RubyGems - prx_auth-rails - Versions diffs - 1.8.0 → 3.0.0 - Mend

prx_auth-rails 1.8.0 → 3.0.0

Files changed (14) hide show

checksums.yaml +4 -4
data/app/controllers/prx_auth/rails/sessions_controller.rb +4 -1
data/lib/prx_auth/rails/engine.rb +1 -0
data/lib/prx_auth/rails/ext/controller.rb +52 -11
data/lib/prx_auth/rails/version.rb +1 -1
data/prx_auth-rails.gemspec +2 -0
data/test/prx_auth/rails/ext/controller_test.rb +116 -0
data/test/prx_auth/rails/sessions_controller_test.rb +3 -1
data/test/test_helper.rb +1 -0
metadata +34 -10
data/app/assets/config/prx_auth-rails_manifest.js +0 -3
data/app/assets/images/prx_auth-rails/user.svg +0 -5
data/app/assets/javascripts/prx_auth-rails/user_widget.js.erb +0 -46
data/app/assets/stylesheets/prx_auth-rails/user_widget.css +0 -69

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a687c733815e035f361fbfd4981e3673480311c6d760206b9b1edd4903e084b
-  data.tar.gz: 5b04a0584489415a7b0223342c85e638c8c3ca01c141e4ff46db9269c192f6be
+  metadata.gz: 5be902ae2b7abfd4c01d28511d99931969fb3dce4aaff815fab35df005b99e07
+  data.tar.gz: dd3f5cf76251b17ceccaf307275401939e3d361ec01e215325674bff27aa5313
 SHA512:
-  metadata.gz: 71573dd4f1303e7e2b5fc4ca908c502c74aa986845ddb685613b6e8422c05e136c1952f5bfc2989a607b1a5020f708a06190ebe084a199a46aeefab1f7168706
-  data.tar.gz: dc5685c9e2908ea56c10f577eb2a457167087345f07b09927e8c36c1b0d2df513e2f2367436fe4f637aac648311c75a44ee3f845c63124be7ab4009c45dccb57
+  metadata.gz: '09589b75ff43d4da201e8ee6ebe7caca75dcada77e8c959588a7cc2832998d71eae72bea7bc44e8d0b02db5fa2dceb5284841930502bfbc8926096bb47cf9b63'
+  data.tar.gz: 1bf07c4a6edb477714297edbd2e6a1ba9e3289ef28babe973816eaf6b8984157b534b4556ec5840b5c6d4d7c7dc134fab415a404cc3bfbf2716b91c994f466c2

data/app/controllers/prx_auth/rails/sessions_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module PrxAuth::Rails
   class SessionsController < ApplicationController
     include PrxAuth::Rails::Engine.routes.url_helpers
@@ -5,8 +7,9 @@ module PrxAuth::Rails
     skip_before_action :authenticate!
     before_action :set_nonce!, only: [:new, :show]
+    before_action :set_after_sign_in_path
-    ID_NONCE_SESSION_KEY = 'id_prx_openid_nonce'.freeze
+    ID_NONCE_SESSION_KEY = 'id_prx_openid_nonce'
     def new
       config = PrxAuth::Rails.configuration

data/lib/prx_auth/rails/engine.rb CHANGED Viewed

@@ -4,6 +4,7 @@ module PrxAuth
       config.to_prepare do
         ::ApplicationController.helper_method [
           :current_user, :prx_jwt,
+          :current_user_info, :current_user_name, :current_user_apps,
           :account_name_for, :account_for, :accounts_for,
         ]
       end

data/lib/prx_auth/rails/ext/controller.rb CHANGED Viewed

@@ -8,16 +8,25 @@ module PrxAuth
       PRX_AUTH_ENV_KEY = 'prx.auth'.freeze
       PRX_JWT_SESSION_KEY = 'prx.auth.jwt'.freeze
+      # subtracted from the JWT ttl
       PRX_JWT_REFRESH_TTL = 300.freeze
       PRX_ACCOUNT_MAPPING_SESSION_KEY = 'prx.auth.account.mapping'.freeze
+      PRX_USER_INFO_SESSION_KEY = 'prx.auth.info'.freeze
       PRX_REFRESH_BACK_KEY = 'prx.auth.back'.freeze
       def prx_auth_token
         env_token || session_token
       rescue SessionTokenExpiredError
-        reset_session
+        session.delete(PRX_JWT_SESSION_KEY)
+        session.delete(PRX_ACCOUNT_MAPPING_SESSION_KEY)
+        session.delete(PRX_USER_INFO_SESSION_KEY)
+        nil
+      end
+      def set_after_sign_in_path
+        return if self.class == PrxAuth::Rails::SessionsController
         session[PRX_REFRESH_BACK_KEY] = request.fullpath
-        redirect_to PrxAuth::Rails::Engine.routes.url_helpers.new_sessions_path
       end
       def prx_jwt
@@ -34,17 +43,43 @@ module PrxAuth
         redirect_to PrxAuth::Rails::Engine.routes.url_helpers.new_sessions_path
       end
+      def prx_auth_needs_refresh?(jwt_ttl)
+        request.get? && jwt_ttl < PRX_JWT_REFRESH_TTL
+      end
       def current_user
         prx_auth_token
       end
+      def current_user_info
+        session[PRX_USER_INFO_SESSION_KEY] ||= fetch_userinfo
+      end
+      def current_user_name
+        current_user_info['name'] || current_user_info['preferred_username'] || current_user_info['email']
+      end
+      def current_user_apps
+        apps = (current_user_info.try(:[], 'apps') || []).map do |name, url|
+          label = name.sub(/^https?:\/\//, '').sub(/\..+/, '').capitalize
+          ["PRX #{label}", url]
+        end
+        # only return entire list in development
+        if ::Rails.env.production? || ::Rails.env.staging?
+          apps.to_h.select { |k, v| v.match?(/\.(org|tech)/) }
+        else
+          apps.to_h
+        end
+      end
       def sign_in_user(token)
         session[PRX_JWT_SESSION_KEY] = token
         accounts_for(current_user.resources)
       end
       def after_sign_in_user_redirect
-        session.delete(PRX_REFRESH_BACK_KEY)
+        session[PRX_REFRESH_BACK_KEY]
       end
       def sign_out_user
@@ -52,7 +87,7 @@ module PrxAuth
       end
       def account_name_for(account_id)
-        account_for(account_id)[:name]
+        account_for(account_id).try(:[], :name)
       end
       def account_for(account_id)
@@ -80,15 +115,21 @@ module PrxAuth
       end
       def fetch_accounts(ids)
-        id_host = PrxAuth::Rails.configuration.id_host
         ids_param = ids.map(&:to_s).join(',')
+        resp = fetch("/api/v1/accounts?account_ids=#{ids_param}")
+        resp.try(:[], '_embedded').try(:[], 'prx:items') || []
+      end
+      def fetch_userinfo
+        fetch("/userinfo?scope=apps+email+profile", prx_jwt)
+      end
+      def fetch(path, token = nil)
+        url = "https://#{PrxAuth::Rails.configuration.id_host}#{path}"
         options = {}
         options[:ssl_verify_mode] = OpenSSL::SSL::VERIFY_NONE if ::Rails.env.development?
-        accounts = URI.open("https://#{id_host}/api/v1/accounts?account_ids=#{ids_param}", options).read
-        JSON.parse(accounts)['accounts']
+        options['Authorization'] = "Bearer #{token}" if token
+        JSON.parse(URI.open(url, options).read)
       end
       # token from data set by prx_auth rack middleware
@@ -105,8 +146,8 @@ module PrxAuth
           # NOTE: we already validated this jwt - so just decode it
           validator = Rack::PrxAuth::AuthValidator.new(prx_jwt)
-          # try to refresh auth session on GET requests
-          if request.get? && validator.time_to_live < PRX_JWT_REFRESH_TTL
+          # does this jwt need to be refreshed?
+          if prx_auth_needs_refresh?(validator.time_to_live)
             raise SessionTokenExpiredError.new
           end

data/lib/prx_auth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module PrxAuth
   module Rails
-    VERSION = "1.8.0"
+    VERSION = "3.0.0"
   end
 end

data/prx_auth-rails.gemspec CHANGED Viewed

@@ -27,9 +27,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'coveralls', '~> 0'
   spec.add_development_dependency 'guard'
   spec.add_development_dependency 'guard-minitest'
+  spec.add_development_dependency 'm', '~> 1.5'
   spec.add_development_dependency "rails", "~> 6.1.0"
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'sqlite3'
+  spec.add_development_dependency 'webmock'
   spec.add_runtime_dependency 'prx_auth', ">= 1.7.0"
 end

data/test/prx_auth/rails/ext/controller_test.rb CHANGED Viewed

@@ -6,9 +6,21 @@ module PrxAuth::Rails::Ext
     setup do
       @controller = ApplicationController.new
       @jwt_session_key = ApplicationController::PRX_JWT_SESSION_KEY
+      @user_info_key = ApplicationController::PRX_USER_INFO_SESSION_KEY
+      @account_mapping_key = ApplicationController::PRX_ACCOUNT_MAPPING_SESSION_KEY
       @stub_claims = {'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 3600}
     end
+    # stub auth and init controller+session by getting a page
+    def with_stubbed_auth(jwt)
+      session[@jwt_session_key] = 'some-jwt'
+      @controller.stub(:prx_auth_needs_refresh?, false) do
+        get :index
+        assert_equal response.code, '200'
+        yield
+      end
+    end
     test 'redirects unless you are authenticated' do
       get :index
       assert_equal response.code, '302'
@@ -45,5 +57,109 @@ module PrxAuth::Rails::Ext
       end
     end
+    test 'fetches current user info' do
+      with_stubbed_auth('some-jwt') do
+        body = {
+          'name' => 'Some Username',
+          'apps' => {'publish.prx.test' => 'https://publish.prx.test'},
+          'other' => 'stuff'
+        }
+        id_host = PrxAuth::Rails.configuration.id_host
+        stub_request(:get, "https://#{id_host}/userinfo?scope=apps%20email%20profile").
+          with(headers: {'Authorization' => 'Bearer some-jwt'}).
+          to_return(status: 200, body: JSON.generate(body))
+        assert session[@user_info_key] == nil
+        assert_equal @controller.current_user_info, body
+        refute session[@user_info_key] == nil
+        assert_equal @controller.current_user_name, 'Some Username'
+        assert_equal @controller.current_user_apps, {'PRX Publish' => 'https://publish.prx.test'}
+      end
+    end
+    test 'has user name fallbacks' do
+      with_stubbed_auth('some-jwt') do
+        session[@user_info_key] = {'name' => 'one', 'preferred_username' => 'two', 'email' => 'three'}
+        assert_equal @controller.current_user_name, 'one'
+        session[@user_info_key] = {'preferred_username' => 'two', 'email' => 'three'}
+        assert_equal @controller.current_user_name, 'two'
+        session[@user_info_key] = {'email' => 'three'}
+        assert_equal @controller.current_user_name, 'three'
+      end
+    end
+    test 'filters apps displayed in production' do
+      with_stubbed_auth('some-jwt') do
+        Rails.env.stub(:production?, true) do
+          session[@user_info_key] = {
+            'apps' => {
+              'localhost stuff' => 'http://localhost:4000/path1',
+              'publish.prx.test' => 'https://publish.prx.test/path2',
+              'metrics.prx.tech' => 'https://metrics.prx.tech/path3',
+              'augury.prx.org' => 'https://augury.prx.org/path4',
+            }
+          }
+          assert_equal @controller.current_user_apps, {
+            'PRX Metrics' => 'https://metrics.prx.tech/path3',
+            'PRX Augury' => 'https://augury.prx.org/path4',
+          }
+        end
+      end
+    end
+    test 'fetches accounts' do
+      with_stubbed_auth('some-jwt') do
+        one = {'id' => 1, 'type' => 'IndividualAccount', 'name' => 'One'}
+        three = {'id' => 3, 'type' => 'GroupAccount', 'name' => 'Three'}
+        body = {'_embedded' => {'prx:items' => [one, three]}}
+        id_host = PrxAuth::Rails.configuration.id_host
+        stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=1,2,3").
+          to_return(status: 200, body: JSON.generate(body))
+        assert_nil session[@account_mapping_key]
+        assert_equal @controller.accounts_for([1, 2, 3]), [one, nil, three]
+        refute_nil session[@account_mapping_key]
+        assert_equal @controller.account_for(1), one
+        assert_equal @controller.account_for(3), three
+        assert_equal @controller.account_name_for(1), 'One'
+        assert_equal @controller.account_name_for(3), 'Three'
+      end
+    end
+    test 'handles unknown account ids' do
+      with_stubbed_auth('some-jwt') do
+        id_host = PrxAuth::Rails.configuration.id_host
+        stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=2").
+          to_return(status: 200, body: JSON.generate({'_embedded' => {'prx:items' => []}})).
+          times(3)
+        assert_equal @controller.accounts_for([2]), [nil]
+        assert_nil @controller.account_for(2)
+        assert_nil @controller.account_name_for(2)
+      end
+    end
+    test 'only fetches only missing accounts' do
+      with_stubbed_auth('some-jwt') do
+        one = {'name' => 'One'}
+        two = {'id' => 2, 'type' => 'StationAccount', 'name' => 'Two'}
+        three = {'name' => 'Three'}
+        session[@account_mapping_key] = {1 => one, 3 => three}
+        body = {'_embedded' => {'prx:items' => [two]}}
+        id_host = PrxAuth::Rails.configuration.id_host
+        stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=2").
+          to_return(status: 200, body: JSON.generate(body))
+        assert_equal @controller.accounts_for([1, 2, 3]), [one, two, three]
+        assert_equal @controller.account_for(2), two
+        assert_equal @controller.account_name_for(2), 'Two'
+      end
+    end
   end
 end

data/test/prx_auth/rails/sessions_controller_test.rb CHANGED Viewed

@@ -71,7 +71,9 @@ module PrxAuth::Rails
           session[@refresh_back_key] = '/lets/go/here?okay'
           post :create, params: @token_params, format: :json
-          assert session[@refresh_back_key] == nil
+          # A trailing log of the 'last' page
+          assert session[@refresh_back_key] == '/lets/go/here?okay'
           assert response.code == '302'
           assert response.headers['Location'].ends_with?('/lets/go/here?okay')
         end

data/test/test_helper.rb CHANGED Viewed

@@ -5,6 +5,7 @@ Coveralls.wear!
 require 'minitest/autorun'
 require 'minitest/spec'
 require 'minitest/pride'
+require 'webmock/minitest'
 require 'action_pack'
 require 'action_controller'
 require 'action_view'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth-rails
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Chris Rhoden
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-31 00:00:00.000000000 Z
+date: 2022-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +150,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: prx_auth
   requirement: !ruby/object:Gem::Requirement
@@ -163,10 +191,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- app/assets/config/prx_auth-rails_manifest.js
-- app/assets/images/prx_auth-rails/user.svg
-- app/assets/javascripts/prx_auth-rails/user_widget.js.erb
-- app/assets/stylesheets/prx_auth-rails/user_widget.css
 - app/controllers/prx_auth/rails/sessions_controller.rb
 - app/views/prx_auth/rails/sessions/auth_error.html.erb
 - app/views/prx_auth/rails/sessions/show.html.erb
@@ -246,7 +270,7 @@ homepage: https://github.com/PRX/prx_auth-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -261,8 +285,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Rails integration for next generation PRX Authorization system.
 test_files:

data/app/assets/config/prx_auth-rails_manifest.js DELETED Viewed

@@ -1,3 +0,0 @@
-//= link_directory ../javascripts .js
-//= link_directory ../stylesheets .css
-//= link_tree ../images

data/app/assets/images/prx_auth-rails/user.svg DELETED Viewed

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg width="100%" height="100%" viewBox="0 0 51 51" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:1.41421;">
-    <path d="M51,25.5C51,11.44 39.56,0 25.5,0C11.44,0 0,11.44 0,25.5C0,32.927 3.194,39.621 8.277,44.285L8.253,44.306L9.08,45.003C9.134,45.049 9.192,45.086 9.246,45.13C9.685,45.495 10.141,45.841 10.604,46.175C10.755,46.284 10.905,46.392 11.058,46.498C11.553,46.839 12.061,47.163 12.58,47.47C12.693,47.537 12.807,47.602 12.922,47.666C13.49,47.99 14.07,48.295 14.665,48.575C14.708,48.596 14.753,48.614 14.796,48.635C16.734,49.535 18.801,50.196 20.964,50.586C21.02,50.597 21.077,50.607 21.134,50.617C21.806,50.733 22.485,50.826 23.172,50.888C23.255,50.895 23.339,50.9 23.423,50.907C24.107,50.964 24.799,51 25.5,51C26.195,51 26.88,50.964 27.56,50.909C27.647,50.902 27.733,50.897 27.819,50.89C28.501,50.828 29.174,50.738 29.839,50.624C29.896,50.613 29.955,50.603 30.012,50.592C32.142,50.21 34.18,49.564 36.092,48.686C36.163,48.654 36.234,48.623 36.305,48.59C36.877,48.321 37.436,48.031 37.984,47.722C38.12,47.645 38.256,47.567 38.391,47.487C38.89,47.194 39.38,46.887 39.857,46.56C40.029,46.443 40.196,46.32 40.366,46.198C40.773,45.905 41.173,45.602 41.561,45.286C41.648,45.217 41.74,45.156 41.825,45.085L42.673,44.376L42.648,44.355C47.776,39.689 51,32.965 51,25.5ZM1.855,25.5C1.855,12.462 12.462,1.855 25.5,1.855C38.538,1.855 49.145,12.462 49.145,25.5C49.145,32.526 46.062,38.843 41.181,43.177C40.908,42.988 40.634,42.82 40.353,42.679L32.502,38.754C31.797,38.401 31.359,37.693 31.359,36.905L31.359,34.164C31.541,33.939 31.733,33.685 31.932,33.406C32.948,31.971 33.763,30.374 34.357,28.656C35.532,28.097 36.291,26.927 36.291,25.606L36.291,22.319C36.291,21.515 35.996,20.735 35.468,20.122L35.468,15.794C35.516,15.312 35.687,12.597 33.722,10.357C32.013,8.406 29.247,7.418 25.5,7.418C21.753,7.418 18.987,8.406 17.278,10.356C15.313,12.596 15.484,15.313 15.532,15.793L15.532,20.121C15.005,20.734 14.709,21.514 14.709,22.318L14.709,25.605C14.709,26.626 15.167,27.578 15.952,28.221C16.703,31.163 18.249,33.39 18.82,34.145L18.82,36.828C18.82,37.585 18.407,38.281 17.742,38.644L10.41,42.643C10.177,42.77 9.945,42.919 9.713,43.085C4.892,38.753 1.855,32.475 1.855,25.5Z" style="fill:white;fill-rule:nonzero;"/>
-</svg>

data/app/assets/javascripts/prx_auth-rails/user_widget.js.erb DELETED Viewed

@@ -1,46 +0,0 @@
-// https://stackoverflow.com/questions/8578617/inject-a-script-tag-with-remote-src-and-wait-for-it-to-execute
-function prxInjectScript(src, callback) {
-  const script = document.createElement('script');
-  script.type = 'text/javascript';
-  script.async = false;
-  script.src = src;
-  script.onload = function () { script.onload = null; callback(); }
-  document.getElementsByTagName('head')[0].appendChild(script);
-}
-document.addEventListener('DOMContentLoaded', function () {
-  const widget = document.getElementById('prx-user-widget');
-  const account = document.getElementById('prx-user-widget-menu-account');
-  const idHost = 'https://' + widget.getAttribute('data-id-host');;
-  const scriptUrl = idHost + '/widget.js';
-  prxInjectScript(scriptUrl, function () {
-    const signIn = new PRXSignIn(idHost);
-    signIn.signedIn(function (prx) {
-      if (!prx.userinfo) {
-        // Not logged in
-        widget.classList.add('no-user-info');
-        const url = idHost + '/session?return_to=' + encodeURIComponent(window.location);
-        account.innerHTML = '<a class=sign-in href="' + url + '">Sign in</a>';
-      } else {
-        // Logged in
-        widget.classList.add('user-info');
-        const account = document.getElementById('prx-user-widget-menu-account');
-        account.innerText = prx.userinfo.email;
-        signIn.listApps('prx-user-widget-menu-apps');
-      }
-    });
-  });
-});

data/app/assets/stylesheets/prx_auth-rails/user_widget.css DELETED Viewed

@@ -1,69 +0,0 @@
-#prx-user-widget {
-  display: flex;
-  flex-direction: column;
-  height: 100%;
-  justify-content: center;
-  padding: 0 20px;
-  position: absolute;
-  right: 0;
-  transition-property: opacity;
-  transition-duration: 0.2s;
-}
-@media (max-width: ) {
-  #prx-user-widget {
-    height: auto;
-    top: 0;
-  }
-}
-#prx-user-widget:hover {
-}
-#prx-user-widget:hover .user-icon {
-  opacity: 1;
-}
-#prx-user-widget:hover #prx-user-widget-menu {
-  display: block;
-}
-#prx-user-widget .user-icon {
-  cursor: pointer;
-  height: 2em;
-  opacity: 0.7;
-  width: 2em;
-}
-#prx-user-widget #prx-user-widget-menu {
-  background-color: #1a1a1a;
-  display: none;
-  right: 0;
-  padding: 10px 20px;
-  position: absolute;
-  top: 100%;
-  z-index: 999;
-  display: none;
-}
-#prx-user-widget #prx-user-widget-menu h1 {
-  color: white;
-  font-size: .9em;
-  font-weight: 700;
-}
-#prx-user-widget #prx-user-widget-menu-apps {
-  padding: 0;
-}
-#prx-user-widget #prx-user-widget-menu-apps ul {
-  border-top: 1px solid #ddd;
-  padding: 15px 0 0;
-}
-#prx-user-widget #prx-user-widget-menu-apps ul li a {
-  display: block;
-  font-weight: normal;
-  opacity: 0.7;
-  padding: 5px 0;
-  text-transform: none;
-}
-#prx-user-widget #prx-user-widget-menu-apps ul li a:hover {
-  opacity: 1;
-}
-.prx-home #prx-user-widget.loaded:hover {
-  background: transparent;
-}