omniauth-fishbrain 0.10.0 → 0.11.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.markdown +13 -12
  3. data/lib/omniauth-fishbrain/version.rb +1 -1
  4. data/lib/omniauth/fishbrain/decode_id_token.rb +54 -0
  5. data/lib/omniauth/fishbrain/premium_status.rb +23 -0
  6. data/lib/omniauth/fishbrain/verifies_id_token.rb +5 -5
  7. data/lib/omniauth/strategies/fishbrain.rb +8 -2
  8. data/lib/omniauth/strategies/fishbrain_id.rb +11 -6
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 70b077fd97606f323245d0180a5a66e5ddb0dc92ec0670147242884bdc930319
4
- data.tar.gz: e483cf58669ab9991b5f59fb5c89c918cebae4572eacec67fcf1b0a145eda569
3
+ metadata.gz: 58b986c338209b8d0078fe1575f66ebac4af360a662db67d0bfff5f3ee6a9dae
4
+ data.tar.gz: d111c45ee3100e0232bf0d5993b80430990bc39c20a7bc0cf7d97c33ec91de44
5
5
  SHA512:
6
- metadata.gz: 4062fe761e149af6926a3757405da9769e86be530ad68f97f8b26343a518872bff85c36ca771bb0c3b9da40b67816b24e3ef1225bf3bc0e02c51bc943400dc09
7
- data.tar.gz: b284b8dba51dc78102513bc6d3746c0ffac410a174f2a7700c00280610067ac6cc272edeb644e6e0500c789e3e6da88b0c696e26d5127cd4736296ea2ba11de7
6
+ metadata.gz: 99441c0a1cf973b4a8a1ed557a3cf361ebbf54695f864bdcf0ad98ebc63d3798c70111a71dd77f262f1a64cd6743cad3ec5c65d544bd156c45a4eccb53e30c1e
7
+ data.tar.gz: e282f4cd037715c4e826938e33305f7d5b9a07784170fbb3d510599338683f2807aad4f6ad60307035e44000f37bebb6f6defd034f4534598b7fe316da04228f
data/README.markdown CHANGED
@@ -1,10 +1,12 @@
1
1
  # OmniAuth Fishbrain
2
2
 
3
+ ![](https://github.com/omniauth/omniauth-github/workflows/Ruby/badge.svg?branch=master)
4
+
3
5
  This gem provides two OmniAuth strategies for Fishbrain.
4
6
 
5
- 1. The `fishbrain` strategy is a standard Omniauth OAuth2 strategy for signing up and signing in
6
- 2. The `fishbrain_id` strategy is intended for sharing a user's identity between services, typically from mobile app to
7
- server
7
+ 1. The `fishbrain` strategy is a standard OmniAuth OAuth2 strategy.
8
+ 2. The `fishbrain_id` strategy is intended for sharing identities between
9
+ services.
8
10
 
9
11
  ## Installation
10
12
 
@@ -16,29 +18,29 @@ gem 'omniauth-fishbrain'
16
18
 
17
19
  In production environments:
18
20
 
19
- ```
21
+ ```ruby
20
22
  use OmniAuth::Builder do
21
- provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET')
23
+ provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET']
22
24
  provider :fishbrain_id
23
25
  end
24
26
  ```
25
27
 
26
28
  In development/test/staging environments:
27
29
 
28
- ```
30
+ ```ruby
29
31
  use OmniAuth::Builder do
30
- provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET'),
31
- user_pool_id: 'eu-west-1_K2uP41DlP',
32
+ provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET'],
33
+ user_pool_id: 'eu-west-1_WlBhbuD6e',
32
34
  client_options: {
33
35
  site: 'https://accounts-staging.fishbrain.com',
34
36
  }
35
- provider :fishbrain_id, user_pool_id: 'eu-west-1_K2uP41DlP'
37
+ provider :fishbrain_id, user_pool_id: 'eu-west-1_WlBhbuD6e'
36
38
  end
37
39
  ```
38
40
 
39
41
  `path_prefix` is supported too:
40
42
 
41
- ```
43
+ ```ruby
42
44
  use OmniAuth::Builder do
43
45
  ...
44
46
 
@@ -46,9 +48,8 @@ use OmniAuth::Builder do
46
48
  end
47
49
  ```
48
50
 
49
-
50
51
  See [`/examples`](examples) for full example using Sinatra.
51
52
 
52
- ## LICENSE
53
+ ## License
53
54
 
54
55
  [MIT](LICENSE)
data/lib/omniauth-fishbrain/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module Fishbrain
5
- VERSION = '0.10.0'
5
+ VERSION = '0.11.4'
6
6
  end
7
7
  end
data/lib/omniauth/fishbrain/decode_id_token.rb ADDED
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'jwt'
5
+
6
+ module OmniAuth
7
+ module Fishbrain
8
+ class DecodeIdToken
9
+ AWS_REGION = 'eu-west-1'
10
+ USER_POOL_ID = 'eu-west-1_TKWveIcYu'
11
+
12
+ attr_reader :client_id, :aws_region, :user_pool_id, :jwt_leeway
13
+
14
+ def initialize(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION)
15
+ @client_id = client_id
16
+ @user_pool_id = user_pool_id
17
+ @aws_region = aws_region
18
+ @jwt_leeway = 60
19
+ end
20
+
21
+ def decode(raw_id_token)
22
+ JWT.decode(raw_id_token, nil, true, decode_options).first
23
+ end
24
+
25
+ private
26
+
27
+ def decode_options
28
+ {
29
+ iss: iss,
30
+ aud: client_id,
31
+ verify_aud: true,
32
+ verify_expiration: true,
33
+ verify_iat: true,
34
+ verify_iss: true,
35
+ verify_not_before: true,
36
+ leeway: jwt_leeway,
37
+ algorithm: 'RS256',
38
+ jwks: jwks,
39
+ }
40
+ end
41
+
42
+ def iss
43
+ "https://cognito-idp.#{aws_region}.amazonaws.com/#{user_pool_id}"
44
+ end
45
+
46
+ def jwks
47
+ @_jwks ||= "#{iss}/.well-known/jwks.json"
48
+ .yield_self(&URI.method(:parse))
49
+ .yield_self(&Net::HTTP.method(:get))
50
+ .yield_self { |it| JSON.parse(it, symbolize_names: true) }
51
+ end
52
+ end
53
+ end
54
+ end
data/lib/omniauth/fishbrain/premium_status.rb ADDED
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+
5
+ module OmniAuth
6
+ module Fishbrain
7
+ module PremiumStatus
8
+ def premium_status
9
+ return {} unless id_token['premium_status']
10
+
11
+ JSON.parse(id_token['premium_status'])
12
+ rescue JSON::ParserError
13
+ {}
14
+ end
15
+
16
+ def premium?
17
+ Time.xmlschema(premium_status['end_date']) > Time.new.utc
18
+ rescue ArgumentError
19
+ false
20
+ end
21
+ end
22
+ end
23
+ end
data/lib/omniauth/fishbrain/verifies_id_token.rb CHANGED
@@ -7,11 +7,11 @@ module OmniAuth
7
7
  module Fishbrain
8
8
  module VerifiesIdToken
9
9
  def id_token
10
- @_id_token ||= begin
11
- return {} unless raw_id_token
12
-
13
- JWT.decode(raw_id_token, nil, true, decode_options).first
14
- end
10
+ @_id_token ||= if raw_id_token&.strip&.empty?
11
+ {}
12
+ else
13
+ JWT.decode(raw_id_token, nil, true, decode_options).first
14
+ end
15
15
  end
16
16
 
17
17
  def decode_options
data/lib/omniauth/strategies/fishbrain.rb CHANGED
@@ -2,11 +2,13 @@
2
2
 
3
3
  require 'omniauth-oauth2'
4
4
  require 'omniauth/fishbrain/verifies_id_token'
5
+ require 'omniauth/fishbrain/premium_status'
5
6
 
6
7
  module OmniAuth
7
8
  module Strategies
8
9
  class Fishbrain < OmniAuth::Strategies::OAuth2
9
10
  include OmniAuth::Fishbrain::VerifiesIdToken
11
+ include OmniAuth::Fishbrain::PremiumStatus
10
12
 
11
13
  option :name, 'fishbrain'
12
14
  option :client_options, site: 'https://accounts.fishbrain.com',
@@ -14,7 +16,7 @@ module OmniAuth
14
16
  token_url: '/oauth2/token',
15
17
  auth_scheme: :basic_auth
16
18
  option :scope, 'email openid profile'
17
- option :user_pool_id, 'eu-west-1_5r0WbR8OH'
19
+ option :user_pool_id, 'eu-west-1_TKWveIcYu'
18
20
  option :aws_region, 'eu-west-1'
19
21
  option :jwt_leeway, 60
20
22
 
@@ -42,7 +44,11 @@ module OmniAuth
42
44
  end
43
45
 
44
46
  extra do
45
- { raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) } }
47
+ {
48
+ raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) },
49
+ premium_status: premium_status,
50
+ is_premium: premium?,
51
+ }
46
52
  end
47
53
 
48
54
  private
data/lib/omniauth/strategies/fishbrain_id.rb CHANGED
@@ -1,15 +1,17 @@
1
1
  # frozen_string_literal:true
2
2
 
3
3
  require 'omniauth/fishbrain/verifies_id_token'
4
+ require 'omniauth/fishbrain/premium_status'
4
5
 
5
6
  module OmniAuth
6
7
  module Strategies
7
8
  class FishbrainId
8
9
  include OmniAuth::Strategy
9
10
  include OmniAuth::Fishbrain::VerifiesIdToken
11
+ include OmniAuth::Fishbrain::PremiumStatus
10
12
 
11
13
  option :name, 'fishbrain_id'
12
- option :user_pool_id, 'eu-west-1_5r0WbR8OH'
14
+ option :user_pool_id, 'eu-west-1_TKWveIcYu'
13
15
  option :client_id, nil
14
16
  option :aws_region, 'eu-west-1'
15
17
  option :jwt_leeway, 60
@@ -27,15 +29,18 @@ module OmniAuth
27
29
  end
28
30
 
29
31
  extra do
30
- { raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) } }
32
+ {
33
+ raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) },
34
+ premium_status: premium_status,
35
+ is_premium: premium?,
36
+ }
31
37
  end
32
38
 
33
39
  def callback_phase
34
- if raw_id_token
35
- id_token
36
- super
37
- else
40
+ if id_token.empty?
38
41
  fail! :missing_id_token
42
+ else
43
+ super
39
44
  end
40
45
  rescue JWT::ExpiredSignature
41
46
  fail! :invalid_id_token
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-fishbrain
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0
4
+ version: 0.11.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Dalen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-02-17 00:00:00.000000000 Z
12
+ date: 2020-06-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: jwt
@@ -51,6 +51,8 @@ files:
51
51
  - README.markdown
52
52
  - lib/omniauth-fishbrain.rb
53
53
  - lib/omniauth-fishbrain/version.rb
54
+ - lib/omniauth/fishbrain/decode_id_token.rb
55
+ - lib/omniauth/fishbrain/premium_status.rb
54
56
  - lib/omniauth/fishbrain/verifies_id_token.rb
55
57
  - lib/omniauth/strategies/fishbrain.rb
56
58
  - lib/omniauth/strategies/fishbrain_id.rb