omniauth-colorgy-oauth2 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 94da4a452dca3e370d41b977b59e8afb012dd302
-  data.tar.gz: 94012e54bf4185e77dd66a403627fecce3da70ec
+  metadata.gz: 761943b85e3233140e27f0c47719fed1a005337f
+  data.tar.gz: 6e267348560e44db0f5964d78d8ac6fe22d99272
 SHA512:
-  metadata.gz: 0abe4493c950009dfd16d859cefa94609563275b9f0b90c831d65c72a6fbcd97147af007c18476c6e996c5658fabd2085c63a720f3fb6bb9adefe65c71ccc6a9
-  data.tar.gz: d25810bfc07fb0790fe550e883f696dc2222e15e27b16920e3ee15ed1ecb35802b24fca8ebfc83762ff303e5e9a02dfcb665a951597bce11d85b644549527f6d
+  metadata.gz: 49b05775dd6c8e0d83d43301f4e0f7784c3c59872fd8241c400be2e3cbdd5915b18b54f09aa2b1889cec508e425944aa5167b10c79ff67ea73e0d680c4d7da86
+  data.tar.gz: 182a6b13b5c534772d2b45fca99418bc86155e37ba4fa2f3288b4883cc94d06e374dfe922b55a089f9c4083dd7cccdbee2703efc5ddf1f38a7bdc966d71f4c3f

data/README.md

@@ -129,13 +129,14 @@ _(Optional)_
 
 The Colorgy SSO system is implemented using **OAuth 2.0** as the authorization protocol and **Sign-on Status Tokens (SST)** as credential of the sign-on status of the user, achieving sign in and out seamlessly controlled by a central server.
 
-The **Sign-on Status Token (SST)** is stored in an cross-domain cookie (`_sst`) to represent the sign on status of the current user. SSTs are trully [JSON Web Tokens (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token) containing identification information, signed by a RSA private key. Clients (other services under this SSO system) will be able to decode and verify the infomation using a corresponding RSA public key, and make reasonable reactions according to the infomation it provided.
+The **Sign-on Status Token (SST)** is stored in an cross-domain cookie (`_sst`) to represent the sign on status of the current user. **SST**s are trully [JSON Web Tokens (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token) containing identification information, signed by a RSA private key. Clients (other services under this SSO system) will be able to decode and verify the infomation using a corresponding RSA public key, and make reasonable reactions (signs in or out the user, reauthorize from the server... etc.) according to the infomation it provided.
 
 This gem has implemented some solutions to cover certain use cases.
 
-
 ### Using Devise With Rails: `ColorgyDeviseSSOManager`
 
+_An `ActiveSupport::Concern` to drop into your `ActionController` directly without any configurations to enable SSO support, if you're using devise and omniauth already._
+
 > Limitations: since this tactic relys on sharing a cookie accross Colorgy core and your app, your app should be running on a subdomain of Colorgy core to make this work.
 
 First, make sure Devise is setup properly to OmniAuth with Colorgy - clicking the 'Sign in with Colorgy' link will sign you in with no doubts.
@@ -177,7 +178,9 @@ end
 
 _`FlashMessageReporter` is optional, include it if you want to relay flash messages from core to your app ._
 
-One last step: unlike URL of the core SSO server can be guessed by OmniAuth and Devise configurations, the **RSA public key** used to verify SST isn't. So you need to pass it in manually using an environment variable called **`CORE_RSA_PUBLIC_KEY`**. Put it in your `.env` or export it like this: `export CORE_RSA_PUBLIC_KEY='-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3D ... P2QIDAQAB\n-----END PUBLIC KEY-----\n'`. Make sure it's accessible via `ENV['CORE_RSA_PUBLIC_KEY']` in your app.
+> This `ActiveSupport::Concern` is zero-configured since we can guess the URL of Core SSO by OmniAuth and Devise configurations, get the RSA public key automatically from the server, and use the User model's `uuid` (or `cid`, `sid`) and `refreshed_at` (or `synced_at`) by convention to perform certain actions like checking the user's identity or last refresh date.
+
+> You can also manually specify the RSA public key used to verify SSTs. Just pass it in using an environment variable called **`CORE_RSA_PUBLIC_KEY`**. Put it in your `.env` or export it like this: `export CORE_RSA_PUBLIC_KEY='-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3D ... P2QIDAQAB\n-----END PUBLIC KEY-----\n'`. Make sure it's accessible via `ENV['CORE_RSA_PUBLIC_KEY']` in your app.
 
 Now that users on your app will be signing in/out synchronizedly with Colorgy core, and is automatically reauthorized to get user's new data from core when updated.
 

data/{lib → app/controllers/concerns}/colorgy_devise_sso_manager.rb

@@ -17,26 +17,30 @@ module ColorgyDeviseSSOManager
     sign_out_url
   end
 
-  # Override the destroy_user_session_path to logout from core
-  def destroy_user_session_path
-    sign_out_url
-  end
-
   private
 
   # Getter of the core domain
   def core_domain
-    @@core_domain ||= URI.parse(Devise.omniauth_configs[:colorgy].options[:client_options][:site]).host
+    @@core_domain ||= URI.parse(core_url).host
   end
 
   # Getter of the core url
   def core_url
-    @@core_url ||= Devise.omniauth_configs[:colorgy].options[:client_options][:site]
+    @@core_url ||= if Devise.omniauth_configs[:colorgy].options[:client_options].is_a?(Hash)
+      Devise.omniauth_configs[:colorgy].options[:client_options][:site]
+    else
+      OmniAuth::Strategies::Colorgy.new(0).options.client_options.site
+    end
+  end
+
+  # Getter of the core rsa public key string
+  def core_rsa_public_key_string
+    @@core_rsa_public_key_string ||= (ENV['CORE_RSA_PUBLIC_KEY'] || Net::HTTP.get(core_domain, '/_rsa.pub')).gsub(/\\n/, "\n")
   end
 
   # Getter of the core rsa public key
   def core_rsa_public_key
-    @@core_rsa_public_key ||= OpenSSL::PKey::RSA.new(ENV['CORE_RSA_PUBLIC_KEY'].gsub(/\\n/, "\n"))
+    @@core_rsa_public_key ||= OpenSSL::PKey::RSA.new(core_rsa_public_key_string)
   end
 
   # Decode the sign-on status token (sst) string and return a hash
@@ -107,7 +111,7 @@ module ColorgyDeviseSSOManager
 
     # if the user isn't signed in but the sst isn't blank,
     # redirect to core authorize path
-    elsif !sst.blank?
+    elsif !sst.blank? && request.get? && is_navigational_format?
       redirect_to user_omniauth_authorize_path(:colorgy) and return
     end
   end

data/lib/omniauth/colorgy_oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
-  module ColorgyOauth2
-    VERSION = "0.1.0"
+  module ColorgyOAuth2
+    VERSION = "0.1.1"
   end
 end

data/lib/omniauth/colorgy_oauth2.rb

@@ -1,8 +1,10 @@
 require "omniauth/colorgy_oauth2/version"
 require File.join('omniauth', 'strategies', 'colorgy')
+OmniAuth.config.add_camelization('colorgy_oauth', 'ColorgyOAuth')
+OmniAuth.config.add_camelization('colorgy_oauth2', 'ColorgyOAuth2')
 
 module OmniAuth
-  module ColorgyOauth2
+  module ColorgyOAuth2
     CORE_URL = 'https://colorgy.io'
   end
 end

data/lib/omniauth-colorgy-oauth2.rb

@@ -1,3 +1,6 @@
 require File.join('omniauth', 'colorgy_oauth2')
-require File.join('flash_message_reporter') if defined? ActiveSupport::Concern
-require File.join('colorgy_devise_sso_manager') if defined? Devise && defined? ActiveSupport::Concern
+OmniAuth.config.add_camelization('colorgy_oauth', 'ColorgyOAuth')
+OmniAuth.config.add_camelization('colorgy_oauth2', 'ColorgyOAuth2')
+
+require File.expand_path(File.join('..', '..', 'app', 'controllers', 'concerns', 'flash_message_reporter'), __FILE__) if defined? ActiveSupport::Concern
+require File.expand_path(File.join('..', '..', 'app', 'controllers', 'concerns', 'colorgy_devise_sso_manager'), __FILE__) if defined? Devise && defined? ActiveSupport::Concern

data/omniauth-colorgy-oauth2.gemspec

@@ -5,7 +5,7 @@ require 'omniauth/colorgy_oauth2/version'
 
 Gem::Specification.new do |spec|
   spec.name          = "omniauth-colorgy-oauth2"
-  spec.version       = OmniAuth::ColorgyOauth2::VERSION
+  spec.version       = OmniAuth::ColorgyOAuth2::VERSION
   spec.authors       = ["Neson"]
   spec.email         = ["neson@dex.tw"]
 
@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency 'omniauth', '>= 1.1.1'
   spec.add_runtime_dependency 'omniauth-oauth2', '>= 1.1.1'
+  spec.add_runtime_dependency 'jwt', '>= 1.0.0'
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-colorgy-oauth2
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Neson
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -95,10 +109,10 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- app/controllers/concerns/colorgy_devise_sso_manager.rb
+- app/controllers/concerns/flash_message_reporter.rb
 - bin/console
 - bin/setup
-- lib/colorgy_devise_sso_manager.rb
-- lib/flash_message_reporter.rb
 - lib/omniauth-colorgy-oauth2.rb
 - lib/omniauth/colorgy_oauth2.rb
 - lib/omniauth/colorgy_oauth2/version.rb