heroku-bouncer 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/heroku/bouncer/json_parser.rb +41 -4
  4. data/lib/heroku/bouncer/middleware.rb +42 -27
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4b619fbf7d6217756617859a7fa5f965c8ed1a01
4
- data.tar.gz: 90beec382fbef5aaea8f8f2b907cdf6e4d18bf8e
3
+ metadata.gz: 273b79408c5b9a14c9c90997c17b3b6a67edeedc
4
+ data.tar.gz: 18c20c30803bee8462c96b65db39828d1b30ec38
5
5
  SHA512:
6
- metadata.gz: 766781d8a9a9cca09a58f9c64c247cda6890a3b0c85239744f9630c3a7183162c5657e8ddd9a60b66f0fdc5975213c3a601d65d1a4ff03b8e058b690b7c2dcc6
7
- data.tar.gz: 79d6db6a927996bee71f1c17f8b3cb6c3c490c4a160351b4e6c95e82646964e4c509da4b8959993e415af60074c05a222eb465776dfafe25db49778610e9a53c
6
+ metadata.gz: cbd28dc5744698aeee1f7774099bfa0c3ced1fb61f6f3cf436512918cafc63c6728be4f79bf04e6d519129044e1647be68dd1ed497ded8c909ad93ad51a06d7a
7
+ data.tar.gz: 66d0740ba41638219edb4c7988fdb6b7d897c3b2d84c1eeb264792e922b50523ab560711d27e1430bd1f30480628c80de4edf80bc681f26dde4714e4fee06156
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # 0.7.1
2
+
3
+ * #48: Address potential errors when making API call
4
+
1
5
  # 0.7.0
2
6
 
3
7
  * #46: expose refresh token when exposing access token
data/lib/heroku/bouncer/json_parser.rb CHANGED
@@ -1,18 +1,55 @@
1
1
  # json parsers, all the way down
2
+ Heroku::Bouncer::JsonParserError = Class.new(RuntimeError)
3
+
2
4
  Heroku::Bouncer::JsonParser = begin
5
+
3
6
  require 'oj'
4
- lambda { |json| Oj.load(json, :mode => :strict) }
7
+
8
+ lambda do |json|
9
+ begin
10
+ Oj.load(json, :mode => :strict)
11
+ rescue Oj::ParseError
12
+ raise ::Heroku::Bouncer::JsonParserError
13
+ end
14
+ end
15
+
5
16
  rescue LoadError
17
+
6
18
  begin
19
+
7
20
  require 'yajl'
8
- lambda { |json| Yajl::Parser.parse(json) }
21
+ lambda do |json|
22
+ begin
23
+ Yajl::Parser.parse(json)
24
+ rescue Yajl::ParseError
25
+ raise ::Heroku::Bouncer::JsonParserError
26
+ end
27
+ end
28
+
9
29
  rescue LoadError
30
+
10
31
  begin
32
+
11
33
  require 'multi_json'
12
- lambda { |json| MultiJson.decode(json) }
34
+ lambda do |json|
35
+ begin
36
+ MultiJson.decode(json)
37
+ rescue MultiJson::ParseError
38
+ raise ::Heroku::Bouncer::JsonParserError
39
+ end
40
+ end
41
+
13
42
  rescue LoadError
43
+
14
44
  require 'json'
15
- lambda { |json| JSON.parse(json) }
45
+ lambda do |json|
46
+ begin
47
+ JSON.parse(json)
48
+ rescue JSON::ParserError
49
+ raise ::Heroku::Bouncer::JsonParserError
50
+ end
51
+ end
52
+
16
53
  end
17
54
  end
18
55
  end
data/lib/heroku/bouncer/middleware.rb CHANGED
@@ -8,6 +8,7 @@ require 'heroku/bouncer/decrypted_hash'
8
8
  class Heroku::Bouncer::Middleware < Sinatra::Base
9
9
 
10
10
  DecryptedHash = ::Heroku::Bouncer::DecryptedHash
11
+ UnableToFetchUserError = Class.new(RuntimeError)
11
12
 
12
13
  enable :raise_errors
13
14
  disable :show_exceptions
@@ -82,30 +83,34 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
82
83
 
83
84
  # callback when successful, time to save data
84
85
  get '/auth/heroku/callback' do
85
- token = request.env['omniauth.auth']['credentials']['token']
86
- refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
87
- if @expose_email || @expose_user || !@allow_if_user.nil?
88
- user = fetch_user(token)
89
- # Wrapping lambda to prevent short-circut proc return
90
- if @allow_if_user.respond_to?(:call)
91
- if !lambda{ @allow_if_user.call(user)}.call
92
- redirect to(@redirect_url) and return
86
+ begin
87
+ token = request.env['omniauth.auth']['credentials']['token']
88
+ refresh_token = request.env['omniauth.auth']['credentials']['refresh_token']
89
+ if @expose_email || @expose_user || !@allow_if_user.nil?
90
+ user = fetch_user(token)
91
+ # Wrapping lambda to prevent short-circut proc return
92
+ if @allow_if_user.respond_to?(:call)
93
+ if !lambda{ @allow_if_user.call(user)}.call
94
+ redirect to(@redirect_url) and return
95
+ end
93
96
  end
97
+ @expose_user ? store_write(:user, user) : store_write(:user, true)
98
+ store_write(:email, user['email']) if @expose_email
99
+ else
100
+ store_write(:user, true)
94
101
  end
95
- @expose_user ? store_write(:user, user) : store_write(:user, true)
96
- store_write(:email, user['email']) if @expose_email
97
- else
98
- store_write(:user, true)
99
- end
100
- store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
101
- if @expose_token
102
- store_write(:token, token)
103
- store_write(:refresh_token, refresh_token)
104
- end
105
- store_write(:expires_at, Time.now.to_i + 3600 * 8)
102
+ store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
103
+ if @expose_token
104
+ store_write(:token, token)
105
+ store_write(:refresh_token, refresh_token)
106
+ end
107
+ store_write(:expires_at, Time.now.to_i + 3600 * 8)
106
108
 
107
- return_to = store_delete(:return_to) || '/'
108
- redirect to(enforce_host(request.scheme, request.host, request.port, return_to))
109
+ return_to = store_delete(:return_to) || '/'
110
+ redirect to(enforce_host(request.scheme, request.host, request.port, return_to))
111
+ rescue UnableToFetchUserError
112
+ redirect to('/auth/failure')
113
+ end
109
114
  end
110
115
 
111
116
  # something went wrong
@@ -188,12 +193,22 @@ private
188
193
  extract_option(options, option, default)
189
194
  end
190
195
 
191
- def fetch_user(token)
192
- ::Heroku::Bouncer::JsonParser.call(
193
- Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
194
- r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
195
- r.headers['Authorization'] = "Bearer #{token}"
196
- end.body)
196
+ def fetch_user(token, retries = 3)
197
+ response = ::Faraday.new(ENV["HEROKU_API_URL"] || "https://api.heroku.com/").get('/account') do |r|
198
+ r.headers['Accept'] = 'application/vnd.heroku+json; version=3'
199
+ r.headers['Authorization'] = "Bearer #{token}"
200
+ end
201
+
202
+ if response.status == 200
203
+ ::Heroku::Bouncer::JsonParser.call(response.body)
204
+ elsif retries > 0
205
+ sleep(0.1)
206
+ fetch_user(token, retries - 1)
207
+ else
208
+ raise UnableToFetchUserError
209
+ end
210
+ rescue ::Faraday::ClientError, ::Heroku::Bouncer::JsonParserError
211
+ raise UnableToFetchUserError
197
212
  end
198
213
 
199
214
  def decrypt_store(env)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-16 00:00:00.000000000 Z
11
+ date: 2016-02-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
191
191
  version: '0'
192
192
  requirements: []
193
193
  rubyforge_project:
194
- rubygems_version: 2.4.5.1
194
+ rubygems_version: 2.5.1
195
195
  signing_key:
196
196
  specification_version: 4
197
197
  summary: Rapidly add Heroku OAuth to your Ruby app.