heroku-bouncer 0.6.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/README.md +7 -0
  4. data/lib/heroku/bouncer/middleware.rb +8 -4
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 665c9d7aafb5ad2f6d67e2b2c6534afe7114a310
4
- data.tar.gz: 740248c7d7ff94e833d11c3072b4d605e545d540
3
+ metadata.gz: 4b619fbf7d6217756617859a7fa5f965c8ed1a01
4
+ data.tar.gz: 90beec382fbef5aaea8f8f2b907cdf6e4d18bf8e
5
5
  SHA512:
6
- metadata.gz: 98037d0ba899477a43af554df33b0edeaad5b4381e761a8b44d4f91025bd036d92b5cb5c82b83edca30f3edb52a0caf3772b0d7ad327d02834cf8d180299bdde
7
- data.tar.gz: 229ef416b7d70912a4d38cbb8b76feed9013b6d4a8b5a350b07590a26bc78735116dbd46f34eff5ec38a547c8aa39a0ae2cb155b7710e3a941a628289a22733e
6
+ metadata.gz: 766781d8a9a9cca09a58f9c64c247cda6890a3b0c85239744f9630c3a7183162c5657e8ddd9a60b66f0fdc5975213c3a601d65d1a4ff03b8e058b690b7c2dcc6
7
+ data.tar.gz: 79d6db6a927996bee71f1c17f8b3cb6c3c490c4a160351b4e6c95e82646964e4c509da4b8959993e415af60074c05a222eb465776dfafe25db49778610e9a53c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 0.7.0
2
+
3
+ * #46: expose refresh token when exposing access token
4
+ * #44: use v3 API for /account call
5
+
1
6
  # 0.6.0
2
7
 
3
8
  * #42: add `allow_if_user` which takes the user object, instead of just
data/README.md CHANGED
@@ -142,6 +142,7 @@ Based on your choice of the expose options above, the middleware adds
142
142
  the following keys to your request environment:
143
143
 
144
144
  * `bouncer.token`
145
+ * `bouncer.refresh_token`
145
146
  * `bouncer.email`
146
147
  * `bouncer.user`
147
148
 
@@ -162,6 +163,12 @@ apps = heroku.get_apps.body
162
163
  Keep in mind that this adds substantial security risk to your
163
164
  application.
164
165
 
166
+ The API token is short-lived, and expires 8 hours after issue. Heroku provides
167
+ a separate `refresh_token` (available as `bouncer.refresh_token`) that can be
168
+ used to fetch fresh API tokens if necessary. See the
169
+ [token refresh documentation](https://devcenter.heroku.com/articles/oauth#token-refresh)
170
+ for details.
171
+
165
172
  ## Logging out
166
173
 
167
174
  Send users to `/auth/sso-logout` if logging out of Heroku is
data/lib/heroku/bouncer/middleware.rb CHANGED
@@ -37,7 +37,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
37
37
  # backwards-compatibility for allow_if
38
38
  allow_if = extract_option(options, :allow_if, false)
39
39
  if allow_if
40
- @allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
40
+ @allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
41
41
  end
42
42
 
43
43
  @expose_token = extract_option(options, :expose_token, false)
@@ -82,7 +82,8 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
82
82
 
83
83
  # callback when successful, time to save data
84
84
  get '/auth/heroku/callback' do
85
- token = request.env['omniauth.auth']['credentials']['token']
85
+ token = request.env['omniauth.auth']['credentials']['token']
86
+ refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
86
87
  if @expose_email || @expose_user || !@allow_if_user.nil?
87
88
  user = fetch_user(token)
88
89
  # Wrapping lambda to prevent short-circut proc return
@@ -97,7 +98,10 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
97
98
  store_write(:user, true)
98
99
  end
99
100
  store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
100
- store_write(:token, token) if @expose_token
101
+ if @expose_token
102
+ store_write(:token, token)
103
+ store_write(:refresh_token, refresh_token)
104
+ end
101
105
  store_write(:expires_at, Time.now.to_i + 3600 * 8)
102
106
 
103
107
  return_to = store_delete(:return_to) || '/'
@@ -187,7 +191,7 @@ private
187
191
  def fetch_user(token)
188
192
  ::Heroku::Bouncer::JsonParser.call(
189
193
  Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
190
- r.headers['Accept'] = 'application/json'
194
+ r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
191
195
  r.headers['Authorization'] = "Bearer #{token}"
192
196
  end.body)
193
197
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-04 00:00:00.000000000 Z
11
+ date: 2015-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
191
191
  version: '0'
192
192
  requirements: []
193
193
  rubyforge_project:
194
- rubygems_version: 2.4.5
194
+ rubygems_version: 2.4.5.1
195
195
  signing_key:
196
196
  specification_version: 4
197
197
  summary: Rapidly add Heroku OAuth to your Ruby app.