mumukit-auth 2.2.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mumukit/auth/exceptions.rb +3 -0
  3. data/lib/mumukit/auth/permissions.rb +2 -2
  4. data/lib/mumukit/auth/scope.rb +1 -5
  5. data/lib/mumukit/auth/store.rb +25 -4
  6. data/lib/mumukit/auth/token.rb +12 -0
  7. data/lib/mumukit/auth/version.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 167306465dc5b0e444eb0543ac074a2d1eace097
4
- data.tar.gz: 69eae7d161f9abdc7b7107bc01a67f76da02f7b8
3
+ metadata.gz: a9092f2f97e6a3b76afc8339f023be19daae8f43
4
+ data.tar.gz: a341795e26fceb21541c1d4dbfabc8acaa5c4942
5
5
  SHA512:
6
- metadata.gz: 0d486a7cbd380a1d3f91d046f39f75d8a7d15ca93af6c6c1620b44e04e7778b4e316c1cc0f78025db47ec10ae6c781db0aa532f96acd8972e4d849798dda07b8
7
- data.tar.gz: 0015801f215f4b8135af85c8e7a62873df22b4fc9ab9635fb4053a6245900592987a78244b69dfb24cb75bf56227f93ab398337c8a455b9b71aa49659c002948
6
+ metadata.gz: fb99bd92c87a8dd3c80a86a9edfaeffd2ebb7beffe321b266126adab91d73f154fc2f53b53c0dcf000801e7e4009278e49151b6fe6c41ef63af27e05626d4e03
7
+ data.tar.gz: 9f0f7f2cff61e2f3447de4d4ca00071a2ab897556c274f80bea6dc5681bbc95b708e2cf2ffa550152bb2d4b20f4acaf27ae00619b9c54f024336f305b6f4c11c
data/lib/mumukit/auth/exceptions.rb CHANGED
@@ -3,5 +3,8 @@ module Mumukit::Auth
3
3
  end
4
4
 
5
5
  class UnauthorizedAccessError < StandardError
6
+ def self.with_message(slug, grants)
7
+ new "Unauthorized access to #{slug}. Permissions are #{grants}"
8
+ end
6
9
  end
7
10
  end
data/lib/mumukit/auth/permissions.rb CHANGED
@@ -14,7 +14,7 @@ class Mumukit::Auth::Permissions
14
14
  end
15
15
 
16
16
  def protect!(scope, slug)
17
- scope_for(scope)&.protect!(slug)
17
+ scope_for(scope).protect!(slug)
18
18
  end
19
19
 
20
20
  def has_role?(role)
@@ -22,7 +22,7 @@ class Mumukit::Auth::Permissions
22
22
  end
23
23
 
24
24
  def scope_for(role)
25
- self.scopes[role]
25
+ self.scopes[role] || Mumukit::Auth::Scope.new
26
26
  end
27
27
 
28
28
  def add_permission!(role, *grants)
data/lib/mumukit/auth/scope.rb CHANGED
@@ -7,7 +7,7 @@ module Mumukit::Auth
7
7
  end
8
8
 
9
9
  def protect!(resource_slug)
10
- raise Mumukit::Auth::UnauthorizedAccessError.new(unauthorized_message(resource_slug)) unless allows?(resource_slug)
10
+ raise Mumukit::Auth::UnauthorizedAccessError.with_message(resource_slug, self) unless allows?(resource_slug)
11
11
  end
12
12
 
13
13
  def allows?(resource_slug)
@@ -44,9 +44,5 @@ module Mumukit::Auth
44
44
  def any_grant?(&block)
45
45
  @grants.any?(&block)
46
46
  end
47
-
48
- def unauthorized_message(slug)
49
- "Unauthorized access to #{slug}. Permissions are #{to_s}"
50
- end
51
47
  end
52
48
  end
data/lib/mumukit/auth/store.rb CHANGED
@@ -1,10 +1,35 @@
1
1
  module Mumukit::Auth
2
2
  class Store
3
3
 
4
+ class << self
5
+ def from_env
6
+ new Mumukit::Auth.config.daybreak_name
7
+ end
8
+
9
+ def with(&block)
10
+ store = from_env
11
+ block.call store
12
+ ensure
13
+ store.close
14
+ end
15
+
16
+ def set!(*args)
17
+ with { |store| store.set!(*args) }
18
+ end
19
+
20
+ def get(key)
21
+ with { |store| store.get(key) }
22
+ end
23
+ end
24
+
4
25
  def initialize(db_name)
5
26
  @db = Daybreak::DB.new "#{db_name}.db", default: '{}'
6
27
  end
7
28
 
29
+ def close
30
+ @db.close
31
+ end
32
+
8
33
  def set!(key, value)
9
34
  @db.update! key.to_sym => value.to_json
10
35
  end
@@ -12,9 +37,5 @@ module Mumukit::Auth
12
37
  def get(key)
13
38
  Mumukit::Auth::Permissions.load @db[key]
14
39
  end
15
-
16
- def close
17
- @db.close
18
- end
19
40
  end
20
41
  end
data/lib/mumukit/auth/token.rb CHANGED
@@ -12,6 +12,18 @@ module Mumukit::Auth
12
12
  @metadata ||= jwt['metadata'] || {}
13
13
  end
14
14
 
15
+ def uid
16
+ @uid ||= jwt['email'] || jwt['sub']
17
+ end
18
+
19
+ def permissions
20
+ @permissions ||= Mumukit::Auth::Store.get uid
21
+ end
22
+
23
+ def protect!(scope, resource_slug)
24
+ permissions.protect! scope, resource_slug
25
+ end
26
+
15
27
  def verify_client!
16
28
  raise Mumukit::Auth::InvalidTokenError.new('aud mismatch') if Mumukit::Auth.config.client_id != jwt['aud']
17
29
  end
data/lib/mumukit/auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Mumukit
2
2
  module Auth
3
- VERSION = '2.2.2'
3
+ VERSION = '3.0.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mumukit-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Franco Leonardo Bulgarelli
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-12-20 00:00:00.000000000 Z
11
+ date: 2016-12-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler