keycloak_oauth 1.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a496f5188659a5cc6df091b040a10fea32e0f3f471144e3b70c61938258c03d0
-  data.tar.gz: 594013ab742d6c3f8070b549ec47e692f6b5e2f7f5d2b370153af05858169007
+  metadata.gz: baa20f03dc097cf9b5f18e60f1cd860e3590fa2eafe097989d39d1b29690dd57
+  data.tar.gz: 477b1887a6020aa95bd7e680bf1abe508ad90b99cc480606fdd5daec81adf210
 SHA512:
-  metadata.gz: 192606c85a86c75885da5117fead95dabb1f19ed1ad0bf926e353e5ceae893d6ab40e6b80c0355cd1156045c47ce4c972ae825cca62dcb5758fe708a7e4d7446
-  data.tar.gz: 2e71b194442e2a76c207bb528f27de8e243a8b86d27ad575d896ac0d0996b68ca69dfd40ef89f340ce7340efedf3ebc75b1325d7d9cad1a0e1ed092aec6826b2
+  metadata.gz: a5b936cdf70211176742efcad5d1b799d6c72ecc1047c141e07c55ddb6c1b33985879d018616f30ab6ce7bb9b4e2be970977c4a1bcecb417bcf0ebd9e0787d68
+  data.tar.gz: 6f99f5fd86bff651312a0477ca719fb227ae1b5a960c9ebf066cb7e3a2d7a150f1d42a69c0df25efc6ccd78fd733ab220982e053e73202dfadf87d9268c8a1e5

data/README.md

@@ -22,6 +22,12 @@ Or install it yourself as:
 
 ### Using `keycloak_oauth` in a Ruby on Rails app
 
+Unless you plan to overwrite the oauth callback controller (see further below), mount the Rails engine into your application by specifying the following in `config/routes.rb`
+
+```ruby
+mount KeycloakOauth::Engine => "/keycloak_oauth"
+```
+
 The configuration must be defined in the app by initialising the relevant attributes within a configuration block. For example, you could add an initializer script called `keycloak_oauth.rb` holding the following code:
 
 ```ruby
@@ -36,13 +42,22 @@ end
 This then allows you to access the `KeycloakOauth` APIs:
 `KeycloakOauth.connection.authorization_endpoint`
 
-You can allow the user to log in with Keycloak by adding adding a link that points to `KeycloakOauth.connection.authorization_endpoint`:
+Ensure you have `default_url_options` set. Here
+is an example of `default_url_options` appropriate for a development environment
+in `config/environments/development.rb`:
+
+```ruby
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
+```
+
+You can allow the user to log in with Keycloak by adding a link that points to `KeycloakOauth.connection.authorization_endpoint`:
 e.g.
-`<%= link_to 'Login with Keycloak', KeycloakOauth.connection.authorization_endpoint %>`
+`<%= link_to 'Login with Keycloak', KeycloakOauth.connection.authorization_endpoint(options: { redirect_uri: keycloak_oauth.oauth2_url }) %>`
+
+Once authentication is performed, the access and refresh tokens are stored in the session and can be used in your app as wished. As the session can become larger than we can store in a cookie (`CookieOverflow` exception), we recommend to use [activerecord-session_store](https://github.com/rails/activerecord-session_store).
 
-Once authentication is performed, the access and refresh tokens are stored in the session and can be used in your app as wished.
+### Customising redirect URIs
 
-***Customising redirect URIs***
 There are situations where you would want to customise the oauth2 route (e.g. to use a localised version of the callback URL).
 In this case, you can do the following:
 - add a controller to your app: e.g. `CallbackOverrides`

data/app/controllers/keycloak_oauth/callbacks_controller.rb

@@ -12,7 +12,7 @@ module KeycloakOauth
       authentication_service.authenticate
       map_authenticatable_if_implemented(session)
 
-      redirect_to self.class.method_defined?(:after_sign_in_path) ? after_sign_in_path(request) : '/'
+      redirect_to self.class.method_defined?(:after_sign_in_path) ? after_sign_in_path(request) : main_app.root_path
     end
 
     private
@@ -24,8 +24,6 @@ module KeycloakOauth
     def map_authenticatable_if_implemented(request)
       if self.class.method_defined?(:map_authenticatable)
         map_authenticatable(request)
-      else
-        raise NotImplementedError.new('User mapping must be handled by the host app. See README for more information.')
       end
     end
 
@@ -36,7 +34,7 @@ module KeycloakOauth
       main_app.url_for(only_path: false, overwrite_params: nil)
     rescue ActionController::UrlGenerationError
       # If the host app does not override the oauth2 path, use the engine's path.
-      oauth2_path
+      oauth2_url
     end
   end
 end

data/app/services/keycloak_oauth/authentication_service.rb

@@ -1,31 +1,24 @@
 module KeycloakOauth
-  class AuthenticationService
-    ACCESS_TOKEN_KEY = 'access_token'.freeze
-    REFRESH_TOKEN_KEY = 'refresh_token'.freeze
+  class AuthenticationService < AuthenticationServiceBase
 
-    attr_reader :session, :authentication_params
+    attr_reader :authentication_params
 
-    def initialize(authentication_params:, session:)
+    def initialize(session:, authentication_params:)
       @authentication_params = authentication_params
-      @session = session
-    end
-
-    def authenticate
-      post_token_service = KeycloakOauth::PostTokenService.new(
-        connection: KeycloakOauth.connection,
-        request_params: authentication_params
-      )
-      post_token_service.perform
-      store_credentials(post_token_service)
+      super session: session
     end
 
     private
 
-    def store_credentials(post_token_service)
-      response_hash = post_token_service.parsed_response_body
+    def post_service_name
+      KeycloakOauth::PostAuthorizationCodeService
+    end
 
-      session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
-      session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
+    def post_service_arguments
+      {
+        connection: KeycloakOauth.connection,
+        request_params: authentication_params
+      }
     end
   end
 end

data/app/services/keycloak_oauth/authentication_service_base.rb

@@ -0,0 +1,42 @@
+module KeycloakOauth
+  class AuthenticationServiceBase
+    ACCESS_TOKEN_KEY = 'access_token'.freeze
+    ACCESS_TOKEN_EXPIRES_IN = 'expires_in'.freeze
+    REFRESH_TOKEN_KEY = 'refresh_token'.freeze
+    REFRESH_TOKEN_EXPIRES_IN = 'refresh_expires_in'.freeze
+
+    attr_reader :session
+
+    def initialize(session:)
+      @session = session
+    end
+
+    def authenticate
+      request_time = Time.zone.now
+      post_token_service = post_service_name.new(**post_service_arguments)
+      post_token_service.perform
+      store_credentials_in_session(post_token_service, request_time)
+    end
+
+    private
+
+    def post_service_name
+      raise "Implement in subclass"
+    end
+
+    def post_service_arguments
+      raise "Implement in subclass"
+    end
+
+
+    def store_credentials_in_session(post_token_service, request_time)
+      response_hash = post_token_service.parsed_response_body
+
+      session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
+      session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
+
+      session[:access_token_expires_at] = request_time + response_hash[ACCESS_TOKEN_EXPIRES_IN].to_i.seconds
+      session[:refresh_token_expires_at] = request_time + response_hash[REFRESH_TOKEN_EXPIRES_IN].to_i.seconds
+    end
+  end
+end

data/app/services/keycloak_oauth/{post_token_service.rb → post_authorization_code_service.rb}

@@ -1,7 +1,7 @@
 require 'net/http'
 
 module KeycloakOauth
-  class PostTokenService < KeycloakOauth::AuthorizableService
+  class PostAuthorizationCodeService < KeycloakOauth::AuthorizableService
     DEFAULT_GRANT_TYPE = 'authorization_code'.freeze
 
     attr_reader :request_params, :connection

data/app/services/keycloak_oauth/post_refresh_token_service.rb

@@ -0,0 +1,39 @@
+require 'net/http'
+
+module KeycloakOauth
+  class PostRefreshTokenService < KeycloakOauth::AuthorizableService
+    DEFAULT_GRANT_TYPE = 'refresh_token'.freeze
+
+    def initialize(connection:, refresh_token:)
+      @connection = connection
+      @refresh_token = refresh_token
+    end
+
+    def send_request
+      post_token
+    end
+
+    private
+
+    attr_reader :connection, :refresh_token
+
+    def post_token
+      uri = URI.parse(connection.authentication_endpoint)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request.set_content_type(CONTENT_TYPE_X_WWW_FORM_URLENCODED)
+        request.set_form_data(token_request_params)
+        http.request(request)
+      end
+    end
+
+    def token_request_params
+      {
+        client_id: connection.client_id,
+        client_secret: connection.client_secret,
+        grant_type: DEFAULT_GRANT_TYPE,
+        refresh_token: refresh_token
+      }
+    end
+  end
+end

data/app/services/keycloak_oauth/refresh_authentication_service.rb

@@ -0,0 +1,21 @@
+module KeycloakOauth
+  class RefreshAuthenticationService < AuthenticationServiceBase
+
+    def initialize(session:)
+      super
+    end
+
+    private
+
+    def post_service_name
+      KeycloakOauth::PostRefreshTokenService
+    end
+
+    def post_service_arguments
+      {
+        connection: KeycloakOauth.connection,
+        refresh_token: session[:refresh_token]
+      }
+    end
+  end
+end

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "1.1.0"
+  VERSION = "2.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.0
 platform: ruby
 authors:
 - simplificator
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-04-13 00:00:00.000000000 Z
+date: 2022-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - dev@simplificator.com
@@ -105,12 +119,15 @@ files:
 - Rakefile
 - app/controllers/keycloak_oauth/callbacks_controller.rb
 - app/services/keycloak_oauth/authentication_service.rb
+- app/services/keycloak_oauth/authentication_service_base.rb
 - app/services/keycloak_oauth/authorizable_service.rb
 - app/services/keycloak_oauth/get_users_service.rb
 - app/services/keycloak_oauth/logout_service.rb
-- app/services/keycloak_oauth/post_token_service.rb
+- app/services/keycloak_oauth/post_authorization_code_service.rb
+- app/services/keycloak_oauth/post_refresh_token_service.rb
 - app/services/keycloak_oauth/post_users_service.rb
 - app/services/keycloak_oauth/put_execute_actions_email_service.rb
+- app/services/keycloak_oauth/refresh_authentication_service.rb
 - app/services/keycloak_oauth/user_info_retrieval_service.rb
 - config/routes.rb
 - lib/keycloak_oauth.rb