mauth-client 6.4.3 → 7.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +6 -3
- data/.ruby-version +1 -1
- data/.travis.yml +3 -11
- data/Appraisals +1 -5
- data/CHANGELOG.md +15 -0
- data/Gemfile +16 -0
- data/README.md +81 -44
- data/Rakefile +20 -12
- data/UPGRADE_GUIDE.md +21 -0
- data/doc/mauth-client_CLI.md +1 -11
- data/examples/Gemfile +0 -1
- data/examples/README.md +14 -13
- data/examples/get_country_info.rb +44 -0
- data/exe/mauth-client +1 -23
- data/gemfiles/faraday_1.x.gemfile +17 -1
- data/gemfiles/faraday_2.x.gemfile +16 -0
- data/lib/mauth/client/{local_authenticator.rb → authenticator.rb} +124 -3
- data/lib/mauth/client/security_token_cacher.rb +20 -13
- data/lib/mauth/client.rb +21 -101
- data/lib/mauth/config_env.rb +81 -0
- data/lib/mauth/private_key_helper.rb +30 -0
- data/lib/mauth/version.rb +1 -1
- data/mauth-client.gemspec +5 -17
- metadata +30 -198
- data/.fossa.yml +0 -14
- data/doc/mauth.yml.md +0 -84
- data/examples/Gemfile.lock +0 -69
- data/examples/config.yml +0 -12
- data/examples/get_user_info.rb +0 -58
- data/gemfiles/faraday_0.x.gemfile +0 -7
- data/lib/mauth/client/authenticator_base.rb +0 -133
- data/lib/mauth/client/remote_authenticator.rb +0 -85
- data/lib/mauth/dice_bag/mauth.rb.dice +0 -12
- data/lib/mauth/dice_bag/mauth.yml.dice +0 -18
- data/lib/mauth/dice_bag/mauth_key.dice +0 -1
- data/lib/mauth/dice_bag/mauth_templates.rb +0 -21
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 13c58b1677a77952cf139df370154dbbe079aeb4aa3be211520796edf3ff5a02
|
4
|
+
data.tar.gz: cf39996376710d65d3e6fdecda46248788641028783d98b42f02e747a1ac1e74
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: daee87957cb651a32d8a7f5b07004a90c7ac3f690fa5d59069f5b8a73ca22d5afcdb014ea8113b96661da59790e0fa190f16ef01264336c951ccdab20980f2d8
|
7
|
+
data.tar.gz: '0774058a011e491316dc0e264fd56c301028fc9f5e450499021d6a1e5736e476b49104c44b0a05d785f1b855feb88fa528b1d5fb4c03398676dc54b16da7e728'
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -5,7 +5,6 @@ require:
|
|
5
5
|
- rubocop-performance
|
6
6
|
|
7
7
|
AllCops:
|
8
|
-
TargetRubyVersion: 2.6
|
9
8
|
Exclude:
|
10
9
|
- gemfiles/**/*
|
11
10
|
|
@@ -20,7 +19,7 @@ Layout/FirstHashElementIndentation:
|
|
20
19
|
|
21
20
|
Layout/LineLength:
|
22
21
|
Exclude:
|
23
|
-
- spec/client/
|
22
|
+
- spec/client/authenticator_spec.rb
|
24
23
|
|
25
24
|
Lint/MissingSuper:
|
26
25
|
Exclude:
|
@@ -31,13 +30,17 @@ Lint/MissingSuper:
|
|
31
30
|
Metrics/AbcSize:
|
32
31
|
Exclude:
|
33
32
|
- lib/mauth/client.rb
|
34
|
-
- lib/mauth/client/
|
33
|
+
- lib/mauth/client/authenticator.rb
|
35
34
|
- lib/mauth/proxy.rb
|
36
35
|
|
37
36
|
Metrics/MethodLength:
|
38
37
|
Exclude:
|
39
38
|
- lib/mauth/client.rb
|
40
39
|
|
40
|
+
Metrics/ModuleLength:
|
41
|
+
Exclude:
|
42
|
+
- lib/mauth/client/authenticator.rb
|
43
|
+
|
41
44
|
Naming/FileName:
|
42
45
|
Exclude:
|
43
46
|
- lib/mauth-client.rb
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.7.
|
1
|
+
2.7.8
|
data/.travis.yml
CHANGED
@@ -3,29 +3,21 @@ language: ruby
|
|
3
3
|
cache: bundler
|
4
4
|
|
5
5
|
rvm:
|
6
|
-
- 2.6
|
7
6
|
- 2.7
|
8
7
|
- 3.0
|
9
8
|
- 3.1
|
9
|
+
- 3.2
|
10
10
|
|
11
11
|
env:
|
12
12
|
global:
|
13
13
|
- BUNDLE_JOBS=4
|
14
14
|
|
15
|
-
jobs:
|
16
|
-
exclude:
|
17
|
-
- rvm: 3.0
|
18
|
-
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3.0 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
|
19
|
-
- rvm: 3.1
|
20
|
-
gemfile: gemfiles/faraday_0.x.gemfile # Faraday v0.x does not officially support Ruby 3.0 (see: https://github.com/lostisland/faraday/releases/tag/v1.3.0)
|
21
|
-
|
22
15
|
gemfile:
|
23
|
-
- gemfiles/faraday_0.x.gemfile
|
24
16
|
- gemfiles/faraday_1.x.gemfile
|
25
17
|
- gemfiles/faraday_2.x.gemfile
|
26
18
|
|
27
19
|
before_install:
|
28
|
-
- gem update --system
|
20
|
+
- gem update --system -N > /dev/null && echo "Rubygems version $(gem --version)" && bundle --version
|
29
21
|
|
30
22
|
install:
|
31
23
|
- bundle install
|
@@ -51,4 +43,4 @@ deploy:
|
|
51
43
|
on:
|
52
44
|
tags: true
|
53
45
|
repo: mdsol/mauth-client-ruby
|
54
|
-
condition: $TRAVIS_RUBY_VERSION == 3.
|
46
|
+
condition: $TRAVIS_RUBY_VERSION == 3.2 && $BUNDLE_GEMFILE == $TRAVIS_BUILD_DIR/gemfiles/faraday_2.x.gemfile
|
data/Appraisals
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
## v7.1.0
|
2
|
+
- Add MAuth::PrivateKeyHelper.load method to process RSA private keys.
|
3
|
+
- Update Faraday configuration in SecurityTokenCacher:
|
4
|
+
- Add the `MAUTH_USE_RAILS_CACHE` environment variable to make `Rails.cache` usable to cache public keys.
|
5
|
+
- Shorten timeout for connection, add retries, and use persistent HTTP connections.
|
6
|
+
- Drop support for Faraday < 1.9.
|
7
|
+
|
8
|
+
## v7.0.0
|
9
|
+
- Remove dice_bag and set configuration through environment variables directly.
|
10
|
+
- Rename the `V2_ONLY_SIGN_REQUESTS`, `V2_ONLY_AUTHENTICATE`, `DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE` and `V1_ONLY_SIGN_REQUESTS` environment variables.
|
11
|
+
- Remove the remote authenticator.
|
12
|
+
- Support Ruby 3.2.
|
13
|
+
|
14
|
+
See [UPGRADE_GUIDE.md](UPGRADE_GUIDE.md#upgrading-to-700) for migration.
|
15
|
+
|
1
16
|
## v6.4.3
|
2
17
|
- Force Rack > 2.2.3 to resolve [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr).
|
3
18
|
|
data/Gemfile
CHANGED
@@ -4,3 +4,19 @@ source 'https://rubygems.org'
|
|
4
4
|
|
5
5
|
# Specify your gem's dependencies in mauth-client.gemspec
|
6
6
|
gemspec
|
7
|
+
|
8
|
+
group :development do
|
9
|
+
gem 'appraisal', '~> 2.4'
|
10
|
+
gem 'benchmark-ips', '~> 2.7'
|
11
|
+
gem 'bundler', '>= 1.17'
|
12
|
+
gem 'byebug', '~> 11.1'
|
13
|
+
gem 'rack-test', '~> 1.1'
|
14
|
+
gem 'rake', '~> 12.0'
|
15
|
+
gem 'rspec', '~> 3.8'
|
16
|
+
gem 'rubocop', '~> 1.25'
|
17
|
+
gem 'rubocop-mdsol', '~> 0.1'
|
18
|
+
gem 'rubocop-performance', '~> 1.13'
|
19
|
+
gem 'simplecov', '~> 0.16'
|
20
|
+
gem 'timecop', '~> 0.9'
|
21
|
+
gem 'webmock', '~> 3.0'
|
22
|
+
end
|
data/README.md
CHANGED
@@ -27,26 +27,52 @@ $ gem install mauth-client
|
|
27
27
|
|
28
28
|
## Configuration
|
29
29
|
|
30
|
-
|
30
|
+
Configuration is set through environment variables:
|
31
|
+
|
32
|
+
- `MAUTH_PRIVATE_KEY`
|
33
|
+
- Required for signing and for authentication.
|
34
|
+
|
35
|
+
- `MAUTH_PRIVATE_KEY_FILE`
|
36
|
+
- May be used instead of `MAUTH_PRIVATE_KEY`, mauth-client will load the file instead.
|
37
|
+
|
38
|
+
- `MAUTH_APP_UUID`
|
39
|
+
- Required in the same circumstances where a `private_key` is required.
|
40
|
+
|
41
|
+
- `MAUTH_URL`
|
42
|
+
- Required for authentication but not for signing. Needed to retrieve public keys. Usually this is `https://mauth.imedidata.com` for production.
|
43
|
+
|
44
|
+
- `MAUTH_API_VERSION`
|
45
|
+
- Required for authentication but not for signing. only `v1` exists as of this writing. Defaults to `v1`.
|
46
|
+
|
47
|
+
- `MAUTH_V2_ONLY_SIGN_REQUESTS`
|
48
|
+
- If true, all outgoing requests will be signed with only the V2 protocol. Defaults to false.
|
49
|
+
|
50
|
+
- `MAUTH_V2_ONLY_AUTHENTICATE`
|
51
|
+
- If true, any incoming request or incoming response that does not use the V2 protocol will be rejected. Defaults to false.
|
52
|
+
|
53
|
+
- `MAUTH_DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE`
|
54
|
+
- If true, any incoming V2 requests that fail authentication will not fall back to V1 authentication. Defaults to false.
|
55
|
+
|
56
|
+
- `MAUTH_V1_ONLY_SIGN_REQUESTS`
|
57
|
+
- If true, all outgoing requests will be signed with only the V1 protocol. Defaults to true. Note, cannot be `true` if `MAUTH_V2_ONLY_SIGN_REQUESTS` is also `true`.
|
58
|
+
|
59
|
+
- `MAUTH_USE_RAILS_CACHE`
|
60
|
+
- If true, `Rails.cache` is used to cache public keys for authentication.
|
61
|
+
|
31
62
|
This is simply loaded and passed to either middleware or directly to a MAuth::Client instance.
|
32
63
|
See the documentation for [MAuth::Client#initialize](lib/mauth/client.rb) for more details of what it accepts. Usually you will want:
|
33
64
|
|
34
65
|
```ruby
|
35
|
-
|
66
|
+
MAUTH_CONF = MAuth::Client.default_config
|
36
67
|
```
|
37
68
|
|
38
69
|
The `.default_config` method takes a number of options to tweak its expectations regarding defaults. See the
|
39
70
|
documentation for [MAuth::Client.default_config](lib/mauth/client.rb) for details.
|
40
71
|
|
41
|
-
The `private_key` and `app_uuid`
|
42
|
-
They’ll only work if the `app_uuid` has been stored in MAuth with a public key corresponding to the `private_key
|
43
|
-
|
44
|
-
If you do not have an `app_uuid` and keypair registered with the mauth service, you can use mauth's remote request authentication by omitting those fields.
|
45
|
-
MAuth-Client will make a call to MAuth for every request in order to authenticate remotely.
|
46
|
-
Remote authentication therefore requires more time than local authentication.
|
47
|
-
You will not be able to sign your responses without an `app_uuid` and a private key, so `MAuth::Rack::ResponseSigner` cannot be used.
|
72
|
+
The `private_key` and `app_uuid` are required for signing and for authentication.
|
73
|
+
They’ll only work if the `app_uuid` has been stored in MAuth with a public key corresponding to the `private_key`.
|
48
74
|
|
49
|
-
The `mauth_baseurl` and `mauth_api_version` are required
|
75
|
+
The `mauth_baseurl` and `mauth_api_version` are required for authentication.
|
50
76
|
These tell the MAuth-Client where and how to communicate with the MAuth service.
|
51
77
|
|
52
78
|
The `v2_only_sign_requests` and `v2_only_authenticate` flags were added to facilitate conversion from the MAuth V1 protocol to the MAuth
|
@@ -57,6 +83,15 @@ V2 protocol. By default both of these flags are false. See [Protocol Versions](#
|
|
57
83
|
| true | requests are signed with only V2 | requests and responses are authenticated with only V2 |
|
58
84
|
| false | requests are signed with V1 and V2 | requests and responses are authenticated with the highest available protocol version |
|
59
85
|
|
86
|
+
### Generating keys
|
87
|
+
|
88
|
+
To generate a private key (`mauth_key`) and its public counterpart (`mauth_key.pub`) run:
|
89
|
+
|
90
|
+
```
|
91
|
+
openssl genrsa -out mauth_key 2048
|
92
|
+
openssl rsa -in mauth_key -pubout -out mauth_key.pub
|
93
|
+
```
|
94
|
+
|
60
95
|
## Rack Middleware Usage
|
61
96
|
|
62
97
|
MAuth-Client provides a middleware for request authentication and response verification in mauth/rack.
|
@@ -76,20 +111,20 @@ If used, this should come before the `MAuth::Rack::RequestAuthenticator` middlew
|
|
76
111
|
The ResponseSigner can be used ONLY if you have an `app_uuid` and `private_key` specified in your mauth configuration.
|
77
112
|
|
78
113
|
```ruby
|
79
|
-
config.middleware.use MAuth::Rack::ResponseSigner,
|
114
|
+
config.middleware.use MAuth::Rack::ResponseSigner, MAUTH_CONF
|
80
115
|
```
|
81
116
|
|
82
117
|
Then request authentication:
|
83
118
|
|
84
119
|
```ruby
|
85
|
-
config.middleware.use MAuth::Rack::RequestAuthenticator,
|
120
|
+
config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
|
86
121
|
```
|
87
122
|
|
88
123
|
However, assuming you have a route `/app_status`, you probably want to skip request authentication for that.
|
89
124
|
There is a middleware (`RequestAuthenticatorNoAppStatus`) to make that easier:
|
90
125
|
|
91
126
|
```ruby
|
92
|
-
config.middleware.use MAuth::Rack::RequestAuthenticatorNoAppStatus,
|
127
|
+
config.middleware.use MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
|
93
128
|
```
|
94
129
|
|
95
130
|
You may want to configure other conditions in which to bypass MAuth authentication.
|
@@ -101,10 +136,10 @@ If omitted, all incoming requests will be authenticated.
|
|
101
136
|
Here are a few example `:should_authenticate_check` procs:
|
102
137
|
|
103
138
|
```ruby
|
104
|
-
|
139
|
+
MAUTH_CONF[:should_authenticate_check] = proc do |env|
|
105
140
|
env['REQUEST_METHOD'] == 'GET'
|
106
141
|
end
|
107
|
-
config.middleware.use MAuth::Rack::RequestAuthenticator,
|
142
|
+
config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
|
108
143
|
```
|
109
144
|
|
110
145
|
Above, env is a hash of request parameters; this hash is generated by Rack.
|
@@ -114,16 +149,16 @@ The above proc will force the middleware to authenticate only GET requests.
|
|
114
149
|
Another example:
|
115
150
|
|
116
151
|
```ruby
|
117
|
-
|
152
|
+
MAUTH_CONF[:should_authenticate_check] = proc do |env|
|
118
153
|
env['PATH_INFO'] == '/studies.json'
|
119
154
|
end
|
120
|
-
config.middleware.use MAuth::Rack::RequestAuthenticator,
|
155
|
+
config.middleware.use MAuth::Rack::RequestAuthenticator, MAUTH_CONF
|
121
156
|
```
|
122
157
|
|
123
158
|
The above proc will force the rack middleware to authenticate only requests to the "/studies.json" path.
|
124
159
|
To authenticate a group of related URIs, considered matching `env['PATH_INFO']` with one or more regular expressions.
|
125
160
|
|
126
|
-
The configuration passed to the middlewares in the above examples (`
|
161
|
+
The configuration passed to the middlewares in the above examples (`MAUTH_CONF`) is used create a new instance of `MAuth::Client`.
|
127
162
|
If you are managing an MAuth::Client of your own for some reason, you can pass that in on the key `:mauth_client => your_client`, and omit any other MAuth::Client configuration.
|
128
163
|
`:should_authenticate_check` is handled by the middleware and should still be specified alongside `:mauth_client`, if you are using it.
|
129
164
|
|
@@ -144,23 +179,39 @@ If the middleware is unable to authenticate the request because MAuth is unavail
|
|
144
179
|
Putting all this together, here are typical examples (in rails you would put that code in an initializer):
|
145
180
|
|
146
181
|
```ruby
|
147
|
-
mauth_config = MAuth::Client.default_config
|
148
182
|
require 'mauth/rack'
|
149
|
-
|
150
|
-
|
183
|
+
|
184
|
+
MAUTH_CONF = MAuth::Client.default_config
|
185
|
+
|
186
|
+
# ResponseSigner OPTIONAL; only use if you are registered in mauth service
|
187
|
+
Rails.application.config.middleware.insert_after Rack::Runtime, MAuth::Rack::ResponseSigner, MAUTH_CONF
|
188
|
+
if Rails.env.test? || Rails.env.development?
|
189
|
+
require 'mauth/fake/rack'
|
190
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticationFaker, MAUTH_CONF
|
191
|
+
else
|
192
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
|
193
|
+
end
|
151
194
|
```
|
152
195
|
|
153
196
|
With `:should_authenticate_check`:
|
154
197
|
|
155
198
|
```ruby
|
156
|
-
mauth_config = MAuth::Client.default_config
|
157
199
|
require 'mauth/rack'
|
158
|
-
|
200
|
+
|
201
|
+
MAUTH_CONF = MAuth::Client.default_config
|
159
202
|
# authenticate all requests which pass the some_condition_of check and aren't /app_status with MAuth
|
160
|
-
|
203
|
+
MAUTH_CONF[:should_authenticate_check] = proc do |env|
|
161
204
|
some_condition_of(env)
|
162
205
|
end
|
163
|
-
|
206
|
+
|
207
|
+
# ResponseSigner OPTIONAL; only use if you are registered in mauth service
|
208
|
+
Rails.application.config.middleware.insert_after Rack::Runtime, MAuth::Rack::ResponseSigner, MAUTH_CONF
|
209
|
+
if Rails.env.test? || Rails.env.development?
|
210
|
+
require 'mauth/fake/rack'
|
211
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticationFaker, MAUTH_CONF
|
212
|
+
else
|
213
|
+
Rails.application.config.middleware.insert_after MAuth::Rack::ResponseSigner, MAuth::Rack::RequestAuthenticatorNoAppStatus, MAUTH_CONF
|
214
|
+
end
|
164
215
|
```
|
165
216
|
|
166
217
|
## Fake middleware
|
@@ -175,7 +226,7 @@ This example code may augment the above examples to disable authentication in te
|
|
175
226
|
```ruby
|
176
227
|
require 'mauth/fake/rack'
|
177
228
|
authenticator = Rails.env != 'test' ? MAuth::Rack::RequestAuthenticator : MAuth::Rack::RequestAuthenticationFaker
|
178
|
-
config.middleware.use authenticator,
|
229
|
+
config.middleware.use authenticator, MAUTH_CONF
|
179
230
|
```
|
180
231
|
|
181
232
|
## Faraday Middleware Usage
|
@@ -185,8 +236,8 @@ Building your connection will look like:
|
|
185
236
|
|
186
237
|
```ruby
|
187
238
|
Faraday.new(some_args) do |builder|
|
188
|
-
builder.use MAuth::Faraday::RequestSigner,
|
189
|
-
builder.use MAuth::Faraday::ResponseAuthenticator,
|
239
|
+
builder.use MAuth::Faraday::RequestSigner, MAUTH_CONF
|
240
|
+
builder.use MAuth::Faraday::ResponseAuthenticator, MAUTH_CONF
|
190
241
|
builder.adapter Faraday.default_adapter
|
191
242
|
end
|
192
243
|
```
|
@@ -196,12 +247,10 @@ As with the rack middleware, this means it will be right next to the HTTP adapte
|
|
196
247
|
|
197
248
|
Only use the `MAuth::Faraday::ResponseAuthenticator` middleware if you are expecting the service you are communicating with to sign its responses (all services which are aware of MAuth _should_ be doing this).
|
198
249
|
|
199
|
-
`
|
250
|
+
`MAUTH_CONF` is the same as in Rack middleware, and as with the Rack middleware is used to initialize a `MAuth::Client` instance.
|
200
251
|
Also as with the Rack middleware, you can pass in a `MAuth::Client` instance you are using yourself on the `:mauth_client` key, and omit any other configuration.
|
201
252
|
|
202
|
-
|
203
|
-
mauth service to authenticate.
|
204
|
-
`MAuth::Faraday::RequestSigner` cannot be used without a `private_key` and `app_uuid`.
|
253
|
+
Both `MAuth::Faraday::ResponseAuthenticator` and `MAuth::Faraday::RequestSigner` cannot be used without a `private_key` and `app_uuid`.
|
205
254
|
|
206
255
|
If a response which does not appear to be authentic is received by the `MAuth::Faraday::ResponseAuthenticator` middleware, a `MAuth::InauthenticError` will be raised.
|
207
256
|
|
@@ -223,18 +272,6 @@ request = MAuth::Request.new(verb: my_verb, request_url: my_request_url, body: m
|
|
223
272
|
```
|
224
273
|
`mauth_client.signed_headers(request)` will then return mauth headers which you can apply to your request.
|
225
274
|
|
226
|
-
## Local Authentication
|
227
|
-
|
228
|
-
When doing local authentication, the MAuth-Client will periodically fetch and cache public keys from MAuth.
|
229
|
-
Each public key will be cached locally for 60 seconds.
|
230
|
-
Applications which connect frequently to the app will benefit most from this caching strategy.
|
231
|
-
When fetching public keys from MAuth, the following rules apply:
|
232
|
-
|
233
|
-
1. If MAuth returns the public key for a given `app_uuid`, MAuth-Client will refresh its local cache with this new public key.
|
234
|
-
2. If MAuth cannot find the public key for a given `app_uuid` (i.e. returns a 404 status code), MAuth-Client will remove the corresponding public key from its local cache and authentication of any message from the application with this public key will fail as a consequence.
|
235
|
-
3. If the request to MAuth times out or MAuth returns a 500 status code, the requested public key will not be removed from local MAuth-Client cache (if it exists there in the first place).
|
236
|
-
The cached version will continue to be used for local authentication until MAuth::Client is able to again communicate with MAuth.
|
237
|
-
|
238
275
|
## Warning
|
239
276
|
|
240
277
|
During development classes are typically not cached in Rails applications.
|
data/Rakefile
CHANGED
@@ -40,18 +40,26 @@ end
|
|
40
40
|
|
41
41
|
desc 'Runs benchmarks for the library.'
|
42
42
|
task :benchmark do # rubocop:disable Metrics/BlockLength
|
43
|
+
private_key = OpenSSL::PKey::RSA.generate(2048)
|
44
|
+
public_key = private_key.public_key
|
45
|
+
app_uuid = SecureRandom.uuid
|
46
|
+
|
43
47
|
mc = MAuth::Client.new(
|
44
|
-
private_key:
|
45
|
-
app_uuid:
|
46
|
-
v2_only_sign_requests: false
|
48
|
+
private_key: private_key,
|
49
|
+
app_uuid: app_uuid,
|
50
|
+
v2_only_sign_requests: false,
|
51
|
+
mauth_baseurl: 'http://whatever',
|
52
|
+
mauth_api_version: 'v1'
|
47
53
|
)
|
48
|
-
authenticating_mc = MAuth::Client.new(mauth_baseurl: 'http://whatever', mauth_api_version: 'v1')
|
49
54
|
|
50
55
|
stubs = Faraday::Adapter::Test::Stubs.new
|
51
|
-
test_faraday =
|
56
|
+
test_faraday = Faraday.new do |builder|
|
52
57
|
builder.adapter(:test, stubs)
|
53
58
|
end
|
54
59
|
stubs.post('/mauth/v1/authentication_tickets.json') { [204, {}, []] }
|
60
|
+
stubs.get("/mauth/v1/security_tokens/#{app_uuid}.json") do
|
61
|
+
[200, {}, JSON.generate({ 'security_token' => { 'public_key_str' => public_key.to_s } })]
|
62
|
+
end
|
55
63
|
allow(Faraday).to receive(:new).and_return(test_faraday)
|
56
64
|
|
57
65
|
short_body = 'Somewhere in La Mancha, in a place I do not care to remember'
|
@@ -101,13 +109,13 @@ task :benchmark do # rubocop:disable Metrics/BlockLength
|
|
101
109
|
puts "i/s means the number of signatures of a message per second.\n\n\n"
|
102
110
|
|
103
111
|
Benchmark.ips do |bm|
|
104
|
-
bm.report('v1-authenticate-short') {
|
105
|
-
bm.report('v2-authenticate-short') {
|
106
|
-
bm.report('v2-authenticate-qs') {
|
107
|
-
bm.report('v1-authenticate-average') {
|
108
|
-
bm.report('v2-authenticate-average') {
|
109
|
-
bm.report('v1-authenticate-huge') {
|
110
|
-
bm.report('v2-authenticate-huge') {
|
112
|
+
bm.report('v1-authenticate-short') { mc.authentic?(v1_short_signed_request) }
|
113
|
+
bm.report('v2-authenticate-short') { mc.authentic?(v2_short_signed_request) }
|
114
|
+
bm.report('v2-authenticate-qs') { mc.authentic?(v2_qs_signed_request) }
|
115
|
+
bm.report('v1-authenticate-average') { mc.authentic?(v1_average_signed_request) }
|
116
|
+
bm.report('v2-authenticate-average') { mc.authentic?(v2_average_signed_request) }
|
117
|
+
bm.report('v1-authenticate-huge') { mc.authentic?(v1_huge_signed_request) }
|
118
|
+
bm.report('v2-authenticate-huge') { mc.authentic?(v2_huge_signed_request) }
|
111
119
|
bm.compare!
|
112
120
|
end
|
113
121
|
|
data/UPGRADE_GUIDE.md
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
# Upgrade Guide
|
2
|
+
|
3
|
+
## Versions
|
4
|
+
- [Upgrading to 7.0.0](#upgrading-to-700)
|
5
|
+
|
6
|
+
### Upgrading to 7.0.0
|
7
|
+
|
8
|
+
Version 7.0.0 drops dice_bag.
|
9
|
+
|
10
|
+
Please remove the following files and update the `.gitignore` file accordingly:
|
11
|
+
- `config/initializers/mauth.rb.dice`
|
12
|
+
- `config/mauth_key`
|
13
|
+
- `config/mauth_key.dice`
|
14
|
+
- `config/mauth.yml`
|
15
|
+
- `config/mauth.yml.dice`
|
16
|
+
|
17
|
+
Prepend `MAUTH_` to the following environment variables:
|
18
|
+
- `V2_ONLY_SIGN_REQUESTS`
|
19
|
+
- `V2_ONLY_AUTHENTICATE`
|
20
|
+
- `DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE`
|
21
|
+
- `V1_ONLY_SIGN_REQUESTS`
|
data/doc/mauth-client_CLI.md
CHANGED
@@ -8,17 +8,7 @@ The MAuth-Client CLI is part of the MAuth Client gem, refer to [the README](../R
|
|
8
8
|
|
9
9
|
## Configuration
|
10
10
|
|
11
|
-
The CLI is configured with
|
12
|
-
|
13
|
-
The MAuth-Client CLI tool looks for the configuration file in several places:
|
14
|
-
|
15
|
-
- if an environment variable `MAUTH_CONFIG_YML` points to an existing file, mauth-client will use that file if it exists.
|
16
|
-
- if you have a file `~/.mauth_config.yml` then it will use that. This is useful if you have your own mauth key.
|
17
|
-
- if you are in a directory relative to which a config/mauth.yml exists, it will use that. This is useful if you are working in a project which uses mauth and has a key configured.
|
18
|
-
- if you are in a directory in which a file mauth.yml exists, it will use that.
|
19
|
-
|
20
|
-
mauth.yml is expected to contain, at the top level, an environment key or keys.
|
21
|
-
mauth-client checks environment variables `RAILS_ENV` and `RACK_ENV` to determine the environment, and defaults to 'development' if none of these are set.
|
11
|
+
The CLI is configured with the [MAuth environment variables](../README.md#Configuration) - see the readme doc for instructions.
|
22
12
|
|
23
13
|
## Usage
|
24
14
|
|
data/examples/Gemfile
CHANGED
data/examples/README.md
CHANGED
@@ -2,11 +2,10 @@
|
|
2
2
|
|
3
3
|
## Configuration
|
4
4
|
|
5
|
-
After obtaining valid credentials you need to
|
5
|
+
After obtaining valid credentials you need to set the `MAUTH_APP_UUID`, `MAUTH_PRIVATE_KEY_FILE` and `REFERENCES_HOST` environment variables.
|
6
6
|
You also need to provide a mauth key and put it in the `mauth_key` file.
|
7
|
-
See [the mauth config file doc](../doc/mauth.yml.md) for more information.
|
8
7
|
|
9
|
-
This folder contains its own Gemfile
|
8
|
+
This folder contains its own Gemfile file to manage dependencies so you need to run
|
10
9
|
```
|
11
10
|
bundle install
|
12
11
|
```
|
@@ -15,19 +14,21 @@ before trying any of the scripts.
|
|
15
14
|
|
16
15
|
## Fetching a given user's info
|
17
16
|
|
18
|
-
Simply run the provided shell script by passing an
|
17
|
+
Simply run the provided shell script by passing an search term, for instance:
|
19
18
|
```
|
20
|
-
./
|
19
|
+
MAUTH_APP_UUID=<APP UUID> MAUTH_PRIVATE_KEY_FILE=./mauth_key REFERENCES_HOST=https://references-innovate.imedidata.net ./get_country_info.rb Albania
|
21
20
|
```
|
22
21
|
|
23
|
-
This should print the
|
22
|
+
This should print the country's info, something along the lines of:
|
24
23
|
```
|
25
|
-
|
26
|
-
|
27
|
-
"
|
28
|
-
"
|
29
|
-
"
|
30
|
-
|
24
|
+
[
|
25
|
+
{
|
26
|
+
"uuid": "9301ff5a-6703-11e1-b86c-0800200c9a66",
|
27
|
+
"name": "Albania",
|
28
|
+
"three_letter_code": "ALB",
|
29
|
+
"two_letter_code": "AL",
|
30
|
+
"version": "2021-06-30T12:00:00Z",
|
31
|
+
"country_code": "ALB"
|
31
32
|
}
|
32
|
-
|
33
|
+
]
|
33
34
|
```
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
abort "USAGE: ./#{__FILE__} <SEARCH TERM>" unless ARGV.size == 1
|
5
|
+
|
6
|
+
require 'bundler/setup'
|
7
|
+
Bundler.require(:default)
|
8
|
+
|
9
|
+
# get country information
|
10
|
+
def get_country_info(search_term)
|
11
|
+
get_data_from_references "countries.json?search_term=#{search_term}"
|
12
|
+
end
|
13
|
+
|
14
|
+
# fetch data from References
|
15
|
+
def get_data_from_references(resource_name)
|
16
|
+
puts "fetching #{resource_name}..."
|
17
|
+
mauth_config = MAuth::ConfigEnv.load
|
18
|
+
references_host = ENV.fetch('REFERENCES_HOST', 'https://references-innovate.imedidata.com')
|
19
|
+
begin
|
20
|
+
connection = Faraday::Connection.new(url: references_host) do |builder|
|
21
|
+
builder.use MAuth::Faraday::RequestSigner, mauth_config
|
22
|
+
builder.adapter Faraday.default_adapter
|
23
|
+
end
|
24
|
+
|
25
|
+
# get the data
|
26
|
+
response = connection.get "/v1/#{resource_name}"
|
27
|
+
puts "HTTP #{response.status}"
|
28
|
+
|
29
|
+
# return the user info
|
30
|
+
if response.status == 200
|
31
|
+
result = JSON.parse(response.body)
|
32
|
+
puts JSON.pretty_generate(result)
|
33
|
+
result
|
34
|
+
else
|
35
|
+
puts response.body
|
36
|
+
nil
|
37
|
+
end
|
38
|
+
rescue JSON::ParserError => e
|
39
|
+
puts "Error parsing data from references: #{e.inspect}"
|
40
|
+
puts e.backtrace.join("\n")
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
get_country_info(ARGV[0])
|
data/exe/mauth-client
CHANGED
@@ -53,31 +53,9 @@ end
|
|
53
53
|
opt_parser.parse!
|
54
54
|
abort(opt_parser.help) unless (2..3).cover?(ARGV.size)
|
55
55
|
|
56
|
-
# FIND MAUTH CONFIG
|
57
|
-
|
58
|
-
possible_mauth_config_files = [
|
59
|
-
# whoops, I called this MAUTH_CONFIG_YML in one place and MAUTH_CONFIG_YAML in another. supporting both for now.
|
60
|
-
ENV['MAUTH_CONFIG_YML'],
|
61
|
-
ENV['MAUTH_CONFIG_YAML'],
|
62
|
-
'~/.mauth_config.yml',
|
63
|
-
'./config/mauth.yml',
|
64
|
-
'./mauth.yml'
|
65
|
-
].compact
|
66
|
-
|
67
|
-
mauth_config_yml = possible_mauth_config_files.detect do |filename|
|
68
|
-
File.exist?(File.expand_path(filename))
|
69
|
-
end
|
70
|
-
unless mauth_config_yml
|
71
|
-
message = 'could not find mauth config. giving up. please place a mauth config in one of the standard places, ' \
|
72
|
-
'or point the MAUTH_CONFIG_YML environment variable at an existing one. standard places are:' +
|
73
|
-
possible_mauth_config_files.map { |f| "\n\t#{f}" }.join
|
74
|
-
abort message
|
75
|
-
end
|
76
|
-
|
77
|
-
mauth_config = MAuth::Client.default_config(mauth_config_yml: File.expand_path(mauth_config_yml))
|
78
|
-
|
79
56
|
# INSTANTIATE MAUTH CLIENT
|
80
57
|
|
58
|
+
mauth_config = MAuth::ConfigEnv.load
|
81
59
|
logger = Logger.new($stderr)
|
82
60
|
mauth_client = MAuth::Client.new(mauth_config.merge('logger' => logger))
|
83
61
|
|
@@ -2,6 +2,22 @@
|
|
2
2
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
|
-
gem "faraday", "~> 1.
|
5
|
+
gem "faraday", "~> 1.9"
|
6
|
+
|
7
|
+
group :development do
|
8
|
+
gem "appraisal", "~> 2.4"
|
9
|
+
gem "benchmark-ips", "~> 2.7"
|
10
|
+
gem "bundler", ">= 1.17"
|
11
|
+
gem "byebug", "~> 11.1"
|
12
|
+
gem "rack-test", "~> 1.1"
|
13
|
+
gem "rake", "~> 12.0"
|
14
|
+
gem "rspec", "~> 3.8"
|
15
|
+
gem "rubocop", "~> 1.25"
|
16
|
+
gem "rubocop-mdsol", "~> 0.1"
|
17
|
+
gem "rubocop-performance", "~> 1.13"
|
18
|
+
gem "simplecov", "~> 0.16"
|
19
|
+
gem "timecop", "~> 0.9"
|
20
|
+
gem "webmock", "~> 3.0"
|
21
|
+
end
|
6
22
|
|
7
23
|
gemspec path: "../"
|
@@ -4,4 +4,20 @@ source "https://rubygems.org"
|
|
4
4
|
|
5
5
|
gem "faraday", "~> 2.0"
|
6
6
|
|
7
|
+
group :development do
|
8
|
+
gem "appraisal", "~> 2.4"
|
9
|
+
gem "benchmark-ips", "~> 2.7"
|
10
|
+
gem "bundler", ">= 1.17"
|
11
|
+
gem "byebug", "~> 11.1"
|
12
|
+
gem "rack-test", "~> 1.1"
|
13
|
+
gem "rake", "~> 12.0"
|
14
|
+
gem "rspec", "~> 3.8"
|
15
|
+
gem "rubocop", "~> 1.25"
|
16
|
+
gem "rubocop-mdsol", "~> 0.1"
|
17
|
+
gem "rubocop-performance", "~> 1.13"
|
18
|
+
gem "simplecov", "~> 0.16"
|
19
|
+
gem "timecop", "~> 0.9"
|
20
|
+
gem "webmock", "~> 3.0"
|
21
|
+
end
|
22
|
+
|
7
23
|
gemspec path: "../"
|