mumukit-auth 7.12.0 → 7.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c1873c090d214598c8dfde394af11341cbe5ef5da1604479725e3ccab5a30fe
-  data.tar.gz: 315c143eae6654332e7b3d1c13e74d5dfe24a29ecad5ae1063ef3ef7770f121a
+  metadata.gz: 600ea97ec7444992f512908fd046eace4f4fbe4cdf13438f0b5035e39f4de529
+  data.tar.gz: b0d7c15848351ab61c58e6a236ab998f5889f60921840e4c7381f7a521b3cbfe
 SHA512:
-  metadata.gz: ef85cc04780ed65e32524bf1a3f59caabbe9222ea62340b1263c116ac058f06aaf8bac6478605a0b61511ddab04fbe82ee3252b113a8dea2a2bc7cd868ba3795
-  data.tar.gz: dbddcd9a2a0f85d30135fca3b697b1c6a4e99ab8e492aaa81a34fa46b2e4965fd7e867675630aab1889c11650fa992b7c5a162837e906a7690cb2b9ba34ea81a
+  metadata.gz: 04de29634c9fc0910e4f57af3d9be417e83f4b0ac8c23db94a0b21dc2edd6fe162f39b85dee9ee39f9030df59314caf90d5f041db1a43311c1decd0bc37e6b8d
+  data.tar.gz: 69228424458087b021989753f7420f1479b90626fb02262d626cbe18f2f6b4cbdcb053a58d324cbd2d28cdd0994a8fa34ae2b2dee93495cd0d2ee8c5fdb552eb

data/lib/mumukit/auth/permissions.rb

@@ -5,7 +5,7 @@ class Mumukit::Auth::Permissions
   attr_accessor :scopes
 
   def initialize(scopes={})
-    @scopes = {}.with_indifferent_access
+    clear!
     add_scopes! scopes
   end
 
@@ -132,6 +132,10 @@ class Mumukit::Auth::Permissions
     raise Mumukit::Auth::UnauthorizedAccessError unless assign_to?(self.class.reparse(other), previous)
   end
 
+  def clear!
+    @scopes = {}.with_indifferent_access
+  end
+
   def as_set
     Set.new scopes.flat_map { |role, scope| scope.grants.map {|grant| [role, grant]} }
   end

data/lib/mumukit/auth/role.rb

@@ -73,15 +73,18 @@ module Mumukit::Auth
       parent :editor
     end
     class Editor < Role
-      parent :admin
+      parent :manager
     end
     class Janitor < Role
-      parent :admin
+      parent :manager
     end
     class Moderator < Role
-      parent :forum_supervisor
+      parent :supervisor
+    end
+    class Manager < Role
+      parent :supervisor
     end
-    class ForumSupervisor < Role
+    class Supervisor < Role
       parent :admin
     end
     class Admin < Role

data/lib/mumukit/auth/roles.rb

@@ -1,6 +1,13 @@
 module Mumukit::Auth
   module Roles
-    ROLES = [:ex_student, :student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :forum_supervisor, :admin, :owner]
+    FINE_GRAINED_ROLES = [
+      :ex_student, :student, :teacher, :headmaster, :writer, :editor, :janitor,
+      :moderator, :manager
+    ]
+    COARSE_GRAINED_ROLES = [:supervisor, :admin, :owner]
+
+    ROLES = COARSE_GRAINED_ROLES + FINE_GRAINED_ROLES
+
 
     ROLES.each do |role|
       define_method "#{role}?" do |scope = Mumukit::Auth::Slug.any|
@@ -9,4 +16,3 @@ module Mumukit::Auth
     end
   end
 end
-

data/lib/mumukit/auth/token.rb

@@ -2,7 +2,7 @@ module Mumukit::Auth
   class Token
     attr_reader :jwt, :client
 
-    def initialize(jwt, client)
+    def initialize(jwt = {}, client = Mumukit::Auth::Client.new)
       @jwt = jwt
       @client = client
     end
@@ -15,6 +15,22 @@ module Mumukit::Auth
       @uid ||= jwt['uid'] || jwt['email'] || jwt['sub']
     end
 
+    def organization
+      @organization ||= jwt['org']
+    end
+
+    def expiration
+      @expiration ||= Time.at jwt['exp']
+    end
+
+    def subject_id
+      @subject_id ||= jwt['sbid']
+    end
+
+    def subject_type
+      @subject_type ||= jwt['sbt']
+    end
+
     def verify_client!
       raise Mumukit::Auth::InvalidTokenError.new('aud mismatch') if client.id != jwt['aud']
     end
@@ -23,12 +39,8 @@ module Mumukit::Auth
       client.encode jwt
     end
 
-    def self.from_rack_env(env)
-      new(env.dig('omniauth.auth', 'extra', 'raw_info') || {})
-    end
-
-    def self.encode(uid, metadata, client = Mumukit::Auth::Client.new)
-      new({aud: client.id, metadata: metadata, uid: uid}, client).encode
+    def encode_header
+      'Bearer ' + encode
     end
 
     def self.decode(encoded, client = Mumukit::Auth::Client.new)
@@ -37,10 +49,6 @@ module Mumukit::Auth
       raise Mumukit::Auth::InvalidTokenError.new(e)
     end
 
-    def self.encode_header(uid, metadata)
-      'Bearer ' + encode(uid, metadata)
-    end
-
     def self.decode_header(header, client = Mumukit::Auth::Client.new)
       decode extract_from_header(header), client
     end
@@ -50,6 +58,30 @@ module Mumukit::Auth
       header.split(' ').last
     end
 
+    def self.build(uid, client = Mumukit::Auth::Client.new,
+                   expiration: nil, organization: nil,
+                   subject_id: nil, subject_type: nil,
+                   metadata: {})
+      new({
+          'uid' => uid,
+          'aud' => client.id,
+          'exp' => expiration&.to_i,
+          'org' => organization,
+          'metadata' => metadata,
+          'sbid' => subject_id,
+          'sbt' => subject_type
+        }.compact,
+        client)
+    end
+
+    def self.load(encoded)
+      if encoded.present?
+        decode encoded rescue nil
+      end
+    end
+
+    def self.dump(decoded)
+      decoded.encode
+    end
   end
 end
-

data/lib/mumukit/auth/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '7.12.0'
+    VERSION = '7.14.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 7.12.0
+  version: 7.14.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-25 00:00:00.000000000 Z
+date: 2022-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler