mumukit-auth 4.0.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ff4b114d44e8e0f561db33664147f3284c7a174c
-  data.tar.gz: 1e3eafff3f4e11a8282daf91c88e33a7ae66688f
+  metadata.gz: 429608e7c53050e6260290ecc2f5c893f59fdf76
+  data.tar.gz: 43d044cdb65f8cbc9080d6b0601207ee52c0be5e
 SHA512:
-  metadata.gz: ebdd2c656a4d7d7854909bc34cc6042846a64fbf7394062c3c54b6d9f6342707435844cf945089a2475849353e671449761821f244de8a80e577b19ed92230d1
-  data.tar.gz: 063b4d5d45e68f002efd0fe2eaae4c6d753c61268c35332ea845eba0d439230668d1e8f44c33be75186a4d713e0838f445d328b70a1e1b782d8ec7d0b47e19f8
+  metadata.gz: 3381520383b401aec9d8f881f3b82afd27d5c0274390993cce16d7a22720e1508696d84426bb2ae3bd1905569cdf0e6065d1889cc2805f7090ee5c41db75623e
+  data.tar.gz: a9896533ff781db016477515881f3ed01cf3fe86c34c0eac7767c6a96cc0645d7a1bea4c5d90944afea9111e98a1a9d41f8aed83eb750e1d3c76d0f61f1a5e18

data/lib/mumukit/auth.rb

@@ -1,6 +1,7 @@
 require 'active_support/all'
 require 'mumukit/core'
 require 'daybreak'
+require 'jwt'
 
 require_relative './auth/array'
 require_relative './auth/role'
@@ -9,6 +10,7 @@ require_relative './auth/slug'
 require_relative './auth/version'
 require_relative './auth/exceptions'
 require_relative './auth/grant'
+require_relative './auth/client'
 require_relative './auth/token'
 require_relative './auth/scope'
 require_relative './auth/permissions'
@@ -20,10 +22,20 @@ require 'ostruct'
 module Mumukit
   module Auth
     def self.configure
-      @config ||= OpenStruct.new
+      @config ||= defaults
       yield @config
     end
 
+    def self.defaults
+      struct.tap do |config|
+        config.clients = struct default: {
+            id: ENV['MUMUKI_AUTH_CLIENT_ID'],
+            secret: ENV['MUMUKI_AUTH_CLIENT_SECRET']
+        }
+        config.persistence_strategy = Mumukit::Auth::PermissionsPersistence::Daybreak.new
+      end
+    end
+
     def self.config
       @config
     end

data/lib/mumukit/auth/client.rb

@@ -0,0 +1,37 @@
+module Mumukit::Auth
+  class Client
+    attr_reader :id, :secret
+
+    def initialize(options={})
+      with_config options do |config|
+        @id = config[:id]
+        @secret = config[:secret]
+      end
+    end
+
+    def decoded_secret
+      JWT.base64url_decode(secret)
+    end
+
+    def encode(jwt_hash)
+      JWT.encode(jwt_hash, decoded_secret)
+    end
+
+    def decode(encoded_jwt)
+      JWT.decode(encoded_jwt, decoded_secret)[0]
+    end
+
+    private
+
+    def with_config(options)
+      client = options[:client] || :default
+      config = Mumukit::Auth.config.clients[client]
+
+      raise "client config for #{client} is missing" if config.blank?
+      raise "client id for #{client} is missing" if config[:id].blank?
+      raise "client secret for #{client} is missing" if config[:secret].blank?
+
+      yield config
+    end
+  end
+end

data/lib/mumukit/auth/permissions_persistence/daybreak.rb

@@ -1,29 +1,28 @@
 module Mumukit::Auth
   module PermissionsPersistence
     class Daybreak
-      def self.from_config
-        new Mumukit::Auth.config.daybreak_name
+      def initialize(db_name = 'permissions')
+        @db_name = db_name
+        at_exit { @db.close if @db }
       end
 
-      def initialize(db_name)
-        @db = ::Daybreak::DB.new "#{db_name}.db", default: '{}'
+      def set!(key, value)
+        db.update! key.to_sym => value.to_json
+        db.flush
       end
 
-      def close
-        @db.close
+      def get(key)
+        Mumukit::Auth::Permissions.load db[key]
       end
 
-      def set!(key, value)
-        @db.update! key.to_sym => value.to_json
+      def clean!
+        db.clear
       end
 
-      def get(key)
-        Mumukit::Auth::Permissions.load @db[key]
-      end
+      private
 
-      def clean_env!
-        close
-        FileUtils.rm ["#{Mumukit::Auth.config.daybreak_name}.db"], force: true
+      def db
+        @db ||= ::Daybreak::DB.new "#{@db_name}.db", default: '{}'
       end
     end
   end

data/lib/mumukit/auth/store.rb

@@ -1,45 +1,19 @@
 module Mumukit::Auth
-  class Store
-    def initialize
-      @db = Mumukit::Auth.config.persistence_strategy
+  module Store
+    def self.clean!
+      persistence_strategy.clean!
     end
 
-    def set!(key, value)
-      @db.set! key.to_sym, value
+    def self.set!(*args)
+      persistence_strategy.set!(*args)
     end
 
-    def get(key)
-      @db.get key
+    def self.get(key)
+      persistence_strategy.get(key)
     end
 
-    def clean_env!
-      @db.clean_env!
-    end
-
-    class << self
-
-      def from_config
-        Mumukit::Auth.config.persistence_strategy.class.from_config
-      end
-
-      def clean_env!
-        from_config.clean_env!
-      end
-
-      def with(&block)
-        store = from_config
-        block.call store
-      ensure
-        store.close
-      end
-
-      def set!(*args)
-        with { |store| store.set!(*args) }
-      end
-
-      def get(key)
-        with { |store| store.get(key) }
-      end
+    def self.persistence_strategy
+      Mumukit::Auth.config.persistence_strategy
     end
   end
 end

data/lib/mumukit/auth/token.rb

@@ -1,11 +1,10 @@
-require 'jwt'
-
 module Mumukit::Auth
   class Token
-    attr_reader :jwt
+    attr_reader :jwt, :client
 
-    def initialize(jwt)
+    def initialize(jwt, client)
       @jwt = jwt
+      @client = client
     end
 
     def metadata
@@ -24,33 +23,33 @@ module Mumukit::Auth
       permissions.protect! scope, resource_slug
     end
 
-    def verify_client!(client = :auth0)
-      raise Mumukit::Auth::InvalidTokenError.new('aud mismatch') if Mumukit::Auth.config.client_ids[client] != jwt['aud']
+    def verify_client!
+      raise Mumukit::Auth::InvalidTokenError.new('aud mismatch') if client.id != jwt['aud']
     end
 
-    def encode(client = :auth0)
-      JWT.encode(jwt, self.class.decoded_secret(client))
+    def encode
+      client.encode jwt
     end
 
     def self.from_rack_env(env)
       new(env.dig('omniauth.auth', 'extra', 'raw_info') || {})
     end
 
-    def self.encode_dummy_auth_header(uid, metadata, client = :auth0)
-      'dummy token ' + encode(uid, metadata, client)
-    end
-
-    def self.encode(uid, metadata, client = :auth0)
-      new(aud: Mumukit::Auth.config.client_ids[client], metadata: metadata, uid: uid).encode client
+    def self.encode(uid, metadata, client = Mumukit::Auth::Client.new)
+      new({aud: client.id, metadata: metadata, uid: uid}, client).encode
     end
 
-    def self.decode(encoded, client = :auth0)
-      Token.new JWT.decode(encoded, decoded_secret(client))[0]
+    def self.decode(encoded, client = Mumukit::Auth::Client.new)
+      new client.decode(encoded), client
     rescue JWT::DecodeError => e
       raise Mumukit::Auth::InvalidTokenError.new(e)
     end
 
-    def self.decode_header(header, client = :auth0)
+    def self.encode_header(uid, metadata)
+      'Bearer ' + encode(uid, metadata)
+    end
+
+    def self.decode_header(header, client = Mumukit::Auth::Client.new)
       decode extract_from_header(header), client
     end
 
@@ -59,10 +58,6 @@ module Mumukit::Auth
       header.split(' ').last
     end
 
-    def self.decoded_secret(client = :auth0)
-      client_secret = Mumukit::Auth.config.client_secrets[client]
-      JWT.base64url_decode(client_secret)
-    end
   end
 end
 

data/lib/mumukit/auth/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '4.0.0'
+    VERSION = '5.0.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 5.0.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-07 00:00:00.000000000 Z
+date: 2017-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
 description: 
 email:
 - franco@mumuki.org
@@ -103,6 +103,7 @@ extra_rdoc_files: []
 files:
 - lib/mumukit/auth.rb
 - lib/mumukit/auth/array.rb
+- lib/mumukit/auth/client.rb
 - lib/mumukit/auth/exceptions.rb
 - lib/mumukit/auth/grant.rb
 - lib/mumukit/auth/permissions.rb