mauth-client 4.2.0 → 4.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e197a763a48eeb58d88be12eab10dc6e2c7c104287b0371a41120bd920402db
4
- data.tar.gz: 84ef6da779ededf897bfe7a44eb2581073c2404a1208ae3a233b2d84c1bc98eb
3
+ metadata.gz: 9a4124d677e7aee9626ea7e796bd5f92c695146cdadc125c2f05f3138d471758
4
+ data.tar.gz: 4eda569778ce91ced2cedfd14a231281e35ec068b86d2e551d52541d05b3f795
5
5
  SHA512:
6
- metadata.gz: f640994364eee25edcbbf611a611eb539efc96432de37daf78c0211f83e966154c5dcfb321fff6e25e067fdb53faae6af792665897a7ae4d295beada833282d2
7
- data.tar.gz: 6270a48e063208842a1055d39814b96fe2cb4b8ceea04592eb94c62b533f110fe5510ca9060f321d5f4a309b96aaf9c99489ff28e068e5ddd6c04e20c1ae9bab
6
+ metadata.gz: 6118dc54acd81a9dc16d1364fab960dee75c5a5e055fc79bb2517d6eb48e3dbf033078b913b231f430fc9ae953be5f56ab727664bc147b0e90f0f71203ec9f14
7
+ data.tar.gz: fa8e3328ef7e779322e8ad0c7f4a3520f53370838a10e4cf1d0b8710ee0031fc37f4d5d31f080d39d7134c0dfa2a263a131c1323269e988a79978bcf21efd775
data/.travis.yml CHANGED
@@ -13,19 +13,23 @@ before_install:
13
13
 
14
14
  install:
15
15
  - bundle install --jobs=3 --retry=3
16
- - |-
17
- curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_install.sh | bash -s -- -b $TRAVIS_BUILD_DIR
16
+ - >-
17
+ curl -H 'Cache-Control: no-cache'
18
+ https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/main/travis_ci/fossa_install.sh |
19
+ bash -s -- -b $TRAVIS_BUILD_DIR
18
20
 
19
21
  script:
20
22
  - bundle exec rspec
21
- - |-
22
- curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_run.sh | bash -s -- -b $TRAVIS_BUILD_DIR
23
+ - >-
24
+ curl -H 'Cache-Control: no-cache'
25
+ https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/main/travis_ci/fossa_run.sh |
26
+ bash -s -- -b $TRAVIS_BUILD_DIR
23
27
 
24
28
  deploy:
25
29
  provider: rubygems
26
30
  gem: mauth-client
27
31
  api_key:
28
- secure: J0aPDp4+Ev2L+ZDcgpF+hAG95S4IsD6pCiDRxDWnrk79P5hq1rXoD3S39ANyqtQEQqkoVjsgoSP5JLi420aL2lYj7mhvaEOty9fK+flwUhI4nw+Gztm7EKNDNX8WKvk4fl4Zc7noIeI0uyes867hDjRQfyYvUuma7aK5H9NWzNUV9Q+KrVAoneVDGnNydxwkuuIpOFdjbVQgNpxVhVBV7Q4OLsB1KtWB9lptMwhqnyqZKex7JZ+37sojaj3oVT5ijrnAm+bR1QO1hGIOwuBako2iz+MBZHPccM4BEFsZme/7olypxv0JfeCuhqDnH1VWIFh6IZRDeLnZuX3qOhkdx4HLwxB//5O5+iapK0wh1zbnLvXqkE1dalUHyaZzStKH9xchIWl5I77Ica232OJYrpj9hhroae0p3VARF0IoZceKaH8NnMpq+nBAW4REcWrqPpe9xkRLDTNibkpaAy08vGOF2kPZkWw4lfkVBM1+wjY2xDn6wJ7VgQ1BeosbeTXbmny2TUeI22beihn894tzpCPPHiTRvKu0lV3jBfeoOAXzE333PrGm3zF9MDhg+1/iBwXVhdoOwEwBPQ/3Hu37xJn0AfRneni4StYnIkZ1Ur9Vub03J/3C3Aw6it99rQSWvC+2PzHqQhsG22VprvxlozFe1jFzdqKgvDkbkn44ltI=
32
+ secure: QDp0P/lMGLYc4+A3M6VD9y551X6GrGwOSBE6xSG4lE6mPXoSISK5Yj18vNWQRQuQ4BsE6CdfZ/xsPjSRDda6b+yUQbgisjJ+Ry6jUVE1v9UKTZ0VHgHyXcsaJFC29tBKBeuGCj0AD5qhbTO1+ybeZSUfdSeVVoidD4W/bSnvzlT1Lht7IE8jbHbR57LsJKoEaDxKu33dg4CYV96xrlYGxHAS2UgEgi5Ve3ohzBWkX9RWF/wWoGCzIYhJBzXgCEEFw8iWkspjTePgv9yjD2HIMtF44aiSTHM5iqBBsYJ7A8+kUwoq7+srsashHZ1wZz1YulsCSkjwM9AXZ4E0f9AnERw/RQ5gG7bCuHZtSG9g/0SWBQeNfkAF3An6eTSS24KVfnarGdH2bk0G28k2oP26MWiDKz8nlQxNAY4rH+dITael18bgf45H4KccQqiooBEGnuYpUAuIPB+1l+BsIcRQnrU3LDtmtZn0KrCHHJ7EHOdogOG+/Pxof8ht1xF7V+HYhhzSRJs2JkvmZsp4q2T7W6b6kfi59Cz3LpqA1HHYcL5/OFZeLA/TlCNke0CRMxG8k3udDKj50jqFATXEa8lNyGLjmWh7tL9Bb/uy+CU47qUdx+V4K+kheAvNFtHfpxmyUGJSY0FH02H1VBPWm10DZ7kH+6jgCKyXuql+yWDw62s=
29
33
  on:
30
34
  tags: true
31
35
  repo: mdsol/mauth-client-ruby
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## v4.2.1
2
+ * Fix SecurityTokenCacher to not cache tokens forever.
3
+
1
4
  ## v4.2.0
2
5
  * Drop legacy security token expiry in favor of honoring server cache headers via Faraday HTTP Cache Middleware.
3
6
 
data/lib/mauth/client.rb CHANGED
@@ -8,7 +8,7 @@ require 'mauth/autoload'
8
8
  require 'mauth/dice_bag/mauth_templates'
9
9
  require 'mauth/version'
10
10
  require 'faraday-http-cache'
11
- require 'oj'
11
+ require 'mauth/faraday'
12
12
 
13
13
  module MAuth
14
14
  class Client
@@ -411,35 +411,32 @@ module MAuth
411
411
  def initialize(mauth_client)
412
412
  @mauth_client = mauth_client
413
413
  # TODO: should this be UnableToSignError?
414
- @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!"))
415
- @cache = {}
416
- require 'thread'
417
- @cache_write_lock = Mutex.new
414
+ @mauth_client.assert_private_key(
415
+ UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")
416
+ )
418
417
  end
419
418
 
420
419
  def get(app_uuid)
421
- if !@cache[app_uuid]
422
- # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
423
- # app_uuid - probably not exploitable, but this is the right way to do it anyway.
424
- # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include /
425
- url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
426
- begin
427
- response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json")
428
- rescue ::Faraday::Error::ConnectionFailed, ::Faraday::Error::TimeoutError
429
- raise UnableToAuthenticateError, "mAuth service did not respond; received #{$!.class}: #{$!.message}"
430
- end
431
- if response.status == 200
432
- @cache_write_lock.synchronize do
433
- @cache[app_uuid] = security_token_from(response.body)
434
- end
435
- elsif response.status == 404
436
- # signing with a key mAuth doesn't know about is considered inauthentic
437
- raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
438
- else
439
- @mauth_client.send(:mauth_service_response_error, response)
440
- end
420
+ # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
421
+ # app_uuid - probably not exploitable, but this is the right way to do it anyway.
422
+ # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include /
423
+ url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
424
+ path = "/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
425
+ response = signed_mauth_connection.get(path)
426
+
427
+ case response.status
428
+ when 200
429
+ security_token_from(response.body)
430
+ when 404
431
+ # signing with a key mAuth doesn't know about is considered inauthentic
432
+ raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
433
+ else
434
+ @mauth_client.send(:mauth_service_response_error, response)
441
435
  end
442
- @cache[app_uuid]
436
+ rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
437
+ msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
438
+ @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
439
+ raise UnableToAuthenticateError, msg
443
440
  end
444
441
 
445
442
  private
@@ -453,14 +450,17 @@ module MAuth
453
450
  end
454
451
 
455
452
  def signed_mauth_connection
456
- require 'faraday'
457
- require 'mauth/faraday'
458
- @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path } if @mauth_client.ssl_certs_path
459
- @signed_mauth_connection ||= ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
460
- builder.use MAuth::Faraday::MAuthClientUserAgent
461
- builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
462
- builder.use :http_cache, serializer: Oj, logger: MAuth::Client.new.logger, shared_cache: false
463
- builder.adapter ::Faraday.default_adapter
453
+ @signed_mauth_connection ||= begin
454
+ if @mauth_client.ssl_certs_path
455
+ @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path }
456
+ end
457
+
458
+ ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
459
+ builder.use MAuth::Faraday::MAuthClientUserAgent
460
+ builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
461
+ builder.use :http_cache, logger: MAuth::Client.new.logger, shared_cache: false
462
+ builder.adapter ::Faraday.default_adapter
463
+ end
464
464
  end
465
465
  end
466
466
  end
data/lib/mauth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MAuth
2
- VERSION = '4.2.0'.freeze
2
+ VERSION = '4.2.1'.freeze
3
3
  end
data/mauth-client.gemspec CHANGED
@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
21
21
  spec.add_dependency 'faraday', '>= 0.17', '< 1.0'
22
22
  spec.add_dependency 'faraday_middleware', '>= 0.9', '< 2.0'
23
23
  spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
24
- spec.add_dependency 'oj', '~> 3.0'
25
24
  spec.add_dependency 'term-ansicolor', '~> 1.0'
26
25
  spec.add_dependency 'coderay', '~> 1.0'
27
26
  spec.add_dependency 'rack'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mauth-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.0
4
+ version: 4.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: exe
13
13
  cert_chain: []
14
- date: 2021-06-16 00:00:00.000000000 Z
14
+ date: 2021-09-27 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: faraday
@@ -73,20 +73,6 @@ dependencies:
73
73
  - - "<"
74
74
  - !ruby/object:Gem::Version
75
75
  version: '3.0'
76
- - !ruby/object:Gem::Dependency
77
- name: oj
78
- requirement: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '3.0'
83
- type: :runtime
84
- prerelease: false
85
- version_requirements: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: '3.0'
90
76
  - !ruby/object:Gem::Dependency
91
77
  name: term-ansicolor
92
78
  requirement: !ruby/object:Gem::Requirement