passageidentity 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/on_pr.yml +3 -6
- data/.gitignore +1 -0
- data/Gemfile +13 -0
- data/README.md +2 -0
- data/lib/passageidentity/auth.rb +16 -16
- data/lib/passageidentity/client.rb +9 -2
- data/passageidentity.gemspec +4 -5
- data/tests/auth_test.rb +55 -1
- metadata +16 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0f38ac4af6f724f0c6a1a627dc2b0f03cf6ab7bb444eedccf31f34088913e892
|
|
4
|
+
data.tar.gz: 671196153c6d5d8e91f9524e5e2766e81b9ba1fb34611949911d1b32852f276e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 061e2fe45361d9b498ab76a3945ce88960fc78d1b465b6cc4a87e94ab954ec2e6abd8ad803941a38f62787e5cda9ff464d9b2b709455a846fa398942be728cef
|
|
7
|
+
data.tar.gz: 92ed644ed4a7eeea9eca3219e8121c2ebd2ff16376603cc0daf15475223093cf36eae4f349297a51a668a3606e275018d6de0f74bd01cf4e78e595a8b5631f57
|
data/.github/workflows/on_pr.yml
CHANGED
|
@@ -3,7 +3,7 @@ name: PR Checks
|
|
|
3
3
|
on:
|
|
4
4
|
workflow_dispatch:
|
|
5
5
|
pull_request:
|
|
6
|
-
branches:
|
|
6
|
+
branches:
|
|
7
7
|
- main
|
|
8
8
|
|
|
9
9
|
env:
|
|
@@ -21,16 +21,13 @@ jobs:
|
|
|
21
21
|
- uses: actions/checkout@v2
|
|
22
22
|
- uses: ruby/setup-ruby@v1
|
|
23
23
|
with:
|
|
24
|
-
ruby-version: '3.
|
|
24
|
+
ruby-version: '3.1'
|
|
25
25
|
|
|
26
26
|
- name: Run Tests
|
|
27
27
|
run: |
|
|
28
|
-
|
|
29
|
-
gem install test.gem
|
|
30
|
-
rm test.gem
|
|
28
|
+
bundle install
|
|
31
29
|
ruby tests/all.rb
|
|
32
30
|
- name: Run Linting
|
|
33
31
|
run: |
|
|
34
32
|
npm install -g prettier @prettier/plugin-ruby
|
|
35
|
-
gem install bundler prettier_print syntax_tree syntax_tree-haml syntax_tree-rbs
|
|
36
33
|
prettier --check '**/*.rb'
|
data/.gitignore
CHANGED
data/Gemfile
ADDED
data/README.md
CHANGED
data/lib/passageidentity/auth.rb
CHANGED
|
@@ -54,16 +54,16 @@ module Passage
|
|
|
54
54
|
def authenticate_request(request)
|
|
55
55
|
# Get the token based on the strategy
|
|
56
56
|
if @auth_strategy === Passage::COOKIE_STRATEGY
|
|
57
|
-
unless request.cookies
|
|
57
|
+
unless request.cookies.key?("psg_auth_token")
|
|
58
58
|
raise PassageError.new(
|
|
59
59
|
message:
|
|
60
|
-
|
|
60
|
+
"missing authentication token: expected \"psg_auth_token\" cookie"
|
|
61
61
|
)
|
|
62
62
|
end
|
|
63
63
|
@token = request.cookies["psg_auth_token"]
|
|
64
64
|
else
|
|
65
65
|
headers = request.headers
|
|
66
|
-
unless headers
|
|
66
|
+
unless headers.key?("Authorization")
|
|
67
67
|
raise PassageError.new(message: "no authentication token in header")
|
|
68
68
|
end
|
|
69
69
|
@token = headers["Authorization"].split(" ").last
|
|
@@ -79,16 +79,16 @@ module Passage
|
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
def authenticate_token(token)
|
|
82
|
-
kid = JWT.decode(token, nil, false)[1]["kid"]
|
|
83
|
-
exists = false
|
|
84
|
-
for jwk in @jwks["keys"]
|
|
85
|
-
if jwk["kid"] == kid
|
|
86
|
-
exists = true
|
|
87
|
-
break
|
|
88
|
-
end
|
|
89
|
-
end
|
|
90
|
-
fetch_jwks unless exists
|
|
91
82
|
begin
|
|
83
|
+
kid = JWT.decode(token, nil, false)[1]["kid"]
|
|
84
|
+
exists = false
|
|
85
|
+
for jwk in @jwks["keys"]
|
|
86
|
+
if jwk["kid"] == kid
|
|
87
|
+
exists = true
|
|
88
|
+
break
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
fetch_jwks unless exists
|
|
92
92
|
claims =
|
|
93
93
|
JWT.decode(
|
|
94
94
|
token,
|
|
@@ -105,13 +105,13 @@ module Passage
|
|
|
105
105
|
rescue JWT::InvalidIssuerError => e
|
|
106
106
|
raise PassageError.new(message: e.message)
|
|
107
107
|
rescue JWT::InvalidAudError => e
|
|
108
|
-
raise PassageError.new(e.message)
|
|
108
|
+
raise PassageError.new(message: e.message)
|
|
109
109
|
rescue JWT::ExpiredSignature => e
|
|
110
|
-
raise PassageError.new(e.message)
|
|
110
|
+
raise PassageError.new(message: e.message)
|
|
111
111
|
rescue JWT::IncorrectAlgorithm => e
|
|
112
|
-
raise PassageError.new(e.message)
|
|
112
|
+
raise PassageError.new(message: e.message)
|
|
113
113
|
rescue JWT::DecodeError => e
|
|
114
|
-
raise PassageError.new(e.message)
|
|
114
|
+
raise PassageError.new(message: e.message)
|
|
115
115
|
end
|
|
116
116
|
end
|
|
117
117
|
end
|
|
@@ -22,7 +22,10 @@ module Passage
|
|
|
22
22
|
:user_metadata_schema,
|
|
23
23
|
:layouts,
|
|
24
24
|
:default_language,
|
|
25
|
+
:auth_fallback_method,
|
|
26
|
+
:auth_fallback_method_ttl,
|
|
25
27
|
keyword_init: true
|
|
28
|
+
|
|
26
29
|
User =
|
|
27
30
|
Struct.new :id,
|
|
28
31
|
:status,
|
|
@@ -129,7 +132,9 @@ module Passage
|
|
|
129
132
|
app_info["refresh_inactivity_lifetime"],
|
|
130
133
|
user_metadata_schema: app_info["user_metadata_schema"],
|
|
131
134
|
layouts: app_info["layouts"],
|
|
132
|
-
default_language: app_info["default_language"]
|
|
135
|
+
default_language: app_info["default_language"],
|
|
136
|
+
auth_fallback_method: app_info["auth_fallback_method"],
|
|
137
|
+
auth_fallback_method_ttl: app_info["auth_fallback_method_ttl"]
|
|
133
138
|
)
|
|
134
139
|
)
|
|
135
140
|
rescue => e
|
|
@@ -146,7 +151,8 @@ module Passage
|
|
|
146
151
|
magic_link_path: "",
|
|
147
152
|
redirect_url: "",
|
|
148
153
|
language: "",
|
|
149
|
-
ttl: 60
|
|
154
|
+
ttl: 60,
|
|
155
|
+
type: "login"
|
|
150
156
|
)
|
|
151
157
|
magic_link_req = {}
|
|
152
158
|
magic_link_req["user_id"] = user_id unless user_id.empty?
|
|
@@ -167,6 +173,7 @@ module Passage
|
|
|
167
173
|
] = magic_link_path unless magic_link_path.empty?
|
|
168
174
|
magic_link_req["redirect_url"] = redirect_url unless redirect_url.empty?
|
|
169
175
|
magic_link_req["ttl"] = ttl unless ttl == 0
|
|
176
|
+
magic_link_req["type"] = type
|
|
170
177
|
|
|
171
178
|
begin
|
|
172
179
|
response =
|
data/passageidentity.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'passageidentity'
|
|
3
|
-
s.version = '0.2.
|
|
3
|
+
s.version = '0.2.3'
|
|
4
4
|
s.summary = 'Passage SDK for biometric authentication'
|
|
5
5
|
s.description =
|
|
6
6
|
'Enables verification of server-side authentication and user management for applications using Passage'
|
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
|
11
11
|
s.license = 'MIT'
|
|
12
12
|
|
|
13
13
|
s.metadata['source_code_uri'] =
|
|
14
|
-
'https://github.com/
|
|
14
|
+
'https://github.com/passageidentity/passage-ruby'
|
|
15
15
|
|
|
16
16
|
# Specify which files should be added to the gem when it is released.
|
|
17
17
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
|
@@ -25,7 +25,6 @@ Gem::Specification.new do |s|
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
s.add_dependency 'faraday', '>= 0.17.0', '< 2.0'
|
|
28
|
-
s.add_dependency 'jwt', '>= 2.3.0'
|
|
29
|
-
s.add_dependency 'openssl', '>= 3.0.0'
|
|
30
|
-
s.add_dependency 'dotenv', '>= 2.7.6'
|
|
28
|
+
s.add_dependency 'jwt', '~> 2.3', '>= 2.3.0'
|
|
29
|
+
s.add_dependency 'openssl', '~> 3.0', '>= 3.0.0'
|
|
31
30
|
end
|
data/tests/auth_test.rb
CHANGED
|
@@ -1,15 +1,69 @@
|
|
|
1
1
|
require_relative "../lib/passageidentity/client"
|
|
2
2
|
require "dotenv"
|
|
3
3
|
require "faraday"
|
|
4
|
+
require "rack"
|
|
4
5
|
require "test/unit"
|
|
5
6
|
|
|
6
7
|
Dotenv.load(".env")
|
|
7
8
|
class TestUserAPI < Test::Unit::TestCase
|
|
8
9
|
PassageClient =
|
|
9
10
|
Passage::Client.new(app_id: ENV["APP_ID"], api_key: ENV["API_KEY"])
|
|
11
|
+
PassageHeaderClient =
|
|
12
|
+
Passage::Client.new(
|
|
13
|
+
app_id: ENV["APP_ID"],
|
|
14
|
+
api_key: ENV["API_KEY"],
|
|
15
|
+
auth_strategy: Passage::HEADER_STRATEGY
|
|
16
|
+
)
|
|
10
17
|
|
|
11
|
-
def
|
|
18
|
+
def test_valid_authenticate_token
|
|
12
19
|
user_id = PassageClient.auth.authenticate_token(ENV["PSG_JWT"])
|
|
13
20
|
assert_equal ENV["TEST_USER_ID"], user_id
|
|
14
21
|
end
|
|
22
|
+
|
|
23
|
+
def test_invalid_authenticate_token
|
|
24
|
+
assert_raises Passage::PassageError do
|
|
25
|
+
PassageClient.auth.authenticate_token("invalid_token")
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def test_valid_authenticate_request_cookie
|
|
30
|
+
env = Rack::MockRequest.env_for("https://test.com")
|
|
31
|
+
env["HTTP_COOKIE"] = "psg_auth_token=#{ENV["PSG_JWT"]}"
|
|
32
|
+
cookie_request = Rack::Request.new(env)
|
|
33
|
+
user_id = PassageClient.auth.authenticate_request(cookie_request)
|
|
34
|
+
assert_equal ENV["TEST_USER_ID"], user_id
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def test_invalid_authenticate_request_cookie
|
|
38
|
+
envBadCookie = Rack::MockRequest.env_for("https://test.com")
|
|
39
|
+
envBadCookie["HTTP_COOKIE"] = "psg_auth_token=invalid_token}"
|
|
40
|
+
bad_cookie_request = Rack::Request.new(envBadCookie)
|
|
41
|
+
assert_raises Passage::PassageError do
|
|
42
|
+
PassageClient.auth.authenticate_request(bad_cookie_request)
|
|
43
|
+
end
|
|
44
|
+
no_cookie_request = Rack::Request.new({})
|
|
45
|
+
assert_raises Passage::PassageError do
|
|
46
|
+
PassageClient.auth.authenticate_request(no_cookie_request)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def test_valid_authenticate_request_header
|
|
51
|
+
headers = { "Authorization" => "Bearer #{ENV["PSG_JWT"]}" }
|
|
52
|
+
header_request = Faraday.new(url: "https://test.com", headers: headers)
|
|
53
|
+
user_id = PassageHeaderClient.auth.authenticate_request(header_request)
|
|
54
|
+
assert_equal ENV["TEST_USER_ID"], user_id
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def test_invalid_authenticate_request_header
|
|
58
|
+
invalid_headers = { "Authorization" => "Bearer invalid_token" }
|
|
59
|
+
no_header_request = Faraday.new(url: "https://test.com")
|
|
60
|
+
assert_raises Passage::PassageError do
|
|
61
|
+
PassageHeaderClient.auth.authenticate_request(no_header_request)
|
|
62
|
+
end
|
|
63
|
+
invalid_header_request =
|
|
64
|
+
Faraday.new(url: "https://test.com", headers: invalid_headers)
|
|
65
|
+
assert_raises Passage::PassageError do
|
|
66
|
+
PassageHeaderClient.auth.authenticate_request(no_header_request)
|
|
67
|
+
end
|
|
68
|
+
end
|
|
15
69
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: passageidentity
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Passage Identity
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-07-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -34,6 +34,9 @@ dependencies:
|
|
|
34
34
|
name: jwt
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
|
+
- - "~>"
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '2.3'
|
|
37
40
|
- - ">="
|
|
38
41
|
- !ruby/object:Gem::Version
|
|
39
42
|
version: 2.3.0
|
|
@@ -41,6 +44,9 @@ dependencies:
|
|
|
41
44
|
prerelease: false
|
|
42
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
46
|
requirements:
|
|
47
|
+
- - "~>"
|
|
48
|
+
- !ruby/object:Gem::Version
|
|
49
|
+
version: '2.3'
|
|
44
50
|
- - ">="
|
|
45
51
|
- !ruby/object:Gem::Version
|
|
46
52
|
version: 2.3.0
|
|
@@ -48,30 +54,22 @@ dependencies:
|
|
|
48
54
|
name: openssl
|
|
49
55
|
requirement: !ruby/object:Gem::Requirement
|
|
50
56
|
requirements:
|
|
51
|
-
- - "
|
|
57
|
+
- - "~>"
|
|
52
58
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: 3.0
|
|
54
|
-
type: :runtime
|
|
55
|
-
prerelease: false
|
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
-
requirements:
|
|
59
|
+
version: '3.0'
|
|
58
60
|
- - ">="
|
|
59
61
|
- !ruby/object:Gem::Version
|
|
60
62
|
version: 3.0.0
|
|
61
|
-
- !ruby/object:Gem::Dependency
|
|
62
|
-
name: dotenv
|
|
63
|
-
requirement: !ruby/object:Gem::Requirement
|
|
64
|
-
requirements:
|
|
65
|
-
- - ">="
|
|
66
|
-
- !ruby/object:Gem::Version
|
|
67
|
-
version: 2.7.6
|
|
68
63
|
type: :runtime
|
|
69
64
|
prerelease: false
|
|
70
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
66
|
requirements:
|
|
67
|
+
- - "~>"
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '3.0'
|
|
72
70
|
- - ">="
|
|
73
71
|
- !ruby/object:Gem::Version
|
|
74
|
-
version:
|
|
72
|
+
version: 3.0.0
|
|
75
73
|
description: Enables verification of server-side authentication and user management
|
|
76
74
|
for applications using Passage
|
|
77
75
|
email: support@passage.id
|
|
@@ -83,6 +81,7 @@ files:
|
|
|
83
81
|
- ".github/workflows/on_pr.yml"
|
|
84
82
|
- ".gitignore"
|
|
85
83
|
- CONTRIBUTING.md
|
|
84
|
+
- Gemfile
|
|
86
85
|
- LICENSE
|
|
87
86
|
- README.md
|
|
88
87
|
- lib/passageidentity.rb
|
|
@@ -101,7 +100,7 @@ homepage: https://rubygems.org/gems/passageidentity
|
|
|
101
100
|
licenses:
|
|
102
101
|
- MIT
|
|
103
102
|
metadata:
|
|
104
|
-
source_code_uri: https://github.com/
|
|
103
|
+
source_code_uri: https://github.com/passageidentity/passage-ruby
|
|
105
104
|
post_install_message:
|
|
106
105
|
rdoc_options: []
|
|
107
106
|
require_paths:
|