keycloak_oauth 0.1.10 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ff0dc0f042c247d145da35d78002bd2df0661c2715961e613af8d3fdc29f4c7
-  data.tar.gz: 8b388dd1ba17fa13d28963e6b358de48dc5e714a886e705842ad45020bb9b0c5
+  metadata.gz: baa20f03dc097cf9b5f18e60f1cd860e3590fa2eafe097989d39d1b29690dd57
+  data.tar.gz: 477b1887a6020aa95bd7e680bf1abe508ad90b99cc480606fdd5daec81adf210
 SHA512:
-  metadata.gz: 1bde5d1f50e865d856c755af7ab87a0f5e93697941276cde3bde1d92d20f6551ba9a5d412dd4c1e41c680f34f4bbeb05ff81c39363a10ed62fd7ee15cfb6892b
-  data.tar.gz: 13d1228bce48b5fffa1097d36726a3e5f1bcb0867f294b83d097a23422c81ef7f7f548224789a2b156c207c2767d9fcc51e2431c75cf58e570f1434494832e3b
+  metadata.gz: a5b936cdf70211176742efcad5d1b799d6c72ecc1047c141e07c55ddb6c1b33985879d018616f30ab6ce7bb9b4e2be970977c4a1bcecb417bcf0ebd9e0787d68
+  data.tar.gz: 6f99f5fd86bff651312a0477ca719fb227ae1b5a960c9ebf066cb7e3a2d7a150f1d42a69c0df25efc6ccd78fd733ab220982e053e73202dfadf87d9268c8a1e5

data/README.md

@@ -1,8 +1,6 @@
 # KeycloakOauth
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/keycloak_oauth`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+[Keycloak](https://www.keycloak.org) integration for Ruby on Rails.
 
 ## Installation
 
@@ -24,6 +22,12 @@ Or install it yourself as:
 
 ### Using `keycloak_oauth` in a Ruby on Rails app
 
+Unless you plan to overwrite the oauth callback controller (see further below), mount the Rails engine into your application by specifying the following in `config/routes.rb`
+
+```ruby
+mount KeycloakOauth::Engine => "/keycloak_oauth"
+```
+
 The configuration must be defined in the app by initialising the relevant attributes within a configuration block. For example, you could add an initializer script called `keycloak_oauth.rb` holding the following code:
 
 ```ruby
@@ -38,13 +42,22 @@ end
 This then allows you to access the `KeycloakOauth` APIs:
 `KeycloakOauth.connection.authorization_endpoint`
 
-You can allow the user to log in with Keycloak by adding adding a link that points to `KeycloakOauth.connection.authorization_endpoint`:
+Ensure you have `default_url_options` set. Here
+is an example of `default_url_options` appropriate for a development environment
+in `config/environments/development.rb`:
+
+```ruby
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
+```
+
+You can allow the user to log in with Keycloak by adding a link that points to `KeycloakOauth.connection.authorization_endpoint`:
 e.g.
-`<%= link_to 'Login with Keycloak', KeycloakOauth.connection.authorization_endpoint %>`
+`<%= link_to 'Login with Keycloak', KeycloakOauth.connection.authorization_endpoint(options: { redirect_uri: keycloak_oauth.oauth2_url }) %>`
+
+Once authentication is performed, the access and refresh tokens are stored in the session and can be used in your app as wished. As the session can become larger than we can store in a cookie (`CookieOverflow` exception), we recommend to use [activerecord-session_store](https://github.com/rails/activerecord-session_store).
 
-Once authentication is performed, the access and refresh tokens are stored in the session and can be used in your app as wished.
+### Customising redirect URIs
 
-***Customising redirect URIs***
 There are situations where you would want to customise the oauth2 route (e.g. to use a localised version of the callback URL).
 In this case, you can do the following:
 - add a controller to your app: e.g. `CallbackOverrides`
@@ -64,7 +77,7 @@ If you need the user to be redirected to something other than the root path, you
 3. In the method, perform whatever logic you need to return the right path e.g.
 ```ruby
 def after_sign_in_path
-  my_custom_path
+  main_app.my_custom_path
 end
 ```
 4. Tell the gem where you've overridden the paths by setting the following config in your configuration initializer file:
@@ -112,7 +125,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/keycloak_oauth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/keycloak_oauth/blob/master/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/simplificator/keycloak_oauth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/simplificator/keycloak_oauth/blob/master/CODE_OF_CONDUCT.md).
 
 
 ## License
@@ -121,4 +134,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the KeycloakOauth project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/keycloak_oauth/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the KeycloakOauth project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/simplificator/keycloak_oauth/blob/master/CODE_OF_CONDUCT.md).

data/app/controllers/keycloak_oauth/callbacks_controller.rb

@@ -12,7 +12,7 @@ module KeycloakOauth
       authentication_service.authenticate
       map_authenticatable_if_implemented(session)
 
-      redirect_to self.class.method_defined?(:after_sign_in_path) ? after_sign_in_path(request) : '/'
+      redirect_to self.class.method_defined?(:after_sign_in_path) ? after_sign_in_path(request) : main_app.root_path
     end
 
     private
@@ -24,8 +24,6 @@ module KeycloakOauth
     def map_authenticatable_if_implemented(request)
       if self.class.method_defined?(:map_authenticatable)
         map_authenticatable(request)
-      else
-        raise NotImplementedError.new('User mapping must be handled by the host app. See README for more information.')
       end
     end
 
@@ -36,7 +34,7 @@ module KeycloakOauth
       main_app.url_for(only_path: false, overwrite_params: nil)
     rescue ActionController::UrlGenerationError
       # If the host app does not override the oauth2 path, use the engine's path.
-      oauth2_path
+      oauth2_url
     end
   end
 end

data/app/services/keycloak_oauth/authentication_service.rb

@@ -1,31 +1,24 @@
 module KeycloakOauth
-  class AuthenticationService
-    ACCESS_TOKEN_KEY = 'access_token'.freeze
-    REFRESH_TOKEN_KEY = 'refresh_token'.freeze
+  class AuthenticationService < AuthenticationServiceBase
 
-    attr_reader :session, :authentication_params
+    attr_reader :authentication_params
 
-    def initialize(authentication_params:, session:)
+    def initialize(session:, authentication_params:)
       @authentication_params = authentication_params
-      @session = session
-    end
-
-    def authenticate
-      post_token_service = KeycloakOauth::PostTokenService.new(
-        connection: KeycloakOauth.connection,
-        request_params: authentication_params
-      )
-      post_token_service.perform
-      store_credentials(post_token_service)
+      super session: session
     end
 
     private
 
-    def store_credentials(post_token_service)
-      response_hash = post_token_service.parsed_response_body
+    def post_service_name
+      KeycloakOauth::PostAuthorizationCodeService
+    end
 
-      session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
-      session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
+    def post_service_arguments
+      {
+        connection: KeycloakOauth.connection,
+        request_params: authentication_params
+      }
     end
   end
 end

data/app/services/keycloak_oauth/authentication_service_base.rb

@@ -0,0 +1,42 @@
+module KeycloakOauth
+  class AuthenticationServiceBase
+    ACCESS_TOKEN_KEY = 'access_token'.freeze
+    ACCESS_TOKEN_EXPIRES_IN = 'expires_in'.freeze
+    REFRESH_TOKEN_KEY = 'refresh_token'.freeze
+    REFRESH_TOKEN_EXPIRES_IN = 'refresh_expires_in'.freeze
+
+    attr_reader :session
+
+    def initialize(session:)
+      @session = session
+    end
+
+    def authenticate
+      request_time = Time.zone.now
+      post_token_service = post_service_name.new(**post_service_arguments)
+      post_token_service.perform
+      store_credentials_in_session(post_token_service, request_time)
+    end
+
+    private
+
+    def post_service_name
+      raise "Implement in subclass"
+    end
+
+    def post_service_arguments
+      raise "Implement in subclass"
+    end
+
+
+    def store_credentials_in_session(post_token_service, request_time)
+      response_hash = post_token_service.parsed_response_body
+
+      session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
+      session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
+
+      session[:access_token_expires_at] = request_time + response_hash[ACCESS_TOKEN_EXPIRES_IN].to_i.seconds
+      session[:refresh_token_expires_at] = request_time + response_hash[REFRESH_TOKEN_EXPIRES_IN].to_i.seconds
+    end
+  end
+end

data/app/services/keycloak_oauth/{post_token_service.rb → post_authorization_code_service.rb}

@@ -1,7 +1,7 @@
 require 'net/http'
 
 module KeycloakOauth
-  class PostTokenService < KeycloakOauth::AuthorizableService
+  class PostAuthorizationCodeService < KeycloakOauth::AuthorizableService
     DEFAULT_GRANT_TYPE = 'authorization_code'.freeze
 
     attr_reader :request_params, :connection

data/app/services/keycloak_oauth/post_refresh_token_service.rb

@@ -0,0 +1,39 @@
+require 'net/http'
+
+module KeycloakOauth
+  class PostRefreshTokenService < KeycloakOauth::AuthorizableService
+    DEFAULT_GRANT_TYPE = 'refresh_token'.freeze
+
+    def initialize(connection:, refresh_token:)
+      @connection = connection
+      @refresh_token = refresh_token
+    end
+
+    def send_request
+      post_token
+    end
+
+    private
+
+    attr_reader :connection, :refresh_token
+
+    def post_token
+      uri = URI.parse(connection.authentication_endpoint)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request.set_content_type(CONTENT_TYPE_X_WWW_FORM_URLENCODED)
+        request.set_form_data(token_request_params)
+        http.request(request)
+      end
+    end
+
+    def token_request_params
+      {
+        client_id: connection.client_id,
+        client_secret: connection.client_secret,
+        grant_type: DEFAULT_GRANT_TYPE,
+        refresh_token: refresh_token
+      }
+    end
+  end
+end

data/app/services/keycloak_oauth/refresh_authentication_service.rb

@@ -0,0 +1,21 @@
+module KeycloakOauth
+  class RefreshAuthenticationService < AuthenticationServiceBase
+
+    def initialize(session:)
+      super
+    end
+
+    private
+
+    def post_service_name
+      KeycloakOauth::PostRefreshTokenService
+    end
+
+    def post_service_arguments
+      {
+        connection: KeycloakOauth.connection,
+        refresh_token: session[:refresh_token]
+      }
+    end
+  end
+end

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "0.1.10"
+  VERSION = "2.0.0"
 end

metadata

@@ -1,35 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 0.1.10
+  version: 2.0.0
 platform: ruby
 authors:
 - simplificator
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-26 00:00:00.000000000 Z
+date: 2022-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 6.0.3
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.3.2
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: activerecord-session_store
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.3
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.3.2
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -58,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - dev@simplificator.com
@@ -69,12 +119,15 @@ files:
 - Rakefile
 - app/controllers/keycloak_oauth/callbacks_controller.rb
 - app/services/keycloak_oauth/authentication_service.rb
+- app/services/keycloak_oauth/authentication_service_base.rb
 - app/services/keycloak_oauth/authorizable_service.rb
 - app/services/keycloak_oauth/get_users_service.rb
 - app/services/keycloak_oauth/logout_service.rb
-- app/services/keycloak_oauth/post_token_service.rb
+- app/services/keycloak_oauth/post_authorization_code_service.rb
+- app/services/keycloak_oauth/post_refresh_token_service.rb
 - app/services/keycloak_oauth/post_users_service.rb
 - app/services/keycloak_oauth/put_execute_actions_email_service.rb
+- app/services/keycloak_oauth/refresh_authentication_service.rb
 - app/services/keycloak_oauth/user_info_retrieval_service.rb
 - config/routes.rb
 - lib/keycloak_oauth.rb
@@ -98,14 +151,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Implementing OAuth with Keycloak in Ruby