
11
|
+
phone_number: :phone_number,
|
|
12
|
+
email_verified: :email_verified,
|
|
13
|
+
phone_number_verified: :phone_number_verified
|
|
14
|
+
}.freeze
|
|
15
|
+
|
|
6
16
|
def authenticate_user!
|
|
7
17
|
claims = resource_owner_claims(access_token)
|
|
8
18
|
assign_current_user_from_claims(claims) if claims.present?
|
|
@@ -33,20 +43,12 @@ module Gamora
|
|
|
33
43
|
end
|
|
34
44
|
|
|
35
45
|
def user_attributes_from_claims(claims)
|
|
36
|
-
claims.transform_keys
|
|
37
|
-
case key
|
|
38
|
-
when :sub then :id
|
|
39
|
-
when :email then :email
|
|
40
|
-
when :given_name then :first_name
|
|
41
|
-
when :family_name then :last_name
|
|
42
|
-
when :phone_number then :phone_number
|
|
43
|
-
else key
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
+
claims.slice(*CLAIMS.keys).transform_keys(CLAIMS)
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
def resource_owner_claims(access_token)
|
|
49
50
|
return {} if access_token.blank?
|
|
51
|
+
|
|
50
52
|
resource_owner_claims!(access_token)
|
|
51
53
|
end
|
|
52
54
|
|
|
@@ -9,6 +9,7 @@ module Gamora
|
|
|
9
9
|
|
|
10
10
|
def validate_authentication!
|
|
11
11
|
return if current_user.present?
|
|
12
|
+
|
|
12
13
|
user_authentication_failed!
|
|
13
14
|
end
|
|
14
15
|
|
|
@@ -16,6 +17,7 @@ module Gamora
|
|
|
16
17
|
pattern = /^Bearer /
|
|
17
18
|
header = request.headers["Authorization"]
|
|
18
19
|
return unless header&.match(pattern)
|
|
20
|
+
|
|
19
21
|
header.gsub(pattern, "")
|
|
20
22
|
end
|
|
21
23
|
|
data/lib/gamora/client.rb
CHANGED
|
@@ -2,10 +2,18 @@
|
|
|
2
2
|
|
|
3
3
|
module Gamora
|
|
4
4
|
class Client < OAuth2::Client
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
class << self
|
|
6
|
+
def from_config
|
|
7
|
+
new(
|
|
8
|
+
Configuration.client_id,
|
|
9
|
+
Configuration.client_secret,
|
|
10
|
+
client_options
|
|
11
|
+
)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def client_options
|
|
9
17
|
{
|
|
10
18
|
site: Configuration.site,
|
|
11
19
|
token_url: Configuration.token_url,
|
|
@@ -14,7 +22,7 @@ module Gamora
|
|
|
14
22
|
userinfo_url: Configuration.userinfo_url,
|
|
15
23
|
authorize_url: Configuration.authorize_url
|
|
16
24
|
}
|
|
17
|
-
|
|
25
|
+
end
|
|
18
26
|
end
|
|
19
27
|
|
|
20
28
|
def userinfo(access_token)
|
data/lib/gamora/user.rb
CHANGED
data/lib/gamora/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gamora
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alejandro Gutiérrez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: oauth2
|
|
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
91
91
|
- !ruby/object:Gem::Version
|
|
92
92
|
version: '0'
|
|
93
93
|
requirements: []
|
|
94
|
-
rubygems_version: 3.
|
|
94
|
+
rubygems_version: 3.4.17
|
|
95
95
|
signing_key:
|
|
96
96
|
specification_version: 4
|
|
97
97
|
summary: OpenID Connect Relying Party for rails apps.
|