mauth-client 4.2.0 → 4.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e197a763a48eeb58d88be12eab10dc6e2c7c104287b0371a41120bd920402db
-  data.tar.gz: 84ef6da779ededf897bfe7a44eb2581073c2404a1208ae3a233b2d84c1bc98eb
+  metadata.gz: 9a4124d677e7aee9626ea7e796bd5f92c695146cdadc125c2f05f3138d471758
+  data.tar.gz: 4eda569778ce91ced2cedfd14a231281e35ec068b86d2e551d52541d05b3f795
 SHA512:
-  metadata.gz: f640994364eee25edcbbf611a611eb539efc96432de37daf78c0211f83e966154c5dcfb321fff6e25e067fdb53faae6af792665897a7ae4d295beada833282d2
-  data.tar.gz: 6270a48e063208842a1055d39814b96fe2cb4b8ceea04592eb94c62b533f110fe5510ca9060f321d5f4a309b96aaf9c99489ff28e068e5ddd6c04e20c1ae9bab
+  metadata.gz: 6118dc54acd81a9dc16d1364fab960dee75c5a5e055fc79bb2517d6eb48e3dbf033078b913b231f430fc9ae953be5f56ab727664bc147b0e90f0f71203ec9f14
+  data.tar.gz: fa8e3328ef7e779322e8ad0c7f4a3520f53370838a10e4cf1d0b8710ee0031fc37f4d5d31f080d39d7134c0dfa2a263a131c1323269e988a79978bcf21efd775

data/.travis.yml

@@ -13,19 +13,23 @@ before_install:
 
 install:
   - bundle install --jobs=3 --retry=3
-  - |-
-    curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_install.sh | bash -s -- -b $TRAVIS_BUILD_DIR
+  - >-
+    curl -H 'Cache-Control: no-cache'
+    https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/main/travis_ci/fossa_install.sh |
+    bash -s -- -b $TRAVIS_BUILD_DIR
 
 script:
   - bundle exec rspec
-  - |-
-    curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_run.sh | bash -s -- -b $TRAVIS_BUILD_DIR
+  - >-
+    curl -H 'Cache-Control: no-cache'
+    https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/main/travis_ci/fossa_run.sh |
+    bash -s -- -b $TRAVIS_BUILD_DIR
 
 deploy:
   provider: rubygems
   gem: mauth-client
   api_key:
-    secure: J0aPDp4+Ev2L+ZDcgpF+hAG95S4IsD6pCiDRxDWnrk79P5hq1rXoD3S39ANyqtQEQqkoVjsgoSP5JLi420aL2lYj7mhvaEOty9fK+flwUhI4nw+Gztm7EKNDNX8WKvk4fl4Zc7noIeI0uyes867hDjRQfyYvUuma7aK5H9NWzNUV9Q+KrVAoneVDGnNydxwkuuIpOFdjbVQgNpxVhVBV7Q4OLsB1KtWB9lptMwhqnyqZKex7JZ+37sojaj3oVT5ijrnAm+bR1QO1hGIOwuBako2iz+MBZHPccM4BEFsZme/7olypxv0JfeCuhqDnH1VWIFh6IZRDeLnZuX3qOhkdx4HLwxB//5O5+iapK0wh1zbnLvXqkE1dalUHyaZzStKH9xchIWl5I77Ica232OJYrpj9hhroae0p3VARF0IoZceKaH8NnMpq+nBAW4REcWrqPpe9xkRLDTNibkpaAy08vGOF2kPZkWw4lfkVBM1+wjY2xDn6wJ7VgQ1BeosbeTXbmny2TUeI22beihn894tzpCPPHiTRvKu0lV3jBfeoOAXzE333PrGm3zF9MDhg+1/iBwXVhdoOwEwBPQ/3Hu37xJn0AfRneni4StYnIkZ1Ur9Vub03J/3C3Aw6it99rQSWvC+2PzHqQhsG22VprvxlozFe1jFzdqKgvDkbkn44ltI=
+    secure: QDp0P/lMGLYc4+A3M6VD9y551X6GrGwOSBE6xSG4lE6mPXoSISK5Yj18vNWQRQuQ4BsE6CdfZ/xsPjSRDda6b+yUQbgisjJ+Ry6jUVE1v9UKTZ0VHgHyXcsaJFC29tBKBeuGCj0AD5qhbTO1+ybeZSUfdSeVVoidD4W/bSnvzlT1Lht7IE8jbHbR57LsJKoEaDxKu33dg4CYV96xrlYGxHAS2UgEgi5Ve3ohzBWkX9RWF/wWoGCzIYhJBzXgCEEFw8iWkspjTePgv9yjD2HIMtF44aiSTHM5iqBBsYJ7A8+kUwoq7+srsashHZ1wZz1YulsCSkjwM9AXZ4E0f9AnERw/RQ5gG7bCuHZtSG9g/0SWBQeNfkAF3An6eTSS24KVfnarGdH2bk0G28k2oP26MWiDKz8nlQxNAY4rH+dITael18bgf45H4KccQqiooBEGnuYpUAuIPB+1l+BsIcRQnrU3LDtmtZn0KrCHHJ7EHOdogOG+/Pxof8ht1xF7V+HYhhzSRJs2JkvmZsp4q2T7W6b6kfi59Cz3LpqA1HHYcL5/OFZeLA/TlCNke0CRMxG8k3udDKj50jqFATXEa8lNyGLjmWh7tL9Bb/uy+CU47qUdx+V4K+kheAvNFtHfpxmyUGJSY0FH02H1VBPWm10DZ7kH+6jgCKyXuql+yWDw62s=
   on:
     tags: true
     repo: mdsol/mauth-client-ruby

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## v4.2.1
+* Fix SecurityTokenCacher to not cache tokens forever.
+
 ## v4.2.0
 * Drop legacy security token expiry in favor of honoring server cache headers via Faraday HTTP Cache Middleware.
 

data/lib/mauth/client.rb

@@ -8,7 +8,7 @@ require 'mauth/autoload'
 require 'mauth/dice_bag/mauth_templates'
 require 'mauth/version'
 require 'faraday-http-cache'
-require 'oj'
+require 'mauth/faraday'
 
 module MAuth
   class Client
@@ -411,35 +411,32 @@ module MAuth
         def initialize(mauth_client)
           @mauth_client = mauth_client
           # TODO: should this be UnableToSignError?
-          @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!"))
-          @cache = {}
-          require 'thread'
-          @cache_write_lock = Mutex.new
+          @mauth_client.assert_private_key(
+            UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")
+          )
         end
 
         def get(app_uuid)
-          if !@cache[app_uuid]
-            # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
-            # app_uuid - probably not exploitable, but this is the right way to do it anyway.
-            # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include /
-            url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
-            begin
-              response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json")
-            rescue ::Faraday::Error::ConnectionFailed, ::Faraday::Error::TimeoutError
-              raise UnableToAuthenticateError, "mAuth service did not respond; received #{$!.class}: #{$!.message}"
-            end
-            if response.status == 200
-              @cache_write_lock.synchronize do
-                @cache[app_uuid] = security_token_from(response.body)
-              end
-            elsif response.status == 404
-              # signing with a key mAuth doesn't know about is considered inauthentic
-              raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
-            else
-              @mauth_client.send(:mauth_service_response_error, response)
-            end
+          # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
+          # app_uuid - probably not exploitable, but this is the right way to do it anyway.
+          # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include /
+          url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+          path = "/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
+          response = signed_mauth_connection.get(path)
+
+          case response.status
+          when 200
+            security_token_from(response.body)
+          when 404
+            # signing with a key mAuth doesn't know about is considered inauthentic
+            raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
+          else
+            @mauth_client.send(:mauth_service_response_error, response)
           end
-          @cache[app_uuid]
+        rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
+          msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
+          @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
+          raise UnableToAuthenticateError, msg
         end
 
         private
@@ -453,14 +450,17 @@ module MAuth
         end
 
         def signed_mauth_connection
-          require 'faraday'
-          require 'mauth/faraday'
-          @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path } if @mauth_client.ssl_certs_path
-          @signed_mauth_connection ||= ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
-            builder.use MAuth::Faraday::MAuthClientUserAgent
-            builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
-            builder.use :http_cache, serializer: Oj, logger: MAuth::Client.new.logger, shared_cache: false
-            builder.adapter ::Faraday.default_adapter
+          @signed_mauth_connection ||= begin
+            if @mauth_client.ssl_certs_path
+              @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path }
+            end
+
+            ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
+              builder.use MAuth::Faraday::MAuthClientUserAgent
+              builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
+              builder.use :http_cache, logger: MAuth::Client.new.logger, shared_cache: false
+              builder.adapter ::Faraday.default_adapter
+            end
           end
         end
       end

data/lib/mauth/version.rb

@@ -1,3 +1,3 @@
 module MAuth
-  VERSION = '4.2.0'.freeze
+  VERSION = '4.2.1'.freeze
 end

data/mauth-client.gemspec

@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday', '>= 0.17', '< 1.0'
   spec.add_dependency 'faraday_middleware', '>= 0.9', '< 2.0'
   spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
-  spec.add_dependency 'oj', '~> 3.0'
   spec.add_dependency 'term-ansicolor', '~> 1.0'
   spec.add_dependency 'coderay', '~> 1.0'
   spec.add_dependency 'rack'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mauth-client
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 4.2.1
 platform: ruby
 authors:
 - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-06-16 00:00:00.000000000 Z
+date: 2021-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -73,20 +73,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: oj
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement