heroku-bouncer 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +7 -0
- data/lib/heroku/bouncer/middleware.rb +8 -4
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4b619fbf7d6217756617859a7fa5f965c8ed1a01
|
4
|
+
data.tar.gz: 90beec382fbef5aaea8f8f2b907cdf6e4d18bf8e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 766781d8a9a9cca09a58f9c64c247cda6890a3b0c85239744f9630c3a7183162c5657e8ddd9a60b66f0fdc5975213c3a601d65d1a4ff03b8e058b690b7c2dcc6
|
7
|
+
data.tar.gz: 79d6db6a927996bee71f1c17f8b3cb6c3c490c4a160351b4e6c95e82646964e4c509da4b8959993e415af60074c05a222eb465776dfafe25db49778610e9a53c
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -142,6 +142,7 @@ Based on your choice of the expose options above, the middleware adds
|
|
142
142
|
the following keys to your request environment:
|
143
143
|
|
144
144
|
* `bouncer.token`
|
145
|
+
* `bouncer.refresh_token`
|
145
146
|
* `bouncer.email`
|
146
147
|
* `bouncer.user`
|
147
148
|
|
@@ -162,6 +163,12 @@ apps = heroku.get_apps.body
|
|
162
163
|
Keep in mind that this adds substantial security risk to your
|
163
164
|
application.
|
164
165
|
|
166
|
+
The API token is short-lived, and expires 8 hours after issue. Heroku provides
|
167
|
+
a separate `refresh_token` (available as `bouncer.refresh_token`) that can be
|
168
|
+
used to fetch fresh API tokens if necessary. See the
|
169
|
+
[token refresh documentation](https://devcenter.heroku.com/articles/oauth#token-refresh)
|
170
|
+
for details.
|
171
|
+
|
165
172
|
## Logging out
|
166
173
|
|
167
174
|
Send users to `/auth/sso-logout` if logging out of Heroku is
|
@@ -37,7 +37,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
|
|
37
37
|
# backwards-compatibility for allow_if
|
38
38
|
allow_if = extract_option(options, :allow_if, false)
|
39
39
|
if allow_if
|
40
|
-
@allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
|
40
|
+
@allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
|
41
41
|
end
|
42
42
|
|
43
43
|
@expose_token = extract_option(options, :expose_token, false)
|
@@ -82,7 +82,8 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
|
|
82
82
|
|
83
83
|
# callback when successful, time to save data
|
84
84
|
get '/auth/heroku/callback' do
|
85
|
-
token
|
85
|
+
token = request.env['omniauth.auth']['credentials']['token']
|
86
|
+
refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
|
86
87
|
if @expose_email || @expose_user || !@allow_if_user.nil?
|
87
88
|
user = fetch_user(token)
|
88
89
|
# Wrapping lambda to prevent short-circut proc return
|
@@ -97,7 +98,10 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
|
|
97
98
|
store_write(:user, true)
|
98
99
|
end
|
99
100
|
store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
|
100
|
-
|
101
|
+
if @expose_token
|
102
|
+
store_write(:token, token)
|
103
|
+
store_write(:refresh_token, refresh_token)
|
104
|
+
end
|
101
105
|
store_write(:expires_at, Time.now.to_i + 3600 * 8)
|
102
106
|
|
103
107
|
return_to = store_delete(:return_to) || '/'
|
@@ -187,7 +191,7 @@ private
|
|
187
191
|
def fetch_user(token)
|
188
192
|
::Heroku::Bouncer::JsonParser.call(
|
189
193
|
Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
|
190
|
-
r.headers['Accept'] = 'application/json'
|
194
|
+
r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
|
191
195
|
r.headers['Authorization'] = "Bearer #{token}"
|
192
196
|
end.body)
|
193
197
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: heroku-bouncer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan Dance
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-heroku
|
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
191
191
|
version: '0'
|
192
192
|
requirements: []
|
193
193
|
rubyforge_project:
|
194
|
-
rubygems_version: 2.4.5
|
194
|
+
rubygems_version: 2.4.5.1
|
195
195
|
signing_key:
|
196
196
|
specification_version: 4
|
197
197
|
summary: Rapidly add Heroku OAuth to your Ruby app.
|