mauth-client 6.4.3 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c5c8ded4837eb0121ecd7fd62c01bec223b6db9fb50a1b3980498aa36d71bf8
-  data.tar.gz: 67b03ee8a3fd10cafea89cffe72612b68b7c8069a58adf7a6b33ce59263fdb00
+  metadata.gz: 13c58b1677a77952cf139df370154dbbe079aeb4aa3be211520796edf3ff5a02
+  data.tar.gz: cf39996376710d65d3e6fdecda46248788641028783d98b42f02e747a1ac1e74
 SHA512:
-  metadata.gz: d217082d10bcedd5aa63d8149cab66743037bf53e714d5400a7fe1315684e1490a81d5b9aac5dc7d181d66c04d800daf60e79504e64422d8b9ad47c489fb4c31
-  data.tar.gz: bd187aa095910349963d0046d0426527bb89a770104b54351f49933a90a95ad91f74c965d8b48f63f2faf43c4d2d248f1f61dd07b20cb099c2f19250476fbb2e
+  metadata.gz: daee87957cb651a32d8a7f5b07004a90c7ac3f690fa5d59069f5b8a73ca22d5afcdb014ea8113b96661da59790e0fa190f16ef01264336c951ccdab20980f2d8
+  data.tar.gz: '0774058a011e491316dc0e264fd56c301028fc9f5e450499021d6a1e5736e476b49104c44b0a05d785f1b855feb88fa528b1d5fb4c03398676dc54b16da7e728'

data/.gitignore

@@ -11,4 +11,5 @@
 /gemfiles/*.gemfile.lock
 
 /Gemfile.lock
+/examples/Gemfile.lock
 .byebug_history

data/.rubocop.yml

@@ -5,7 +5,6 @@ require:
   - rubocop-performance
 
 AllCops:
-  TargetRubyVersion: 2.6
   Exclude:
     - gemfiles/**/*
 
@@ -20,7 +19,7 @@ Layout/FirstHashElementIndentation:
 
 Layout/LineLength:
   Exclude:
-    - spec/client/local_authenticator_spec.rb
+    - spec/client/authenticator_spec.rb
 
 Lint/MissingSuper:
   Exclude:
@@ -31,13 +30,17 @@ Lint/MissingSuper:
 Metrics/AbcSize:
   Exclude:
     - lib/mauth/client.rb
-    - lib/mauth/client/local_authenticator.rb
+    - lib/mauth/client/authenticator.rb
     - lib/mauth/proxy.rb
 
 Metrics/MethodLength:
   Exclude:
     - lib/mauth/client.rb
 
+Metrics/ModuleLength:
+  Exclude:
+    - lib/mauth/client/authenticator.rb
+
 Naming/FileName:
   Exclude:
     - lib/mauth-client.rb

data/.ruby-version

@@ -1 +1 @@
-2.7.6
+2.7.8

data/.travis.yml

@@ -3,29 +3,21 @@ language: ruby
 cache: bundler
 
 rvm:
-  - 2.6
   - 2.7
   - 3.0
   - 3.1
+  - 3.2
 
 env:
   global:
     - BUNDLE_JOBS=4
 
-jobs:
-  exclude:
-    - rvm: 3.0
-      gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3.0 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
-    - rvm: 3.1
-      gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3.0 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
-
 gemfile:
-  - gemfiles/faraday_0.x.gemfile
   - gemfiles/faraday_1.x.gemfile
   - gemfiles/faraday_2.x.gemfile
 
 before_install:
-  - gem update --system --force -N > /dev/null && echo "Rubygems version $(gem --version)" && bundle --version
+  - gem update --system -N > /dev/null && echo "Rubygems version $(gem --version)" && bundle --version
 
 install:
   - bundle install
@@ -51,4 +43,4 @@ deploy:
   on:
     tags: true
     repo: mdsol/mauth-client-ruby
-    condition: $TRAVIS_RUBY_VERSION == 3.1 && $BUNDLE_GEMFILE == $TRAVIS_BUILD_DIR/gemfiles/faraday_1.x.gemfile
+    condition: $TRAVIS_RUBY_VERSION == 3.2 && $BUNDLE_GEMFILE == $TRAVIS_BUILD_DIR/gemfiles/faraday_2.x.gemfile

data/Appraisals

@@ -1,11 +1,7 @@
 # frozen_string_literal: true
 
-appraise 'faraday_0.x' do
-  gem 'faraday', '0.9.0'
-end
-
 appraise 'faraday_1.x' do
-  gem 'faraday', '~> 1.0'
+  gem 'faraday', '~> 1.9'
 end
 
 appraise 'faraday_2.x' do

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## v7.1.0
+- Add MAuth::PrivateKeyHelper.load method to process RSA private keys.
+- Update Faraday configuration in SecurityTokenCacher:
+  - Add the `MAUTH_USE_RAILS_CACHE` environment variable to make `Rails.cache` usable to cache public keys.
+  - Shorten timeout for connection, add retries, and use persistent HTTP connections.
+- Drop support for Faraday < 1.9.
+
+## v7.0.0
+- Remove dice_bag and set configuration through environment variables directly.
+- Rename the `V2_ONLY_SIGN_REQUESTS`, `V2_ONLY_AUTHENTICATE`, `DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE` and `V1_ONLY_SIGN_REQUESTS` environment variables.
+- Remove the remote authenticator.
+- Support Ruby 3.2.
+
+See [UPGRADE_GUIDE.md](UPGRADE_GUIDE.md#upgrading-to-700) for migration.
+
 ## v6.4.3
 - Force Rack > 2.2.3 to resolve [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr).
 

data/Gemfile

@@ -4,3 +4,19 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in mauth-client.gemspec
 gemspec
+
+group :development do
+  gem 'appraisal', '~> 2.4'
+  gem 'benchmark-ips', '~> 2.7'
+  gem 'bundler', '>= 1.17'
+  gem 'byebug', '~> 11.1'
+  gem 'rack-test', '~> 1.1'
+  gem 'rake', '~> 12.0'
+  gem 'rspec', '~> 3.8'
+  gem 'rubocop', '~> 1.25'
+  gem 'rubocop-mdsol', '~> 0.1'
+  gem 'rubocop-performance', '~> 1.13'
+  gem 'simplecov', '~> 0.16'
+  gem 'timecop', '~> 0.9'
+  gem 'webmock', '~> 3.0'
+end

data/README.md

@@ -27,26 +27,52 @@ $ gem install mauth-client
 
 ## Configuration
 
-MAuth is typically configured by a yaml file, [mauth.yml](doc/mauth.yml.md) - see its page for more documentation.
+Configuration is set through environment variables:
+
+- `MAUTH_PRIVATE_KEY`
+  - Required for signing and for authentication.
+
+- `MAUTH_PRIVATE_KEY_FILE`
+  - May be used instead of `MAUTH_PRIVATE_KEY`, mauth-client will load the file instead.
+
+- `MAUTH_APP_UUID`
+  - Required in the same circumstances where a `private_key` is required.
+
+- `MAUTH_URL`
+  - Required for authentication but not for signing. Needed to retrieve public keys. Usually this is `https://mauth.imedidata.com` for production.
+
+- `MAUTH_API_VERSION`
+  - Required for authentication but not for signing. only `v1` exists as of this writing. Defaults to `v1`.
+
+- `MAUTH_V2_ONLY_SIGN_REQUESTS`
+  - If true, all outgoing requests will be signed with only the V2 protocol. Defaults to false.
+
+- `MAUTH_V2_ONLY_AUTHENTICATE`
+  - If true, any incoming request or incoming response that does not use the V2 protocol will be rejected. Defaults to false.
+
+- `MAUTH_DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE`
+  - If true, any incoming V2 requests that fail authentication will not fall back to V1 authentication. Defaults to false.
+
+- `MAUTH_V1_ONLY_SIGN_REQUESTS`
+  - If true, all outgoing requests will be signed with only the V1 protocol. Defaults to true. Note, cannot be `true` if `MAUTH_V2_ONLY_SIGN_REQUESTS` is also `true`.
+
+- `MAUTH_USE_RAILS_CACHE`
+  - If true, `Rails.cache` is used to cache public keys for authentication.
+
 This is simply loaded and passed to either middleware or directly to a MAuth::Client instance.
 See the documentation for [MAuth::Client#initialize](lib/mauth/client.rb) for more details of what it accepts. Usually you will want:
 
 ```ruby
-mauth_config = MAuth::Client.default_config
+MAUTH_CONF = MAuth::Client.default_config
 ```
 
 The `.default_config` method takes a number of options to tweak its expectations regarding defaults. See the
 documentation for [MAuth::Client.default_config](lib/mauth/client.rb) for details.
 
-The `private_key` and `app_uuid` (which go in mauth.yml) enable local authentication (see section [Local Authentication](#local-authentication) below).
-They’ll only work if the `app_uuid` has been stored in MAuth with a public key corresponding to the `private_key` in mauth.yml.
-
-If you do not have an `app_uuid` and keypair registered with the mauth service, you can use mauth's remote request authentication by omitting those fields.
-MAuth-Client will make a call to MAuth for every request in order to authenticate remotely.
-Remote authentication therefore requires more time than local authentication.
-You will not be able to sign your responses without an `app_uuid` and a private key, so `MAuth::Rack::ResponseSigner` cannot be used.
+The `private_key` and `app_uuid` are required for signing and for authentication.
+They’ll only work if the `app_uuid` has been stored in MAuth with a public key corresponding to the `private_key`.
 
-The `mauth_baseurl` and `mauth_api_version` are required in mauth.yml.
+The `mauth_baseurl` and `mauth_api_version` are required for authentication.
 These tell the MAuth-Client where and how to communicate with the MAuth service.
 
 The `v2_only_sign_requests` and `v2_only_authenticate` flags were added to facilitate conversion from the MAuth V1 protocol to the MAuth
@@ -57,6 +83,15 @@ V2 protocol. By default both of these flags are false. See [Protocol Versions](#
 | true  | requests are signed with only V2   | requests and responses are authenticated with only V2                                |
 | false | requests are signed with V1 and V2 | requests and responses are authenticated with the highest available protocol version |
 
+### Generating keys
+
+To generate a private key (`mauth_key`) and its public counterpart (`mauth_key.pub`) run:
+
+```
+openssl genrsa -out mauth_key 2048
+openssl rsa -in mauth_key -pubout -out mauth_key.pub
+```
+
 ## Rack Middleware Usage
 
 MAuth-Client provides a middleware for request authentication and response verification in mauth/rack.
@@ -76,20 +111,20 @@ If used, this should come before the `MAuth::Rack::RequestAuthenticator` middlew
 The ResponseSigner can be used ONLY if you have an `app_uuid` and `private_key` specified in your mauth configuration.
 
 ```ruby
-config.middleware.use MAuth::Rack::ResponseSigner, mauth_config
+config.middleware.use MAuth::Rack::ResponseSigner, MAUTH_CONF
 ```
 
 Then request authentication:
 
 ```ruby
-config.middleware.use MAuth::Rack::RequestAuthenticator, mauth_config
+config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
 ```
 
 However, assuming you have a route `/app_status`, you probably want to skip request authentication for that.
 There is a middleware (`RequestAuthenticatorNoAppStatus`) to make that easier:
 
 ```ruby
-config.middleware.use MAuth::Rack::RequestAuthenticatorNoAppStatus, mauth_config
+config.middleware.use MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
 ```
 
 You may want to configure other conditions in which to bypass MAuth authentication.
@@ -101,10 +136,10 @@ If omitted, all incoming requests will be authenticated.
 Here are a few example `:should_authenticate_check` procs:
 
 ```ruby
-mauth_config[:should_authenticate_check] = proc do |env|
+MAUTH_CONF[:should_authenticate_check] = proc do |env|
   env['REQUEST_METHOD'] == 'GET'
 end
-config.middleware.use MAuth::Rack::RequestAuthenticator, mauth_config
+config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
 ```
 
 Above, env is a hash of request parameters; this hash is generated by Rack.
@@ -114,16 +149,16 @@ The above proc will force the middleware to authenticate only GET requests.
 Another example:
 
 ```ruby
-mauth_config[:should_authenticate_check] = proc do |env|
+MAUTH_CONF[:should_authenticate_check] = proc do |env|
   env['PATH_INFO'] == '/studies.json'
 end
-config.middleware.use MAuth::Rack::RequestAuthenticator, mauth_config
+config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
 ```
 
 The above proc will force the rack middleware to authenticate only requests to the "/studies.json" path.
 To authenticate a group of related URIs, considered matching `env['PATH_INFO']` with one or more regular expressions.
 
-The configuration passed to the middlewares in the above examples (`mauth_config`) is used create a new instance of `MAuth::Client`.
+The configuration passed to the middlewares in the above examples (`MAUTH_CONF`) is used create a new instance of `MAuth::Client`.
 If you are managing an MAuth::Client of your own for some reason, you can pass that in on the key `:mauth_client => your_client`, and omit any other MAuth::Client configuration.
 `:should_authenticate_check` is handled by the middleware and should still be specified alongside `:mauth_client`, if you are using it.
 
@@ -144,23 +179,39 @@ If the middleware is unable to authenticate the request because MAuth is unavail
 Putting all this together, here are typical examples (in rails you would put that code in an initializer):
 
 ```ruby
-mauth_config = MAuth::Client.default_config
 require 'mauth/rack'
-config.middleware.use MAuth::Rack::ResponseSigner, mauth_config
-config.middleware.use MAuth::Rack:: RequestAuthenticatorNoAppStatus, mauth_config
+
+MAUTH_CONF = MAuth::Client.default_config
+
+# ResponseSigner OPTIONAL; only use if you are registered in mauth service
+Rails.application.config.middleware.insert_after Rack::Runtime, MAuth::Rack::ResponseSigner, MAUTH_CONF
+if Rails.env.test? || Rails.env.development?
+  require 'mauth/fake/rack'
+  Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticationFaker, MAUTH_CONF
+else
+  Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
+end
 ```
 
 With `:should_authenticate_check`:
 
 ```ruby
-mauth_config = MAuth::Client.default_config
 require 'mauth/rack'
-config.middleware.use MAuth::Rack::ResponseSigner, mauth_config
+
+MAUTH_CONF = MAuth::Client.default_config
 # authenticate all requests which pass the some_condition_of check and aren't /app_status with MAuth
-mauth_config[:should_authenticate_check] = proc do |env|
+MAUTH_CONF[:should_authenticate_check] = proc do |env|
   some_condition_of(env)
 end
-config.middleware.use MAuth::Rack:: RequestAuthenticatorNoAppStatus, mauth_config
+
+# ResponseSigner OPTIONAL; only use if you are registered in mauth service
+Rails.application.config.middleware.insert_after Rack::Runtime, MAuth::Rack::ResponseSigner, MAUTH_CONF
+if Rails.env.test? || Rails.env.development?
+  require 'mauth/fake/rack'
+  Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticationFaker, MAUTH_CONF
+else
+  Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
+end
 ```
 
 ## Fake middleware
@@ -175,7 +226,7 @@ This example code may augment the above examples to disable authentication in te
 ```ruby
 require 'mauth/fake/rack'
 authenticator = Rails.env != 'test' ? MAuth::Rack::RequestAuthenticator : MAuth::Rack::RequestAuthenticationFaker
-config.middleware.use authenticator, mauth_config
+config.middleware.use authenticator, MAUTH_CONF
 ```
 
 ## Faraday Middleware Usage
@@ -185,8 +236,8 @@ Building your connection will look like:
 
 ```ruby
 Faraday.new(some_args) do |builder|
-  builder.use MAuth::Faraday::RequestSigner, mauth_config
-  builder.use MAuth::Faraday::ResponseAuthenticator, mauth_config
+  builder.use MAuth::Faraday::RequestSigner, MAUTH_CONF
+  builder.use MAuth::Faraday::ResponseAuthenticator, MAUTH_CONF
   builder.adapter Faraday.default_adapter
 end
 ```
@@ -196,12 +247,10 @@ As with the rack middleware, this means it will be right next to the HTTP adapte
 
 Only use the `MAuth::Faraday::ResponseAuthenticator` middleware if you are expecting the service you are communicating with to sign its responses (all services which are aware of MAuth _should_ be doing this).
 
-`mauth_config` is the same as in Rack middleware, and as with the Rack middleware is used to initialize a `MAuth::Client` instance.
+`MAUTH_CONF` is the same as in Rack middleware, and as with the Rack middleware is used to initialize a `MAuth::Client` instance.
 Also as with the Rack middleware, you can pass in a `MAuth::Client` instance you are using yourself on the `:mauth_client` key, and omit any other configuration.
 
-Behavior is likewise similar to rack: if a `private_key` and `app_uuid` are specified, then ResponseAuthenticator will authenticate locally (see [Local Authentication](#local-authentication) below); if not, then it will go to the
-mauth service to authenticate.
-`MAuth::Faraday::RequestSigner` cannot be used without a `private_key` and `app_uuid`.
+Both `MAuth::Faraday::ResponseAuthenticator` and `MAuth::Faraday::RequestSigner` cannot be used without a `private_key` and `app_uuid`.
 
 If a response which does not appear to be authentic is received by the `MAuth::Faraday::ResponseAuthenticator` middleware, a `MAuth::InauthenticError` will be raised.
 
@@ -223,18 +272,6 @@ request = MAuth::Request.new(verb: my_verb, request_url: my_request_url, body: m
 ```
 `mauth_client.signed_headers(request)` will then return mauth headers which you can apply to your request.
 
-## Local Authentication
-
-When doing local authentication, the MAuth-Client will periodically fetch and cache public keys from MAuth.
-Each public key will be cached locally for 60 seconds.
-Applications which connect frequently to the app will benefit most from this caching strategy.
-When fetching public keys from MAuth, the following rules apply:
-
-1. If MAuth returns the public key for a given `app_uuid`, MAuth-Client will refresh its local cache with this new public key.
-2. If MAuth cannot find the public key for a given `app_uuid` (i.e. returns a 404 status code), MAuth-Client will remove the corresponding public key from its local cache and authentication of any message from the application with this public key will fail as a consequence.
-3. If the request to MAuth times out or MAuth returns a 500 status code, the requested public key will not be removed from local MAuth-Client cache (if it exists there in the first place).
-   The cached version will continue to be used for local authentication until MAuth::Client is able to again communicate with MAuth.
-
 ## Warning
 
 During development classes are typically not cached in Rails applications.

data/Rakefile

@@ -40,18 +40,26 @@ end
 
 desc 'Runs benchmarks for the library.'
 task :benchmark do # rubocop:disable Metrics/BlockLength
+  private_key = OpenSSL::PKey::RSA.generate(2048)
+  public_key = private_key.public_key
+  app_uuid = SecureRandom.uuid
+
   mc = MAuth::Client.new(
-    private_key: OpenSSL::PKey::RSA.generate(2048),
-    app_uuid: SecureRandom.uuid,
-    v2_only_sign_requests: false
+    private_key: private_key,
+    app_uuid: app_uuid,
+    v2_only_sign_requests: false,
+    mauth_baseurl: 'http://whatever',
+    mauth_api_version: 'v1'
   )
-  authenticating_mc = MAuth::Client.new(mauth_baseurl: 'http://whatever', mauth_api_version: 'v1')
 
   stubs = Faraday::Adapter::Test::Stubs.new
-  test_faraday = ::Faraday.new do |builder|
+  test_faraday = Faraday.new do |builder|
     builder.adapter(:test, stubs)
   end
   stubs.post('/mauth/v1/authentication_tickets.json') { [204, {}, []] }
+  stubs.get("/mauth/v1/security_tokens/#{app_uuid}.json") do
+    [200, {}, JSON.generate({ 'security_token' => { 'public_key_str' => public_key.to_s } })]
+  end
   allow(Faraday).to receive(:new).and_return(test_faraday)
 
   short_body = 'Somewhere in La Mancha, in a place I do not care to remember'
@@ -101,13 +109,13 @@ task :benchmark do # rubocop:disable Metrics/BlockLength
   puts "i/s means the number of signatures of a message per second.\n\n\n"
 
   Benchmark.ips do |bm|
-    bm.report('v1-authenticate-short') { authenticating_mc.authentic?(v1_short_signed_request) }
-    bm.report('v2-authenticate-short') { authenticating_mc.authentic?(v2_short_signed_request) }
-    bm.report('v2-authenticate-qs') { authenticating_mc.authentic?(v2_qs_signed_request) }
-    bm.report('v1-authenticate-average') { authenticating_mc.authentic?(v1_average_signed_request) }
-    bm.report('v2-authenticate-average') { authenticating_mc.authentic?(v2_average_signed_request) }
-    bm.report('v1-authenticate-huge') { authenticating_mc.authentic?(v1_huge_signed_request) }
-    bm.report('v2-authenticate-huge') { authenticating_mc.authentic?(v2_huge_signed_request) }
+    bm.report('v1-authenticate-short') { mc.authentic?(v1_short_signed_request) }
+    bm.report('v2-authenticate-short') { mc.authentic?(v2_short_signed_request) }
+    bm.report('v2-authenticate-qs') { mc.authentic?(v2_qs_signed_request) }
+    bm.report('v1-authenticate-average') { mc.authentic?(v1_average_signed_request) }
+    bm.report('v2-authenticate-average') { mc.authentic?(v2_average_signed_request) }
+    bm.report('v1-authenticate-huge') { mc.authentic?(v1_huge_signed_request) }
+    bm.report('v2-authenticate-huge') { mc.authentic?(v2_huge_signed_request) }
     bm.compare!
   end
 

data/UPGRADE_GUIDE.md

@@ -0,0 +1,21 @@
+# Upgrade Guide
+
+## Versions
+- [Upgrading to 7.0.0](#upgrading-to-700)
+
+### Upgrading to 7.0.0
+
+Version 7.0.0 drops dice_bag.
+
+Please remove the following files and update the `.gitignore` file accordingly:
+- `config/initializers/mauth.rb.dice`
+- `config/mauth_key`
+- `config/mauth_key.dice`
+- `config/mauth.yml`
+- `config/mauth.yml.dice`
+
+Prepend `MAUTH_` to the following environment variables:
+- `V2_ONLY_SIGN_REQUESTS`
+- `V2_ONLY_AUTHENTICATE`
+- `DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE`
+- `V1_ONLY_SIGN_REQUESTS`

data/doc/mauth-client_CLI.md

@@ -8,17 +8,7 @@ The MAuth-Client CLI is part of the MAuth Client gem, refer to [the README](../R
 
 ## Configuration
 
-The CLI is configured with a [mauth.yml](./mauth.yml.md) file - see its page for instructions.
-
-The MAuth-Client CLI tool looks for the configuration file in several places:
-
-- if an environment variable `MAUTH_CONFIG_YML` points to an existing file, mauth-client will use that file if it exists.
-- if you have a file `~/.mauth_config.yml` then it will use that. This is useful if you have your own mauth key.
-- if you are in a directory relative to which a config/mauth.yml exists, it will use that. This is useful if you are working in a project which uses mauth and has a key configured.
-- if you are in a directory in which a file mauth.yml exists, it will use that.
-
-mauth.yml is expected to contain, at the top level, an environment key or keys.
-mauth-client checks environment variables `RAILS_ENV` and `RACK_ENV` to determine the environment, and defaults to 'development' if none of these are set.
+The CLI is configured with the [MAuth environment variables](../README.md#Configuration) - see the readme doc for instructions.
 
 ## Usage
 

data/examples/Gemfile

@@ -2,5 +2,4 @@
 
 source 'https://rubygems.org'
 
-gem 'faraday', '~> 1.0'
 gem 'mauth-client', path: '..'

data/examples/README.md

@@ -2,11 +2,10 @@
 
 ## Configuration
 
-After obtaining valid credentials you need to edit the `config.yml` file and set the `app_uuid` accordingly.
+After obtaining valid credentials you need to set the `MAUTH_APP_UUID`, `MAUTH_PRIVATE_KEY_FILE` and `REFERENCES_HOST` environment variables.
 You also need to provide a mauth key and put it in the `mauth_key` file.
-See [the mauth config file doc](../doc/mauth.yml.md) for more information.
 
-This folder contains its own Gemfile and Gemfile.lock files to manage dependencies so you need to run
+This folder contains its own Gemfile file to manage dependencies so you need to run
 ```
 bundle install
 ```
@@ -15,19 +14,21 @@ before trying any of the scripts.
 
 ## Fetching a given user's info
 
-Simply run the provided shell script by passing an user's UUID, for instance:
+Simply run the provided shell script by passing an search term, for instance:
 ```
-./get_user_info.rb 4735d013-8d78-4980-8846-fbecf0db0b8e
+MAUTH_APP_UUID=<APP UUID> MAUTH_PRIVATE_KEY_FILE=./mauth_key REFERENCES_HOST=https://references-innovate.imedidata.net ./get_country_info.rb Albania
 ```
 
-This should print the user's info, something along the lines of:
+This should print the country's info, something along the lines of:
 ```
-{
-  "user": {
-    "login": "name",
-    "email": "the.email.address@example.com",
-    "uuid": "4735d013-8d78-4980-8846-fbecf0db0b8e",
-    ...
+[
+  {
+    "uuid": "9301ff5a-6703-11e1-b86c-0800200c9a66",
+    "name": "Albania",
+    "three_letter_code": "ALB",
+    "two_letter_code": "AL",
+    "version": "2021-06-30T12:00:00Z",
+    "country_code": "ALB"
   }
-}
+]
 ```

data/examples/get_country_info.rb

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+abort "USAGE: ./#{__FILE__} <SEARCH TERM>" unless ARGV.size == 1
+
+require 'bundler/setup'
+Bundler.require(:default)
+
+# get country information
+def get_country_info(search_term)
+  get_data_from_references "countries.json?search_term=#{search_term}"
+end
+
+# fetch data from References
+def get_data_from_references(resource_name)
+  puts "fetching #{resource_name}..."
+  mauth_config = MAuth::ConfigEnv.load
+  references_host = ENV.fetch('REFERENCES_HOST', 'https://references-innovate.imedidata.com')
+  begin
+    connection = Faraday::Connection.new(url: references_host) do |builder|
+      builder.use MAuth::Faraday::RequestSigner, mauth_config
+      builder.adapter Faraday.default_adapter
+    end
+
+    # get the data
+    response = connection.get "/v1/#{resource_name}"
+    puts "HTTP #{response.status}"
+
+    # return the user info
+    if response.status == 200
+      result = JSON.parse(response.body)
+      puts JSON.pretty_generate(result)
+      result
+    else
+      puts response.body
+      nil
+    end
+  rescue JSON::ParserError => e
+    puts "Error parsing data from references: #{e.inspect}"
+    puts e.backtrace.join("\n")
+  end
+end
+
+get_country_info(ARGV[0])

data/exe/mauth-client

@@ -53,31 +53,9 @@ end
 opt_parser.parse!
 abort(opt_parser.help) unless (2..3).cover?(ARGV.size)
 
-# FIND MAUTH CONFIG
-
-possible_mauth_config_files = [
-  # whoops, I called this MAUTH_CONFIG_YML in one place and MAUTH_CONFIG_YAML in another. supporting both for now.
-  ENV['MAUTH_CONFIG_YML'],
-  ENV['MAUTH_CONFIG_YAML'],
-  '~/.mauth_config.yml',
-  './config/mauth.yml',
-  './mauth.yml'
-].compact
-
-mauth_config_yml = possible_mauth_config_files.detect do |filename|
-  File.exist?(File.expand_path(filename))
-end
-unless mauth_config_yml
-  message = 'could not find mauth config. giving up. please place a mauth config in one of the standard places, ' \
-            'or point the MAUTH_CONFIG_YML environment variable at an existing one. standard places are:' +
-            possible_mauth_config_files.map { |f| "\n\t#{f}" }.join
-  abort message
-end
-
-mauth_config = MAuth::Client.default_config(mauth_config_yml: File.expand_path(mauth_config_yml))
-
 # INSTANTIATE MAUTH CLIENT
 
+mauth_config = MAuth::ConfigEnv.load
 logger = Logger.new($stderr)
 mauth_client = MAuth::Client.new(mauth_config.merge('logger' => logger))
 

data/gemfiles/faraday_1.x.gemfile

@@ -2,6 +2,22 @@
 
 source "https://rubygems.org"
 
-gem "faraday", "~> 1.0"
+gem "faraday", "~> 1.9"
+
+group :development do
+  gem "appraisal", "~> 2.4"
+  gem "benchmark-ips", "~> 2.7"
+  gem "bundler", ">= 1.17"
+  gem "byebug", "~> 11.1"
+  gem "rack-test", "~> 1.1"
+  gem "rake", "~> 12.0"
+  gem "rspec", "~> 3.8"
+  gem "rubocop", "~> 1.25"
+  gem "rubocop-mdsol", "~> 0.1"
+  gem "rubocop-performance", "~> 1.13"
+  gem "simplecov", "~> 0.16"
+  gem "timecop", "~> 0.9"
+  gem "webmock", "~> 3.0"
+end
 
 gemspec path: "../"

data/gemfiles/faraday_2.x.gemfile

@@ -4,4 +4,20 @@ source "https://rubygems.org"
 
 gem "faraday", "~> 2.0"
 
+group :development do
+  gem "appraisal", "~> 2.4"
+  gem "benchmark-ips", "~> 2.7"
+  gem "bundler", ">= 1.17"
+  gem "byebug", "~> 11.1"
+  gem "rack-test", "~> 1.1"
+  gem "rake", "~> 12.0"
+  gem "rspec", "~> 3.8"
+  gem "rubocop", "~> 1.25"
+  gem "rubocop-mdsol", "~> 0.1"
+  gem "rubocop-performance", "~> 1.13"
+  gem "simplecov", "~> 0.16"
+  gem "timecop", "~> 0.9"
+  gem "webmock", "~> 3.0"
+end
+
 gemspec path: "../"