lp_token_auth 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/README.md +1 -1
- data/lib/generators/lp_token_auth/templates/initializer.rb.erb +10 -0
- data/lib/lp_token_auth/config.rb +16 -3
- data/lib/lp_token_auth/core.rb +7 -6
- data/lib/lp_token_auth/version.rb +1 -1
- data/migration-guide.md +11 -3
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c5a44184f3818f726afe249a92143dba06368c7508cfc5222c5a059c8939e6a
|
4
|
+
data.tar.gz: e851130aae59a29bce8ca48eb06b51e125dfc25a5f8b6bc70b3bdc8da86febff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2b1af69f83a7d68fde624f8a87758b9d121b2c495f4a822126c7282c8fe7aaac681d4aab490314a42438ce6df66c216440c68c0e9932f12e104b8c2bd605083f
|
7
|
+
data.tar.gz: b947a6fe791ea47faf708419eacb4fdadcd688f8c16c33b11a8bb9c25eab2296ae98f515bb624135092ed76f64eed9ff0de692c5f3c21a2c3cb7ba7cbb18ab2d
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
lp_token_auth (2.
|
4
|
+
lp_token_auth (2.1.0)
|
5
5
|
jwe (~> 0.4.0)
|
6
6
|
jwt (>= 1.5.6)
|
7
7
|
|
@@ -13,7 +13,7 @@ GEM
|
|
13
13
|
docile (1.1.5)
|
14
14
|
json (2.5.1)
|
15
15
|
jwe (0.4.0)
|
16
|
-
jwt (2.
|
16
|
+
jwt (2.3.0)
|
17
17
|
minitest (5.14.4)
|
18
18
|
rake (12.3.3)
|
19
19
|
simplecov (0.13.0)
|
data/README.md
CHANGED
@@ -48,7 +48,7 @@ Or install it yourself as:
|
|
48
48
|
3. All errors will return an instance of `LpTokenAuth::Error`
|
49
49
|
|
50
50
|
## Migration Guide
|
51
|
-
[Migration Guide](https://github.com/LaunchPadLab/lp_token_auth/blob/master/migration-guide.md)
|
51
|
+
Version 2.0 contains breaking changes for LP Token Auth. This migration guide contains instructions for using v2.0. [Migration Guide](https://github.com/LaunchPadLab/lp_token_auth/blob/master/migration-guide.md)
|
52
52
|
|
53
53
|
## Examples
|
54
54
|
### Controller
|
@@ -19,4 +19,14 @@ LpTokenAuth.config do |config|
|
|
19
19
|
# default: [:cookie]
|
20
20
|
#
|
21
21
|
config.token_transport = [:cookie]
|
22
|
+
|
23
|
+
# Where to find the required JWE_PRIVATE_KEY value
|
24
|
+
# default: ENV['JWE_PRIVATE_KEY']
|
25
|
+
#
|
26
|
+
config.jwe_private_key = ENV['JWE_PRIVATE_KEY']
|
27
|
+
|
28
|
+
# The JWE encryption algorithm to use
|
29
|
+
# default: 'A256GCM'
|
30
|
+
#
|
31
|
+
config.jwe_encryption = 'A256GCM'
|
22
32
|
end
|
data/lib/lp_token_auth/config.rb
CHANGED
@@ -9,13 +9,18 @@ module LpTokenAuth
|
|
9
9
|
# * `expires` is an integer corresponding to the number of hours that the token is active
|
10
10
|
# * `secret` is a string corresponding to the secret key used when encrypting the token
|
11
11
|
# * `token_transport` is a string indicating where to include the token in the HTTP response
|
12
|
-
attr_accessor :algorithm, :expires, :secret, :token_transport
|
12
|
+
attr_accessor :algorithm, :expires, :secret, :token_transport, :jwe_private_key, :jwe_encryption
|
13
13
|
|
14
14
|
# Provides default values to token options
|
15
|
+
# ENV defaults defined as procs to ensure they return their
|
16
|
+
# latest value at call time (else they return nil,
|
17
|
+
# since ENV values may not be initialized before gem code)
|
15
18
|
DEFAULT_VALUES = {
|
16
19
|
algorithm: 'HS512',
|
17
20
|
expires: (7 * 24),
|
18
21
|
token_transport: [:cookie],
|
22
|
+
jwe_private_key: -> { ENV['JWE_PRIVATE_KEY'] },
|
23
|
+
jwe_encryption: -> { ENV['JWE_ENCRYPTION'] || 'A256GCM' }
|
19
24
|
}
|
20
25
|
|
21
26
|
# Retrieves value for token option, either as set by the application, or the default
|
@@ -23,9 +28,17 @@ module LpTokenAuth
|
|
23
28
|
# @raise [LpTokenAuth::Error] if the option has not been set by the application and a default value does not exist
|
24
29
|
# @return [String,Integer] the value of the token option
|
25
30
|
def get_option(key)
|
26
|
-
option = send(key) ||
|
27
|
-
raise LpTokenAuth::Error "Missing config option value: #{
|
31
|
+
option = send(key) || get_default_value(key)
|
32
|
+
raise LpTokenAuth::Error, "Missing config option value: #{key}" unless option
|
28
33
|
option
|
29
34
|
end
|
35
|
+
|
36
|
+
# Retrieves default value for a token option
|
37
|
+
# @param [Symbol] key the token option name
|
38
|
+
# @return [String,Integer] the value of the token option
|
39
|
+
def get_default_value(key)
|
40
|
+
default = DEFAULT_VALUES[key]
|
41
|
+
default.is_a?(Proc) ? default.call : default
|
42
|
+
end
|
30
43
|
end
|
31
44
|
end
|
data/lib/lp_token_auth/core.rb
CHANGED
@@ -28,7 +28,7 @@ module LpTokenAuth
|
|
28
28
|
LpTokenAuth.config.get_option(:algorithm)
|
29
29
|
)
|
30
30
|
|
31
|
-
JWE.encrypt(jwt, private_key, enc:
|
31
|
+
JWE.encrypt(jwt, private_key, enc: LpTokenAuth.config.get_option(:jwe_encryption))
|
32
32
|
end
|
33
33
|
|
34
34
|
# Decodes the JWT token
|
@@ -64,11 +64,12 @@ module LpTokenAuth
|
|
64
64
|
private
|
65
65
|
|
66
66
|
def private_key
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
67
|
+
key = LpTokenAuth.config.get_option(:jwe_private_key)
|
68
|
+
raise LpTokenAuth::Error, 'You do not have a private key.' if key.nil?
|
69
|
+
|
70
|
+
OpenSSL::PKey::RSA.new(key.split("\\n").join("\n"))
|
71
|
+
rescue OpenSSL::PKey::RSAError => msg
|
72
|
+
raise LpTokenAuth::Error, 'Your private key is formatted incorrectly.'
|
72
73
|
end
|
73
74
|
end
|
74
75
|
end
|
data/migration-guide.md
CHANGED
@@ -13,8 +13,16 @@ This version contains the following breaking changes:
|
|
13
13
|
`JWE_PRIVATE_KEY` contains an RSA key.
|
14
14
|
`JWE_ENCRYPTION` is optional and specifies the encryption used. The default encryption is `A256GCM`.
|
15
15
|
|
16
|
-
|
16
|
+
Values for the new settings can alternatively be configured within your LpTokenAuth initializer by setting `LpTokenAuth.config.jwe_private_key` and `LpTokenAuth.config.jwe_encryption`. For example, apps using Rails credentials can set the private key as follows (or point to an ENV variable with a name other than `JWE_PRIVATE_KEY`)
|
17
|
+
```
|
18
|
+
LpTokenAuth.config.jwe_private_key = Rails.application.credentials[:jwe_private_key] || ENV['SOME_OTHER_ENV_VARIABLE']
|
19
|
+
```
|
20
|
+
The RSA key is generated by running `rails generate lp_token_auth:rsa` in the terminal of your application. This generator will output a formatted RSA key to your console. Directly copy and paste this token as an environment variable with a key of `JWE_PRIVATE_KEY`.
|
17
21
|
|
18
22
|
**Common Pitfalls in Copy and Pasting RSA Keys**
|
19
|
-
|
20
|
-
|
23
|
+
|
24
|
+
The generated RSA key is formatted as a string on a single line with newline characters (\n) at the end of each line. Commonly, there are errors in copy and pasting a string without explicit newline characters.
|
25
|
+
|
26
|
+
Please keep in mind this is for the most common use case of using the `JWE_PRIVATE_KEY` in the `.env.[environment]` file. If you are encountering an error during your migration, consider the format of your RSA string.
|
27
|
+
|
28
|
+
Be sure to include the `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----` portions of the generated string.
|
metadata
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lp_token_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dave Corwin
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
date: 2017-02-03 00:00:00.000000000 Z
|
@@ -108,7 +108,7 @@ homepage: https://github.com/launchpadlab/lp_token_auth
|
|
108
108
|
licenses:
|
109
109
|
- MIT
|
110
110
|
metadata: {}
|
111
|
-
post_install_message:
|
111
|
+
post_install_message:
|
112
112
|
rdoc_options: []
|
113
113
|
require_paths:
|
114
114
|
- lib
|
@@ -123,8 +123,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0'
|
125
125
|
requirements: []
|
126
|
-
rubygems_version: 3.
|
127
|
-
signing_key:
|
126
|
+
rubygems_version: 3.3.26
|
127
|
+
signing_key:
|
128
128
|
specification_version: 4
|
129
129
|
summary: Auth!
|
130
130
|
test_files: []
|