nm-gigya 0.0.15 → 0.0.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/gigya/controller_utils.rb +84 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e3a133ba6c948f3ca251515d6fa71d21c64765db
|
|
4
|
+
data.tar.gz: c51095aaae1956c66bb741e143ac74ddb0a8ca51
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e083301c31dede115f3ac5825dd84a133a0d7b2e7bcc449410b947bcf418ebb89b889c346370db21b1a8af98ae2fff93e8f90a8e4fc17957bb00c1676f8dbea4
|
|
7
|
+
data.tar.gz: eae457842ed84c528190780d6165abaf6d32926658beff230bff8a92a556edb8a5330fcea5b25a9e12bb599e0124ae218566ed882dabeee45e86cc6875de90db
|
|
@@ -5,6 +5,24 @@ module Gigya
|
|
|
5
5
|
GIGYA_QUERY_PARAM = :gigya_token
|
|
6
6
|
GIGYA_COOKIE_PARAM = :gigya_token
|
|
7
7
|
|
|
8
|
+
@@gigya_jwt_refresh_time = nil
|
|
9
|
+
def self.gigya_jwt_refresh_time=(val)
|
|
10
|
+
@@gigya_jwt_refresh_time = val
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
@@gigya_refresh_time_decay = true
|
|
14
|
+
def self.gigya_jwt_refresh_time
|
|
15
|
+
@@gigya_jwt_refresh_time
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def self.gigya_refresh_time_decay=(val)
|
|
19
|
+
@@gigya_refresh_time_decay = val
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def self.gigya_refresh_time_decay
|
|
23
|
+
@@gigya_refresh_time_decay
|
|
24
|
+
end
|
|
25
|
+
|
|
8
26
|
def gigya_user_required
|
|
9
27
|
begin
|
|
10
28
|
render(:json => {:error => "Invalid login"}, :status => 401) if gigya_user_identifier.blank?
|
|
@@ -17,10 +35,12 @@ module Gigya
|
|
|
17
35
|
def gigya_jwt_token
|
|
18
36
|
@gigya_jwt_token ||= begin
|
|
19
37
|
tmp_token = nil
|
|
38
|
+
token_location = nil
|
|
20
39
|
|
|
21
40
|
begin
|
|
22
41
|
authenticate_with_http_token do |token, options|
|
|
23
42
|
tmp_token = token
|
|
43
|
+
token_location = :header
|
|
24
44
|
end
|
|
25
45
|
rescue
|
|
26
46
|
# If this is being called from a helper instead of a controller, then the authenticate_with_http_token is not available.
|
|
@@ -29,8 +49,10 @@ module Gigya
|
|
|
29
49
|
|
|
30
50
|
begin
|
|
31
51
|
tmp_token = params[GIGYA_QUERY_PARAM] unless params[GIGYA_QUERY_PARAM].blank?
|
|
52
|
+
token_location = :param
|
|
32
53
|
if tmp_token.blank?
|
|
33
54
|
tmp_token = cookies[GIGYA_COOKIE_PARAM]
|
|
55
|
+
token_location = :cookie
|
|
34
56
|
end
|
|
35
57
|
rescue
|
|
36
58
|
# Some lightweight controllers don't do cookies
|
|
@@ -39,17 +61,65 @@ module Gigya
|
|
|
39
61
|
begin
|
|
40
62
|
if tmp_token.blank?
|
|
41
63
|
tmp_token = session[GIGYA_SESSION_PARAM]
|
|
64
|
+
token_location = :session
|
|
42
65
|
end
|
|
43
66
|
rescue
|
|
44
67
|
# Some lightweight controllers don't do sessions
|
|
45
68
|
end
|
|
46
69
|
|
|
70
|
+
token_location = nil if tmp_token.blank?
|
|
71
|
+
|
|
72
|
+
@gigya_token_location = token_location
|
|
73
|
+
|
|
47
74
|
tmp_token
|
|
48
75
|
end
|
|
49
76
|
end
|
|
50
77
|
|
|
51
|
-
def interpret_jwt_token
|
|
52
|
-
@gigya_jwt_info
|
|
78
|
+
def interpret_jwt_token(force = false)
|
|
79
|
+
if @gigya_jwt_info.nil?
|
|
80
|
+
@gigya_jwt_info = Gigya::Connection.shared_connection.validate_jwt(gigya_jwt_token)
|
|
81
|
+
|
|
82
|
+
perform_token_refresh if needs_token_refresh?
|
|
83
|
+
elsif force
|
|
84
|
+
@gigya_jwt_info = Gigya::Connection.shared_connection.validate_jwt(gigya_jwt_token)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
@gigya_jwt_info
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def perform_token_refresh
|
|
91
|
+
gigya_perform_token_refresh
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
def gigya_perform_token_refresh
|
|
95
|
+
info = gigya_user_information
|
|
96
|
+
|
|
97
|
+
fields = info.keys - ["iss", "apiKey", "iat", "exp", "sub"]
|
|
98
|
+
if @@gigya_refresh_time_decay
|
|
99
|
+
# Refresh only until the original token expires
|
|
100
|
+
# Note that this is slightly leaky
|
|
101
|
+
expiration = (Time.at(info["exp"]) - Time.now).to_i
|
|
102
|
+
else
|
|
103
|
+
# Keep refreshing with the same time period
|
|
104
|
+
expiration = info["exp"] - info["iat"]
|
|
105
|
+
end
|
|
106
|
+
result = Gigya::Connection.shared_connection.api_get("accounts", "getJWT", {:UID => gigya_user_identifier, :fields => fields.join(","), :expiration => expiration})
|
|
107
|
+
token = result["id_token"]
|
|
108
|
+
|
|
109
|
+
raise "Unable to refresh token" if token.blank?
|
|
110
|
+
|
|
111
|
+
case @gigya_token_location
|
|
112
|
+
when :header
|
|
113
|
+
headers["X-Set-Authorization-Token"] = token
|
|
114
|
+
when :cookie
|
|
115
|
+
cookies[GIGYA_COOKIE_PARAM] = token
|
|
116
|
+
when :session
|
|
117
|
+
session[GIGYA_SESSION_PARAM] = token
|
|
118
|
+
when :param
|
|
119
|
+
# FIXME - don't know what to do here.
|
|
120
|
+
end
|
|
121
|
+
@gigya_jwt_token = token
|
|
122
|
+
interpret_jwt_token(true) # Force reinterpretation of token
|
|
53
123
|
end
|
|
54
124
|
|
|
55
125
|
def gigya_save_jwt(destination = :cookie)
|
|
@@ -63,6 +133,18 @@ module Gigya
|
|
|
63
133
|
end
|
|
64
134
|
end
|
|
65
135
|
|
|
136
|
+
def needs_token_refresh?
|
|
137
|
+
needs_token_refresh_for_time?
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
def needs_token_refresh_for_time?
|
|
141
|
+
return false if @@gigya_jwt_refresh_time.nil?
|
|
142
|
+
|
|
143
|
+
issue_time = Time.at(@gigya_jwt_info["iat"])
|
|
144
|
+
|
|
145
|
+
return issue_time + @@gigya_jwt_refresh_time < Time.now
|
|
146
|
+
end
|
|
147
|
+
|
|
66
148
|
def gigya_user_information
|
|
67
149
|
interpret_jwt_token
|
|
68
150
|
@gigya_jwt_info
|