keratin-authn 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4f56c448de089a50cd7d4ee112f5238cab39146e
-  data.tar.gz: 4e4b9953cb86e8a1ea827d5ea9e861578260effd
+  metadata.gz: 806ffe0f80a2c6e59bd9873478554375bc5f45a4
+  data.tar.gz: 0b02c5bdd99206aaf381c9919a3ea885ab91804d
 SHA512:
-  metadata.gz: cf79c26b1b0dd270c93fcbb708cbc7edf8931355555e69c069f6987ae577968844655ab221450198ccef76e71bb57a3c94233450da592327deb7f9d7c76b4f2d
-  data.tar.gz: c6c7f30a6799367f31a67c3b17eee21e50a04e9b5bb6bb38aec03482e0aca3da9ceb67c64ec0e29643e45a4e8e01c29b1295f603a1b6cfc54aa0f10161a31ab3
+  metadata.gz: 8c71e68e2419fd280c82525cd1966520da11c2d51024bcb15d548224e6d46ccd439b87b9edb80d420870c594e7b4d231461666001304516dc792ffdaf1f3ce5b
+  data.tar.gz: 11b7124b866aae6727a473a717ba465f94c5d8dba90a10463d18028cfa4a4e1172b7614fb6624c4aadaa93514cb12fe86aa6f2bf40d1a05230aa19f19d232bc9

data/.rubocop.yml

@@ -0,0 +1,43 @@
+AllCops:
+  Exclude:
+    - keratin-authn.gemspec
+
+Style/Lambda:
+  EnforcedStyle: literal
+Style/IndentArray:
+  EnforcedStyle: consistent
+Style/IndentHash:
+  EnforcedStyle: consistent
+Style/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
+Style/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+Style/FrozenStringLiteralComment:
+  EnforcedStyle: never
+Style/ClassAndModuleChildren:
+  EnforcedStyle: compact
+Style/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
+Style/SpaceBeforeBlockBraces:
+  EnforcedStyle: no_space
+Style/SpaceInsideBlockBraces:
+  SpaceBeforeBlockParameters: false
+
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/BlockLength:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/ClassLength:
+  Enabled: false
+Style/NumericLiterals:
+  Enabled: false
+Style/Documentation:
+  Enabled: false
+Style/MutableConstant:
+  Enabled: false

data/Rakefile

@@ -1,11 +1,11 @@
-require "bundler/gem_tasks"
-require "rake/testtask"
+require 'bundler/gem_tasks'
+require 'rake/testtask'
 
 Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
+  t.libs << 'test'
+  t.libs << 'lib'
   t.test_files = FileList['test/**/*_test.rb']
   t.warning = false
 end
 
-task :default => :test
+task default: :test

data/bin/console

@@ -1,14 +1,14 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "keratin/authn"
+require 'bundler/setup'
+require 'keratin/authn'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
 # (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
+# require 'pry'
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/keratin-authn.gemspec

@@ -4,38 +4,38 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'keratin/authn/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "keratin-authn"
+  spec.name          = 'keratin-authn'
   spec.version       = Keratin::AuthN::VERSION
-  spec.authors       = ["Lance Ivy"]
-  spec.email         = ["lance@cainlevy.net"]
-  spec.license       = "LGPL-3.0"
+  spec.authors       = ['Lance Ivy']
+  spec.email         = ['lance@cainlevy.net']
+  spec.license       = 'LGPL-3.0'
 
-  spec.summary       = %q{Client gem for keratin/authn service.}
-  # spec.description   = %q{}
-  # spec.homepage      = ""
+  spec.summary       = 'Client gem for keratin/authn service.'
+  # spec.description   = ''
+  # spec.homepage      = ''
 
   # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
   # to allow pushing to a single host or delete this section to allow pushing to any host.
   if spec.respond_to?(:metadata)
     # spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
   else
-    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+    raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
   end
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_dependency "json-jwt"
-  spec.add_dependency "lru_redux"
+  spec.add_dependency 'json-jwt'
+  spec.add_dependency 'lru_redux'
 
-  spec.add_development_dependency "bundler", "~> 1.13"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "minitest", "~> 5.0"
-  spec.add_development_dependency "timecop"
-  spec.add_development_dependency "byebug"
-  spec.add_development_dependency "webmock"
+  spec.add_development_dependency 'bundler', '~> 1.13'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'timecop'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'webmock'
 end

data/lib/keratin/authn/id_token_verifier.rb

@@ -12,12 +12,27 @@ module Keratin::AuthN
       jwt['sub']
     end
 
+    EXPECTATIONS = [
+      :token_exists?,
+      :token_from_us?,
+      :token_for_us?,
+      :token_fresh?,
+      :token_intact?
+    ]
+
     def verified?
-      jwt.present? &&
-        token_from_us? &&
-        token_for_us? &&
-        !token_expired? &&
-        token_intact?
+      EXPECTATIONS.all? do |expectation|
+        if send(expectation)
+          true
+        else
+          Keratin::AuthN.debug{ "JWT failure: #{expectation}" }
+          false
+        end
+      end
+    end
+
+    def token_exists?
+      !jwt.nil? && !jwt.blank?
     end
 
     def token_from_us?
@@ -30,8 +45,8 @@ module Keratin::AuthN
       jwt[:aud] == Keratin::AuthN.config.audience
     end
 
-    def token_expired?
-      jwt[:exp] < @time
+    def token_fresh?
+      jwt[:exp] > @time
     end
 
     def token_intact?

data/lib/keratin/authn/issuer.rb

@@ -4,27 +4,27 @@ require 'net/http'
 module Keratin::AuthN
   class Issuer < Keratin::Client
     def lock(account_id)
-      patch(path: "/accounts/:account_id/lock").result
+      patch(path: "/accounts/#{account_id}/lock").result
     end
 
     def unlock(account_id)
-      patch(path: "/accounts/:account_id/unlock").result
+      patch(path: "/accounts/#{account_id}/unlock").result
     end
 
     def archive(account_id)
-      delete(path: "/accounts/:account_id").result
+      delete(path: "/accounts/#{account_id}").result
     end
 
     def signing_key(kid)
       keys.find{|k| k['use'] == 'sig' && (kid.blank? || kid == k['kid']) }
     end
 
-    def configuration
+    private def configuration
       @configuration ||= get(path: '/configuration').data
     end
 
-    def keys
-      @keys ||= JSON::JWK::Set.new(
+    private def keys
+      JSON::JWK::Set.new(
         get(path: URI.parse(configuration['jwks_uri']).path).data
       )
     end

data/lib/keratin/authn/mock_signature_verifier.rb

@@ -1,6 +1,6 @@
 module Keratin::AuthN
   class MockSignatureVerifier
-    def verify(jwt)
+    def verify(_)
       true
     end
   end

data/lib/keratin/authn/test/helpers.rb

@@ -1,25 +1,23 @@
-module Keratin::AuthN
-  module Test
-    module Helpers
-      JWS_ALGORITHM = 'RS256'
+module Keratin::AuthN::Test
+  module Helpers
+    JWS_ALGORITHM = 'RS256'
 
-      # a factory for JWT id_tokens
-      private def id_token_for(subject)
-        JSON::JWT.new(
-          iss: Keratin::AuthN.config.issuer,
-          aud: Keratin::AuthN.config.audience,
-          sub: subject,
-          iat: 10.seconds.ago,
-          exp: 1.hour.from_now
-        ).sign(jws_keypair.to_jwk, JWS_ALGORITHM).to_s
-      end
+    # a factory for JWT id_tokens
+    private def id_token_for(subject)
+      JSON::JWT.new(
+        iss: Keratin::AuthN.config.issuer,
+        aud: Keratin::AuthN.config.audience,
+        sub: subject,
+        iat: 10.seconds.ago,
+        exp: 1.hour.from_now
+      ).sign(jws_keypair.to_jwk, JWS_ALGORITHM).to_s
+    end
 
-      # a temporary RSA key for the test suite.
-      #
-      # generates the smallest (fastest) key possible for RS256
-      private def jws_keypair
-        @keypair ||= OpenSSL::PKey::RSA.new(512)
-      end
+    # a temporary RSA key for the test suite.
+    #
+    # generates the smallest (fastest) key possible for RS256
+    private def jws_keypair
+      @keypair ||= OpenSSL::PKey::RSA.new(512)
     end
   end
 end

data/lib/keratin/authn/version.rb

@@ -1,5 +1,5 @@
-module Keratin
+module Keratin # rubocop:disable Style/ClassAndModuleChildren
   module AuthN
-    VERSION = "0.3.1"
+    VERSION = '0.3.2'
   end
 end

data/lib/keratin/authn.rb

@@ -10,7 +10,8 @@ require 'json/jwt'
 
 module Keratin
   def self.authn
-    @authn ||= AuthN::Issuer.new(AuthN.config.issuer,
+    @authn ||= AuthN::Issuer.new(
+      AuthN.config.issuer,
       username: AuthN.config.username,
       password: AuthN.config.password
     )
@@ -35,6 +36,9 @@ module Keratin
 
       # the http basic auth password for accessing private endpoints of the authn issuer.
       attr_accessor :password
+
+      # optional logger for debug messages
+      attr_accessor :logger
     end
 
     def self.config
@@ -43,6 +47,10 @@ module Keratin
       end
     end
 
+    def self.debug
+      config.logger.debug{ yield } if config.logger
+    end
+
     # The default strategy for signature verification will find the JWT's issuer, fetch the JWKs
     # from that server, choose the correct key by id, and finally verify the JWT. The keys are
     # then cached in memory to reduce network traffic.
@@ -55,11 +63,11 @@ module Keratin
     # If the default strategy is not desired (as in host application tests), different strategies
     # may be specified here. The strategy must define a `verify(jwt)` method.
     def self.signature_verifier=(val)
-      if val.respond_to?(:verify) && val.method(:verify).arity == 1
-        @verifier = val
-      else
-        raise ArgumentError.new("Please ensure that your signature verifier has been instantiated and implements `def verify(jwt)`.")
+      unless val.respond_to?(:verify) && val.method(:verify).arity == 1
+        raise ArgumentError, 'Please ensure that your signature verifier has been instantiated and implements `def verify(jwt)`.'
       end
+
+      @verifier = val
     end
 
     class << self
@@ -73,7 +81,7 @@ module Keratin
       def logout_url(return_to: nil)
         query = {redirect_uri: return_to}.to_param if return_to
 
-        "#{config.issuer}/sessions/logout#{?? if query}#{query}"
+        "#{config.issuer}/sessions/logout#{'?' if query}#{query}"
       end
     end
   end

data/lib/keratin/client.rb

@@ -28,7 +28,6 @@ module Keratin
   end
 
   class Client
-
     attr_reader :base
 
     def initialize(base_url, username: nil, password: nil)
@@ -66,13 +65,13 @@ module Keratin
             'location' => response['Location']
           })
         when Net::HTTPClientError
-          raise ClientError.new(JSON.parse(response.body)['errors'])
+          raise ClientError, JSON.parse(response.body)['errors']
         when Net::HTTPServerError
-          raise ServiceError.new(response.body)
+          raise ServiceError, response.body
         end
       end
     rescue Net::OpenTimeout, Net::ReadTimeout => e
-      raise ServiceError.new(e.message)
+      raise ServiceError, e.message
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keratin-authn
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Lance Ivy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-02-23 00:00:00.000000000 Z
+date: 2017-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json-jwt
@@ -130,6 +130,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rubocop.yml"
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile