RubyGems - gamora - Versions diffs - 0.8.0 → 0.9.0 - Mend

gamora 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/gamora/authentication/base.rb +36 -20
data/lib/gamora/authentication/headers.rb +1 -7
data/lib/gamora/authentication/session.rb +2 -8
data/lib/gamora/client.rb +27 -8
data/lib/gamora/configuration.rb +5 -2
data/lib/gamora/version.rb +1 -1
data/lib/generators/gamora/templates/gamora.rb +5 -2
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d898db3b0a39bb00099a8912953f6dcdfda11cddbb38eccfe72a798986a4dbb9
-  data.tar.gz: 943a549def5cc2b014fe7200cb72cfdfd00acef025b2db74731cce0eecfa5927
+  metadata.gz: 6fff76821e79e75149f4d407303a9b52dac3b68ac711ffc38ac4e8d517ab7225
+  data.tar.gz: 4f5d52c9ef04b8d1219ca84a28fe25d3bb0dad677d97edc7c863d3c039a9e8d4
 SHA512:
-  metadata.gz: a71915324e16d094db423133defdfa83f21a4451eb32ac468d4d2be35eb0768493e6cba8ed48c2efea746f4219e406751159c3d5eac500fe3e52f1e7c94c99d9
-  data.tar.gz: 86a1b5282d7bfc407264f971bc3f5ba2c6f756028d5afdb857e069ede7cc9787c9ad4b291b9e4fcf9365bc9a4f4e26e977a3b13f4a870b1c32c0b24bd6ba95e4
+  metadata.gz: eaec688075667ad6184c0567aa2637480a1781e50e5a7bb9448ba27f0b39cc969f42d83374afb5c1c2a5ccc1a339cfc95c553e71492e1e0de65a836f247bde45
+  data.tar.gz: a7d1eadca9cd826bcb13f22c01e332324199877fd9e43285e3daae60a6b3ce29102f3beeccfb20db200563d7a6a90c8ae7dfe25d4097e9cb6fd8a2762ef9f0bb

data/lib/gamora/authentication/base.rb CHANGED Viewed

@@ -15,9 +15,15 @@ module Gamora
       }.freeze
       def authenticate_user!
+        return authentication_failed! unless access_token.present?
+        token_data = introspect_access_token(access_token)
+        return authentication_failed! unless valid_token_data?(token_data)
         claims = resource_owner_claims(access_token)
-        assign_current_user_from_claims(claims) if claims.present?
-        validate_authentication!
+        return authentication_failed! unless claims.present?
+        assign_current_user_from_claims(claims)
       end
       def current_user
@@ -26,21 +32,29 @@ module Gamora
       private
-      def validate_authentication!
+      def access_token
         raise NotImplementedError
       end
-      def access_token
+      def authentication_failed!
         raise NotImplementedError
       end
-      def user_authentication_failed!
-        raise NotImplementedError
+      def valid_token_data?(token_data)
+        token_data[:active] && whitelisted_client?(token_data[:client_id])
+      end
+      def whitelisted_client?(client_id)
+        whitelisted_clients.include?(client_id)
+      end
+      def whitelisted_clients
+        Configuration.whitelisted_clients | [Configuration.client_id]
       end
       def assign_current_user_from_claims(claims)
-        attrs = user_attributes_from_claims(claims)
-        @current_user = User.new(attrs)
+        attributes = user_attributes_from_claims(claims)
+        @current_user = User.new(attributes)
       end
       def user_attributes_from_claims(claims)
@@ -48,27 +62,29 @@ module Gamora
       end
       def resource_owner_claims(access_token)
-        return {} if access_token.blank?
-        resource_owner_claims!(access_token)
-      end
+        cache_key = cache_key(:userinfo, access_token)
+        expires_in = Configuration.userinfo_cache_expires_in
-      def resource_owner_claims!(access_token)
-        Rails.cache.fetch(cache_key(access_token), cache_options) do
+        Rails.cache.fetch(cache_key, { expires_in: expires_in }) do
           oauth_client.userinfo(access_token)
         end
       end
-      def oauth_client
-        Client.from_config
+      def introspect_access_token(access_token)
+        cache_key = cache_key(:introspect, access_token)
+        expires_in = Configuration.introspect_cache_expires_in
+        Rails.cache.fetch(cache_key, { expires_in: expires_in }) do
+          oauth_client.introspect(access_token)
+        end
       end
-      def cache_options
-        { expires_in: Configuration.userinfo_cache_expires_in }
+      def cache_key(context, access_token)
+        "gamora:#{context}:#{Digest::SHA256.hexdigest(access_token)}"
       end
-      def cache_key(access_token)
-        "userinfo:#{Digest::SHA256.hexdigest(access_token)}"
+      def oauth_client
+        Client.from_config
       end
     end
   end

data/lib/gamora/authentication/headers.rb CHANGED Viewed

@@ -7,12 +7,6 @@ module Gamora
       private
-      def validate_authentication!
-        return if current_user.present?
-        user_authentication_failed!
-      end
       def access_token
         pattern = /^Bearer /
         header = request.headers["Authorization"]
@@ -21,7 +15,7 @@ module Gamora
         header.gsub(pattern, "")
       end
-      def user_authentication_failed!
+      def authentication_failed!
         render json: { error: "Access token invalid" }, status: :unauthorized
       end
     end

data/lib/gamora/authentication/session.rb CHANGED Viewed

@@ -11,18 +11,12 @@ module Gamora
       private
-      def validate_authentication!
-        return if current_user.present?
-        session["gamora.origin"] = request.original_url
-        user_authentication_failed!
-      end
       def access_token
         session[:access_token]
       end
-      def user_authentication_failed!
+      def authentication_failed!
+        session["gamora.origin"] = request.original_url
         redirect_to gamora.authentication_path
       end
     end

data/lib/gamora/client.rb CHANGED Viewed

@@ -20,13 +20,25 @@ module Gamora
           token_method: Configuration.token_method,
           redirect_uri: Configuration.redirect_uri,
           userinfo_url: Configuration.userinfo_url,
-          authorize_url: Configuration.authorize_url
+          authorize_url: Configuration.authorize_url,
+          introspect_url: Configuration.introspect_url
         }
       end
     end
     def userinfo(access_token)
-      response = userinfo_request(access_token)
+      params = userinfo_params(access_token)
+      opts = request_options(params)
+      response = request(:post, options[:userinfo_url], opts)
+      JSON.parse(response.body).symbolize_keys
+    rescue OAuth2::Error
+      {}
+    end
+    def introspect(access_token)
+      params = introspect_params(access_token)
+      opts = request_options(params)
+      response = request(:post, options[:introspect_url], opts)
       JSON.parse(response.body).symbolize_keys
     rescue OAuth2::Error
       {}
@@ -34,15 +46,22 @@ module Gamora
     private
-    def userinfo_request(access_token)
-      opts = userinfo_request_options(access_token)
-      request(:post, options[:userinfo_url], opts)
+    def request_options(params)
+      {
+        body: params.to_json,
+        headers: { "Content-Type": "application/json" }
+      }
     end
-    def userinfo_request_options(access_token)
+    def userinfo_params(access_token)
+      { access_token: access_token }
+    end
+    def introspect_params(access_token)
       {
-        body: { access_token: access_token }.to_json,
-        headers: { "Content-Type": "application/json" }
+        token: access_token,
+        client_id: Configuration.client_id,
+        client_secret: Configuration.client_secret
       }
     end
   end

data/lib/gamora/configuration.rb CHANGED Viewed

@@ -6,8 +6,9 @@ module Gamora
     mattr_accessor :client_secret, default: nil
     mattr_accessor :site, default: nil
     mattr_accessor :token_url, default: "/oauth2/token"
-    mattr_accessor :authorize_url, default: "/oauth2/authorize"
     mattr_accessor :userinfo_url, default: "/oauth2/userinfo"
+    mattr_accessor :authorize_url, default: "/oauth2/authorize"
+    mattr_accessor :introspect_url, default: "/oauth2/introspect"
     mattr_accessor :token_method, default: :post
     mattr_accessor :redirect_uri, default: nil
     mattr_accessor :default_scope, default: "openid profile email"
@@ -16,7 +17,9 @@ module Gamora
     mattr_accessor :default_branding, default: "amco"
     mattr_accessor :default_theme, default: "default"
     mattr_accessor :ui_locales, default: -> { I18n.locale }
-    mattr_accessor :userinfo_cache_expires_in, default: 0.seconds
+    mattr_accessor :userinfo_cache_expires_in, default: 1.minute
+    mattr_accessor :introspect_cache_expires_in, default: 0.seconds
+    mattr_accessor :whitelisted_clients, default: []
     def setup
       yield(self) if block_given?

data/lib/gamora/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Gamora
-  VERSION = "0.8.0"
+  VERSION = "0.9.0"
 end

data/lib/generators/gamora/templates/gamora.rb CHANGED Viewed

@@ -8,8 +8,9 @@ Gamora.setup do |config|
   # ===> Optional OAuth2 configuration options and its defaults.
   # config.token_url = "/oauth2/token"
-  # config.authorize_url = "/oauth2/authorize"
   # config.userinfo_url = "/oauth2/userinfo"
+  # config.authorize_url = "/oauth2/authorize"
+  # config.introspect_url = "/oauth2/introspect"
   # config.token_method = :post
   # config.redirect_uri = nil
   # config.default_scope = "openid profile email"
@@ -18,5 +19,7 @@ Gamora.setup do |config|
   # config.default_branding = "amco"
   # config.default_theme = "default"
   # config.ui_locales = -> { I18n.locale }
-  # config.userinfo_cache_expires_in = 0.seconds
+  # config.userinfo_cache_expires_in = 1.minute
+  # config.introspect_cache_expires_in = 0.seconds
+  # config.whitelisted_clients = []
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gamora
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Alejandro Gutiérrez
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-21 00:00:00.000000000 Z
+date: 2023-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oauth2