RubyGems - intercom-rails - Versions diffs - 1.0.1 → 1.1.0 - Mend

intercom-rails 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +48 -1
data/lib/intercom-rails/config.rb +10 -0
data/lib/intercom-rails/script_tag.rb +46 -6
data/lib/intercom-rails/version.rb +1 -1
metadata +19 -22

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2fc85ba00358eada296192f07e67ba84f37424ba7a5d8ee9ea5f83e5a0bc60b
-  data.tar.gz: e3f4bfc29ba15e72c9f19c3c363abeb587ff6668637740edee063c69a329d648
+  metadata.gz: 274c2855076beb153ba6dcf5ecdc639bcac1a2515bfe74a7042b84df61eab363
+  data.tar.gz: 59e0d09f3dca2b46db7e6e3829d39a89f75eef845c1608f690e87bad41505f0f
 SHA512:
-  metadata.gz: eb3a484b71432a961158d13ee67bc43e867d74e4ecfad7d81b58607e7f09aeacb6f9e002df29b3028ac3e71717cece13a2251a0d7a5636ba67264c59465a5167
-  data.tar.gz: 689566c0e89a88620c018c41e8c49ff23e5aeedc32c180f0684e94d27b2112ba0ce13d5c691a89fa7db0a492352962e41be6e831a8855536fac5c6cfb557d782
+  metadata.gz: eebe74df506580a99a1fbe68857ab6c86c140e1db905c4cc96307aa0baa984b2d5efcf852eff43baaf7e6edb4b0937c2340a26b56f602339014478bf92e5c4bd
+  data.tar.gz: f3d98e2f4fa9083ba632faa4852028656e20c4b4c14c931dc3caa6dea429957efd9f0402b84be390dd2a97ee9bf0d002622206f455835277844d13f69e5b8aff

data/README.md CHANGED Viewed

@@ -69,6 +69,53 @@ It is possible to enable Identity Verification for the Intercom Messenger and yo
 ```
 **Note: This example is just for the sake of simplicity, you should never include this secret in source control. Instead, you should use the Rails [secret config](http://guides.rubyonrails.org/4_1_release_notes.html#config-secrets-yml) feature.**
+### JWT Authentication
+You can enable JWT authentication for enhanced security with the Intercom Messenger. This feature uses JSON Web Tokens (JWTs) to authenticate users instead of the traditional user_hash method. To enable JWT authentication, add the following to your `config/initializers/intercom.rb`:
+```ruby
+  config.jwt.enabled = true
+```
+#### JWT Expiry
+You can set an expiry time for JWTs. This determines how long the token remains valid:
+```ruby
+  config.jwt.expiry = 12.hours  # Token expires after 12 hours
+```
+If no expiry is set, the JWT will not include an expiration claim.
+#### Signed User Fields
+You can specify which user fields should be included in the JWT payload and removed from the client-side settings for enhanced security:
+```ruby
+  config.jwt.signed_user_fields = [:email, :name, :plan, :team_id]
+```
+With this configuration, these fields will be:
+- Included in the signed JWT payload
+- Removed from the client-side `intercomSettings` object
+- Still available to Intercom through the secure JWT
+#### Per-Request JWT Configuration
+You can also configure JWT settings on a per-request basis using the `intercom_script_tag` helper:
+```erb
+<%= intercom_script_tag({
+  :user_id => current_user.id,
+  :email => current_user.email
+}, {
+  :jwt_enabled => true,
+  :jwt_expiry => 1.hour
+}) %>
+```
+**Important Notes:**
+- JWT authentication requires an `api_secret` to be configured
+- JWT is only generated when a `user_id` is present
+- When JWT is enabled, the `user_id` is removed from client-side settings and only included in the secure JWT
+- Other configured signed fields are also removed from client-side settings when JWT is used
 ### Shutdown
 We make use of first-party cookies so that we can identify your users the next time they open your messenger. When people share devices with someone else, they might be able to see the most recently logged in user’s conversation history until the cookie expires. Because of this, it’s very important to properly shutdown Intercom when a user’s session on your app ends (either manually or due to an automated logout).
@@ -342,7 +389,7 @@ CSP support for automatic insertion exposes two namespaces that can be defined b
  - String CoreExtensions::IntercomRails::AutoInclude.csp_nonce_hook(controller)
  - nil CoreExtensions::IntercomRails::AutoInclude.csp_sha256_hook(controller, SHA-256 whitelist entry)
-For instance, a CSP nonce can be inserted using the [Twitter Secure Headers](https://github.com/twitter/secureheaders) gem with the following code:
+For instance, a CSP nonce can be inserted using the [Github Secure Headers](https://github.com/github/secure_headers) gem with the following code:
 ```ruby
 module CoreExtensions
   module IntercomRails

data/lib/intercom-rails/config.rb CHANGED Viewed

@@ -143,6 +143,16 @@ module IntercomRails
       end
     end
+    config_group :jwt do
+      config_accessor :enabled
+      config_accessor :expiry
+      config_accessor :signed_user_fields do |value|
+        unless value.nil? || (value.kind_of?(Array) && value.all? { |v| v.kind_of?(Symbol) || v.kind_of?(String) })
+          raise ArgumentError, "jwt.signed_user_fields must be an array of symbols or strings"
+        end
+      end
+    end
   end
 end

data/lib/intercom-rails/script_tag.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require 'active_support/all'
 require 'action_view'
+require 'jwt'
 module IntercomRails
@@ -17,7 +18,7 @@ module IntercomRails
     include ::ActionView::Helpers::TagHelper
     attr_reader :user_details, :company_details, :show_everywhere, :session_duration
-    attr_accessor :secret, :widget_options, :controller, :nonce, :encrypted_mode_enabled, :encrypted_mode
+    attr_accessor :secret, :widget_options, :controller, :nonce, :encrypted_mode_enabled, :encrypted_mode, :jwt_enabled, :jwt_expiry
     def initialize(options = {})
       self.secret = options[:secret] || Config.api_secret
@@ -25,14 +26,22 @@ module IntercomRails
       self.controller = options[:controller]
       @show_everywhere = options[:show_everywhere]
       @session_duration = session_duration_from_config
-      self.user_details = options[:find_current_user_details] ? find_current_user_details : options[:user_details]
+      self.jwt_enabled = options[:jwt_enabled] || Config.jwt.enabled
+      self.jwt_expiry = options[:jwt_expiry] || Config.jwt.expiry
+      initial_user_details = if options[:find_current_user_details]
+        find_current_user_details
+      else
+        options[:user_details] || {}
+      end
+      lead_attributes = find_lead_attributes
+      self.user_details = initial_user_details.merge(lead_attributes)
       self.encrypted_mode_enabled = options[:encrypted_mode] || Config.encrypted_mode
       self.encrypted_mode = IntercomRails::EncryptedMode.new(secret, options[:initialization_vector], {:enabled => encrypted_mode_enabled})
-      # Request specific custom data for non-signed up users base on lead_attributes
-      self.user_details = self.user_details.merge(find_lead_attributes)
       self.company_details = if options[:find_current_company_details]
         find_current_company_details
       elsif options[:user_details]
@@ -113,12 +122,43 @@ module IntercomRails
       "window.intercomSettings = #{plaintext_javascript};#{intercom_encrypted_payload_javascript}(function(){var w=window;var ic=w.Intercom;if(typeof ic===\"function\"){ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='#{Config.library_url || "https://widget.intercom.io/widget/#{j app_id}"}';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(document.readyState==='complete'){l();}else if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}};})()"
     end
+    def generate_jwt
+      return nil unless user_details[:user_id].present?
+      payload = { user_id: user_details[:user_id].to_s }
+      if jwt_expiry
+        payload[:exp] = jwt_expiry.from_now.to_i
+      end
+      if Config.jwt.signed_user_fields.present?
+        Config.jwt.signed_user_fields.each do |field|
+          field = field.to_sym
+          payload[field] = user_details[field].to_s if user_details[field].present?
+        end
+      end
+      JWT.encode(payload, secret, 'HS256')
+    end
     def user_details=(user_details)
       @user_details = DateHelper.convert_dates_to_unix_timestamps(user_details || {})
       @user_details = @user_details.with_indifferent_access.tap do |u|
         [:email, :name, :user_id].each { |k| u.delete(k) if u[k].nil? }
-        u[:user_hash] ||= user_hash if secret.present? && (u[:user_id] || u[:email]).present?
+        if secret.present?
+          if jwt_enabled && u[:user_id].present?
+            u[:intercom_user_jwt] ||= generate_jwt
+            u.delete(:user_id)
+            Config.jwt.signed_user_fields&.each do |field|
+              u.delete(field.to_sym)
+            end
+          elsif (u[:user_id] || u[:email]).present?
+            u[:user_hash] ||= user_hash
+          end
+        end
         u[:app_id] ||= app_id
       end
     end

data/lib/intercom-rails/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module IntercomRails
-  VERSION = "1.0.1"
+  VERSION = "1.1.0"
 end

metadata CHANGED Viewed

@@ -1,16 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: intercom-rails
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Ben McRedmond
 - Ciaran Lee
 - Darragh Curran
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-08 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -26,6 +25,20 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -102,28 +115,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: thin
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
@@ -187,7 +186,6 @@ homepage: http://www.intercom.io
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -202,8 +200,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 4.0.3
 specification_version: 4
 summary: Rails helper for emitting javascript script tags for Intercom
 test_files: []