RubyGems - keratin-authn - Versions diffs - 1.0.0 → 1.0.1 - Mend

keratin-authn 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +16 -9
data/lib/keratin/authn/mock_keychain.rb +13 -2
data/lib/keratin/authn/test/helpers.rb +1 -8
data/lib/keratin/authn/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 675c925f05dfabe4bd0f21df787374d84656bb54
-  data.tar.gz: 6707f4d2b665485192152bf7a59c5a1d62800e7d
+  metadata.gz: 6da81c6e1e1cfff24bdf967c5c639bf965a6bd36
+  data.tar.gz: 16b387f8a34beb746cd96c5bcecbc6a0e2df3578
 SHA512:
-  metadata.gz: 9c539082ff017a26237d848342769115ca0ad978ec470505e516fcb91879499fc7bb27d0f43601a434b480e70acfbb55ec2c124686e6b8bc3319e2d38a197d13
-  data.tar.gz: d41c0567fd3f85b164c82a8c0bb5237d4f0e0e9865fb3a0bfe6d2a5e6996381b55cb1c3658713be50525cdafce31480e34d1d73a4d0523a1530104f207ad8129
+  metadata.gz: 04788a20f670dd537bc463b1d818b7b39626c6745750f3ea3e70b481b8f04f1b3e6215c064165face2508e0d40a967c5ed98507807cb05cff98d20e9d5781f58
+  data.tar.gz: b7c68b8969f1bbbc3f4b00df843245c66ef4620a42c748082bb5a6c8edcd8ff18094dc942bd78a3f5a308f24887c0d91b508f8d1127ee39d87e6c2381be7db92

data/README.md CHANGED

@@ -2,7 +2,8 @@
 Keratin AuthN is an authentication service that keeps you in control of the experience without forcing you to be an expert in web security.
-This gem provides utilities to help integrate with a Ruby application. You may also be interested in keratin/authn-js for frontend integration.
+This gem provides utilities to help integrate with the backend of a Ruby application. You will also
+need a client for your frontend, such as [keratin/authn-js](https://github.com/keratin/authn-js).
 [![Gem Version](https://badge.fury.io/rb/keratin-authn.svg)](http://badge.fury.io/rb/keratin-authn) [![Build Status](https://travis-ci.org/keratin/authn-rb.svg?branch=master)](https://travis-ci.org/keratin/authn-rb) [![Coverage Status](https://coveralls.io/repos/github/keratin/authn/badge.svg?branch=master)](https://coveralls.io/github/keratin/authn?branch=master)
@@ -20,21 +21,27 @@ Configure your integration from a file such as `config/initializers/keratin.rb`:
 ```ruby
 Keratin::AuthN.config.tap do |config|
-  # The base URL of your Keratin AuthN service
+  # The AUTHN_URL of your Keratin AuthN server. This will be used to verify tokens created by AuthN,
+  # and will also be used for API calls unless `config.authn_url` is also set (see below).
   config.issuer = 'https://authn.myapp.com'
-  # The domain of your application (no protocol)
+  # The domain of your application (no protocol). This domain should be listed in the APP_DOMAINS of
+  # your Keratin AuthN server.
   config.audience = 'myapp.com'
-  # HTTP basic auth for using AuthN's private endpoints
+  # Credentials for AuthN's private endpoints. These will be used to execute admin actions using the
+  # `Keratin.authn` client provided by this library.
+  #
+  # TIP: make them extra secure in production!
   config.username = 'secret'
   config.password = 'secret'
   # OPTIONAL: enables debugging for the JWT verification process
-  config.logger   = Rails.logger
+  # config.logger   = Rails.logger
-  # OPTIONAL: allows private API calls to use private network routing
-  config.authn_url = 'https://authn.internal.dns/
+  # OPTIONAL: Send private API calls to AuthN using private network routing. This can be necessary
+  # if your environment has a firewall to limit public endpoints.
+  # config.authn_url = 'https://authn.internal.dns/
 end
 ```
@@ -144,8 +151,8 @@ In your `test/test_helper.rb` or equivalent:
 ```ruby
 # Configuring AuthN to use the MockKeychain will stop your tests from attempting to connect to the
-# remote issuer during tests.
-Keratin::AuthN.signature_verifier = Keratin::AuthN::MockKeychain.new
+# remote issuer during tests. The MockKeychain creates a single weak key, for speedy tests.
+Keratin::AuthN.keychain = Keratin::AuthN::MockKeychain.new
 # Including the Test::Helpers module grants access to `id_token_for(user.account_id)`, so that you
 # can test your system with real tokens.

data/lib/keratin/authn/mock_keychain.rb CHANGED

@@ -1,7 +1,18 @@
 module Keratin::AuthN
   class MockKeychain
-    def [](kid)
-      true
+    # a temporary RSA key for the test suite.
+    #
+    # generates the smallest (fastest) key possible for RS256
+    def initialize
+      @keypair ||= OpenSSL::PKey::RSA.new(512).to_jwk
+    end
+    def key
+      @keypair
+    end
+    def [](_)
+      key
     end
   end
 end

data/lib/keratin/authn/test/helpers.rb CHANGED

@@ -10,14 +10,7 @@ module Keratin::AuthN::Test
         sub: subject,
         iat: 10.seconds.ago,
         exp: 1.hour.from_now
-      ).sign(jws_keypair.to_jwk, JWS_ALGORITHM).to_s
-    end
-    # a temporary RSA key for the test suite.
-    #
-    # generates the smallest (fastest) key possible for RS256
-    private def jws_keypair
-      @keypair ||= OpenSSL::PKey::RSA.new(512)
+      ).sign(Keratin::AuthN.keychain.key, JWS_ALGORITHM).to_s
     end
   end
 end

data/lib/keratin/authn/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Keratin # rubocop:disable Style/ClassAndModuleChildren
   module AuthN
-    VERSION = '1.0.0'
+    VERSION = '1.0.1'
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keratin-authn
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Lance Ivy
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-12-02 00:00:00.000000000 Z
+date: 2017-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json-jwt