mauth-client 6.4.3 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +6 -3
- data/.ruby-version +1 -1
- data/.travis.yml +7 -5
- data/Appraisals +1 -1
- data/CHANGELOG.md +8 -0
- data/Gemfile +16 -0
- data/README.md +78 -29
- data/Rakefile +20 -12
- data/UPGRADE_GUIDE.md +21 -0
- data/doc/mauth-client_CLI.md +1 -11
- data/examples/Gemfile +0 -1
- data/examples/README.md +14 -13
- data/examples/get_country_info.rb +44 -0
- data/exe/mauth-client +1 -23
- data/gemfiles/faraday_0.x.gemfile +17 -1
- data/gemfiles/faraday_1.x.gemfile +16 -0
- data/gemfiles/faraday_2.x.gemfile +16 -0
- data/lib/mauth/client/{local_authenticator.rb → authenticator.rb} +124 -3
- data/lib/mauth/client/security_token_cacher.rb +1 -1
- data/lib/mauth/client.rb +13 -99
- data/lib/mauth/config_env.rb +84 -0
- data/lib/mauth/version.rb +1 -1
- data/mauth-client.gemspec +1 -16
- metadata +7 -216
- data/doc/mauth.yml.md +0 -84
- data/examples/Gemfile.lock +0 -69
- data/examples/config.yml +0 -12
- data/examples/get_user_info.rb +0 -58
- data/lib/mauth/client/authenticator_base.rb +0 -133
- data/lib/mauth/client/remote_authenticator.rb +0 -85
- data/lib/mauth/dice_bag/mauth.rb.dice +0 -12
- data/lib/mauth/dice_bag/mauth.yml.dice +0 -18
- data/lib/mauth/dice_bag/mauth_key.dice +0 -1
- data/lib/mauth/dice_bag/mauth_templates.rb +0 -21
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2bba0c6eb1611b4662a09c82bb2a0493ccdf10ad18519ca6cdfec4436da12fed
|
4
|
+
data.tar.gz: ea9cc4c97792777115f3e612a2baa1b7135c43f7b34302e66150a962f8dfd422
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7cd8843becf3ad4eb6595fd2de37fe17d459178c0ee2648794e117fa4cb13283fa359a3d154031fc466a4448a796616d4727e3f1e4cae725f797ec33a8a540b8
|
7
|
+
data.tar.gz: d43181445129e3a8fa350547d29bb10e8b02ef9762d35ff85b4fb87a6f26c47c08a2a1c227ff7618f07544dd6deebb8c6fe60ddfe2ebeda6fa12f3fd89a74807
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -5,7 +5,6 @@ require:
|
|
5
5
|
- rubocop-performance
|
6
6
|
|
7
7
|
AllCops:
|
8
|
-
TargetRubyVersion: 2.6
|
9
8
|
Exclude:
|
10
9
|
- gemfiles/**/*
|
11
10
|
|
@@ -20,7 +19,7 @@ Layout/FirstHashElementIndentation:
|
|
20
19
|
|
21
20
|
Layout/LineLength:
|
22
21
|
Exclude:
|
23
|
-
- spec/client/
|
22
|
+
- spec/client/authenticator_spec.rb
|
24
23
|
|
25
24
|
Lint/MissingSuper:
|
26
25
|
Exclude:
|
@@ -31,13 +30,17 @@ Lint/MissingSuper:
|
|
31
30
|
Metrics/AbcSize:
|
32
31
|
Exclude:
|
33
32
|
- lib/mauth/client.rb
|
34
|
-
- lib/mauth/client/
|
33
|
+
- lib/mauth/client/authenticator.rb
|
35
34
|
- lib/mauth/proxy.rb
|
36
35
|
|
37
36
|
Metrics/MethodLength:
|
38
37
|
Exclude:
|
39
38
|
- lib/mauth/client.rb
|
40
39
|
|
40
|
+
Metrics/ModuleLength:
|
41
|
+
Exclude:
|
42
|
+
- lib/mauth/client/authenticator.rb
|
43
|
+
|
41
44
|
Naming/FileName:
|
42
45
|
Exclude:
|
43
46
|
- lib/mauth-client.rb
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.7.
|
1
|
+
2.7.8
|
data/.travis.yml
CHANGED
@@ -3,10 +3,10 @@ language: ruby
|
|
3
3
|
cache: bundler
|
4
4
|
|
5
5
|
rvm:
|
6
|
-
- 2.6
|
7
6
|
- 2.7
|
8
7
|
- 3.0
|
9
8
|
- 3.1
|
9
|
+
- 3.2
|
10
10
|
|
11
11
|
env:
|
12
12
|
global:
|
@@ -15,9 +15,11 @@ env:
|
|
15
15
|
jobs:
|
16
16
|
exclude:
|
17
17
|
- rvm: 3.0
|
18
|
-
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3
|
18
|
+
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
|
19
19
|
- rvm: 3.1
|
20
|
-
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3
|
20
|
+
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
|
21
|
+
- rvm: 3.2
|
22
|
+
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
|
21
23
|
|
22
24
|
gemfile:
|
23
25
|
- gemfiles/faraday_0.x.gemfile
|
@@ -25,7 +27,7 @@ gemfile:
|
|
25
27
|
- gemfiles/faraday_2.x.gemfile
|
26
28
|
|
27
29
|
before_install:
|
28
|
-
- gem update --system
|
30
|
+
- gem update --system -N > /dev/null && echo "Rubygems version $(gem --version)" && bundle --version
|
29
31
|
|
30
32
|
install:
|
31
33
|
- bundle install
|
@@ -51,4 +53,4 @@ deploy:
|
|
51
53
|
on:
|
52
54
|
tags: true
|
53
55
|
repo: mdsol/mauth-client-ruby
|
54
|
-
condition: $TRAVIS_RUBY_VERSION == 3.
|
56
|
+
condition: $TRAVIS_RUBY_VERSION == 3.2 && $BUNDLE_GEMFILE == $TRAVIS_BUILD_DIR/gemfiles/faraday_2.x.gemfile
|
data/Appraisals
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
## v7.0.0
|
2
|
+
- Remove dice_bag and set configuration through environment variables directly.
|
3
|
+
- Rename the `V2_ONLY_SIGN_REQUESTS`, `V2_ONLY_AUTHENTICATE`, `DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE` and `V1_ONLY_SIGN_REQUESTS` environment variables.
|
4
|
+
- Remove the remote authenticator.
|
5
|
+
- Support Ruby 3.2.
|
6
|
+
|
7
|
+
See [UPGRADE_GUIDE.md](UPGRADE_GUIDE.md#upgrading-to-700) for migration.
|
8
|
+
|
1
9
|
## v6.4.3
|
2
10
|
- Force Rack > 2.2.3 to resolve [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr).
|
3
11
|
|
data/Gemfile
CHANGED
@@ -4,3 +4,19 @@ source 'https://rubygems.org'
|
|
4
4
|
|
5
5
|
# Specify your gem's dependencies in mauth-client.gemspec
|
6
6
|
gemspec
|
7
|
+
|
8
|
+
group :development do
|
9
|
+
gem 'appraisal', '~> 2.4'
|
10
|
+
gem 'benchmark-ips', '~> 2.7'
|
11
|
+
gem 'bundler', '>= 1.17'
|
12
|
+
gem 'byebug', '~> 11.1'
|
13
|
+
gem 'rack-test', '~> 1.1'
|
14
|
+
gem 'rake', '~> 12.0'
|
15
|
+
gem 'rspec', '~> 3.8'
|
16
|
+
gem 'rubocop', '~> 1.25'
|
17
|
+
gem 'rubocop-mdsol', '~> 0.1'
|
18
|
+
gem 'rubocop-performance', '~> 1.13'
|
19
|
+
gem 'simplecov', '~> 0.16'
|
20
|
+
gem 'timecop', '~> 0.9'
|
21
|
+
gem 'webmock', '~> 3.0'
|
22
|
+
end
|
data/README.md
CHANGED
@@ -27,26 +27,50 @@ $ gem install mauth-client
|
|
27
27
|
|
28
28
|
## Configuration
|
29
29
|
|
30
|
-
|
30
|
+
Configuration is set through environment variables:
|
31
|
+
|
32
|
+
- `MAUTH_PRIVATE_KEY`
|
33
|
+
- Required for signing and for authenticating responses.
|
34
|
+
|
35
|
+
- `MAUTH_PRIVATE_KEY_FILE`
|
36
|
+
- May be used instead of `MAUTH_PRIVATE_KEY`, mauth-client will load the file instead.
|
37
|
+
|
38
|
+
- `MAUTH_APP_UUID`
|
39
|
+
- Required in the same circumstances where a `private_key` is required.
|
40
|
+
|
41
|
+
- `MAUTH_URL`
|
42
|
+
- Required for authentication but not for signing. Needed to retrieve public keys. Usually this is `https://mauth.imedidata.com` for production.
|
43
|
+
|
44
|
+
- `MAUTH_API_VERSION`
|
45
|
+
- Required for authentication but not for signing. only `v1` exists as of this writing. Defaults to `v1`.
|
46
|
+
|
47
|
+
- `MAUTH_V2_ONLY_SIGN_REQUESTS`
|
48
|
+
- If true, all outgoing requests will be signed with only the V2 protocol. Defaults to false.
|
49
|
+
|
50
|
+
- `MAUTH_V2_ONLY_AUTHENTICATE`
|
51
|
+
- If true, any incoming request or incoming response that does not use the V2 protocol will be rejected. Defaults to false.
|
52
|
+
|
53
|
+
- `MAUTH_DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE`
|
54
|
+
- If true, any incoming V2 requests that fail authentication will not fall back to V1 authentication. Defaults to false.
|
55
|
+
|
56
|
+
- `MAUTH_V1_ONLY_SIGN_REQUESTS`
|
57
|
+
- If true, all outgoing requests will be signed with only the V1 protocol. Defaults to true. Note, cannot be `true` if `MAUTH_V2_ONLY_SIGN_REQUESTS` is also `true`.
|
58
|
+
|
59
|
+
|
31
60
|
This is simply loaded and passed to either middleware or directly to a MAuth::Client instance.
|
32
61
|
See the documentation for [MAuth::Client#initialize](lib/mauth/client.rb) for more details of what it accepts. Usually you will want:
|
33
62
|
|
34
63
|
```ruby
|
35
|
-
|
64
|
+
MAUTH_CONF = MAuth::Client.default_config
|
36
65
|
```
|
37
66
|
|
38
67
|
The `.default_config` method takes a number of options to tweak its expectations regarding defaults. See the
|
39
68
|
documentation for [MAuth::Client.default_config](lib/mauth/client.rb) for details.
|
40
69
|
|
41
|
-
The `private_key` and `app_uuid`
|
42
|
-
They’ll only work if the `app_uuid` has been stored in MAuth with a public key corresponding to the `private_key
|
43
|
-
|
44
|
-
If you do not have an `app_uuid` and keypair registered with the mauth service, you can use mauth's remote request authentication by omitting those fields.
|
45
|
-
MAuth-Client will make a call to MAuth for every request in order to authenticate remotely.
|
46
|
-
Remote authentication therefore requires more time than local authentication.
|
47
|
-
You will not be able to sign your responses without an `app_uuid` and a private key, so `MAuth::Rack::ResponseSigner` cannot be used.
|
70
|
+
The `private_key` and `app_uuid` enable local authentication (see section [Local Authentication](#local-authentication) below).
|
71
|
+
They’ll only work if the `app_uuid` has been stored in MAuth with a public key corresponding to the `private_key`.
|
48
72
|
|
49
|
-
The `mauth_baseurl` and `mauth_api_version` are required
|
73
|
+
The `mauth_baseurl` and `mauth_api_version` are required.
|
50
74
|
These tell the MAuth-Client where and how to communicate with the MAuth service.
|
51
75
|
|
52
76
|
The `v2_only_sign_requests` and `v2_only_authenticate` flags were added to facilitate conversion from the MAuth V1 protocol to the MAuth
|
@@ -57,6 +81,15 @@ V2 protocol. By default both of these flags are false. See [Protocol Versions](#
|
|
57
81
|
| true | requests are signed with only V2 | requests and responses are authenticated with only V2 |
|
58
82
|
| false | requests are signed with V1 and V2 | requests and responses are authenticated with the highest available protocol version |
|
59
83
|
|
84
|
+
### Generating keys
|
85
|
+
|
86
|
+
To generate a private key (`mauth_key`) and its public counterpart (`mauth_key.pub`) run:
|
87
|
+
|
88
|
+
```
|
89
|
+
openssl genrsa -out mauth_key 2048
|
90
|
+
openssl rsa -in mauth_key -pubout -out mauth_key.pub
|
91
|
+
```
|
92
|
+
|
60
93
|
## Rack Middleware Usage
|
61
94
|
|
62
95
|
MAuth-Client provides a middleware for request authentication and response verification in mauth/rack.
|
@@ -76,20 +109,20 @@ If used, this should come before the `MAuth::Rack::RequestAuthenticator` middlew
|
|
76
109
|
The ResponseSigner can be used ONLY if you have an `app_uuid` and `private_key` specified in your mauth configuration.
|
77
110
|
|
78
111
|
```ruby
|
79
|
-
config.middleware.use MAuth::Rack::ResponseSigner,
|
112
|
+
config.middleware.use MAuth::Rack::ResponseSigner, MAUTH_CONF
|
80
113
|
```
|
81
114
|
|
82
115
|
Then request authentication:
|
83
116
|
|
84
117
|
```ruby
|
85
|
-
config.middleware.use MAuth::Rack::RequestAuthenticator,
|
118
|
+
config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
|
86
119
|
```
|
87
120
|
|
88
121
|
However, assuming you have a route `/app_status`, you probably want to skip request authentication for that.
|
89
122
|
There is a middleware (`RequestAuthenticatorNoAppStatus`) to make that easier:
|
90
123
|
|
91
124
|
```ruby
|
92
|
-
config.middleware.use MAuth::Rack::RequestAuthenticatorNoAppStatus,
|
125
|
+
config.middleware.use MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
|
93
126
|
```
|
94
127
|
|
95
128
|
You may want to configure other conditions in which to bypass MAuth authentication.
|
@@ -101,10 +134,10 @@ If omitted, all incoming requests will be authenticated.
|
|
101
134
|
Here are a few example `:should_authenticate_check` procs:
|
102
135
|
|
103
136
|
```ruby
|
104
|
-
|
137
|
+
MAUTH_CONF[:should_authenticate_check] = proc do |env|
|
105
138
|
env['REQUEST_METHOD'] == 'GET'
|
106
139
|
end
|
107
|
-
config.middleware.use MAuth::Rack::RequestAuthenticator,
|
140
|
+
config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
|
108
141
|
```
|
109
142
|
|
110
143
|
Above, env is a hash of request parameters; this hash is generated by Rack.
|
@@ -114,16 +147,16 @@ The above proc will force the middleware to authenticate only GET requests.
|
|
114
147
|
Another example:
|
115
148
|
|
116
149
|
```ruby
|
117
|
-
|
150
|
+
MAUTH_CONF[:should_authenticate_check] = proc do |env|
|
118
151
|
env['PATH_INFO'] == '/studies.json'
|
119
152
|
end
|
120
|
-
config.middleware.use MAuth::Rack::RequestAuthenticator,
|
153
|
+
config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
|
121
154
|
```
|
122
155
|
|
123
156
|
The above proc will force the rack middleware to authenticate only requests to the "/studies.json" path.
|
124
157
|
To authenticate a group of related URIs, considered matching `env['PATH_INFO']` with one or more regular expressions.
|
125
158
|
|
126
|
-
The configuration passed to the middlewares in the above examples (`
|
159
|
+
The configuration passed to the middlewares in the above examples (`MAUTH_CONF`) is used create a new instance of `MAuth::Client`.
|
127
160
|
If you are managing an MAuth::Client of your own for some reason, you can pass that in on the key `:mauth_client => your_client`, and omit any other MAuth::Client configuration.
|
128
161
|
`:should_authenticate_check` is handled by the middleware and should still be specified alongside `:mauth_client`, if you are using it.
|
129
162
|
|
@@ -144,23 +177,39 @@ If the middleware is unable to authenticate the request because MAuth is unavail
|
|
144
177
|
Putting all this together, here are typical examples (in rails you would put that code in an initializer):
|
145
178
|
|
146
179
|
```ruby
|
147
|
-
mauth_config = MAuth::Client.default_config
|
148
180
|
require 'mauth/rack'
|
149
|
-
|
150
|
-
|
181
|
+
|
182
|
+
MAUTH_CONF = MAuth::Client.default_config
|
183
|
+
|
184
|
+
# ResponseSigner OPTIONAL; only use if you are registered in mauth service
|
185
|
+
Rails.application.config.middleware.insert_after Rack::Runtime, MAuth::Rack::ResponseSigner, MAUTH_CONF
|
186
|
+
if Rails.env.test? || Rails.env.development?
|
187
|
+
require 'mauth/fake/rack'
|
188
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticationFaker, MAUTH_CONF
|
189
|
+
else
|
190
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
|
191
|
+
end
|
151
192
|
```
|
152
193
|
|
153
194
|
With `:should_authenticate_check`:
|
154
195
|
|
155
196
|
```ruby
|
156
|
-
mauth_config = MAuth::Client.default_config
|
157
197
|
require 'mauth/rack'
|
158
|
-
|
198
|
+
|
199
|
+
MAUTH_CONF = MAuth::Client.default_config
|
159
200
|
# authenticate all requests which pass the some_condition_of check and aren't /app_status with MAuth
|
160
|
-
|
201
|
+
MAUTH_CONF[:should_authenticate_check] = proc do |env|
|
161
202
|
some_condition_of(env)
|
162
203
|
end
|
163
|
-
|
204
|
+
|
205
|
+
# ResponseSigner OPTIONAL; only use if you are registered in mauth service
|
206
|
+
Rails.application.config.middleware.insert_after Rack::Runtime, MAuth::Rack::ResponseSigner, MAUTH_CONF
|
207
|
+
if Rails.env.test? || Rails.env.development?
|
208
|
+
require 'mauth/fake/rack'
|
209
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticationFaker, MAUTH_CONF
|
210
|
+
else
|
211
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
|
212
|
+
end
|
164
213
|
```
|
165
214
|
|
166
215
|
## Fake middleware
|
@@ -175,7 +224,7 @@ This example code may augment the above examples to disable authentication in te
|
|
175
224
|
```ruby
|
176
225
|
require 'mauth/fake/rack'
|
177
226
|
authenticator = Rails.env != 'test' ? MAuth::Rack::RequestAuthenticator : MAuth::Rack::RequestAuthenticationFaker
|
178
|
-
config.middleware.use authenticator,
|
227
|
+
config.middleware.use authenticator, MAUTH_CONF
|
179
228
|
```
|
180
229
|
|
181
230
|
## Faraday Middleware Usage
|
@@ -185,8 +234,8 @@ Building your connection will look like:
|
|
185
234
|
|
186
235
|
```ruby
|
187
236
|
Faraday.new(some_args) do |builder|
|
188
|
-
builder.use MAuth::Faraday::RequestSigner,
|
189
|
-
builder.use MAuth::Faraday::ResponseAuthenticator,
|
237
|
+
builder.use MAuth::Faraday::RequestSigner, MAUTH_CONF
|
238
|
+
builder.use MAuth::Faraday::ResponseAuthenticator, MAUTH_CONF
|
190
239
|
builder.adapter Faraday.default_adapter
|
191
240
|
end
|
192
241
|
```
|
@@ -196,7 +245,7 @@ As with the rack middleware, this means it will be right next to the HTTP adapte
|
|
196
245
|
|
197
246
|
Only use the `MAuth::Faraday::ResponseAuthenticator` middleware if you are expecting the service you are communicating with to sign its responses (all services which are aware of MAuth _should_ be doing this).
|
198
247
|
|
199
|
-
`
|
248
|
+
`MAUTH_CONF` is the same as in Rack middleware, and as with the Rack middleware is used to initialize a `MAuth::Client` instance.
|
200
249
|
Also as with the Rack middleware, you can pass in a `MAuth::Client` instance you are using yourself on the `:mauth_client` key, and omit any other configuration.
|
201
250
|
|
202
251
|
Behavior is likewise similar to rack: if a `private_key` and `app_uuid` are specified, then ResponseAuthenticator will authenticate locally (see [Local Authentication](#local-authentication) below); if not, then it will go to the
|
data/Rakefile
CHANGED
@@ -40,18 +40,26 @@ end
|
|
40
40
|
|
41
41
|
desc 'Runs benchmarks for the library.'
|
42
42
|
task :benchmark do # rubocop:disable Metrics/BlockLength
|
43
|
+
private_key = OpenSSL::PKey::RSA.generate(2048)
|
44
|
+
public_key = private_key.public_key
|
45
|
+
app_uuid = SecureRandom.uuid
|
46
|
+
|
43
47
|
mc = MAuth::Client.new(
|
44
|
-
private_key:
|
45
|
-
app_uuid:
|
46
|
-
v2_only_sign_requests: false
|
48
|
+
private_key: private_key,
|
49
|
+
app_uuid: app_uuid,
|
50
|
+
v2_only_sign_requests: false,
|
51
|
+
mauth_baseurl: 'http://whatever',
|
52
|
+
mauth_api_version: 'v1'
|
47
53
|
)
|
48
|
-
authenticating_mc = MAuth::Client.new(mauth_baseurl: 'http://whatever', mauth_api_version: 'v1')
|
49
54
|
|
50
55
|
stubs = Faraday::Adapter::Test::Stubs.new
|
51
|
-
test_faraday =
|
56
|
+
test_faraday = Faraday.new do |builder|
|
52
57
|
builder.adapter(:test, stubs)
|
53
58
|
end
|
54
59
|
stubs.post('/mauth/v1/authentication_tickets.json') { [204, {}, []] }
|
60
|
+
stubs.get("/mauth/v1/security_tokens/#{app_uuid}.json") do
|
61
|
+
[200, {}, JSON.generate({ 'security_token' => { 'public_key_str' => public_key.to_s } })]
|
62
|
+
end
|
55
63
|
allow(Faraday).to receive(:new).and_return(test_faraday)
|
56
64
|
|
57
65
|
short_body = 'Somewhere in La Mancha, in a place I do not care to remember'
|
@@ -101,13 +109,13 @@ task :benchmark do # rubocop:disable Metrics/BlockLength
|
|
101
109
|
puts "i/s means the number of signatures of a message per second.\n\n\n"
|
102
110
|
|
103
111
|
Benchmark.ips do |bm|
|
104
|
-
bm.report('v1-authenticate-short') {
|
105
|
-
bm.report('v2-authenticate-short') {
|
106
|
-
bm.report('v2-authenticate-qs') {
|
107
|
-
bm.report('v1-authenticate-average') {
|
108
|
-
bm.report('v2-authenticate-average') {
|
109
|
-
bm.report('v1-authenticate-huge') {
|
110
|
-
bm.report('v2-authenticate-huge') {
|
112
|
+
bm.report('v1-authenticate-short') { mc.authentic?(v1_short_signed_request) }
|
113
|
+
bm.report('v2-authenticate-short') { mc.authentic?(v2_short_signed_request) }
|
114
|
+
bm.report('v2-authenticate-qs') { mc.authentic?(v2_qs_signed_request) }
|
115
|
+
bm.report('v1-authenticate-average') { mc.authentic?(v1_average_signed_request) }
|
116
|
+
bm.report('v2-authenticate-average') { mc.authentic?(v2_average_signed_request) }
|
117
|
+
bm.report('v1-authenticate-huge') { mc.authentic?(v1_huge_signed_request) }
|
118
|
+
bm.report('v2-authenticate-huge') { mc.authentic?(v2_huge_signed_request) }
|
111
119
|
bm.compare!
|
112
120
|
end
|
113
121
|
|
data/UPGRADE_GUIDE.md
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
# Upgrade Guide
|
2
|
+
|
3
|
+
## Versions
|
4
|
+
- [Upgrading to 7.0.0](#upgrading-to-700)
|
5
|
+
|
6
|
+
### Upgrading to 7.0.0
|
7
|
+
|
8
|
+
Version 7.0.0 drops dice_bag.
|
9
|
+
|
10
|
+
Please remove the following files and update the `.gitignore` file accordingly:
|
11
|
+
- `config/initializers/mauth.rb.dice`
|
12
|
+
- `config/mauth_key`
|
13
|
+
- `config/mauth_key.dice`
|
14
|
+
- `config/mauth.yml`
|
15
|
+
- `config/mauth.yml.dice`
|
16
|
+
|
17
|
+
Prepend `MAUTH_` to the following environment variables:
|
18
|
+
- `V2_ONLY_SIGN_REQUESTS`
|
19
|
+
- `V2_ONLY_AUTHENTICATE`
|
20
|
+
- `DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE`
|
21
|
+
- `V1_ONLY_SIGN_REQUESTS`
|
data/doc/mauth-client_CLI.md
CHANGED
@@ -8,17 +8,7 @@ The MAuth-Client CLI is part of the MAuth Client gem, refer to [the README](../R
|
|
8
8
|
|
9
9
|
## Configuration
|
10
10
|
|
11
|
-
The CLI is configured with
|
12
|
-
|
13
|
-
The MAuth-Client CLI tool looks for the configuration file in several places:
|
14
|
-
|
15
|
-
- if an environment variable `MAUTH_CONFIG_YML` points to an existing file, mauth-client will use that file if it exists.
|
16
|
-
- if you have a file `~/.mauth_config.yml` then it will use that. This is useful if you have your own mauth key.
|
17
|
-
- if you are in a directory relative to which a config/mauth.yml exists, it will use that. This is useful if you are working in a project which uses mauth and has a key configured.
|
18
|
-
- if you are in a directory in which a file mauth.yml exists, it will use that.
|
19
|
-
|
20
|
-
mauth.yml is expected to contain, at the top level, an environment key or keys.
|
21
|
-
mauth-client checks environment variables `RAILS_ENV` and `RACK_ENV` to determine the environment, and defaults to 'development' if none of these are set.
|
11
|
+
The CLI is configured with the [MAuth environment variables](../README.md#Configuration) - see the readme doc for instructions.
|
22
12
|
|
23
13
|
## Usage
|
24
14
|
|
data/examples/Gemfile
CHANGED
data/examples/README.md
CHANGED
@@ -2,11 +2,10 @@
|
|
2
2
|
|
3
3
|
## Configuration
|
4
4
|
|
5
|
-
After obtaining valid credentials you need to
|
5
|
+
After obtaining valid credentials you need to set the `MAUTH_APP_UUID`, `MAUTH_PRIVATE_KEY_FILE` and `REFERENCES_HOST` environment variables.
|
6
6
|
You also need to provide a mauth key and put it in the `mauth_key` file.
|
7
|
-
See [the mauth config file doc](../doc/mauth.yml.md) for more information.
|
8
7
|
|
9
|
-
This folder contains its own Gemfile
|
8
|
+
This folder contains its own Gemfile file to manage dependencies so you need to run
|
10
9
|
```
|
11
10
|
bundle install
|
12
11
|
```
|
@@ -15,19 +14,21 @@ before trying any of the scripts.
|
|
15
14
|
|
16
15
|
## Fetching a given user's info
|
17
16
|
|
18
|
-
Simply run the provided shell script by passing an
|
17
|
+
Simply run the provided shell script by passing an search term, for instance:
|
19
18
|
```
|
20
|
-
./
|
19
|
+
MAUTH_APP_UUID=<APP UUID> MAUTH_PRIVATE_KEY_FILE=./mauth_key REFERENCES_HOST=https://references-innovate.imedidata.net ./get_country_info.rb Albania
|
21
20
|
```
|
22
21
|
|
23
|
-
This should print the
|
22
|
+
This should print the country's info, something along the lines of:
|
24
23
|
```
|
25
|
-
|
26
|
-
|
27
|
-
"
|
28
|
-
"
|
29
|
-
"
|
30
|
-
|
24
|
+
[
|
25
|
+
{
|
26
|
+
"uuid": "9301ff5a-6703-11e1-b86c-0800200c9a66",
|
27
|
+
"name": "Albania",
|
28
|
+
"three_letter_code": "ALB",
|
29
|
+
"two_letter_code": "AL",
|
30
|
+
"version": "2021-06-30T12:00:00Z",
|
31
|
+
"country_code": "ALB"
|
31
32
|
}
|
32
|
-
|
33
|
+
]
|
33
34
|
```
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
abort "USAGE: ./#{__FILE__} <SEARCH TERM>" unless ARGV.size == 1
|
5
|
+
|
6
|
+
require 'bundler/setup'
|
7
|
+
Bundler.require(:default)
|
8
|
+
|
9
|
+
# get country information
|
10
|
+
def get_country_info(search_term)
|
11
|
+
get_data_from_references "countries.json?search_term=#{search_term}"
|
12
|
+
end
|
13
|
+
|
14
|
+
# fetch data from References
|
15
|
+
def get_data_from_references(resource_name)
|
16
|
+
puts "fetching #{resource_name}..."
|
17
|
+
mauth_config = MAuth::ConfigEnv.load
|
18
|
+
references_host = ENV.fetch('REFERENCES_HOST', 'https://references-innovate.imedidata.com')
|
19
|
+
begin
|
20
|
+
connection = Faraday::Connection.new(url: references_host) do |builder|
|
21
|
+
builder.use MAuth::Faraday::RequestSigner, mauth_config
|
22
|
+
builder.adapter Faraday.default_adapter
|
23
|
+
end
|
24
|
+
|
25
|
+
# get the data
|
26
|
+
response = connection.get "/v1/#{resource_name}"
|
27
|
+
puts "HTTP #{response.status}"
|
28
|
+
|
29
|
+
# return the user info
|
30
|
+
if response.status == 200
|
31
|
+
result = JSON.parse(response.body)
|
32
|
+
puts JSON.pretty_generate(result)
|
33
|
+
result
|
34
|
+
else
|
35
|
+
puts response.body
|
36
|
+
nil
|
37
|
+
end
|
38
|
+
rescue JSON::ParserError => e
|
39
|
+
puts "Error parsing data from references: #{e.inspect}"
|
40
|
+
puts e.backtrace.join("\n")
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
get_country_info(ARGV[0])
|
data/exe/mauth-client
CHANGED
@@ -53,31 +53,9 @@ end
|
|
53
53
|
opt_parser.parse!
|
54
54
|
abort(opt_parser.help) unless (2..3).cover?(ARGV.size)
|
55
55
|
|
56
|
-
# FIND MAUTH CONFIG
|
57
|
-
|
58
|
-
possible_mauth_config_files = [
|
59
|
-
# whoops, I called this MAUTH_CONFIG_YML in one place and MAUTH_CONFIG_YAML in another. supporting both for now.
|
60
|
-
ENV['MAUTH_CONFIG_YML'],
|
61
|
-
ENV['MAUTH_CONFIG_YAML'],
|
62
|
-
'~/.mauth_config.yml',
|
63
|
-
'./config/mauth.yml',
|
64
|
-
'./mauth.yml'
|
65
|
-
].compact
|
66
|
-
|
67
|
-
mauth_config_yml = possible_mauth_config_files.detect do |filename|
|
68
|
-
File.exist?(File.expand_path(filename))
|
69
|
-
end
|
70
|
-
unless mauth_config_yml
|
71
|
-
message = 'could not find mauth config. giving up. please place a mauth config in one of the standard places, ' \
|
72
|
-
'or point the MAUTH_CONFIG_YML environment variable at an existing one. standard places are:' +
|
73
|
-
possible_mauth_config_files.map { |f| "\n\t#{f}" }.join
|
74
|
-
abort message
|
75
|
-
end
|
76
|
-
|
77
|
-
mauth_config = MAuth::Client.default_config(mauth_config_yml: File.expand_path(mauth_config_yml))
|
78
|
-
|
79
56
|
# INSTANTIATE MAUTH CLIENT
|
80
57
|
|
58
|
+
mauth_config = MAuth::ConfigEnv.load
|
81
59
|
logger = Logger.new($stderr)
|
82
60
|
mauth_client = MAuth::Client.new(mauth_config.merge('logger' => logger))
|
83
61
|
|
@@ -2,6 +2,22 @@
|
|
2
2
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
|
-
gem "faraday", "0.9
|
5
|
+
gem "faraday", "~> 0.9"
|
6
|
+
|
7
|
+
group :development do
|
8
|
+
gem "appraisal", "~> 2.4"
|
9
|
+
gem "benchmark-ips", "~> 2.7"
|
10
|
+
gem "bundler", ">= 1.17"
|
11
|
+
gem "byebug", "~> 11.1"
|
12
|
+
gem "rack-test", "~> 1.1"
|
13
|
+
gem "rake", "~> 12.0"
|
14
|
+
gem "rspec", "~> 3.8"
|
15
|
+
gem "rubocop", "~> 1.25"
|
16
|
+
gem "rubocop-mdsol", "~> 0.1"
|
17
|
+
gem "rubocop-performance", "~> 1.13"
|
18
|
+
gem "simplecov", "~> 0.16"
|
19
|
+
gem "timecop", "~> 0.9"
|
20
|
+
gem "webmock", "~> 3.0"
|
21
|
+
end
|
6
22
|
|
7
23
|
gemspec path: "../"
|
@@ -4,4 +4,20 @@ source "https://rubygems.org"
|
|
4
4
|
|
5
5
|
gem "faraday", "~> 1.0"
|
6
6
|
|
7
|
+
group :development do
|
8
|
+
gem "appraisal", "~> 2.4"
|
9
|
+
gem "benchmark-ips", "~> 2.7"
|
10
|
+
gem "bundler", ">= 1.17"
|
11
|
+
gem "byebug", "~> 11.1"
|
12
|
+
gem "rack-test", "~> 1.1"
|
13
|
+
gem "rake", "~> 12.0"
|
14
|
+
gem "rspec", "~> 3.8"
|
15
|
+
gem "rubocop", "~> 1.25"
|
16
|
+
gem "rubocop-mdsol", "~> 0.1"
|
17
|
+
gem "rubocop-performance", "~> 1.13"
|
18
|
+
gem "simplecov", "~> 0.16"
|
19
|
+
gem "timecop", "~> 0.9"
|
20
|
+
gem "webmock", "~> 3.0"
|
21
|
+
end
|
22
|
+
|
7
23
|
gemspec path: "../"
|
@@ -4,4 +4,20 @@ source "https://rubygems.org"
|
|
4
4
|
|
5
5
|
gem "faraday", "~> 2.0"
|
6
6
|
|
7
|
+
group :development do
|
8
|
+
gem "appraisal", "~> 2.4"
|
9
|
+
gem "benchmark-ips", "~> 2.7"
|
10
|
+
gem "bundler", ">= 1.17"
|
11
|
+
gem "byebug", "~> 11.1"
|
12
|
+
gem "rack-test", "~> 1.1"
|
13
|
+
gem "rake", "~> 12.0"
|
14
|
+
gem "rspec", "~> 3.8"
|
15
|
+
gem "rubocop", "~> 1.25"
|
16
|
+
gem "rubocop-mdsol", "~> 0.1"
|
17
|
+
gem "rubocop-performance", "~> 1.13"
|
18
|
+
gem "simplecov", "~> 0.16"
|
19
|
+
gem "timecop", "~> 0.9"
|
20
|
+
gem "webmock", "~> 3.0"
|
21
|
+
end
|
22
|
+
|
7
23
|
gemspec path: "../"
|