heroku-bouncer 0.7.0 → 0.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/heroku/bouncer/json_parser.rb +41 -4
  4. data/lib/heroku/bouncer/middleware.rb +42 -27
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4b619fbf7d6217756617859a7fa5f965c8ed1a01
4
- data.tar.gz: 90beec382fbef5aaea8f8f2b907cdf6e4d18bf8e
3
+ metadata.gz: 273b79408c5b9a14c9c90997c17b3b6a67edeedc
4
+ data.tar.gz: 18c20c30803bee8462c96b65db39828d1b30ec38
5
5
  SHA512:
6
- metadata.gz: 766781d8a9a9cca09a58f9c64c247cda6890a3b0c85239744f9630c3a7183162c5657e8ddd9a60b66f0fdc5975213c3a601d65d1a4ff03b8e058b690b7c2dcc6
7
- data.tar.gz: 79d6db6a927996bee71f1c17f8b3cb6c3c490c4a160351b4e6c95e82646964e4c509da4b8959993e415af60074c05a222eb465776dfafe25db49778610e9a53c
6
+ metadata.gz: cbd28dc5744698aeee1f7774099bfa0c3ced1fb61f6f3cf436512918cafc63c6728be4f79bf04e6d519129044e1647be68dd1ed497ded8c909ad93ad51a06d7a
7
+ data.tar.gz: 66d0740ba41638219edb4c7988fdb6b7d897c3b2d84c1eeb264792e922b50523ab560711d27e1430bd1f30480628c80de4edf80bc681f26dde4714e4fee06156
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # 0.7.1
2
+
3
+ * #48: Address potential errors when making API call
4
+
1
5
  # 0.7.0
2
6
 
3
7
  * #46: expose refresh token when exposing access token
data/lib/heroku/bouncer/json_parser.rb CHANGED
@@ -1,18 +1,55 @@
1
1
  # json parsers, all the way down
2
+ Heroku::Bouncer::JsonParserError = Class.new(RuntimeError)
3
+
2
4
  Heroku::Bouncer::JsonParser = begin
5
+
3
6
  require 'oj'
4
- lambda { |json| Oj.load(json, :mode => :strict) }
7
+
8
+ lambda do |json|
9
+ begin
10
+ Oj.load(json, :mode => :strict)
11
+ rescue Oj::ParseError
12
+ raise ::Heroku::Bouncer::JsonParserError
13
+ end
14
+ end
15
+
5
16
  rescue LoadError
17
+
6
18
  begin
19
+
7
20
  require 'yajl'
8
- lambda { |json| Yajl::Parser.parse(json) }
21
+ lambda do |json|
22
+ begin
23
+ Yajl::Parser.parse(json)
24
+ rescue Yajl::ParseError
25
+ raise ::Heroku::Bouncer::JsonParserError
26
+ end
27
+ end
28
+
9
29
  rescue LoadError
30
+
10
31
  begin
32
+
11
33
  require 'multi_json'
12
- lambda { |json| MultiJson.decode(json) }
34
+ lambda do |json|
35
+ begin
36
+ MultiJson.decode(json)
37
+ rescue MultiJson::ParseError
38
+ raise ::Heroku::Bouncer::JsonParserError
39
+ end
40
+ end
41
+
13
42
  rescue LoadError
43
+
14
44
  require 'json'
15
- lambda { |json| JSON.parse(json) }
45
+ lambda do |json|
46
+ begin
47
+ JSON.parse(json)
48
+ rescue JSON::ParserError
49
+ raise ::Heroku::Bouncer::JsonParserError
50
+ end
51
+ end
52
+
16
53
  end
17
54
  end
18
55
  end
data/lib/heroku/bouncer/middleware.rb CHANGED
@@ -8,6 +8,7 @@ require 'heroku/bouncer/decrypted_hash'
8
8
  class Heroku::Bouncer::Middleware < Sinatra::Base
9
9
 
10
10
  DecryptedHash = ::Heroku::Bouncer::DecryptedHash
11
+ UnableToFetchUserError = Class.new(RuntimeError)
11
12
 
12
13
  enable :raise_errors
13
14
  disable :show_exceptions
@@ -82,30 +83,34 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
82
83
 
83
84
  # callback when successful, time to save data
84
85
  get '/auth/heroku/callback' do
85
- token = request.env['omniauth.auth']['credentials']['token']
86
- refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
87
- if @expose_email || @expose_user || !@allow_if_user.nil?
88
- user = fetch_user(token)
89
- # Wrapping lambda to prevent short-circut proc return
90
- if @allow_if_user.respond_to?(:call)
91
- if !lambda{ @allow_if_user.call(user)}.call
92
- redirect to(@redirect_url) and return
86
+ begin
87
+ token = request.env['omniauth.auth']['credentials']['token']
88
+ refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
89
+ if @expose_email || @expose_user || !@allow_if_user.nil?
90
+ user = fetch_user(token)
91
+ # Wrapping lambda to prevent short-circut proc return
92
+ if @allow_if_user.respond_to?(:call)
93
+ if !lambda{ @allow_if_user.call(user)}.call
94
+ redirect to(@redirect_url) and return
95
+ end
93
96
  end
97
+ @expose_user ? store_write(:user, user) : store_write(:user, true)
98
+ store_write(:email, user['email']) if @expose_email
99
+ else
100
+ store_write(:user, true)
94
101
  end
95
- @expose_user ? store_write(:user, user) : store_write(:user, true)
96
- store_write(:email, user['email']) if @expose_email
97
- else
98
- store_write(:user, true)
99
- end
100
- store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
101
- if @expose_token
102
- store_write(:token, token)
103
- store_write(:refresh_token, refresh_token)
104
- end
105
- store_write(:expires_at, Time.now.to_i + 3600 * 8)
102
+ store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
103
+ if @expose_token
104
+ store_write(:token, token)
105
+ store_write(:refresh_token, refresh_token)
106
+ end
107
+ store_write(:expires_at, Time.now.to_i + 3600 * 8)
106
108
 
107
- return_to = store_delete(:return_to) || '/'
108
- redirect to(enforce_host(request.scheme, request.host, request.port, return_to))
109
+ return_to = store_delete(:return_to) || '/'
110
+ redirect to(enforce_host(request.scheme, request.host, request.port, return_to))
111
+ rescue UnableToFetchUserError
112
+ redirect to('/auth/failure')
113
+ end
109
114
  end
110
115
 
111
116
  # something went wrong
@@ -188,12 +193,22 @@ private
188
193
  extract_option(options, option, default)
189
194
  end
190
195
 
191
- def fetch_user(token)
192
- ::Heroku::Bouncer::JsonParser.call(
193
- Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
194
- r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
195
- r.headers['Authorization'] = "Bearer #{token}"
196
- end.body)
196
+ def fetch_user(token, retries = 3)
197
+ response = ::Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
198
+ r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
199
+ r.headers['Authorization'] = "Bearer #{token}"
200
+ end
201
+
202
+ if response.status == 200
203
+ ::Heroku::Bouncer::JsonParser.call(response.body)
204
+ elsif retries > 0
205
+ sleep(0.1)
206
+ fetch_user(token, retries - 1)
207
+ else
208
+ raise UnableToFetchUserError
209
+ end
210
+ rescue ::Faraday::ClientError, ::Heroku::Bouncer::JsonParserError
211
+ raise UnableToFetchUserError
197
212
  end
198
213
 
199
214
  def decrypt_store(env)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-16 00:00:00.000000000 Z
11
+ date: 2016-02-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
191
191
  version: '0'
192
192
  requirements: []
193
193
  rubyforge_project:
194
- rubygems_version: 2.4.5.1
194
+ rubygems_version: 2.5.1
195
195
  signing_key:
196
196
  specification_version: 4
197
197
  summary: Rapidly add Heroku OAuth to your Ruby app.