openid-token-proxy 0.1.6 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +13 -0
- data/lib/openid_token_proxy/config.rb +2 -0
- data/lib/openid_token_proxy/token/authentication.rb +1 -1
- data/lib/openid_token_proxy/token/refresh.rb +8 -1
- data/lib/openid_token_proxy/version.rb +1 -1
- data/spec/controllers/openid_token_proxy/callback_controller_spec.rb +5 -3
- data/spec/lib/openid_token_proxy/token/authentication_spec.rb +6 -0
- data/spec/lib/openid_token_proxy/token/refresh_spec.rb +17 -6
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c64cf28d8d4c3fb0774488c18ecae95c5e3abcbb
|
4
|
+
data.tar.gz: 4eaa2ce104d161d27c36ff7291bf25990fb15106
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d76ce92ad630b77f81c9cd1c9b993c52a886728f4bed5cfbc86fbc8ddd6d702e1597e3d77addb8ee4626f542cde7f6f5ee4bb3a99e93db78715991b1cfa7e8d6
|
7
|
+
data.tar.gz: 3f658685bfc72a789dd1427c4632d396ee89cfcc82c606c2ae08d35c69a61eadb047fcccf2a99794a70a0cf5e3dc5e7b3e9335333a02be7a99046f4508c072a8
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -148,6 +148,7 @@ Access tokens may be provided with one of the following:
|
|
148
148
|
- `X-Token` header.
|
149
149
|
- `Authorization: Bearer <token>` header.
|
150
150
|
- Query string parameter `token`.
|
151
|
+
- Cookie `token`.
|
151
152
|
|
152
153
|
Token expiry time will be exposed through the `X-Token-Expiry-Time` header.
|
153
154
|
|
@@ -187,6 +188,7 @@ Refresh tokens may be provided with one of the following:
|
|
187
188
|
|
188
189
|
- `X-Refresh-Token` header.
|
189
190
|
- Query string parameter `refresh_token`.
|
191
|
+
- Cookie `refresh_token`.
|
190
192
|
|
191
193
|
Whenever an access token has expired and a refresh token is given, the module will
|
192
194
|
attempt to obtain a new token transparently.
|
@@ -197,6 +199,17 @@ token was obtained:
|
|
197
199
|
- `X-Token` header containing the new access token to be used in future requests.
|
198
200
|
- `X-Refresh-Token` header containing the new refresh token.
|
199
201
|
|
202
|
+
You may configure some code to be run (scoped to a controller) when a token is
|
203
|
+
successfully refreshed:
|
204
|
+
|
205
|
+
```ruby
|
206
|
+
OpenIDTokenProxy.configure do |config|
|
207
|
+
config.token_refreshment_hook = proc { |token|
|
208
|
+
cookies[:token] = token.access_token
|
209
|
+
}
|
210
|
+
end
|
211
|
+
```
|
212
|
+
|
200
213
|
|
201
214
|
## Contributing
|
202
215
|
|
@@ -11,6 +11,7 @@ module OpenIDTokenProxy
|
|
11
11
|
:userinfo_endpoint, :end_session_endpoint
|
12
12
|
|
13
13
|
attr_accessor :token_acquirement_hook
|
14
|
+
attr_accessor :token_refreshment_hook
|
14
15
|
attr_accessor :public_keys
|
15
16
|
|
16
17
|
def initialize
|
@@ -31,6 +32,7 @@ module OpenIDTokenProxy
|
|
31
32
|
@end_session_endpoint = ENV['OPENID_END_SESSION_ENDPOINT']
|
32
33
|
|
33
34
|
@token_acquirement_hook = proc { }
|
35
|
+
@token_refreshment_hook = proc { }
|
34
36
|
|
35
37
|
yield self if block_given?
|
36
38
|
end
|
@@ -17,11 +17,18 @@ module OpenIDTokenProxy
|
|
17
17
|
)
|
18
18
|
response.headers['X-Token'] = current_token.access_token
|
19
19
|
response.headers['X-Refresh-Token'] = current_token.refresh_token
|
20
|
+
|
21
|
+
instance_exec(
|
22
|
+
current_token,
|
23
|
+
&OpenIDTokenProxy.config.token_refreshment_hook
|
24
|
+
)
|
20
25
|
end
|
21
26
|
end
|
22
27
|
|
23
28
|
def raw_refresh_token
|
24
|
-
params[:refresh_token] ||
|
29
|
+
params[:refresh_token] ||
|
30
|
+
request.headers['X-Refresh-Token'] ||
|
31
|
+
cookies[:refresh_token]
|
25
32
|
end
|
26
33
|
end
|
27
34
|
end
|
@@ -5,7 +5,7 @@ RSpec.describe OpenIDTokenProxy::CallbackController, type: :controller do
|
|
5
5
|
let(:access_token) { 'access token' }
|
6
6
|
let(:auth_code) { 'authorization code' }
|
7
7
|
let(:client) { OpenIDTokenProxy.client }
|
8
|
-
let(:token) {
|
8
|
+
let(:token) { OpenIDTokenProxy::Token.new 'token' }
|
9
9
|
|
10
10
|
context 'when authorization code is missing' do
|
11
11
|
it 'results in 400 BAD REQUEST with error message' do
|
@@ -36,8 +36,10 @@ RSpec.describe OpenIDTokenProxy::CallbackController, type: :controller do
|
|
36
36
|
context 'with no-op token acquirement hook' do
|
37
37
|
it 'redirects to root' do
|
38
38
|
OpenIDTokenProxy.configure_temporarily do |config|
|
39
|
-
|
40
|
-
|
39
|
+
expect do |probe|
|
40
|
+
config.token_acquirement_hook = probe
|
41
|
+
get :handle, code: auth_code
|
42
|
+
end.to yield_with_args(instance_of(OpenIDTokenProxy::Token))
|
41
43
|
expect(response).to redirect_to controller.main_app.root_url
|
42
44
|
end
|
43
45
|
end
|
@@ -74,5 +74,11 @@ RSpec.describe OpenIDTokenProxy::Token::Authentication, type: :controller do
|
|
74
74
|
get :index
|
75
75
|
expect(controller.raw_token).to eq 'raw token'
|
76
76
|
end
|
77
|
+
|
78
|
+
it 'may be provided as a cookie' do
|
79
|
+
cookies[:token] = 'raw token'
|
80
|
+
get :index
|
81
|
+
expect(controller.raw_token).to eq 'raw token'
|
82
|
+
end
|
77
83
|
end
|
78
84
|
end
|
@@ -57,12 +57,17 @@ RSpec.describe OpenIDTokenProxy::Token::Refresh, type: :controller do
|
|
57
57
|
|
58
58
|
context 'when token was refreshed successfully' do
|
59
59
|
it 'executes actions normally returning new tokens as headers' do
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
60
|
+
OpenIDTokenProxy.configure_temporarily do |config|
|
61
|
+
expect do |probe|
|
62
|
+
config.token_refreshment_hook = probe
|
63
|
+
get :index, refresh_token: refresh_token
|
64
|
+
end.to yield_with_args(instance_of(OpenIDTokenProxy::Token))
|
65
|
+
expect(response).to have_http_status :ok
|
66
|
+
expect(response.body).to eq 'Refresh successful'
|
67
|
+
expect(response.headers['X-Token']).to eq 'new access token'
|
68
|
+
expect(response.headers['X-Refresh-Token']).to eq 'new refresh token'
|
69
|
+
expect(response.headers['X-Token-Expiry-Time']).to eq refreshed_expiry_time.iso8601
|
70
|
+
end
|
66
71
|
end
|
67
72
|
end
|
68
73
|
end
|
@@ -78,5 +83,11 @@ RSpec.describe OpenIDTokenProxy::Token::Refresh, type: :controller do
|
|
78
83
|
get :index
|
79
84
|
expect(controller.raw_refresh_token).to eq 'refresh token'
|
80
85
|
end
|
86
|
+
|
87
|
+
it 'may be provided as a cookie' do
|
88
|
+
cookies[:refresh_token] = refresh_token
|
89
|
+
get :index
|
90
|
+
expect(controller.raw_refresh_token).to eq 'refresh token'
|
91
|
+
end
|
81
92
|
end
|
82
93
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid-token-proxy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Kurvers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-02-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: openid_connect
|
@@ -311,7 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
311
311
|
version: '0'
|
312
312
|
requirements: []
|
313
313
|
rubyforge_project:
|
314
|
-
rubygems_version: 2.
|
314
|
+
rubygems_version: 2.4.5.1
|
315
315
|
signing_key:
|
316
316
|
specification_version: 4
|
317
317
|
summary: Retrieves and refreshes OpenID tokens on behalf of a user
|