RubyGems - prx_auth-rails - Versions diffs - 3.0.1 → 4.1.0 - Mend

prx_auth-rails 3.0.1 → 4.1.0

Files changed (14) hide show

checksums.yaml +4 -4
data/README.md +4 -1
data/app/controllers/prx_auth/rails/sessions_controller.rb +13 -3
data/app/views/prx_auth/rails/sessions/show.html.erb +4 -1
data/lib/prx_auth/rails/configuration.rb +26 -17
data/lib/prx_auth/rails/ext/controller.rb +7 -3
data/lib/prx_auth/rails/railtie.rb +0 -6
data/lib/prx_auth/rails/version.rb +1 -1
data/lib/prx_auth/rails.rb +28 -2
data/test/prx_auth/rails/configuration_test.rb +21 -19
data/test/prx_auth/rails/ext/controller_test.rb +13 -6
data/test/prx_auth/rails/sessions_controller_test.rb +2 -0
data/test/prx_auth/rails_test.rb +64 -0
metadata +8 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3212721cc8a3569576581017749f0af4ebca8c3c6c50684f9d88587057e9517b
-  data.tar.gz: 41f92ebcf2c167cb48d00c39319a1a6663d9a7203aa9c6c7d69007f8230ba011
+  metadata.gz: d46435a82e0473d353a1f1849bfcedfb4db925e5a1bce443a8043ca948bfda69
+  data.tar.gz: b867f26410a93aee077e2bad3515b2fb9fb0ee4a9499cbb6bdaef9287639c158
 SHA512:
-  metadata.gz: c3fa282bf2f549e40761da8b04ddb3944c20492818598bc2d391e7cc5e79b032a41c2d5914b5b2f7f70a3401492548149eb308b08b030efbcd87d817b05f7698
-  data.tar.gz: 6e25421712eb18d89fa5aa6fda01eb1641262f41ae294aa39630755ef342a743ecbd6d02bd985469eb56db25d20e4e0121696b5de8338219edf75d9597f16363
+  metadata.gz: 308dd3bc5e3eacf014613bac983b097d677f823d60185eb76303345d698f1096e2fa7e24ad74b2f7bf5a2eef4a3222a9bf9ec51a28c1d82698bad48de8d500ad
+  data.tar.gz: b2bf8e7fe515a27e970a4612b7075564366f0a0270c62dca1602e6d51d1dceb7ffe4d5e2143927126bb02b4335bcd09dac501f950c5511cf456c4ffaa309cd42

data/README.md CHANGED Viewed

@@ -46,7 +46,10 @@ In your rails app, add a file to config/initializers called
 PrxAuth::Rails.configure do |config|
   # enables automatic installation of token parser middleware
-  config.install_middleware = false # default: true
+  config.install_middleware = true # default: true
+  # set the ID host
+  config.id_host = 'id.staging.prx.tech' # default: id.prx.org
   # automatically adds namespace to all scoped queries, e.g. .authorized?(:foo) will be treated
   # as .authorized?(:my_great_ns, :foo). Has no impact on unscoped queries.

data/app/controllers/prx_auth/rails/sessions_controller.rb CHANGED Viewed

@@ -10,19 +10,29 @@ module PrxAuth::Rails
     before_action :set_after_sign_in_path
     ID_NONCE_SESSION_KEY = 'id_prx_openid_nonce'
+    DEFAULT_SCOPES = 'openid apps'
     def new
       config = PrxAuth::Rails.configuration
+      scope =
+        if config.prx_scope.present?
+          "#{DEFAULT_SCOPES} #{config.prx_scope}"
+        else
+          DEFAULT_SCOPES
+        end
       id_auth_params = {
         client_id: config.prx_client_id,
         nonce: fetch_nonce,
         response_type: 'id_token token',
-        scope: 'openid apps',
+        scope: scope,
         prompt: 'necessary'
       }
-      redirect_to '//' + config.id_host + '/authorize?' + id_auth_params.to_query
+      url = '//' + config.id_host + '/authorize?' + id_auth_params.to_query
+      redirect_to url, allow_other_host: true
     end
     def show
@@ -44,7 +54,7 @@ module PrxAuth::Rails
         redirect_to after_sign_in_path_for(current_user)
       else
         clear_nonce!
-        redirect_to auth_error_sessions_path(error: 'verification_failed')
+        redirect_to auth_error_sessions_path(error: params[:error] || 'unknown_error')
       end
     end

data/app/views/prx_auth/rails/sessions/show.html.erb CHANGED Viewed

@@ -2,6 +2,7 @@
   <%= form_for(:sessions, :url => PrxAuth::Rails::Engine.routes.url_helpers.sessions_path) do |f| %>
       <%= hidden_field_tag :access_token, '', id: 'access-token-field' %>
       <%= hidden_field_tag :id_token, '', id: 'id-token-field' %>
+      <%= hidden_field_tag :error, '', id: 'error-field' %>
       <%= f.submit id: 'sessions-form-submit' %>
   <% end %>
 </div>
@@ -23,14 +24,16 @@
   }
 window.addEventListener("load", () => {
-  var idToken = document.querySelector("#id-token-field");
   var accessToken = document.querySelector("#access-token-field");
+  var idToken = document.querySelector("#id-token-field");
+  var error = document.querySelector("#error-field");
   var submit = document.querySelector("input#sessions-form-submit[type=submit]");
   var hashParams = parseURLFragment();
   accessToken.value = hashParams['access_token'];
   idToken.value = hashParams['id_token'];
+  error.value = hashParams['error'];
   submit.click();
 });

data/lib/prx_auth/rails/configuration.rb CHANGED Viewed

@@ -2,27 +2,36 @@ class PrxAuth::Rails::Configuration
   attr_accessor :install_middleware,
                 :namespace,
                 :prx_client_id,
-                :id_host
+                :prx_scope,
+                :id_host,
+                :cert_path
+  DEFAULT_ID_HOST = 'id.prx.org'
+  DEFAULT_CERT_PATH = 'api/v1/certs'
   def initialize
     @install_middleware = true
-    if defined?(::Rails)
-      klass = ::Rails.application.class
-      parent_name = if ::Rails::VERSION::MAJOR >= 6
-                      klass.module_parent_name
-                    else
-                      klass.parent_name
-                    end
-      klass_name = if parent_name.present?
-                     parent_name
-                   else
-                     klass.name
-                   end
+    @prx_client_id = nil
+    @prx_scope = nil
+    @id_host = DEFAULT_ID_HOST
+    @cert_path = DEFAULT_CERT_PATH
-      @namespace = klass_name.underscore.intern
-      @prx_client_id = nil
-      @id_host = nil
-    end
+    # infer default namespace from app name
+    @namespace =
+      if defined?(::Rails)
+        klass = ::Rails.application.class
+        parent_name = if ::Rails::VERSION::MAJOR >= 6
+                        klass.module_parent_name
+                      else
+                        klass.parent_name
+                      end
+        klass_name = if parent_name.present?
+                       parent_name
+                     else
+                       klass.name
+                     end
+        klass_name.underscore.intern
+      end
   end
 end

data/lib/prx_auth/rails/ext/controller.rb CHANGED Viewed

@@ -52,7 +52,10 @@ module PrxAuth
       end
       def current_user_info
-        session[PRX_USER_INFO_SESSION_KEY] ||= fetch_userinfo
+        session[PRX_USER_INFO_SESSION_KEY] ||= begin
+          info = fetch_userinfo
+          info.slice('name', 'preferred_username', 'email', 'image_href', 'apps')
+        end
       end
       def current_user_name
@@ -87,7 +90,7 @@ module PrxAuth
       end
       def account_name_for(account_id)
-        account_for(account_id).try(:[], :name)
+        account_for(account_id).try(:[], 'name')
       end
       def account_for(account_id)
@@ -107,7 +110,8 @@ module PrxAuth
         missing = ids - session[PRX_ACCOUNT_MAPPING_SESSION_KEY].keys
         if missing.present?
           fetch_accounts(missing).each do |account|
-            session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = account.with_indifferent_access
+            minimal = account.slice('name', 'type')
+            session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = minimal
           end
         end

data/lib/prx_auth/rails/railtie.rb CHANGED Viewed

@@ -7,11 +7,5 @@ module PrxAuth::Rails
     config.to_prepare do
       ApplicationController.send(:include, PrxAuth::Rails::Controller)
     end
-    initializer 'prx_auth.insert_middleware' do |app|
-      if PrxAuth::Rails.configuration.install_middleware
-        app.config.middleware.insert_after Rack::Head, Rack::PrxAuth
-      end
-    end
   end
 end

data/lib/prx_auth/rails/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module PrxAuth
   module Rails
-    VERSION = '3.0.1'
+    VERSION = '4.1.0'
   end
 end

data/lib/prx_auth/rails.rb CHANGED Viewed

@@ -6,10 +6,36 @@ require "prx_auth/rails/engine" if defined?(Rails)
 module PrxAuth
   module Rails
     class << self
-      attr_accessor :configuration
+      attr_accessor :configuration, :installed_middleware
       def configure
-        yield configuration
+        yield configuration if block_given?
+        # only install from first call to configure block
+        if configuration.install_middleware && !installed_middleware
+          install_middleware!
+          self.installed_middleware = true
+        end
+      end
+      def install_middleware!(app = nil)
+        app ||= ::Rails.application if defined?(::Rails)
+        return false unless app
+        # guess protocol from host
+        host = configuration.id_host
+        path = configuration.cert_path
+        protocol =
+          if host.include?('localhost') || host.include?('127.0.0.1')
+            'http'
+          else
+            'https'
+          end
+        app.middleware.insert_after Rack::Head, Rack::PrxAuth,
+          cert_location: "#{protocol}://#{host}/#{path}",
+          issuer: host
       end
     end

data/test/prx_auth/rails/configuration_test.rb CHANGED Viewed

@@ -4,33 +4,35 @@ describe PrxAuth::Rails::Configuration do
   subject { PrxAuth::Rails::Configuration.new }
-  it 'initializes with a namespace defined by rails app name' do
-    assert subject.namespace == :dummy
+  it 'initializes with defaults' do
+    assert subject.install_middleware
+    assert_nil subject.prx_client_id
+    assert_nil subject.prx_scope
+    assert_equal 'id.prx.org', subject.id_host
+    assert_equal 'api/v1/certs', subject.cert_path
   end
-  it 'can be reconfigured using the namespace attr' do
-    PrxAuth::Rails.stub(:configuration, subject) do
-      PrxAuth::Rails.configure do |config|
-        config.namespace = :new_test
-      end
-      assert PrxAuth::Rails.configuration.namespace == :new_test
-    end
+  it 'infers the default namespace from the rails app name' do
+    assert_equal :dummy, subject.namespace
   end
-  it 'defaults to enabling the middleware' do
-    PrxAuth::Rails.stub(:configuration, subject) do
-      assert PrxAuth::Rails.configuration.install_middleware
-    end
-  end
-  it 'allows overriding of the middleware automatic installation' do
+  it 'is updated by the prxauth configure block' do
     PrxAuth::Rails.stub(:configuration, subject) do
       PrxAuth::Rails.configure do |config|
         config.install_middleware = false
+        config.prx_client_id = 'some-id'
+        config.prx_scope = 'appname:*'
+        config.id_host = 'id.prx.blah'
+        config.cert_path = 'cert/path'
+        config.namespace = :new_test
       end
-      assert !PrxAuth::Rails.configuration.install_middleware
     end
+    refute subject.install_middleware
+    assert_equal 'some-id', subject.prx_client_id
+    assert_equal 'appname:*', subject.prx_scope
+    assert_equal 'id.prx.blah', subject.id_host
+    assert_equal 'cert/path', subject.cert_path
+    assert_equal :new_test, subject.namespace
   end
 end

data/test/prx_auth/rails/ext/controller_test.rb CHANGED Viewed

@@ -71,7 +71,7 @@ module PrxAuth::Rails::Ext
           to_return(status: 200, body: JSON.generate(body))
         assert session[@user_info_key] == nil
-        assert_equal @controller.current_user_info, body
+        assert_equal @controller.current_user_info, body.slice('name', 'apps')
         refute session[@user_info_key] == nil
         assert_equal @controller.current_user_name, 'Some Username'
         assert_equal @controller.current_user_apps, {'PRX Publish' => 'https://publish.prx.test'}
@@ -117,15 +117,18 @@ module PrxAuth::Rails::Ext
         three = {'id' => 3, 'type' => 'GroupAccount', 'name' => 'Three'}
         body = {'_embedded' => {'prx:items' => [one, three]}}
+        min_one = one.slice('name', 'type')
+        min_three = three.slice('name', 'type')
         id_host = PrxAuth::Rails.configuration.id_host
         stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=1,2,3").
           to_return(status: 200, body: JSON.generate(body))
         assert_nil session[@account_mapping_key]
-        assert_equal @controller.accounts_for([1, 2, 3]), [one, nil, three]
+        assert_equal @controller.accounts_for([1, 2, 3]), [min_one, nil, min_three]
         refute_nil session[@account_mapping_key]
-        assert_equal @controller.account_for(1), one
-        assert_equal @controller.account_for(3), three
+        assert_equal @controller.account_for(1), min_one
+        assert_equal @controller.account_for(3), min_three
         assert_equal @controller.account_name_for(1), 'One'
         assert_equal @controller.account_name_for(3), 'Three'
       end
@@ -152,12 +155,16 @@ module PrxAuth::Rails::Ext
         session[@account_mapping_key] = {1 => one, 3 => three}
         body = {'_embedded' => {'prx:items' => [two]}}
+        min_one = one.slice('name', 'type')
+        min_two = two.slice('name', 'type')
+        min_three = three.slice('name', 'type')
         id_host = PrxAuth::Rails.configuration.id_host
         stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=2").
           to_return(status: 200, body: JSON.generate(body))
-        assert_equal @controller.accounts_for([1, 2, 3]), [one, two, three]
-        assert_equal @controller.account_for(2), two
+        assert_equal @controller.accounts_for([1, 2, 3]), [min_one, min_two, min_three]
+        assert_equal @controller.account_for(2), min_two
         assert_equal @controller.account_name_for(2), 'Two'
       end
     end

data/test/prx_auth/rails/sessions_controller_test.rb CHANGED Viewed

@@ -82,6 +82,7 @@ module PrxAuth::Rails
     test 'should respond with redirect to the auth error page / code if the nonce does not match' do
       @controller.stub(:validate_token, @stub_claims) do
+        @token_params[:error] = 'verification_failed'
         session[@nonce_session_key] = 'nonce-does-not-match'
         post :create, params: @token_params, format: :json
         assert response.code == '302'
@@ -105,6 +106,7 @@ module PrxAuth::Rails
       @controller.stub(:id_claims, @stub_claims) do
         @controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
+          @token_params[:error] = 'verification_failed'
           session[@nonce_session_key] = '123'
           post :create, params: @token_params, format: :json

data/test/prx_auth/rails_test.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'test_helper'
+require 'pry'
+describe PrxAuth::Rails do
+  subject { PrxAuth::Rails }
+  it 'gets a configuration' do
+    assert_equal :test_app, subject.configuration.namespace
+    assert_equal '1234', subject.configuration.prx_client_id
+    assert_equal 'id.prx.test', subject.configuration.id_host
+    assert_equal 'api/v1/certs', subject.configuration.cert_path
+  end
+  it 'installs and configures prx_auth middleware' do
+    mw = MiniTest::Mock.new
+    mw.expect :insert_after, nil do |c1, c2, cert_location:, issuer:|
+      assert_equal Rack::Head, c1
+      assert_equal Rack::PrxAuth, c2
+      assert_equal 'https://id.prx.test/api/v1/certs', cert_location
+      assert_equal 'id.prx.test', issuer
+    end
+    app = MiniTest::Mock.new
+    app.expect :middleware, mw
+    subject.install_middleware!(app)
+    mw.verify
+  end
+  it 'installs middleware after configuration' do
+    called = false
+    spy = -> { called = true }
+    PrxAuth::Rails.stub(:install_middleware!, spy) do
+      PrxAuth::Rails.installed_middleware = false
+      PrxAuth::Rails.configure do |config|
+        config.install_middleware = true
+      end
+      assert PrxAuth::Rails.installed_middleware
+    end
+    assert called
+  end
+  it 'allows overriding of the middleware automatic installation' do
+    called = false
+    spy = -> { called = true }
+    PrxAuth::Rails.stub(:install_middleware!, spy) do
+      PrxAuth::Rails.installed_middleware = false
+      PrxAuth::Rails.configure do |config|
+        config.install_middleware = false
+      end
+      refute PrxAuth::Rails.installed_middleware
+    end
+    refute called
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth-rails
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 4.1.0
 platform: ruby
 authors:
 - Chris Rhoden
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-05 00:00:00.000000000 Z
+date: 2023-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -265,12 +265,13 @@ files:
 - test/prx_auth/rails/ext/controller_test.rb
 - test/prx_auth/rails/sessions_controller_test.rb
 - test/prx_auth/rails/token_test.rb
+- test/prx_auth/rails_test.rb
 - test/test_helper.rb
 homepage: https://github.com/PRX/prx_auth-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -285,8 +286,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Rails integration for next generation PRX Authorization system.
 test_files:
@@ -351,4 +352,5 @@ test_files:
 - test/prx_auth/rails/ext/controller_test.rb
 - test/prx_auth/rails/sessions_controller_test.rb
 - test/prx_auth/rails/token_test.rb
+- test/prx_auth/rails_test.rb
 - test/test_helper.rb