omniauth-fishbrain 0.11.0 → 0.11.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aeee9cc6e162c2f7af87e9e888e5ee6512e3b0733db7e2ea62b36edc3e18f355
-  data.tar.gz: c7e1e870026535bab621a989e3108065b87361b700b819117fc43422f247407b
+  metadata.gz: 1637721816e60eb974b77e438d29b21943e039b2ec6deb97fd621b055ea9b3f9
+  data.tar.gz: 7a25399a0f3cdff975adccbdb46fbf2679417978756fad9336be4e9be26fb9af
 SHA512:
-  metadata.gz: 1581f15f1c259c32b65918776be71fecb61d8a301684168c6c203671f19fb36f13f246135e940b733412eec27afeb9cb065c70412323505792cd1dd8f1848bf8
-  data.tar.gz: f2cb803f3e831ee2607c7ba93ac089d48fdfe3d5a3ec39c17bbfa46b5904862dc5d82c75984a6fcac60cd17569cb485a5206706348285133f1046fb88974dd24
+  metadata.gz: f54afe7e9de9d46401a3c6c387a63a42e2661ccaf81fe674fdd73c840db162a44360e1f4011020d8faa7b191a65ff9073909ef0c498d15a7e09ae544c3e9b35a
+  data.tar.gz: fce1acff0dbc7abbe47f4113c5abb978bd08e8bbc4d6fd59fc62bbe9eaa608caf5175e4490a8369c3f6fa74f81b8e714a5667159e23bbb81ce2e146e5eade613

data/README.markdown

@@ -30,11 +30,11 @@ In development/test/staging environments:
 ```ruby
 use OmniAuth::Builder do
   provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET'],
-                       user_pool_id: 'eu-west-1_K2uP41DlP',
+                       user_pool_id: 'eu-west-1_WlBhbuD6e',
                        client_options: {
                          site: 'https://accounts-staging.fishbrain.com',
                        }
-  provider :fishbrain_id, user_pool_id: 'eu-west-1_K2uP41DlP'
+  provider :fishbrain_id, user_pool_id: 'eu-west-1_WlBhbuD6e'
 end
 ```
 

data/lib/omniauth-fishbrain/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module Fishbrain
-    VERSION = '0.11.0'
+    VERSION = '0.11.5'
   end
 end

data/lib/omniauth/fishbrain/decode_id_token.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'jwt'
+
+module OmniAuth
+  module Fishbrain
+    class DecodeIdToken
+      AWS_REGION = 'eu-west-1'
+      USER_POOL_ID = 'eu-west-1_TKWveIcYu'
+
+      attr_reader :client_id, :aws_region, :user_pool_id, :jwt_leeway
+
+      def initialize(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION)
+        @client_id = client_id
+        @user_pool_id = user_pool_id
+        @aws_region = aws_region
+        @jwt_leeway = 60
+      end
+
+      def decode(raw_id_token)
+        JWT.decode(raw_id_token, nil, true, decode_options).first
+      end
+
+      private
+
+      def decode_options
+        {
+          iss: iss,
+          aud: client_id,
+          verify_aud: false,
+          verify_expiration: true,
+          verify_iat: true,
+          verify_iss: true,
+          verify_not_before: true,
+          leeway: jwt_leeway,
+          algorithm: 'RS256',
+          jwks: jwks,
+        }
+      end
+
+      def iss
+        "https://cognito-idp.#{aws_region}.amazonaws.com/#{user_pool_id}"
+      end
+
+      def jwks
+        @_jwks ||= "#{iss}/.well-known/jwks.json"
+          .yield_self(&URI.method(:parse))
+          .yield_self(&Net::HTTP.method(:get))
+          .yield_self { |it| JSON.parse(it, symbolize_names: true) }
+      end
+    end
+  end
+end

data/lib/omniauth/fishbrain/premium_status.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'date'
 require 'json'
 
 module OmniAuth
@@ -9,15 +8,14 @@ module OmniAuth
       def premium_status
         return {} unless id_token['premium_status']
 
-        JSON.parse id_token['premium_status']
+        JSON.parse(id_token['premium_status'])
       rescue JSON::ParserError
         {}
       end
 
       def premium?
-        DateTime.rfc3339(premium_status['premium_end_date']) > DateTime.now
+        Time.xmlschema(premium_status['end_date']) > Time.new.utc
       rescue ArgumentError
-        # if format was wrong
         false
       end
     end

data/lib/omniauth/fishbrain/verifies_id_token.rb

@@ -7,11 +7,11 @@ module OmniAuth
   module Fishbrain
     module VerifiesIdToken
       def id_token
-        @_id_token ||= begin
-          return {} unless raw_id_token
-
-          JWT.decode(raw_id_token, nil, true, decode_options).first
-        end
+        @_id_token ||= if raw_id_token&.strip&.empty?
+                         {}
+                       else
+                         JWT.decode(raw_id_token, nil, true, decode_options).first
+                       end
       end
 
       def decode_options

data/lib/omniauth/strategies/fishbrain.rb

@@ -16,7 +16,7 @@ module OmniAuth
                               token_url: '/oauth2/token',
                               auth_scheme: :basic_auth
       option :scope, 'email openid profile'
-      option :user_pool_id, 'eu-west-1_5r0WbR8OH'
+      option :user_pool_id, 'eu-west-1_TKWveIcYu'
       option :aws_region, 'eu-west-1'
       option :jwt_leeway, 60
 

data/lib/omniauth/strategies/fishbrain_id.rb

@@ -11,7 +11,7 @@ module OmniAuth
       include OmniAuth::Fishbrain::PremiumStatus
 
       option :name, 'fishbrain_id'
-      option :user_pool_id, 'eu-west-1_5r0WbR8OH'
+      option :user_pool_id, 'eu-west-1_TKWveIcYu'
       option :client_id, nil
       option :aws_region, 'eu-west-1'
       option :jwt_leeway, 60
@@ -37,11 +37,10 @@ module OmniAuth
       end
 
       def callback_phase
-        if raw_id_token
-          id_token
-          super
-        else
+        if id_token.empty?
           fail! :missing_id_token
+        else
+          super
         end
       rescue JWT::ExpiredSignature
         fail! :invalid_id_token

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-fishbrain
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.11.5
 platform: ruby
 authors:
 - Erik Dalen
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-27 00:00:00.000000000 Z
+date: 2020-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -51,6 +51,7 @@ files:
 - README.markdown
 - lib/omniauth-fishbrain.rb
 - lib/omniauth-fishbrain/version.rb
+- lib/omniauth/fishbrain/decode_id_token.rb
 - lib/omniauth/fishbrain/premium_status.rb
 - lib/omniauth/fishbrain/verifies_id_token.rb
 - lib/omniauth/strategies/fishbrain.rb
@@ -67,15 +68,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: OmniAuth strategy for Fishbrain