mauth-client 6.2.0 → 6.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: be045713042cd9a25e7b0219d959c1208c66b700c8a113130d7865d91e17db7d
-  data.tar.gz: 155e903f0fa2fafabf2167c9d908398259ec2c9336b7f953bda83efe13667559
+  metadata.gz: 1871065424b09a341be04ecae785be82574cef1fafacb689d2ea538e8d25d03e
+  data.tar.gz: 6ff7c37a989fcdd8ec8e4d46d9ce4e0ab61cd16a7fcd1784f1d85f24e67a2ad1
 SHA512:
-  metadata.gz: 8c97d131c0f9aef554ab5ebb7fd06193ec50a50f7a81fc93a184ba30b5b91bf870c560a06ce9c5dfeb19dab7cb7410c771b355fbbfb1055e56327147c32c5a6a
-  data.tar.gz: 446f8d0a681376361e3b9eabd86b20f3bfe2d28bdb028edf0b78c6e21f9222a7eaed5de3ba4fecd5afa95059698a14f6f4aaeba083d31ff5c55f618b9cbcdb12
+  metadata.gz: a71f408dd52e310d544f65d0b0ea03df7a671db23bfc11a39a38795bd23f3f0ff78472982e4176461fd55ea98d3ed5de9a8d9ec9cfea19ffd334d167d9ba1836
+  data.tar.gz: 8334a7c74a7829b52fae5bde7ac783e425c86285d6d17db8f79088ff3998736786813cc5a56de2ffe12fe594db32606e76d9831befb59e3ee507683e4bbd6c76

data/.travis.yml

@@ -34,7 +34,7 @@ deploy:
   provider: rubygems
   gem: mauth-client
   api_key:
-    secure: J0aPDp4+Ev2L+ZDcgpF+hAG95S4IsD6pCiDRxDWnrk79P5hq1rXoD3S39ANyqtQEQqkoVjsgoSP5JLi420aL2lYj7mhvaEOty9fK+flwUhI4nw+Gztm7EKNDNX8WKvk4fl4Zc7noIeI0uyes867hDjRQfyYvUuma7aK5H9NWzNUV9Q+KrVAoneVDGnNydxwkuuIpOFdjbVQgNpxVhVBV7Q4OLsB1KtWB9lptMwhqnyqZKex7JZ+37sojaj3oVT5ijrnAm+bR1QO1hGIOwuBako2iz+MBZHPccM4BEFsZme/7olypxv0JfeCuhqDnH1VWIFh6IZRDeLnZuX3qOhkdx4HLwxB//5O5+iapK0wh1zbnLvXqkE1dalUHyaZzStKH9xchIWl5I77Ica232OJYrpj9hhroae0p3VARF0IoZceKaH8NnMpq+nBAW4REcWrqPpe9xkRLDTNibkpaAy08vGOF2kPZkWw4lfkVBM1+wjY2xDn6wJ7VgQ1BeosbeTXbmny2TUeI22beihn894tzpCPPHiTRvKu0lV3jBfeoOAXzE333PrGm3zF9MDhg+1/iBwXVhdoOwEwBPQ/3Hu37xJn0AfRneni4StYnIkZ1Ur9Vub03J/3C3Aw6it99rQSWvC+2PzHqQhsG22VprvxlozFe1jFzdqKgvDkbkn44ltI=
+    secure: QDp0P/lMGLYc4+A3M6VD9y551X6GrGwOSBE6xSG4lE6mPXoSISK5Yj18vNWQRQuQ4BsE6CdfZ/xsPjSRDda6b+yUQbgisjJ+Ry6jUVE1v9UKTZ0VHgHyXcsaJFC29tBKBeuGCj0AD5qhbTO1+ybeZSUfdSeVVoidD4W/bSnvzlT1Lht7IE8jbHbR57LsJKoEaDxKu33dg4CYV96xrlYGxHAS2UgEgi5Ve3ohzBWkX9RWF/wWoGCzIYhJBzXgCEEFw8iWkspjTePgv9yjD2HIMtF44aiSTHM5iqBBsYJ7A8+kUwoq7+srsashHZ1wZz1YulsCSkjwM9AXZ4E0f9AnERw/RQ5gG7bCuHZtSG9g/0SWBQeNfkAF3An6eTSS24KVfnarGdH2bk0G28k2oP26MWiDKz8nlQxNAY4rH+dITael18bgf45H4KccQqiooBEGnuYpUAuIPB+1l+BsIcRQnrU3LDtmtZn0KrCHHJ7EHOdogOG+/Pxof8ht1xF7V+HYhhzSRJs2JkvmZsp4q2T7W6b6kfi59Cz3LpqA1HHYcL5/OFZeLA/TlCNke0CRMxG8k3udDKj50jqFATXEa8lNyGLjmWh7tL9Bb/uy+CU47qUdx+V4K+kheAvNFtHfpxmyUGJSY0FH02H1VBPWm10DZ7kH+6jgCKyXuql+yWDw62s=
   on:
     tags: true
     repo: mdsol/mauth-client-ruby

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## v6.2.1
+* Fix SecurityTokenCacher to not cache tokens forever.
+
 ## v6.2.0
 * Drop legacy security token expiry in favor of honoring server cache headers via Faraday HTTP Cache Middleware.
 

data/lib/mauth/client/security_token_cacher.rb

@@ -1,5 +1,5 @@
 require 'faraday-http-cache'
-require 'oj'
+require 'mauth/faraday'
 
 module MAuth
   class Client
@@ -9,36 +9,31 @@ module MAuth
         def initialize(mauth_client)
           @mauth_client = mauth_client
           # TODO: should this be UnableToSignError?
-          @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!"))
-          @cache = {}
-          require 'thread'
-          @cache_write_lock = Mutex.new
+          @mauth_client.assert_private_key(
+            UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")
+          )
         end
 
         def get(app_uuid)
-          if !@cache[app_uuid]
-            # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
-            # app_uuid - probably not exploitable, but this is the right way to do it anyway.
-            url_encoded_app_uuid = CGI.escape(app_uuid)
-            begin
-              response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json")
-            rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
-              msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
-              @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
-              raise UnableToAuthenticateError, msg
-            end
-            if response.status == 200
-              @cache_write_lock.synchronize do
-                @cache[app_uuid] = security_token_from(response.body)
-              end
-            elsif response.status == 404
-              # signing with a key mAuth doesn't know about is considered inauthentic
-              raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
-            else
-              @mauth_client.send(:mauth_service_response_error, response)
-            end
+          # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
+          # app_uuid - probably not exploitable, but this is the right way to do it anyway.
+          url_encoded_app_uuid = CGI.escape(app_uuid)
+          path = "/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
+          response = signed_mauth_connection.get(path)
+
+          case response.status
+          when 200
+            security_token_from(response.body)
+          when 404
+            # signing with a key mAuth doesn't know about is considered inauthentic
+            raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
+          else
+            @mauth_client.send(:mauth_service_response_error, response)
           end
-          @cache[app_uuid]
+        rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
+          msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
+          @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
+          raise UnableToAuthenticateError, msg
         end
 
         private
@@ -52,14 +47,17 @@ module MAuth
         end
 
         def signed_mauth_connection
-          require 'faraday'
-          require 'mauth/faraday'
-          @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path } if @mauth_client.ssl_certs_path
-          @signed_mauth_connection ||= ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
-            builder.use MAuth::Faraday::MAuthClientUserAgent
-            builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
-            builder.use :http_cache, serializer: Oj, logger: MAuth::Client.new.logger, shared_cache: false
-            builder.adapter ::Faraday.default_adapter
+          @signed_mauth_connection ||= begin
+            if @mauth_client.ssl_certs_path
+              @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path }
+            end
+
+            ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
+              builder.use MAuth::Faraday::MAuthClientUserAgent
+              builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
+              builder.use :http_cache, logger: MAuth::Client.new.logger, shared_cache: false
+              builder.adapter ::Faraday.default_adapter
+            end
           end
         end
       end

data/lib/mauth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MAuth
-  VERSION = '6.2.0'
+  VERSION = '6.2.1'
 end

data/mauth-client.gemspec

@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday', '>= 0.9', '< 2.0'
   spec.add_dependency 'faraday_middleware', '>= 0.9', '< 2.0'
   spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
-  spec.add_dependency 'oj', '~> 3.0'
   spec.add_dependency 'term-ansicolor', '~> 1.0'
   spec.add_dependency 'coderay', '~> 1.0'
   spec.add_dependency 'rack'
@@ -37,4 +36,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'simplecov', '~> 0.16'
   spec.add_development_dependency 'timecop', '~> 0.9'
   spec.add_development_dependency 'benchmark-ips', '~> 2.7'
+  spec.add_development_dependency 'webmock', '~> 3.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mauth-client
 version: !ruby/object:Gem::Version
-  version: 6.2.0
+  version: 6.2.1
 platform: ruby
 authors:
 - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-06-10 00:00:00.000000000 Z
+date: 2021-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -73,20 +73,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: oj
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
@@ -289,6 +275,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description: Client for signing and authentication of requests and responses with
   mAuth authentication. Includes middleware for Rack and Faraday for incoming and
   outgoing requests and responses.