keypairs 1.3.2 → 1.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/keypair.rb +17 -3
- data/lib/keypairs/version.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0ca0b0aafcf04e00a791643b69542ffc336a4b852bc1935b7798a6cd3fe00a68
|
|
4
|
+
data.tar.gz: eba505a66b6fe00f9c0a0e640be2ebf74bb0a4771ea2ca24ede8268edec4abbc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a279637cc14ceb82db2baa122600abafdc448ada9bb30303c66f62742098e07e04cb95edbe1ea5454192ebefd2bfae3813606c15293ae64afe0784394b4fd0d2
|
|
7
|
+
data.tar.gz: 416eca93ef18ef827deed738307584938b8363036d562438dc7a72a12420d20bc85d33f48507a8554d8ee7b62c8972819d90da238e2e2c47dc09e0c5ebdca4a0
|
data/lib/keypair.rb
CHANGED
|
@@ -34,7 +34,7 @@ require 'jwt'
|
|
|
34
34
|
# @attr [Time] not_before The time before which no payloads may be signed using the keypair.
|
|
35
35
|
# @attr [Time] not_after The time after which no payloads may be signed using the keypair.
|
|
36
36
|
# @attr [Time] expires_at The time after which the keypair may not be used for signature validation.
|
|
37
|
-
class Keypair < ActiveRecord::Base
|
|
37
|
+
class Keypair < ActiveRecord::Base # rubocop:disable Metrics/ClassLength
|
|
38
38
|
ALGORITHM = 'RS256'
|
|
39
39
|
ROTATION_INTERVAL = 1.month
|
|
40
40
|
|
|
@@ -119,7 +119,7 @@ class Keypair < ActiveRecord::Base
|
|
|
119
119
|
# @return [String] Encoded JWT token with security credentials.
|
|
120
120
|
# @param payload [Hash] Hash which should be encoded.
|
|
121
121
|
def self.jwt_encode_without_nonce(payload)
|
|
122
|
-
current.
|
|
122
|
+
current.jwt_encode(payload, {}, nonce: false)
|
|
123
123
|
end
|
|
124
124
|
|
|
125
125
|
# Decodes the payload and verifies the signature against the current valid keypairs.
|
|
@@ -133,13 +133,27 @@ class Keypair < ActiveRecord::Base
|
|
|
133
133
|
# Change the default algorithm to match the encoding algorithm
|
|
134
134
|
algorithm: ALGORITHM,
|
|
135
135
|
# Load our own keyset as valid keys
|
|
136
|
-
jwks:
|
|
136
|
+
jwks: jwk_loader_cached,
|
|
137
137
|
# If the `sub` is provided, validate that it matches the payload `sub`
|
|
138
138
|
verify_sub: true
|
|
139
139
|
)
|
|
140
140
|
JWT.decode(id_token, nil, true, options).first.with_indifferent_access
|
|
141
141
|
end
|
|
142
142
|
|
|
143
|
+
# options[:invalidate] will be `true` if a matching `kid` was not found
|
|
144
|
+
# https://github.com/jwt/ruby-jwt/blob/master/lib/jwt/jwk/key_finder.rb#L31
|
|
145
|
+
def self.jwk_loader_cached
|
|
146
|
+
lambda do |options|
|
|
147
|
+
cached_jwks(force: options[:invalidate]) || {}
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
def self.cached_jwks(force: false)
|
|
152
|
+
Rails.cache.fetch('keypairs/Keypair/jwks', force: force, skip_nil: true) do
|
|
153
|
+
keyset
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
143
157
|
# JWT encodes the payload with this keypair.
|
|
144
158
|
# It automatically adds the security attributes +iat+, +exp+ and +nonce+ to the payload.
|
|
145
159
|
# It automatically sets the +kid+ in the header.
|
data/lib/keypairs/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keypairs
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stef Schenkelaars
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-08-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -222,16 +222,16 @@ dependencies:
|
|
|
222
222
|
name: sqlite3
|
|
223
223
|
requirement: !ruby/object:Gem::Requirement
|
|
224
224
|
requirements:
|
|
225
|
-
- - "
|
|
225
|
+
- - "~>"
|
|
226
226
|
- !ruby/object:Gem::Version
|
|
227
|
-
version: '
|
|
227
|
+
version: '1.4'
|
|
228
228
|
type: :development
|
|
229
229
|
prerelease: false
|
|
230
230
|
version_requirements: !ruby/object:Gem::Requirement
|
|
231
231
|
requirements:
|
|
232
|
-
- - "
|
|
232
|
+
- - "~>"
|
|
233
233
|
- !ruby/object:Gem::Version
|
|
234
|
-
version: '
|
|
234
|
+
version: '1.4'
|
|
235
235
|
- !ruby/object:Gem::Dependency
|
|
236
236
|
name: timecop
|
|
237
237
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -283,7 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
283
283
|
- !ruby/object:Gem::Version
|
|
284
284
|
version: '0'
|
|
285
285
|
requirements: []
|
|
286
|
-
rubygems_version: 3.
|
|
286
|
+
rubygems_version: 3.5.11
|
|
287
287
|
signing_key:
|
|
288
288
|
specification_version: 4
|
|
289
289
|
summary: Manage application level keypairs with automatic rotation and JWT support
|