openid-token-proxy 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +2 -2
- data/lib/openid_token_proxy/token.rb +4 -0
- data/lib/openid_token_proxy/token/authentication.rb +5 -0
- data/lib/openid_token_proxy/version.rb +1 -1
- data/spec/lib/openid_token_proxy/config_spec.rb +24 -0
- data/spec/lib/openid_token_proxy/token/authentication_spec.rb +12 -1
- data/spec/lib/openid_token_proxy/token/refresh_spec.rb +12 -1
- data/spec/lib/openid_token_proxy/token_spec.rb +14 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 367c9b989127b83d27046b97d8d0eed4bb62bc26
|
|
4
|
+
data.tar.gz: 0f5b072253012066745622211b7176ba24a797d7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61558da5b310ec2fb8322b1d8011d5b6df5081e6943f95c70e8c73685fdda3047d67252a57bf9efc220403f78e4d4a75910fab19589feb57fcba2f1187501ccb
|
|
7
|
+
data.tar.gz: 4fca1eff9249fa10be128a1874da69aa82f08feb4bddbda93df17e6af75c192e761eb2f735befe3cbe1410e9b44f1c9609c2e5982b6b0c44205ea9b8f496f5ee
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -9,8 +9,6 @@
|
|
|
9
9
|
Retrieves and refreshes OpenID tokens on behalf of a user when dealing with complex
|
|
10
10
|
authentication schemes, such as client-side certificates.
|
|
11
11
|
|
|
12
|
-
**Note: Under development, not for production usage just yet**
|
|
13
|
-
|
|
14
12
|
**Supported Ruby versions: 2.0.0 or higher**
|
|
15
13
|
|
|
16
14
|
Licensed under the **MIT** license, see LICENSE for more information.
|
|
@@ -149,6 +147,8 @@ Access tokens may be provided with one of the following:
|
|
|
149
147
|
- `Authorization: Bearer <token>` header.
|
|
150
148
|
- Query string parameter `token`.
|
|
151
149
|
|
|
150
|
+
Token expiry time will be exposed through the `X-Token-Expiry-Time` header.
|
|
151
|
+
|
|
152
152
|
|
|
153
153
|
#### Identity / claims
|
|
154
154
|
|
|
@@ -14,6 +14,7 @@ module OpenIDTokenProxy
|
|
|
14
14
|
module ClassMethods
|
|
15
15
|
def require_valid_token(*args)
|
|
16
16
|
before_action :require_valid_token, *args
|
|
17
|
+
after_action :expose_token_expiry_time
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
|
|
@@ -33,6 +34,10 @@ module OpenIDTokenProxy
|
|
|
33
34
|
client_id: config.client_id
|
|
34
35
|
end
|
|
35
36
|
|
|
37
|
+
def expose_token_expiry_time
|
|
38
|
+
response.headers['X-Token-Expiry-Time'] = current_token.expiry_time.iso8601
|
|
39
|
+
end
|
|
40
|
+
|
|
36
41
|
def current_token
|
|
37
42
|
@current_token ||= OpenIDTokenProxy::Token.decode!(raw_token)
|
|
38
43
|
end
|
|
@@ -61,6 +61,30 @@ RSpec.describe OpenIDTokenProxy::Config do
|
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
+
describe '#domain_hint' do
|
|
65
|
+
it 'obtains its default from environment' do
|
|
66
|
+
stub_env('OPENID_DOMAIN_HINT', 'from env')
|
|
67
|
+
expect(subject.domain_hint).to eq 'from env'
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
it 'may be overriden' do
|
|
71
|
+
subject.domain_hint = 'overridden'
|
|
72
|
+
expect(subject.domain_hint).to eq 'overridden'
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
describe '#prompt' do
|
|
77
|
+
it 'obtains its default from environment' do
|
|
78
|
+
stub_env('OPENID_PROMPT', 'from env')
|
|
79
|
+
expect(subject.prompt).to eq 'from env'
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
it 'may be overriden' do
|
|
83
|
+
subject.prompt = 'overridden'
|
|
84
|
+
expect(subject.prompt).to eq 'overridden'
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
64
88
|
describe '#redirect_uri' do
|
|
65
89
|
it 'obtains its default from environment' do
|
|
66
90
|
stub_env('OPENID_REDIRECT_URI', 'from env')
|
|
@@ -3,7 +3,13 @@ require 'spec_helper'
|
|
|
3
3
|
RSpec.describe OpenIDTokenProxy::Token::Authentication, type: :controller do
|
|
4
4
|
let(:authorization_uri) { 'https://id.hyper.no/authorize' }
|
|
5
5
|
let(:access_token) { 'access token' }
|
|
6
|
-
let(:
|
|
6
|
+
let(:expiry_time) { 2.hours.from_now }
|
|
7
|
+
let(:id_token) {
|
|
8
|
+
double(
|
|
9
|
+
exp: expiry_time
|
|
10
|
+
)
|
|
11
|
+
}
|
|
12
|
+
let(:token) { OpenIDTokenProxy::Token.new(access_token, id_token) }
|
|
7
13
|
|
|
8
14
|
before do
|
|
9
15
|
allow(token).to receive(:validate!).and_return true
|
|
@@ -38,6 +44,11 @@ RSpec.describe OpenIDTokenProxy::Token::Authentication, type: :controller do
|
|
|
38
44
|
expect(response).to have_http_status :ok
|
|
39
45
|
expect(response.body).to eq 'Authentication successful'
|
|
40
46
|
end
|
|
47
|
+
|
|
48
|
+
it 'exposes token expiry time through header' do
|
|
49
|
+
get :index
|
|
50
|
+
expect(response.headers['X-Token-Expiry-Time']).to eq expiry_time.iso8601
|
|
51
|
+
end
|
|
41
52
|
end
|
|
42
53
|
|
|
43
54
|
describe '#current_token' do
|
|
@@ -6,8 +6,18 @@ RSpec.describe OpenIDTokenProxy::Token::Refresh, type: :controller do
|
|
|
6
6
|
let(:token) {
|
|
7
7
|
OpenIDTokenProxy::Token.new('expired access token', nil, refresh_token)
|
|
8
8
|
}
|
|
9
|
+
let(:refreshed_expiry_time) { 2.hours.from_now }
|
|
10
|
+
let(:refreshed_id_token) {
|
|
11
|
+
double(
|
|
12
|
+
exp: refreshed_expiry_time
|
|
13
|
+
)
|
|
14
|
+
}
|
|
9
15
|
let(:refreshed_token) {
|
|
10
|
-
OpenIDTokenProxy::Token.new(
|
|
16
|
+
OpenIDTokenProxy::Token.new(
|
|
17
|
+
'new access token',
|
|
18
|
+
refreshed_id_token,
|
|
19
|
+
'new refresh token'
|
|
20
|
+
)
|
|
11
21
|
}
|
|
12
22
|
|
|
13
23
|
before do
|
|
@@ -52,6 +62,7 @@ RSpec.describe OpenIDTokenProxy::Token::Refresh, type: :controller do
|
|
|
52
62
|
expect(response.body).to eq 'Refresh successful'
|
|
53
63
|
expect(response.headers['X-Token']).to eq 'new access token'
|
|
54
64
|
expect(response.headers['X-Refresh-Token']).to eq 'new refresh token'
|
|
65
|
+
expect(response.headers['X-Token-Expiry-Time']).to eq refreshed_expiry_time.iso8601
|
|
55
66
|
end
|
|
56
67
|
end
|
|
57
68
|
end
|
|
@@ -6,11 +6,11 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
6
6
|
let(:audience) { 'audience' }
|
|
7
7
|
let(:client_id) { 'client ID' }
|
|
8
8
|
let(:issuer) { 'issuer' }
|
|
9
|
-
let(:
|
|
9
|
+
let(:expiry_time) { 2.hours.from_now }
|
|
10
10
|
|
|
11
11
|
let(:id_token) {
|
|
12
12
|
double(
|
|
13
|
-
exp:
|
|
13
|
+
exp: expiry_time,
|
|
14
14
|
aud: audience,
|
|
15
15
|
iss: issuer,
|
|
16
16
|
raw_attributes: {
|
|
@@ -33,7 +33,7 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
33
33
|
|
|
34
34
|
describe '#validate!' do
|
|
35
35
|
context 'when token has expired' do
|
|
36
|
-
let(:
|
|
36
|
+
let(:expiry_time) { 2.hours.ago }
|
|
37
37
|
|
|
38
38
|
it 'raises' do
|
|
39
39
|
expect do
|
|
@@ -78,9 +78,19 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
describe '#expiry_time' do
|
|
82
|
+
it 'returns expiry time' do
|
|
83
|
+
expect(subject.expiry_time.to_i).to eq expiry_time.to_i
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
it 'is in UTC' do
|
|
87
|
+
expect(subject.expiry_time.zone).to eq 'UTC'
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
|
|
81
91
|
describe '#expired?' do
|
|
82
92
|
context 'when token has expired' do
|
|
83
|
-
let(:
|
|
93
|
+
let(:expiry_time) { 2.hours.ago }
|
|
84
94
|
it { should be_expired }
|
|
85
95
|
end
|
|
86
96
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid-token-proxy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Kurvers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-05-
|
|
11
|
+
date: 2015-05-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: openid_connect
|