machina-auth 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/machina/configuration.rb +2 -1
- data/lib/machina/controller_helpers.rb +1 -1
- data/lib/machina/permission_sync.rb +2 -1
- data/lib/machina/version.rb +1 -1
- data/lib/machina.rb +25 -4
- data/spec/machina/authorize_url_spec.rb +61 -0
- data/spec/machina/configuration_spec.rb +6 -0
- data/spec/machina/controller_helpers_spec.rb +4 -1
- data/spec/machina/permission_sync_spec.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3aea4a4e50f2d2700c3e84c0a5c66715d7fad74f6da3f32438da1e372dee3531
|
|
4
|
+
data.tar.gz: d6f1a257b9fe0dcf868fce3cffeac7c625cba2774d86402e6bf666567c466cc5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d0137c9be1a30603f8cc165d234bf34e99f3325439ddf3aad96ea46ee96a5bedeb67388ede7edf54399391213bb904569f9186c454f5375cf392a3b8f0425f8
|
|
7
|
+
data.tar.gz: b67d7e820671b4ed7e495853924ad1e8f134030960be3a4c8cfe5bc17a594a662294807b5e058ee3ec45d291b91afc58dec65ca918b29b36251cfff5c0f0e340
|
|
@@ -34,7 +34,7 @@ module Machina
|
|
|
34
34
|
if request.format.json?
|
|
35
35
|
render json: { error: 'unauthorized' }, status: :unauthorized
|
|
36
36
|
else
|
|
37
|
-
redirect_to Machina.authorize_url(
|
|
37
|
+
redirect_to Machina.authorize_url(return_to: request.original_url), allow_other_host: true
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
|
@@ -16,7 +16,8 @@ module Machina
|
|
|
16
16
|
|
|
17
17
|
product_id = manifest[:product_id] || Machina.config.product_id
|
|
18
18
|
if product_id.blank?
|
|
19
|
-
raise Machina::ConfigurationError,
|
|
19
|
+
raise Machina::ConfigurationError,
|
|
20
|
+
'product_id is required for permission sync (set in machina.yml or Machina.config)'
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
Machina.identity_client.sync_permissions(
|
data/lib/machina/version.rb
CHANGED
data/lib/machina.rb
CHANGED
|
@@ -54,15 +54,36 @@ module Machina
|
|
|
54
54
|
config.cache_store || Rails.cache
|
|
55
55
|
end
|
|
56
56
|
|
|
57
|
-
|
|
57
|
+
# Builds the Console authorize URL.
|
|
58
|
+
#
|
|
59
|
+
# @param redirect_to [String, nil] explicit redirect URL (backwards compat)
|
|
60
|
+
# @param return_to [String, nil] user's intended destination, appended to
|
|
61
|
+
# the configured +identity_callback_uri+ as a query param
|
|
62
|
+
# @return [String] the full authorize URL
|
|
63
|
+
# @raise [ConfigurationError] when neither +redirect_to+ nor
|
|
64
|
+
# +identity_callback_uri+ is available
|
|
65
|
+
def authorize_url(redirect_to: nil, return_to: nil)
|
|
58
66
|
base = config.identity_service_url.to_s.sub(%r{/\z}, '')
|
|
59
|
-
return "#{base}/authorize" if redirect_to.blank?
|
|
60
67
|
|
|
61
|
-
"#{base}/authorize?redirect_to=#{CGI.escape(redirect_to)}"
|
|
68
|
+
return "#{base}/authorize?redirect_to=#{CGI.escape(redirect_to)}" if redirect_to.present?
|
|
69
|
+
|
|
70
|
+
callback = config.identity_callback_uri
|
|
71
|
+
if callback.blank?
|
|
72
|
+
raise ConfigurationError,
|
|
73
|
+
'identity_callback_uri must be configured to use authorize_url without an explicit redirect_to'
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
target = return_to.present? ? "#{callback}?return_to=#{CGI.escape(return_to)}" : callback
|
|
77
|
+
|
|
78
|
+
"#{base}/authorize?redirect_to=#{CGI.escape(target)}"
|
|
62
79
|
end
|
|
63
80
|
|
|
81
|
+
# Convenience wrapper that delegates to {authorize_url} with +return_to+.
|
|
82
|
+
#
|
|
83
|
+
# @param return_to [String] the user's intended destination
|
|
84
|
+
# @return [String] the full authorize URL
|
|
64
85
|
def login_url(return_to:)
|
|
65
|
-
authorize_url(
|
|
86
|
+
authorize_url(return_to:)
|
|
66
87
|
end
|
|
67
88
|
end
|
|
68
89
|
end
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative '../rails_helper'
|
|
4
|
+
|
|
5
|
+
RSpec.describe 'Machina.authorize_url' do
|
|
6
|
+
let(:base_url) { 'https://machina.example.test' }
|
|
7
|
+
|
|
8
|
+
context 'when identity_callback_uri is configured' do
|
|
9
|
+
before do
|
|
10
|
+
Machina.config.identity_callback_uri = 'http://localhost:3000/auth/machina/callback'
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it 'uses the callback URI as redirect_to' do
|
|
14
|
+
url = Machina.authorize_url
|
|
15
|
+
|
|
16
|
+
expect(url).to eq("#{base_url}/authorize?redirect_to=#{CGI.escape('http://localhost:3000/auth/machina/callback')}")
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
it 'appends return_to as a query param on the callback URI' do
|
|
20
|
+
url = Machina.authorize_url(return_to: '/dashboard')
|
|
21
|
+
|
|
22
|
+
callback_with_return = 'http://localhost:3000/auth/machina/callback?return_to=%2Fdashboard'
|
|
23
|
+
expect(url).to eq("#{base_url}/authorize?redirect_to=#{CGI.escape(callback_with_return)}")
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
it 'encodes a full return_to URL' do
|
|
27
|
+
url = Machina.authorize_url(return_to: 'http://localhost:3000/inquiries?page=2')
|
|
28
|
+
|
|
29
|
+
callback_with_return = 'http://localhost:3000/auth/machina/callback?return_to=http%3A%2F%2Flocalhost%3A3000%2Finquiries%3Fpage%3D2'
|
|
30
|
+
expect(url).to eq("#{base_url}/authorize?redirect_to=#{CGI.escape(callback_with_return)}")
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
context 'when identity_callback_uri is not configured' do
|
|
35
|
+
it 'raises a configuration error when called without redirect_to' do
|
|
36
|
+
expect { Machina.authorize_url }.to raise_error(
|
|
37
|
+
Machina::ConfigurationError,
|
|
38
|
+
/identity_callback_uri/,
|
|
39
|
+
)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it 'still works with an explicit redirect_to for backwards compatibility' do
|
|
43
|
+
url = Machina.authorize_url(redirect_to: 'http://localhost:3000/login')
|
|
44
|
+
|
|
45
|
+
expect(url).to eq("#{base_url}/authorize?redirect_to=#{CGI.escape('http://localhost:3000/login')}")
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
describe '.login_url' do
|
|
50
|
+
before do
|
|
51
|
+
Machina.config.identity_callback_uri = 'http://localhost:3000/auth/machina/callback'
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
it 'delegates to authorize_url with return_to' do
|
|
55
|
+
url = Machina.login_url(return_to: '/settings')
|
|
56
|
+
|
|
57
|
+
callback_with_return = 'http://localhost:3000/auth/machina/callback?return_to=%2Fsettings'
|
|
58
|
+
expect(url).to eq("#{base_url}/authorize?redirect_to=#{CGI.escape(callback_with_return)}")
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -12,4 +12,10 @@ RSpec.describe Machina::Configuration do
|
|
|
12
12
|
config.product_id = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
|
|
13
13
|
expect(config.product_id).to eq('a1b2c3d4-e5f6-7890-abcd-ef1234567890')
|
|
14
14
|
end
|
|
15
|
+
|
|
16
|
+
it 'supports identity_callback_uri configuration' do
|
|
17
|
+
config = described_class.new
|
|
18
|
+
config.identity_callback_uri = 'http://localhost:3000/auth/machina/callback'
|
|
19
|
+
expect(config.identity_callback_uri).to eq('http://localhost:3000/auth/machina/callback')
|
|
20
|
+
end
|
|
15
21
|
end
|
|
@@ -29,12 +29,15 @@ RSpec.describe Machina::ControllerHelpers, type: :controller do
|
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
it 'redirects browser requests to authorize when unauthenticated' do
|
|
32
|
+
it 'redirects browser requests to authorize using identity_callback_uri when unauthenticated' do
|
|
33
|
+
Machina.config.identity_callback_uri = 'http://localhost:3000/auth/machina/callback'
|
|
34
|
+
|
|
33
35
|
get :index
|
|
34
36
|
|
|
35
37
|
expect(response).to have_http_status(:redirect)
|
|
36
38
|
expect(response.location).to include('https://machina.example.test/authorize')
|
|
37
39
|
expect(response.location).to include('redirect_to=')
|
|
40
|
+
expect(CGI.unescape(response.location)).to include('http://localhost:3000/auth/machina/callback?return_to=')
|
|
38
41
|
end
|
|
39
42
|
|
|
40
43
|
it 'returns json unauthorized for api-style requests' do
|
|
@@ -106,7 +106,7 @@ RSpec.describe Machina::PermissionSync do
|
|
|
106
106
|
context 'with an ERB manifest' do
|
|
107
107
|
let(:tmpfile) do
|
|
108
108
|
file = Tempfile.new(['machina', '.yml'])
|
|
109
|
-
file.write(<<~
|
|
109
|
+
file.write(<<~YAML)
|
|
110
110
|
product_id: <%= "erb-product-id" %>
|
|
111
111
|
|
|
112
112
|
permissions:
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: machina-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- ZAR
|
|
@@ -174,6 +174,7 @@ files:
|
|
|
174
174
|
- spec/dummy/config/routes.rb
|
|
175
175
|
- spec/dummy/db/schema.rb
|
|
176
176
|
- spec/fixtures/machina.yml
|
|
177
|
+
- spec/machina/authorize_url_spec.rb
|
|
177
178
|
- spec/machina/authorized_spec.rb
|
|
178
179
|
- spec/machina/configuration_spec.rb
|
|
179
180
|
- spec/machina/controller_helpers_spec.rb
|