keypairs 1.3.3 → 1.3.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/keypair.rb +16 -2
  3. data/lib/keypairs/version.rb +1 -1
  4. metadata +15 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f204cbb9214023154fb4b23804e6a18b0e6bd929592616fe2cd12b2cd5a180ac
4
- data.tar.gz: 487339606bd6d7f0d5b90628147e613784dec153165821172efe26565b4351ba
3
+ metadata.gz: '0496c576191c07df4c1d249a4167095e057396cdc84beb9d4b3789d26eb69ea5'
4
+ data.tar.gz: 5910e638d0b6579f92f48aaf875790c5bec03becc9d8e2e6e070134b9a7086cd
5
5
  SHA512:
6
- metadata.gz: 38fc480ca4a36beee8c5b5c4658359c0cea284e66a6143e9a5cd8c51247d984b1bdd947b8b6f2e32243c94bd3d0212f7e6d27050cab0eda95140eb0b8be45676
7
- data.tar.gz: c9b87af55f4f38a0397a89c25be5a8d7e82b1daa7bb7bd3ef5cd0094c05c8f12a6b7476b146d2d4fc8b8bac42443adedea7db866aa046b294a3f8722bac83ba3
6
+ metadata.gz: dbee0bf66655af356bc1dc28653389b16322453f0c9802735ed165611d85644b77252b957089de9f1bf90270319863b31cd3d015dbd21814e4b9124d470a46ee
7
+ data.tar.gz: 1cc5595e286fecee24b060262068b8c842f6c254fe1f6da6edd4e8ad67a73eb334c1a6fb1bfb9c822e4d89b7de788dccc45f180979bbefcb6327179c61b60089
data/lib/keypair.rb CHANGED
@@ -34,7 +34,7 @@ require 'jwt'
34
34
  # @attr [Time] not_before The time before which no payloads may be signed using the keypair.
35
35
  # @attr [Time] not_after The time after which no payloads may be signed using the keypair.
36
36
  # @attr [Time] expires_at The time after which the keypair may not be used for signature validation.
37
- class Keypair < ActiveRecord::Base
37
+ class Keypair < ActiveRecord::Base # rubocop:disable Metrics/ClassLength
38
38
  ALGORITHM = 'RS256'
39
39
  ROTATION_INTERVAL = 1.month
40
40
 
@@ -133,13 +133,27 @@ class Keypair < ActiveRecord::Base
133
133
  # Change the default algorithm to match the encoding algorithm
134
134
  algorithm: ALGORITHM,
135
135
  # Load our own keyset as valid keys
136
- jwks: keyset,
136
+ jwks: jwk_loader_cached,
137
137
  # If the `sub` is provided, validate that it matches the payload `sub`
138
138
  verify_sub: true
139
139
  )
140
140
  JWT.decode(id_token, nil, true, options).first.with_indifferent_access
141
141
  end
142
142
 
143
+ # options[:invalidate] will be `true` if a matching `kid` was not found
144
+ # https://github.com/jwt/ruby-jwt/blob/master/lib/jwt/jwk/key_finder.rb#L31
145
+ def self.jwk_loader_cached
146
+ lambda do |options|
147
+ cached_jwks(force: options[:invalidate]) || {}
148
+ end
149
+ end
150
+
151
+ def self.cached_jwks(force: false)
152
+ Rails.cache.fetch('keypairs/Keypair/jwks', force: force, skip_nil: true) do
153
+ keyset
154
+ end
155
+ end
156
+
143
157
  # JWT encodes the payload with this keypair.
144
158
  # It automatically adds the security attributes +iat+, +exp+ and +nonce+ to the payload.
145
159
  # It automatically sets the +kid+ in the header.
data/lib/keypairs/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Keypairs
4
- VERSION = '1.3.3'
4
+ VERSION = '1.3.5'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keypairs
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.3
4
+ version: 1.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stef Schenkelaars
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-14 00:00:00.000000000 Z
11
+ date: 2024-10-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -68,16 +68,22 @@ dependencies:
68
68
  name: lockbox
69
69
  requirement: !ruby/object:Gem::Requirement
70
70
  requirements:
71
- - - "~>"
71
+ - - ">="
72
72
  - !ruby/object:Gem::Version
73
73
  version: '1.3'
74
+ - - "<"
75
+ - !ruby/object:Gem::Version
76
+ version: '3.0'
74
77
  type: :runtime
75
78
  prerelease: false
76
79
  version_requirements: !ruby/object:Gem::Requirement
77
80
  requirements:
78
- - - "~>"
81
+ - - ">="
79
82
  - !ruby/object:Gem::Version
80
83
  version: '1.3'
84
+ - - "<"
85
+ - !ruby/object:Gem::Version
86
+ version: '3.0'
81
87
  - !ruby/object:Gem::Dependency
82
88
  name: appraisal
83
89
  requirement: !ruby/object:Gem::Requirement
@@ -222,16 +228,16 @@ dependencies:
222
228
  name: sqlite3
223
229
  requirement: !ruby/object:Gem::Requirement
224
230
  requirements:
225
- - - ">="
231
+ - - "~>"
226
232
  - !ruby/object:Gem::Version
227
- version: '0'
233
+ version: '1.4'
228
234
  type: :development
229
235
  prerelease: false
230
236
  version_requirements: !ruby/object:Gem::Requirement
231
237
  requirements:
232
- - - ">="
238
+ - - "~>"
233
239
  - !ruby/object:Gem::Version
234
- version: '0'
240
+ version: '1.4'
235
241
  - !ruby/object:Gem::Dependency
236
242
  name: timecop
237
243
  requirement: !ruby/object:Gem::Requirement
@@ -283,7 +289,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
283
289
  - !ruby/object:Gem::Version
284
290
  version: '0'
285
291
  requirements: []
286
- rubygems_version: 3.4.10
292
+ rubygems_version: 3.5.16
287
293
  signing_key:
288
294
  specification_version: 4
289
295
  summary: Manage application level keypairs with automatic rotation and JWT support