keyless 2.2.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -39
- data/CHANGELOG.md +9 -0
- data/Envfile +1 -0
- data/LICENSE +1 -1
- data/README.md +2 -2
- data/keyless.gemspec +2 -1
- data/lib/keyless/configuration.rb +4 -0
- data/lib/keyless/jwt.rb +1 -1
- data/lib/keyless/rsa_public_key.rb +13 -6
- data/lib/keyless/version.rb +1 -1
- data/lib/keyless.rb +2 -1
- metadata +20 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4a1c1ff59e0ef496566e14afa53b74aadf81b4581f02853bf6bb78c0a3faaf36
|
|
4
|
+
data.tar.gz: 0a5ae6290337659356209b0f9a22281c2c8c2add1541dfd8b6c1d04e8637ba1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3b977633e74432ac6e0b5178c3041bfe8a00bcba5559e27c3d14626f167e09cb9d8f086a99b3f1724566115d72d6cbc8398ca5705d21f257286a4a4f0a28eab7
|
|
7
|
+
data.tar.gz: e8b8fa8df3d6c65263ec8dad91fc134c1782c2047ae99d654d71031968c2d98ee151757419d53489c6fbea2f20690efc91966bd2e43d6891e887acd83651a65a
|
data/.rubocop.yml
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
inherit_from:
|
|
2
|
+
- https://potpourri.hausgold.de/config/rubocop.yml
|
|
3
|
+
- https://potpourri.hausgold.de/config/rubocop-gem.yml
|
|
4
|
+
|
|
1
5
|
plugins:
|
|
2
6
|
- rubocop-rspec
|
|
3
7
|
- rubocop-rails
|
|
@@ -5,9 +9,6 @@ plugins:
|
|
|
5
9
|
Rails:
|
|
6
10
|
Enabled: true
|
|
7
11
|
|
|
8
|
-
Style/Documentation:
|
|
9
|
-
Enabled: true
|
|
10
|
-
|
|
11
12
|
AllCops:
|
|
12
13
|
NewCops: enable
|
|
13
14
|
SuggestExtensions: false
|
|
@@ -20,43 +21,12 @@ AllCops:
|
|
|
20
21
|
- build/**/*
|
|
21
22
|
- gemfiles/**/*
|
|
22
23
|
|
|
23
|
-
Metrics/BlockLength:
|
|
24
|
-
Exclude:
|
|
25
|
-
- Rakefile
|
|
26
|
-
- '*.gemspec'
|
|
27
|
-
- spec/**/*.rb
|
|
28
|
-
- '**/*.rake'
|
|
29
|
-
- doc/**/*.rb
|
|
30
|
-
|
|
31
|
-
# MFA is not yet enabled for our gems yet.
|
|
32
|
-
Gemspec/RequireMFA:
|
|
33
|
-
Enabled: false
|
|
34
|
-
|
|
35
|
-
# We stay with the original Ruby Style Guide recommendation.
|
|
36
|
-
Layout/LineLength:
|
|
37
|
-
Max: 80
|
|
38
|
-
|
|
39
|
-
# Document all the things.
|
|
40
|
-
Style/DocumentationMethod:
|
|
41
|
-
Enabled: true
|
|
42
|
-
RequireForNonPublicMethods: true
|
|
43
|
-
|
|
44
24
|
# It's a deliberate idiom in RSpec.
|
|
45
25
|
# See: https://github.com/bbatsov/rubocop/issues/4222
|
|
46
26
|
Lint/AmbiguousBlockAssociation:
|
|
47
27
|
Exclude:
|
|
48
28
|
- "spec/**/*"
|
|
49
29
|
|
|
50
|
-
# Because +expect_any_instance_of().to have_received()+ is not
|
|
51
|
-
# supported with the +with(hash_including)+ matchers
|
|
52
|
-
RSpec/MessageSpies:
|
|
53
|
-
EnforcedStyle: receive
|
|
54
|
-
|
|
55
|
-
# Because nesting makes sense here to group the feature tests
|
|
56
|
-
# more effective. This increases maintainability.
|
|
57
|
-
RSpec/NestedGroups:
|
|
58
|
-
Max: 4
|
|
59
|
-
|
|
60
30
|
# Disable regular Rails spec paths.
|
|
61
31
|
Rails/FilePath:
|
|
62
32
|
Enabled: false
|
|
@@ -64,8 +34,3 @@ Rails/FilePath:
|
|
|
64
34
|
# Because we just implemented the ActiveRecord API.
|
|
65
35
|
Rails/SkipsModelValidations:
|
|
66
36
|
Enabled: false
|
|
67
|
-
|
|
68
|
-
# We use memoized helpers all over the place to construct inputs and output
|
|
69
|
-
# which can be customized at nested contexts easily.
|
|
70
|
-
RSpec/MultipleMemoizedHelpers:
|
|
71
|
-
Enabled: false
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
* TODO: Replace this bullet point with an actual description of a change.
|
|
4
4
|
|
|
5
|
+
### 2.4.0 (19 December 2025)
|
|
6
|
+
|
|
7
|
+
* Migrated to a shared Rubocop configuration for HAUSGOLD gems ([#19](https://github.com/hausgold/keyless/pull/19))
|
|
8
|
+
|
|
9
|
+
### 2.3.0 (16 December 2025)
|
|
10
|
+
|
|
11
|
+
* Switched from `httparty` to the `http` gem and added support for retries on
|
|
12
|
+
the RSA remote fetching (5 times by default) ([#18](https://github.com/hausgold/keyless/pull/18))
|
|
13
|
+
|
|
5
14
|
### 2.2.0 (2 December 2025)
|
|
6
15
|
|
|
7
16
|
* Loosend up the version requirement for the `jwt` gem to `>= 2.6`, so people
|
data/Envfile
CHANGED
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -75,8 +75,8 @@ end
|
|
|
75
75
|
### RSA public key helper
|
|
76
76
|
|
|
77
77
|
We provide a straightforward solution to deal with the provision of RSA public
|
|
78
|
-
keys.
|
|
79
|
-
a local access, and
|
|
78
|
+
keys. Sometimes you want to distribute them by file to each machine and have
|
|
79
|
+
a local access, and sometimes you provide an endpoint on your identity
|
|
80
80
|
provider to fetch the RSA public key via HTTP/HTTPS. The `RsaPublicKey` class
|
|
81
81
|
helps you to fulfill this task easily.
|
|
82
82
|
|
data/keyless.gemspec
CHANGED
|
@@ -36,9 +36,10 @@ Gem::Specification.new do |spec|
|
|
|
36
36
|
spec.required_ruby_version = '>= 3.2'
|
|
37
37
|
|
|
38
38
|
spec.add_dependency 'activesupport', '>= 7.1'
|
|
39
|
-
spec.add_dependency '
|
|
39
|
+
spec.add_dependency 'http', '~> 5.3'
|
|
40
40
|
spec.add_dependency 'jwt', '>= 2.6'
|
|
41
41
|
spec.add_dependency 'mutex_m', '>= 0.3'
|
|
42
42
|
spec.add_dependency 'recursive-open-struct', '~> 2.0'
|
|
43
|
+
spec.add_dependency 'retries', '>= 0.0.5'
|
|
43
44
|
spec.add_dependency 'zeitwerk', '~> 2.6'
|
|
44
45
|
end
|
|
@@ -64,6 +64,10 @@ module Keyless
|
|
|
64
64
|
# here.
|
|
65
65
|
config_accessor(:rsa_public_key_url) { nil }
|
|
66
66
|
|
|
67
|
+
# When the remote (HTTP/HTTPS) fetching failed, how many times to retry the
|
|
68
|
+
# operation.
|
|
69
|
+
config_accessor(:rsa_public_key_fetch_retries) { 5 }
|
|
70
|
+
|
|
67
71
|
# You can preconfigure the {RsaPublickey} class to enable/disable
|
|
68
72
|
# caching. For a remote public key location it is handy to cache the
|
|
69
73
|
# result for some time to keep the traffic low to this resource server.
|
data/lib/keyless/jwt.rb
CHANGED
|
@@ -51,7 +51,7 @@ module Keyless
|
|
|
51
51
|
payload.typ == 'refresh'
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
#
|
|
54
|
+
# Retrieves the expiration date from the payload when set.
|
|
55
55
|
#
|
|
56
56
|
# @return [nil|ActiveSupport::TimeWithZone] The expiration date
|
|
57
57
|
def expires_at
|
|
@@ -59,13 +59,20 @@ module Keyless
|
|
|
59
59
|
def fetch_encoded_key
|
|
60
60
|
raise ArgumentError, 'No URL for RsaPublicKey configured' unless url
|
|
61
61
|
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
62
|
+
remote? ? fetch_encoded_key_via_http : File.read(url)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
# Fetch the encoded (DER, or PEM) public key from a remote location via
|
|
66
|
+
# HTTP/HTTPS.
|
|
67
|
+
#
|
|
68
|
+
# @return [String] The encoded public key
|
|
69
|
+
def fetch_encoded_key_via_http
|
|
70
|
+
conf = ::Keyless.configuration
|
|
71
|
+
with_retries(max_tries: conf.rsa_public_key_fetch_retries) do
|
|
72
|
+
res = HTTP.get(url)
|
|
73
|
+
raise FetchError, res.inspect unless res.status.success?
|
|
65
74
|
|
|
66
|
-
res.
|
|
67
|
-
else
|
|
68
|
-
File.read(url)
|
|
75
|
+
res.to_s
|
|
69
76
|
end
|
|
70
77
|
end
|
|
71
78
|
|
data/lib/keyless/version.rb
CHANGED
data/lib/keyless.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keyless
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hermann Mayer
|
|
@@ -26,19 +26,19 @@ dependencies:
|
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
27
|
version: '7.1'
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
|
-
name:
|
|
29
|
+
name: http
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
|
-
- - "
|
|
32
|
+
- - "~>"
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: '
|
|
34
|
+
version: '5.3'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
|
-
- - "
|
|
39
|
+
- - "~>"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: '
|
|
41
|
+
version: '5.3'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: jwt
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -81,6 +81,20 @@ dependencies:
|
|
|
81
81
|
- - "~>"
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
83
|
version: '2.0'
|
|
84
|
+
- !ruby/object:Gem::Dependency
|
|
85
|
+
name: retries
|
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
|
87
|
+
requirements:
|
|
88
|
+
- - ">="
|
|
89
|
+
- !ruby/object:Gem::Version
|
|
90
|
+
version: 0.0.5
|
|
91
|
+
type: :runtime
|
|
92
|
+
prerelease: false
|
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
94
|
+
requirements:
|
|
95
|
+
- - ">="
|
|
96
|
+
- !ruby/object:Gem::Version
|
|
97
|
+
version: 0.0.5
|
|
84
98
|
- !ruby/object:Gem::Dependency
|
|
85
99
|
name: zeitwerk
|
|
86
100
|
requirement: !ruby/object:Gem::Requirement
|