inst_access 0.1.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/inst_access/token.rb +19 -2
- data/lib/inst_access/version.rb +23 -0
- data/lib/inst_access.rb +1 -0
- data/spec/inst_access/token_spec.rb +24 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3f8f9627e9866878600ebfffa114229879693c401e03a07f024c9ecc7aa4567
|
|
4
|
+
data.tar.gz: 95a2ad12a7fbb4392c6828353734ad24a43cb10056c822b50d6234c4f8f2223d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1946b0ac1c71312c08d2e931f542e3e35119d3e26b4590c03f260bfec093d947cae388125e935ab03d1e63cbb2c06273ed9ed7da67bfba54406d523b78142988
|
|
7
|
+
data.tar.gz: 650914d4e10bc474b71146351956ce903b318efb32c453da9ea697c3aac5cf0f840d2e455982f1abc6fa3ebf893857fef3db1fc990a8febd278e1b768034bab9
|
data/lib/inst_access/token.rb
CHANGED
|
@@ -54,6 +54,18 @@ module InstAccess
|
|
|
54
54
|
jwt_payload[:region]
|
|
55
55
|
end
|
|
56
56
|
|
|
57
|
+
def client_id
|
|
58
|
+
jwt_payload[:client_id]
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def instructure_service?
|
|
62
|
+
jwt_payload[:instructure_service] == true
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def jti
|
|
66
|
+
jwt_payload[:jti]
|
|
67
|
+
end
|
|
68
|
+
|
|
57
69
|
def to_token_string
|
|
58
70
|
jwe = to_jws.encrypt(InstAccess.config.encryption_key, ENCRYPTION_ALGO, ENCRYPTION_METHOD)
|
|
59
71
|
jwe.to_s
|
|
@@ -87,7 +99,9 @@ module InstAccess
|
|
|
87
99
|
real_user_shard_id: nil,
|
|
88
100
|
user_global_id: nil,
|
|
89
101
|
real_user_global_id: nil,
|
|
90
|
-
region: nil
|
|
102
|
+
region: nil,
|
|
103
|
+
client_id: nil,
|
|
104
|
+
instructure_service: nil
|
|
91
105
|
)
|
|
92
106
|
raise ArgumentError, 'Must provide user uuid and account uuid' if user_uuid.blank? || account_uuid.blank?
|
|
93
107
|
|
|
@@ -95,6 +109,7 @@ module InstAccess
|
|
|
95
109
|
|
|
96
110
|
payload = {
|
|
97
111
|
iss: ISSUER,
|
|
112
|
+
jti: SecureRandom.uuid,
|
|
98
113
|
iat: now,
|
|
99
114
|
exp: now + 1.hour.to_i,
|
|
100
115
|
sub: user_uuid,
|
|
@@ -104,7 +119,9 @@ module InstAccess
|
|
|
104
119
|
masq_shard: real_user_shard_id,
|
|
105
120
|
debug_user_global_id: user_global_id&.to_s,
|
|
106
121
|
debug_masq_global_id: real_user_global_id&.to_s,
|
|
107
|
-
region: region
|
|
122
|
+
region: region,
|
|
123
|
+
client_id: client_id,
|
|
124
|
+
instructure_service: instructure_service
|
|
108
125
|
}.compact
|
|
109
126
|
|
|
110
127
|
new(payload)
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Copyright (C) 2023 - present Instructure, Inc.
|
|
5
|
+
#
|
|
6
|
+
# This file is part of Canvas.
|
|
7
|
+
#
|
|
8
|
+
# Canvas is free software: you can redistribute it and/or modify it under
|
|
9
|
+
# the terms of the GNU Affero General Public License as published by the Free
|
|
10
|
+
# Software Foundation, version 3 of the License.
|
|
11
|
+
#
|
|
12
|
+
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
13
|
+
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
14
|
+
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
15
|
+
# details.
|
|
16
|
+
#
|
|
17
|
+
# You should have received a copy of the GNU Affero General Public License along
|
|
18
|
+
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
19
|
+
#
|
|
20
|
+
|
|
21
|
+
module InstAccess
|
|
22
|
+
VERSION = '0.4.0'
|
|
23
|
+
end
|
data/lib/inst_access.rb
CHANGED
|
@@ -85,12 +85,35 @@ describe InstAccess::Token do
|
|
|
85
85
|
canvas_domain: 'z.instructure.com',
|
|
86
86
|
real_user_uuid: 'masq-id',
|
|
87
87
|
real_user_shard_id: 5,
|
|
88
|
-
region: 'us-west-2'
|
|
88
|
+
region: 'us-west-2',
|
|
89
|
+
client_id: 'client-id',
|
|
90
|
+
instructure_service: true
|
|
89
91
|
)
|
|
90
92
|
expect(id.canvas_domain).to eq('z.instructure.com')
|
|
91
93
|
expect(id.masquerading_user_uuid).to eq('masq-id')
|
|
92
94
|
expect(id.masquerading_user_shard_id).to eq(5)
|
|
93
95
|
expect(id.region).to eq('us-west-2')
|
|
96
|
+
expect(id.client_id).to eq('client-id')
|
|
97
|
+
expect(id.instructure_service?).to eq true
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
it 'generates a unique jti' do
|
|
101
|
+
uuid = SecureRandom.uuid
|
|
102
|
+
|
|
103
|
+
allow(SecureRandom).to receive(:uuid).and_return uuid
|
|
104
|
+
|
|
105
|
+
id = described_class.for_user(
|
|
106
|
+
user_uuid: 'user-uuid',
|
|
107
|
+
account_uuid: 'acct-uuid',
|
|
108
|
+
canvas_domain: 'z.instructure.com',
|
|
109
|
+
real_user_uuid: 'masq-id',
|
|
110
|
+
real_user_shard_id: 5,
|
|
111
|
+
region: 'us-west-2',
|
|
112
|
+
client_id: 'client-id',
|
|
113
|
+
instructure_service: true
|
|
114
|
+
)
|
|
115
|
+
|
|
116
|
+
expect(id.jti).to eq uuid
|
|
94
117
|
end
|
|
95
118
|
|
|
96
119
|
it 'includes global id debug info if given' do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inst_access
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Ziwisky
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-09-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -161,6 +161,7 @@ files:
|
|
|
161
161
|
- lib/inst_access/config.rb
|
|
162
162
|
- lib/inst_access/errors.rb
|
|
163
163
|
- lib/inst_access/token.rb
|
|
164
|
+
- lib/inst_access/version.rb
|
|
164
165
|
- spec/initialize_coverage.rb
|
|
165
166
|
- spec/inst_access/inst_access_spec.rb
|
|
166
167
|
- spec/inst_access/token_spec.rb
|
|
@@ -184,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
184
185
|
- !ruby/object:Gem::Version
|
|
185
186
|
version: '0'
|
|
186
187
|
requirements: []
|
|
187
|
-
rubygems_version: 3.2.
|
|
188
|
+
rubygems_version: 3.2.6
|
|
188
189
|
signing_key:
|
|
189
190
|
specification_version: 4
|
|
190
191
|
summary: Generation, parsing, and validation of Instructure access tokens
|