heroku-bouncer 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 665c9d7aafb5ad2f6d67e2b2c6534afe7114a310
4
- data.tar.gz: 740248c7d7ff94e833d11c3072b4d605e545d540
3
+ metadata.gz: 4b619fbf7d6217756617859a7fa5f965c8ed1a01
4
+ data.tar.gz: 90beec382fbef5aaea8f8f2b907cdf6e4d18bf8e
5
5
  SHA512:
6
- metadata.gz: 98037d0ba899477a43af554df33b0edeaad5b4381e761a8b44d4f91025bd036d92b5cb5c82b83edca30f3edb52a0caf3772b0d7ad327d02834cf8d180299bdde
7
- data.tar.gz: 229ef416b7d70912a4d38cbb8b76feed9013b6d4a8b5a350b07590a26bc78735116dbd46f34eff5ec38a547c8aa39a0ae2cb155b7710e3a941a628289a22733e
6
+ metadata.gz: 766781d8a9a9cca09a58f9c64c247cda6890a3b0c85239744f9630c3a7183162c5657e8ddd9a60b66f0fdc5975213c3a601d65d1a4ff03b8e058b690b7c2dcc6
7
+ data.tar.gz: 79d6db6a927996bee71f1c17f8b3cb6c3c490c4a160351b4e6c95e82646964e4c509da4b8959993e415af60074c05a222eb465776dfafe25db49778610e9a53c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 0.7.0
2
+
3
+ * #46: expose refresh token when exposing access token
4
+ * #44: use v3 API for /account call
5
+
1
6
  # 0.6.0
2
7
 
3
8
  * #42: add `allow_if_user` which takes the user object, instead of just
data/README.md CHANGED
@@ -142,6 +142,7 @@ Based on your choice of the expose options above, the middleware adds
142
142
  the following keys to your request environment:
143
143
 
144
144
  * `bouncer.token`
145
+ * `bouncer.refresh_token`
145
146
  * `bouncer.email`
146
147
  * `bouncer.user`
147
148
 
@@ -162,6 +163,12 @@ apps = heroku.get_apps.body
162
163
  Keep in mind that this adds substantial security risk to your
163
164
  application.
164
165
 
166
+ The API token is short-lived, and expires 8 hours after issue. Heroku provides
167
+ a separate `refresh_token` (available as `bouncer.refresh_token`) that can be
168
+ used to fetch fresh API tokens if necessary. See the
169
+ [token refresh documentation](https://devcenter.heroku.com/articles/oauth#token-refresh)
170
+ for details.
171
+
165
172
  ## Logging out
166
173
 
167
174
  Send users to `/auth/sso-logout` if logging out of Heroku is
@@ -37,7 +37,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
37
37
  # backwards-compatibility for allow_if
38
38
  allow_if = extract_option(options, :allow_if, false)
39
39
  if allow_if
40
- @allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
40
+ @allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
41
41
  end
42
42
 
43
43
  @expose_token = extract_option(options, :expose_token, false)
@@ -82,7 +82,8 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
82
82
 
83
83
  # callback when successful, time to save data
84
84
  get '/auth/heroku/callback' do
85
- token = request.env['omniauth.auth']['credentials']['token']
85
+ token = request.env['omniauth.auth']['credentials']['token']
86
+ refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
86
87
  if @expose_email || @expose_user || !@allow_if_user.nil?
87
88
  user = fetch_user(token)
88
89
  # Wrapping lambda to prevent short-circut proc return
@@ -97,7 +98,10 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
97
98
  store_write(:user, true)
98
99
  end
99
100
  store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
100
- store_write(:token, token) if @expose_token
101
+ if @expose_token
102
+ store_write(:token, token)
103
+ store_write(:refresh_token, refresh_token)
104
+ end
101
105
  store_write(:expires_at, Time.now.to_i + 3600 * 8)
102
106
 
103
107
  return_to = store_delete(:return_to) || '/'
@@ -187,7 +191,7 @@ private
187
191
  def fetch_user(token)
188
192
  ::Heroku::Bouncer::JsonParser.call(
189
193
  Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
190
- r.headers['Accept'] = 'application/json'
194
+ r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
191
195
  r.headers['Authorization'] = "Bearer #{token}"
192
196
  end.body)
193
197
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-04 00:00:00.000000000 Z
11
+ date: 2015-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
191
191
  version: '0'
192
192
  requirements: []
193
193
  rubyforge_project:
194
- rubygems_version: 2.4.5
194
+ rubygems_version: 2.4.5.1
195
195
  signing_key:
196
196
  specification_version: 4
197
197
  summary: Rapidly add Heroku OAuth to your Ruby app.