omniauth-fishbrain 0.10.0 → 0.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.markdown +13 -12
  3. data/lib/omniauth-fishbrain/version.rb +1 -1
  4. data/lib/omniauth/fishbrain/decode_id_token.rb +54 -0
  5. data/lib/omniauth/fishbrain/premium_status.rb +23 -0
  6. data/lib/omniauth/fishbrain/verifies_id_token.rb +5 -5
  7. data/lib/omniauth/strategies/fishbrain.rb +8 -2
  8. data/lib/omniauth/strategies/fishbrain_id.rb +11 -6
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 70b077fd97606f323245d0180a5a66e5ddb0dc92ec0670147242884bdc930319
4
- data.tar.gz: e483cf58669ab9991b5f59fb5c89c918cebae4572eacec67fcf1b0a145eda569
3
+ metadata.gz: 58b986c338209b8d0078fe1575f66ebac4af360a662db67d0bfff5f3ee6a9dae
4
+ data.tar.gz: d111c45ee3100e0232bf0d5993b80430990bc39c20a7bc0cf7d97c33ec91de44
5
5
  SHA512:
6
- metadata.gz: 4062fe761e149af6926a3757405da9769e86be530ad68f97f8b26343a518872bff85c36ca771bb0c3b9da40b67816b24e3ef1225bf3bc0e02c51bc943400dc09
7
- data.tar.gz: b284b8dba51dc78102513bc6d3746c0ffac410a174f2a7700c00280610067ac6cc272edeb644e6e0500c789e3e6da88b0c696e26d5127cd4736296ea2ba11de7
6
+ metadata.gz: 99441c0a1cf973b4a8a1ed557a3cf361ebbf54695f864bdcf0ad98ebc63d3798c70111a71dd77f262f1a64cd6743cad3ec5c65d544bd156c45a4eccb53e30c1e
7
+ data.tar.gz: e282f4cd037715c4e826938e33305f7d5b9a07784170fbb3d510599338683f2807aad4f6ad60307035e44000f37bebb6f6defd034f4534598b7fe316da04228f
data/README.markdown CHANGED
@@ -1,10 +1,12 @@
1
1
  # OmniAuth Fishbrain
2
2
 
3
+ ![](https://github.com/omniauth/omniauth-github/workflows/Ruby/badge.svg?branch=master)
4
+
3
5
  This gem provides two OmniAuth strategies for Fishbrain.
4
6
 
5
- 1. The `fishbrain` strategy is a standard Omniauth OAuth2 strategy for signing up and signing in
6
- 2. The `fishbrain_id` strategy is intended for sharing a user's identity between services, typically from mobile app to
7
- server
7
+ 1. The `fishbrain` strategy is a standard OmniAuth OAuth2 strategy.
8
+ 2. The `fishbrain_id` strategy is intended for sharing identities between
9
+ services.
8
10
 
9
11
  ## Installation
10
12
 
@@ -16,29 +18,29 @@ gem 'omniauth-fishbrain'
16
18
 
17
19
  In production environments:
18
20
 
19
- ```
21
+ ```ruby
20
22
  use OmniAuth::Builder do
21
- provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET')
23
+ provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET']
22
24
  provider :fishbrain_id
23
25
  end
24
26
  ```
25
27
 
26
28
  In development/test/staging environments:
27
29
 
28
- ```
30
+ ```ruby
29
31
  use OmniAuth::Builder do
30
- provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET'),
31
- user_pool_id: 'eu-west-1_K2uP41DlP',
32
+ provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET'],
33
+ user_pool_id: 'eu-west-1_WlBhbuD6e',
32
34
  client_options: {
33
35
  site: 'https://accounts-staging.fishbrain.com',
34
36
  }
35
- provider :fishbrain_id, user_pool_id: 'eu-west-1_K2uP41DlP'
37
+ provider :fishbrain_id, user_pool_id: 'eu-west-1_WlBhbuD6e'
36
38
  end
37
39
  ```
38
40
 
39
41
  `path_prefix` is supported too:
40
42
 
41
- ```
43
+ ```ruby
42
44
  use OmniAuth::Builder do
43
45
  ...
44
46
 
@@ -46,9 +48,8 @@ use OmniAuth::Builder do
46
48
  end
47
49
  ```
48
50
 
49
-
50
51
  See [`/examples`](examples) for full example using Sinatra.
51
52
 
52
- ## LICENSE
53
+ ## License
53
54
 
54
55
  [MIT](LICENSE)
data/lib/omniauth-fishbrain/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module Fishbrain
5
- VERSION = '0.10.0'
5
+ VERSION = '0.11.4'
6
6
  end
7
7
  end
data/lib/omniauth/fishbrain/decode_id_token.rb ADDED
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'jwt'
5
+
6
+ module OmniAuth
7
+ module Fishbrain
8
+ class DecodeIdToken
9
+ AWS_REGION = 'eu-west-1'
10
+ USER_POOL_ID = 'eu-west-1_TKWveIcYu'
11
+
12
+ attr_reader :client_id, :aws_region, :user_pool_id, :jwt_leeway
13
+
14
+ def initialize(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION)
15
+ @client_id = client_id
16
+ @user_pool_id = user_pool_id
17
+ @aws_region = aws_region
18
+ @jwt_leeway = 60
19
+ end
20
+
21
+ def decode(raw_id_token)
22
+ JWT.decode(raw_id_token, nil, true, decode_options).first
23
+ end
24
+
25
+ private
26
+
27
+ def decode_options
28
+ {
29
+ iss: iss,
30
+ aud: client_id,
31
+ verify_aud: true,
32
+ verify_expiration: true,
33
+ verify_iat: true,
34
+ verify_iss: true,
35
+ verify_not_before: true,
36
+ leeway: jwt_leeway,
37
+ algorithm: 'RS256',
38
+ jwks: jwks,
39
+ }
40
+ end
41
+
42
+ def iss
43
+ "https://cognito-idp.#{aws_region}.amazonaws.com/#{user_pool_id}"
44
+ end
45
+
46
+ def jwks
47
+ @_jwks ||= "#{iss}/.well-known/jwks.json"
48
+ .yield_self(&URI.method(:parse))
49
+ .yield_self(&Net::HTTP.method(:get))
50
+ .yield_self { |it| JSON.parse(it, symbolize_names: true) }
51
+ end
52
+ end
53
+ end
54
+ end
data/lib/omniauth/fishbrain/premium_status.rb ADDED
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+
5
+ module OmniAuth
6
+ module Fishbrain
7
+ module PremiumStatus
8
+ def premium_status
9
+ return {} unless id_token['premium_status']
10
+
11
+ JSON.parse(id_token['premium_status'])
12
+ rescue JSON::ParserError
13
+ {}
14
+ end
15
+
16
+ def premium?
17
+ Time.xmlschema(premium_status['end_date']) > Time.new.utc
18
+ rescue ArgumentError
19
+ false
20
+ end
21
+ end
22
+ end
23
+ end
data/lib/omniauth/fishbrain/verifies_id_token.rb CHANGED
@@ -7,11 +7,11 @@ module OmniAuth
7
7
  module Fishbrain
8
8
  module VerifiesIdToken
9
9
  def id_token
10
- @_id_token ||= begin
11
- return {} unless raw_id_token
12
-
13
- JWT.decode(raw_id_token, nil, true, decode_options).first
14
- end
10
+ @_id_token ||= if raw_id_token&.strip&.empty?
11
+ {}
12
+ else
13
+ JWT.decode(raw_id_token, nil, true, decode_options).first
14
+ end
15
15
  end
16
16
 
17
17
  def decode_options
data/lib/omniauth/strategies/fishbrain.rb CHANGED
@@ -2,11 +2,13 @@
2
2
 
3
3
  require 'omniauth-oauth2'
4
4
  require 'omniauth/fishbrain/verifies_id_token'
5
+ require 'omniauth/fishbrain/premium_status'
5
6
 
6
7
  module OmniAuth
7
8
  module Strategies
8
9
  class Fishbrain < OmniAuth::Strategies::OAuth2
9
10
  include OmniAuth::Fishbrain::VerifiesIdToken
11
+ include OmniAuth::Fishbrain::PremiumStatus
10
12
 
11
13
  option :name, 'fishbrain'
12
14
  option :client_options, site: 'https://accounts.fishbrain.com',
@@ -14,7 +16,7 @@ module OmniAuth
14
16
  token_url: '/oauth2/token',
15
17
  auth_scheme: :basic_auth
16
18
  option :scope, 'email openid profile'
17
- option :user_pool_id, 'eu-west-1_5r0WbR8OH'
19
+ option :user_pool_id, 'eu-west-1_TKWveIcYu'
18
20
  option :aws_region, 'eu-west-1'
19
21
  option :jwt_leeway, 60
20
22
 
@@ -42,7 +44,11 @@ module OmniAuth
42
44
  end
43
45
 
44
46
  extra do
45
- { raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) } }
47
+ {
48
+ raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) },
49
+ premium_status: premium_status,
50
+ is_premium: premium?,
51
+ }
46
52
  end
47
53
 
48
54
  private
data/lib/omniauth/strategies/fishbrain_id.rb CHANGED
@@ -1,15 +1,17 @@
1
1
  # frozen_string_literal:true
2
2
 
3
3
  require 'omniauth/fishbrain/verifies_id_token'
4
+ require 'omniauth/fishbrain/premium_status'
4
5
 
5
6
  module OmniAuth
6
7
  module Strategies
7
8
  class FishbrainId
8
9
  include OmniAuth::Strategy
9
10
  include OmniAuth::Fishbrain::VerifiesIdToken
11
+ include OmniAuth::Fishbrain::PremiumStatus
10
12
 
11
13
  option :name, 'fishbrain_id'
12
- option :user_pool_id, 'eu-west-1_5r0WbR8OH'
14
+ option :user_pool_id, 'eu-west-1_TKWveIcYu'
13
15
  option :client_id, nil
14
16
  option :aws_region, 'eu-west-1'
15
17
  option :jwt_leeway, 60
@@ -27,15 +29,18 @@ module OmniAuth
27
29
  end
28
30
 
29
31
  extra do
30
- { raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) } }
32
+ {
33
+ raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) },
34
+ premium_status: premium_status,
35
+ is_premium: premium?,
36
+ }
31
37
  end
32
38
 
33
39
  def callback_phase
34
- if raw_id_token
35
- id_token
36
- super
37
- else
40
+ if id_token.empty?
38
41
  fail! :missing_id_token
42
+ else
43
+ super
39
44
  end
40
45
  rescue JWT::ExpiredSignature
41
46
  fail! :invalid_id_token
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-fishbrain
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0
4
+ version: 0.11.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Dalen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-02-17 00:00:00.000000000 Z
12
+ date: 2020-06-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: jwt
@@ -51,6 +51,8 @@ files:
51
51
  - README.markdown
52
52
  - lib/omniauth-fishbrain.rb
53
53
  - lib/omniauth-fishbrain/version.rb
54
+ - lib/omniauth/fishbrain/decode_id_token.rb
55
+ - lib/omniauth/fishbrain/premium_status.rb
54
56
  - lib/omniauth/fishbrain/verifies_id_token.rb
55
57
  - lib/omniauth/strategies/fishbrain.rb
56
58
  - lib/omniauth/strategies/fishbrain_id.rb