openid-token-proxy 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +2 -2
- data/lib/openid_token_proxy/token.rb +4 -0
- data/lib/openid_token_proxy/token/authentication.rb +5 -0
- data/lib/openid_token_proxy/version.rb +1 -1
- data/spec/lib/openid_token_proxy/config_spec.rb +24 -0
- data/spec/lib/openid_token_proxy/token/authentication_spec.rb +12 -1
- data/spec/lib/openid_token_proxy/token/refresh_spec.rb +12 -1
- data/spec/lib/openid_token_proxy/token_spec.rb +14 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 367c9b989127b83d27046b97d8d0eed4bb62bc26
|
|
4
|
+
data.tar.gz: 0f5b072253012066745622211b7176ba24a797d7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61558da5b310ec2fb8322b1d8011d5b6df5081e6943f95c70e8c73685fdda3047d67252a57bf9efc220403f78e4d4a75910fab19589feb57fcba2f1187501ccb
|
|
7
|
+
data.tar.gz: 4fca1eff9249fa10be128a1874da69aa82f08feb4bddbda93df17e6af75c192e761eb2f735befe3cbe1410e9b44f1c9609c2e5982b6b0c44205ea9b8f496f5ee
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -9,8 +9,6 @@
|
|
|
9
9
|
Retrieves and refreshes OpenID tokens on behalf of a user when dealing with complex
|
|
10
10
|
authentication schemes, such as client-side certificates.
|
|
11
11
|
|
|
12
|
-
**Note: Under development, not for production usage just yet**
|
|
13
|
-
|
|
14
12
|
**Supported Ruby versions: 2.0.0 or higher**
|
|
15
13
|
|
|
16
14
|
Licensed under the **MIT** license, see LICENSE for more information.
|
|
@@ -149,6 +147,8 @@ Access tokens may be provided with one of the following:
|
|
|
149
147
|
- `Authorization: Bearer <token>` header.
|
|
150
148
|
- Query string parameter `token`.
|
|
151
149
|
|
|
150
|
+
Token expiry time will be exposed through the `X-Token-Expiry-Time` header.
|
|
151
|
+
|
|
152
152
|
|
|
153
153
|
#### Identity / claims
|
|
154
154
|
|
|
@@ -14,6 +14,7 @@ module OpenIDTokenProxy
|
|
|
14
14
|
module ClassMethods
|
|
15
15
|
def require_valid_token(*args)
|
|
16
16
|
before_action :require_valid_token, *args
|
|
17
|
+
after_action :expose_token_expiry_time
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
|
|
@@ -33,6 +34,10 @@ module OpenIDTokenProxy
|
|
|
33
34
|
client_id: config.client_id
|
|
34
35
|
end
|
|
35
36
|
|
|
37
|
+
def expose_token_expiry_time
|
|
38
|
+
response.headers['X-Token-Expiry-Time'] = current_token.expiry_time.iso8601
|
|
39
|
+
end
|
|
40
|
+
|
|
36
41
|
def current_token
|
|
37
42
|
@current_token ||= OpenIDTokenProxy::Token.decode!(raw_token)
|
|
38
43
|
end
|
|
@@ -61,6 +61,30 @@ RSpec.describe OpenIDTokenProxy::Config do
|
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
+
describe '#domain_hint' do
|
|
65
|
+
it 'obtains its default from environment' do
|
|
66
|
+
stub_env('OPENID_DOMAIN_HINT', 'from env')
|
|
67
|
+
expect(subject.domain_hint).to eq 'from env'
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
it 'may be overriden' do
|
|
71
|
+
subject.domain_hint = 'overridden'
|
|
72
|
+
expect(subject.domain_hint).to eq 'overridden'
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
describe '#prompt' do
|
|
77
|
+
it 'obtains its default from environment' do
|
|
78
|
+
stub_env('OPENID_PROMPT', 'from env')
|
|
79
|
+
expect(subject.prompt).to eq 'from env'
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
it 'may be overriden' do
|
|
83
|
+
subject.prompt = 'overridden'
|
|
84
|
+
expect(subject.prompt).to eq 'overridden'
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
64
88
|
describe '#redirect_uri' do
|
|
65
89
|
it 'obtains its default from environment' do
|
|
66
90
|
stub_env('OPENID_REDIRECT_URI', 'from env')
|
|
@@ -3,7 +3,13 @@ require 'spec_helper'
|
|
|
3
3
|
RSpec.describe OpenIDTokenProxy::Token::Authentication, type: :controller do
|
|
4
4
|
let(:authorization_uri) { 'https://id.hyper.no/authorize' }
|
|
5
5
|
let(:access_token) { 'access token' }
|
|
6
|
-
let(:
|
|
6
|
+
let(:expiry_time) { 2.hours.from_now }
|
|
7
|
+
let(:id_token) {
|
|
8
|
+
double(
|
|
9
|
+
exp: expiry_time
|
|
10
|
+
)
|
|
11
|
+
}
|
|
12
|
+
let(:token) { OpenIDTokenProxy::Token.new(access_token, id_token) }
|
|
7
13
|
|
|
8
14
|
before do
|
|
9
15
|
allow(token).to receive(:validate!).and_return true
|
|
@@ -38,6 +44,11 @@ RSpec.describe OpenIDTokenProxy::Token::Authentication, type: :controller do
|
|
|
38
44
|
expect(response).to have_http_status :ok
|
|
39
45
|
expect(response.body).to eq 'Authentication successful'
|
|
40
46
|
end
|
|
47
|
+
|
|
48
|
+
it 'exposes token expiry time through header' do
|
|
49
|
+
get :index
|
|
50
|
+
expect(response.headers['X-Token-Expiry-Time']).to eq expiry_time.iso8601
|
|
51
|
+
end
|
|
41
52
|
end
|
|
42
53
|
|
|
43
54
|
describe '#current_token' do
|
|
@@ -6,8 +6,18 @@ RSpec.describe OpenIDTokenProxy::Token::Refresh, type: :controller do
|
|
|
6
6
|
let(:token) {
|
|
7
7
|
OpenIDTokenProxy::Token.new('expired access token', nil, refresh_token)
|
|
8
8
|
}
|
|
9
|
+
let(:refreshed_expiry_time) { 2.hours.from_now }
|
|
10
|
+
let(:refreshed_id_token) {
|
|
11
|
+
double(
|
|
12
|
+
exp: refreshed_expiry_time
|
|
13
|
+
)
|
|
14
|
+
}
|
|
9
15
|
let(:refreshed_token) {
|
|
10
|
-
OpenIDTokenProxy::Token.new(
|
|
16
|
+
OpenIDTokenProxy::Token.new(
|
|
17
|
+
'new access token',
|
|
18
|
+
refreshed_id_token,
|
|
19
|
+
'new refresh token'
|
|
20
|
+
)
|
|
11
21
|
}
|
|
12
22
|
|
|
13
23
|
before do
|
|
@@ -52,6 +62,7 @@ RSpec.describe OpenIDTokenProxy::Token::Refresh, type: :controller do
|
|
|
52
62
|
expect(response.body).to eq 'Refresh successful'
|
|
53
63
|
expect(response.headers['X-Token']).to eq 'new access token'
|
|
54
64
|
expect(response.headers['X-Refresh-Token']).to eq 'new refresh token'
|
|
65
|
+
expect(response.headers['X-Token-Expiry-Time']).to eq refreshed_expiry_time.iso8601
|
|
55
66
|
end
|
|
56
67
|
end
|
|
57
68
|
end
|
|
@@ -6,11 +6,11 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
6
6
|
let(:audience) { 'audience' }
|
|
7
7
|
let(:client_id) { 'client ID' }
|
|
8
8
|
let(:issuer) { 'issuer' }
|
|
9
|
-
let(:
|
|
9
|
+
let(:expiry_time) { 2.hours.from_now }
|
|
10
10
|
|
|
11
11
|
let(:id_token) {
|
|
12
12
|
double(
|
|
13
|
-
exp:
|
|
13
|
+
exp: expiry_time,
|
|
14
14
|
aud: audience,
|
|
15
15
|
iss: issuer,
|
|
16
16
|
raw_attributes: {
|
|
@@ -33,7 +33,7 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
33
33
|
|
|
34
34
|
describe '#validate!' do
|
|
35
35
|
context 'when token has expired' do
|
|
36
|
-
let(:
|
|
36
|
+
let(:expiry_time) { 2.hours.ago }
|
|
37
37
|
|
|
38
38
|
it 'raises' do
|
|
39
39
|
expect do
|
|
@@ -78,9 +78,19 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
describe '#expiry_time' do
|
|
82
|
+
it 'returns expiry time' do
|
|
83
|
+
expect(subject.expiry_time.to_i).to eq expiry_time.to_i
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
it 'is in UTC' do
|
|
87
|
+
expect(subject.expiry_time.zone).to eq 'UTC'
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
|
|
81
91
|
describe '#expired?' do
|
|
82
92
|
context 'when token has expired' do
|
|
83
|
-
let(:
|
|
93
|
+
let(:expiry_time) { 2.hours.ago }
|
|
84
94
|
it { should be_expired }
|
|
85
95
|
end
|
|
86
96
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid-token-proxy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Kurvers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-05-
|
|
11
|
+
date: 2015-05-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: openid_connect
|