RubyGems - nm-gigya - Versions diffs - 0.1.25 → 0.1.26 - Mend

nm-gigya 0.1.25 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/gigya/connection.rb +17 -0
data/lib/gigya/controller_utils.rb +1 -21
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 408cd9ea838368a5276a96875eb10a42c0829788b62ddb2aa59b82a3590da6ad
-  data.tar.gz: d1d6049f5832d881153513a27b4fa7accc439ab63e223ab7ea15f4d1982ed590
+  metadata.gz: b8253c94735c73d0870a148bfc7babdf2da0bc6baab966ba4c0d7207ce33f90f
+  data.tar.gz: b4ebd99810c2e3283a86c33982934ef47cd4627ca2068c5622200331118b7efc
 SHA512:
-  metadata.gz: 21cea382f67d531034a4876241f2fe081f389913cc64f3afbff9676c8a8904d9fe378e894cf217779b91ef9d07a99f7976c8409f5bec987a02bc415b3bcce3cb
-  data.tar.gz: 757daaab8ac6695caa7a4fe069d99ded456d45e57ebbe018e9baf05061bb399fbc1580d10e9438f71cb7139f5d82da07065edc0e30d58073782b900ad581fe29
+  metadata.gz: 18216ea8d1ef4c8ee108349cbcbf473d4743a4f76604fe72a973241a735265576eb4be4a406b72daa465ffa6dede7e0ba328717aa7a233f579f5ed4376421847
+  data.tar.gz: 6d9146dce8eb144384c6d1824172526b9856c37bdf9510006829e14ec380f6cbf9010d96e1da2f334bb2c933fdef342d9144a0ac85e2fee7ed34b00f4c03fb2c

data/lib/gigya/connection.rb CHANGED

@@ -153,6 +153,7 @@ module Gigya
 	class Connection
 		attr_accessor :jwt_skip_validation
+		attr_accessor :whitelisted_api_keys
 		GIGYA_BASE_URL="gigya.com"
 		def self.shared_connection
@@ -164,6 +165,10 @@ module Gigya
 					:user_secret => ENV["GIGYA_USER_SECRET"],
 					:debug_connection => ENV["GIGYA_DEBUG_CONNECTION"] == "1"
 				)
+				whitelist = ENV["GIGYA_WHITELISTED_API_KEYS"]
+				conn.whitelisted_api_keys => whitelist.split(",") unless whitelist.blank?
 				conn.jwt_skip_validation = false
 				conn
 			end
@@ -263,6 +268,18 @@ module Gigya
 			return user_jwt_info if jwt_skip_validation
+			# If we have enumerated whitelisted API keys
+			unless whitelisted_api_keys.nil?
+				# Grab the API key encoded in the token
+				jwt_api_key = user_jwt_info["apiKey"]
+				# Our own API key is automatically valid
+				if jwt_api_key != api_key
+					# Make sure it is listed in the whitelisted keys
+					raise "Invalid API Key" unless whitelisted_api_keys.include?(jwt_api_key)
+				end
+			end
 			signing_key_id = signing_jwt_info["keyid"]
 			@cached_data["jwt_public_keys"] ||= {}
 			k = @cached_data["jwt_public_keys"][signing_key_id]

data/lib/gigya/controller_utils.rb CHANGED

@@ -23,30 +23,10 @@ module Gigya
 			@@gigya_refresh_time_decay
 		end
-		@@max_logged_tokens = 20
-		@@logged_tokens = {}
-		def log_token_error(tok, msg = nil)
-			if @@max_logged_tokens > 0
-				if @@logged_tokens[tok]
-					# already logged
-				else
-					@@logged_tokens[tok] = true
-					@@max_logged_tokens = @@max_logged_tokens - 1
-				end
-				Rails.logger.warn("Token Issue: #{tok}") if tok.present?
-				Rails.logger.warn("Token message: #{msg}") if msg.present?
-			end
-		end
 		def gigya_user_required
 			begin
-				if gigya_user_identifier.blank?
-					log_token_error(request.headers["Authorization"])
-					render(:json => {:error => "Invalid login"}, :status => 401)
-				end
+				render(:json => {:error => "Invalid login"}, :status => 401) if gigya_user_identifier.blank?
 			rescue
-				log_token_error(request.headers["Authorization"], $!.message)
 				render(:json => {:error => "#{$!.message}"}, :status => 401)
 			end
 		end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nm-gigya
 version: !ruby/object:Gem::Version
-  version: 0.1.25
+  version: 0.1.26
 platform: ruby
 authors:
 - Jonathan Bartlett