RubyGems - prx_auth-rails - Versions diffs - 3.0.1 → 4.1.0 - Mend

prx_auth-rails 3.0.1 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/README.md +4 -1
data/app/controllers/prx_auth/rails/sessions_controller.rb +13 -3
data/app/views/prx_auth/rails/sessions/show.html.erb +4 -1
data/lib/prx_auth/rails/configuration.rb +26 -17
data/lib/prx_auth/rails/ext/controller.rb +7 -3
data/lib/prx_auth/rails/railtie.rb +0 -6
data/lib/prx_auth/rails/version.rb +1 -1
data/lib/prx_auth/rails.rb +28 -2
data/test/prx_auth/rails/configuration_test.rb +21 -19
data/test/prx_auth/rails/ext/controller_test.rb +13 -6
data/test/prx_auth/rails/sessions_controller_test.rb +2 -0
data/test/prx_auth/rails_test.rb +64 -0
metadata +8 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3212721cc8a3569576581017749f0af4ebca8c3c6c50684f9d88587057e9517b
-  data.tar.gz: 41f92ebcf2c167cb48d00c39319a1a6663d9a7203aa9c6c7d69007f8230ba011
+  metadata.gz: d46435a82e0473d353a1f1849bfcedfb4db925e5a1bce443a8043ca948bfda69
+  data.tar.gz: b867f26410a93aee077e2bad3515b2fb9fb0ee4a9499cbb6bdaef9287639c158
 SHA512:
-  metadata.gz: c3fa282bf2f549e40761da8b04ddb3944c20492818598bc2d391e7cc5e79b032a41c2d5914b5b2f7f70a3401492548149eb308b08b030efbcd87d817b05f7698
-  data.tar.gz: 6e25421712eb18d89fa5aa6fda01eb1641262f41ae294aa39630755ef342a743ecbd6d02bd985469eb56db25d20e4e0121696b5de8338219edf75d9597f16363
+  metadata.gz: 308dd3bc5e3eacf014613bac983b097d677f823d60185eb76303345d698f1096e2fa7e24ad74b2f7bf5a2eef4a3222a9bf9ec51a28c1d82698bad48de8d500ad
+  data.tar.gz: b2bf8e7fe515a27e970a4612b7075564366f0a0270c62dca1602e6d51d1dceb7ffe4d5e2143927126bb02b4335bcd09dac501f950c5511cf456c4ffaa309cd42

data/README.md CHANGED Viewed

@@ -46,7 +46,10 @@ In your rails app, add a file to config/initializers called
 PrxAuth::Rails.configure do |config|
   # enables automatic installation of token parser middleware
-  config.install_middleware = false # default: true
+  config.install_middleware = true # default: true
+  # set the ID host
+  config.id_host = 'id.staging.prx.tech' # default: id.prx.org
   # automatically adds namespace to all scoped queries, e.g. .authorized?(:foo) will be treated
   # as .authorized?(:my_great_ns, :foo). Has no impact on unscoped queries.

data/app/controllers/prx_auth/rails/sessions_controller.rb CHANGED Viewed

@@ -10,19 +10,29 @@ module PrxAuth::Rails
     before_action :set_after_sign_in_path
     ID_NONCE_SESSION_KEY = 'id_prx_openid_nonce'
+    DEFAULT_SCOPES = 'openid apps'
     def new
       config = PrxAuth::Rails.configuration
+      scope =
+        if config.prx_scope.present?
+          "#{DEFAULT_SCOPES} #{config.prx_scope}"
+        else
+          DEFAULT_SCOPES
+        end
       id_auth_params = {
         client_id: config.prx_client_id,
         nonce: fetch_nonce,
         response_type: 'id_token token',
-        scope: 'openid apps',
+        scope: scope,
         prompt: 'necessary'
       }
-      redirect_to '//' + config.id_host + '/authorize?' + id_auth_params.to_query
+      url = '//' + config.id_host + '/authorize?' + id_auth_params.to_query
+      redirect_to url, allow_other_host: true
     end
     def show
@@ -44,7 +54,7 @@ module PrxAuth::Rails
         redirect_to after_sign_in_path_for(current_user)
       else
         clear_nonce!
-        redirect_to auth_error_sessions_path(error: 'verification_failed')
+        redirect_to auth_error_sessions_path(error: params[:error] || 'unknown_error')
       end
     end

data/app/views/prx_auth/rails/sessions/show.html.erb CHANGED Viewed

@@ -2,6 +2,7 @@
   <%= form_for(:sessions, :url => PrxAuth::Rails::Engine.routes.url_helpers.sessions_path) do |f| %>
       <%= hidden_field_tag :access_token, '', id: 'access-token-field' %>
       <%= hidden_field_tag :id_token, '', id: 'id-token-field' %>
+      <%= hidden_field_tag :error, '', id: 'error-field' %>
       <%= f.submit id: 'sessions-form-submit' %>
   <% end %>
 </div>
@@ -23,14 +24,16 @@
   }
 window.addEventListener("load", () => {
-  var idToken = document.querySelector("#id-token-field");
   var accessToken = document.querySelector("#access-token-field");
+  var idToken = document.querySelector("#id-token-field");
+  var error = document.querySelector("#error-field");
   var submit = document.querySelector("input#sessions-form-submit[type=submit]");
   var hashParams = parseURLFragment();
   accessToken.value = hashParams['access_token'];
   idToken.value = hashParams['id_token'];
+  error.value = hashParams['error'];
   submit.click();
 });

data/lib/prx_auth/rails/configuration.rb CHANGED Viewed

@@ -2,27 +2,36 @@ class PrxAuth::Rails::Configuration
   attr_accessor :install_middleware,
                 :namespace,
                 :prx_client_id,
-                :id_host
+                :prx_scope,
+                :id_host,
+                :cert_path
+  DEFAULT_ID_HOST = 'id.prx.org'
+  DEFAULT_CERT_PATH = 'api/v1/certs'
   def initialize
     @install_middleware = true
-    if defined?(::Rails)
-      klass = ::Rails.application.class
-      parent_name = if ::Rails::VERSION::MAJOR >= 6
-                      klass.module_parent_name
-                    else
-                      klass.parent_name
-                    end
-      klass_name = if parent_name.present?
-                     parent_name
-                   else
-                     klass.name
-                   end
+    @prx_client_id = nil
+    @prx_scope = nil
+    @id_host = DEFAULT_ID_HOST
+    @cert_path = DEFAULT_CERT_PATH
-      @namespace = klass_name.underscore.intern
-      @prx_client_id = nil
-      @id_host = nil
-    end
+    # infer default namespace from app name
+    @namespace =
+      if defined?(::Rails)
+        klass = ::Rails.application.class
+        parent_name = if ::Rails::VERSION::MAJOR >= 6
+                        klass.module_parent_name
+                      else
+                        klass.parent_name
+                      end
+        klass_name = if parent_name.present?
+                       parent_name
+                     else
+                       klass.name
+                     end
+        klass_name.underscore.intern
+      end
   end
 end

data/lib/prx_auth/rails/ext/controller.rb CHANGED Viewed

@@ -52,7 +52,10 @@ module PrxAuth
       end
       def current_user_info
-        session[PRX_USER_INFO_SESSION_KEY] ||= fetch_userinfo
+        session[PRX_USER_INFO_SESSION_KEY] ||= begin
+          info = fetch_userinfo
+          info.slice('name', 'preferred_username', 'email', 'image_href', 'apps')
+        end
       end
       def current_user_name
@@ -87,7 +90,7 @@ module PrxAuth
       end
       def account_name_for(account_id)
-        account_for(account_id).try(:[], :name)
+        account_for(account_id).try(:[], 'name')
       end
       def account_for(account_id)
@@ -107,7 +110,8 @@ module PrxAuth
         missing = ids - session[PRX_ACCOUNT_MAPPING_SESSION_KEY].keys
         if missing.present?
           fetch_accounts(missing).each do |account|
-            session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = account.with_indifferent_access
+            minimal = account.slice('name', 'type')
+            session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = minimal
           end
         end

data/lib/prx_auth/rails/railtie.rb CHANGED Viewed

@@ -7,11 +7,5 @@ module PrxAuth::Rails
     config.to_prepare do
       ApplicationController.send(:include, PrxAuth::Rails::Controller)
     end
-    initializer 'prx_auth.insert_middleware' do |app|
-      if PrxAuth::Rails.configuration.install_middleware
-        app.config.middleware.insert_after Rack::Head, Rack::PrxAuth
-      end
-    end
   end
 end

data/lib/prx_auth/rails/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module PrxAuth
   module Rails
-    VERSION = '3.0.1'
+    VERSION = '4.1.0'
   end
 end

data/lib/prx_auth/rails.rb CHANGED Viewed

@@ -6,10 +6,36 @@ require "prx_auth/rails/engine" if defined?(Rails)
 module PrxAuth
   module Rails
     class << self
-      attr_accessor :configuration
+      attr_accessor :configuration, :installed_middleware
       def configure
-        yield configuration
+        yield configuration if block_given?
+        # only install from first call to configure block
+        if configuration.install_middleware && !installed_middleware
+          install_middleware!
+          self.installed_middleware = true
+        end
+      end
+      def install_middleware!(app = nil)
+        app ||= ::Rails.application if defined?(::Rails)
+        return false unless app
+        # guess protocol from host
+        host = configuration.id_host
+        path = configuration.cert_path
+        protocol =
+          if host.include?('localhost') || host.include?('127.0.0.1')
+            'http'
+          else
+            'https'
+          end
+        app.middleware.insert_after Rack::Head, Rack::PrxAuth,
+          cert_location: "#{protocol}://#{host}/#{path}",
+          issuer: host
       end
     end

data/test/prx_auth/rails/configuration_test.rb CHANGED Viewed

@@ -4,33 +4,35 @@ describe PrxAuth::Rails::Configuration do
   subject { PrxAuth::Rails::Configuration.new }
-  it 'initializes with a namespace defined by rails app name' do
-    assert subject.namespace == :dummy
+  it 'initializes with defaults' do
+    assert subject.install_middleware
+    assert_nil subject.prx_client_id
+    assert_nil subject.prx_scope
+    assert_equal 'id.prx.org', subject.id_host
+    assert_equal 'api/v1/certs', subject.cert_path
   end
-  it 'can be reconfigured using the namespace attr' do
-    PrxAuth::Rails.stub(:configuration, subject) do
-      PrxAuth::Rails.configure do |config|
-        config.namespace = :new_test
-      end
-      assert PrxAuth::Rails.configuration.namespace == :new_test
-    end
+  it 'infers the default namespace from the rails app name' do
+    assert_equal :dummy, subject.namespace
   end
-  it 'defaults to enabling the middleware' do
-    PrxAuth::Rails.stub(:configuration, subject) do
-      assert PrxAuth::Rails.configuration.install_middleware
-    end
-  end
-  it 'allows overriding of the middleware automatic installation' do
+  it 'is updated by the prxauth configure block' do
     PrxAuth::Rails.stub(:configuration, subject) do
       PrxAuth::Rails.configure do |config|
         config.install_middleware = false
+        config.prx_client_id = 'some-id'
+        config.prx_scope = 'appname:*'
+        config.id_host = 'id.prx.blah'
+        config.cert_path = 'cert/path'
+        config.namespace = :new_test
       end
-      assert !PrxAuth::Rails.configuration.install_middleware
     end
+    refute subject.install_middleware
+    assert_equal 'some-id', subject.prx_client_id
+    assert_equal 'appname:*', subject.prx_scope
+    assert_equal 'id.prx.blah', subject.id_host
+    assert_equal 'cert/path', subject.cert_path
+    assert_equal :new_test, subject.namespace
   end
 end

data/test/prx_auth/rails/ext/controller_test.rb CHANGED Viewed

@@ -71,7 +71,7 @@ module PrxAuth::Rails::Ext
           to_return(status: 200, body: JSON.generate(body))
         assert session[@user_info_key] == nil
-        assert_equal @controller.current_user_info, body
+        assert_equal @controller.current_user_info, body.slice('name', 'apps')
         refute session[@user_info_key] == nil
         assert_equal @controller.current_user_name, 'Some Username'
         assert_equal @controller.current_user_apps, {'PRX Publish' => 'https://publish.prx.test'}
@@ -117,15 +117,18 @@ module PrxAuth::Rails::Ext
         three = {'id' => 3, 'type' => 'GroupAccount', 'name' => 'Three'}
         body = {'_embedded' => {'prx:items' => [one, three]}}
+        min_one = one.slice('name', 'type')
+        min_three = three.slice('name', 'type')
         id_host = PrxAuth::Rails.configuration.id_host
         stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=1,2,3").
           to_return(status: 200, body: JSON.generate(body))
         assert_nil session[@account_mapping_key]
-        assert_equal @controller.accounts_for([1, 2, 3]), [one, nil, three]
+        assert_equal @controller.accounts_for([1, 2, 3]), [min_one, nil, min_three]
         refute_nil session[@account_mapping_key]
-        assert_equal @controller.account_for(1), one
-        assert_equal @controller.account_for(3), three
+        assert_equal @controller.account_for(1), min_one
+        assert_equal @controller.account_for(3), min_three
         assert_equal @controller.account_name_for(1), 'One'
         assert_equal @controller.account_name_for(3), 'Three'
       end
@@ -152,12 +155,16 @@ module PrxAuth::Rails::Ext
         session[@account_mapping_key] = {1 => one, 3 => three}
         body = {'_embedded' => {'prx:items' => [two]}}
+        min_one = one.slice('name', 'type')
+        min_two = two.slice('name', 'type')
+        min_three = three.slice('name', 'type')
         id_host = PrxAuth::Rails.configuration.id_host
         stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=2").
           to_return(status: 200, body: JSON.generate(body))
-        assert_equal @controller.accounts_for([1, 2, 3]), [one, two, three]
-        assert_equal @controller.account_for(2), two
+        assert_equal @controller.accounts_for([1, 2, 3]), [min_one, min_two, min_three]
+        assert_equal @controller.account_for(2), min_two
         assert_equal @controller.account_name_for(2), 'Two'
       end
     end

data/test/prx_auth/rails/sessions_controller_test.rb CHANGED Viewed

@@ -82,6 +82,7 @@ module PrxAuth::Rails
     test 'should respond with redirect to the auth error page / code if the nonce does not match' do
       @controller.stub(:validate_token, @stub_claims) do
+        @token_params[:error] = 'verification_failed'
         session[@nonce_session_key] = 'nonce-does-not-match'
         post :create, params: @token_params, format: :json
         assert response.code == '302'
@@ -105,6 +106,7 @@ module PrxAuth::Rails
       @controller.stub(:id_claims, @stub_claims) do
         @controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
+          @token_params[:error] = 'verification_failed'
           session[@nonce_session_key] = '123'
           post :create, params: @token_params, format: :json

data/test/prx_auth/rails_test.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'test_helper'
+require 'pry'
+describe PrxAuth::Rails do
+  subject { PrxAuth::Rails }
+  it 'gets a configuration' do
+    assert_equal :test_app, subject.configuration.namespace
+    assert_equal '1234', subject.configuration.prx_client_id
+    assert_equal 'id.prx.test', subject.configuration.id_host
+    assert_equal 'api/v1/certs', subject.configuration.cert_path
+  end
+  it 'installs and configures prx_auth middleware' do
+    mw = MiniTest::Mock.new
+    mw.expect :insert_after, nil do |c1, c2, cert_location:, issuer:|
+      assert_equal Rack::Head, c1
+      assert_equal Rack::PrxAuth, c2
+      assert_equal 'https://id.prx.test/api/v1/certs', cert_location
+      assert_equal 'id.prx.test', issuer
+    end
+    app = MiniTest::Mock.new
+    app.expect :middleware, mw
+    subject.install_middleware!(app)
+    mw.verify
+  end
+  it 'installs middleware after configuration' do
+    called = false
+    spy = -> { called = true }
+    PrxAuth::Rails.stub(:install_middleware!, spy) do
+      PrxAuth::Rails.installed_middleware = false
+      PrxAuth::Rails.configure do |config|
+        config.install_middleware = true
+      end
+      assert PrxAuth::Rails.installed_middleware
+    end
+    assert called
+  end
+  it 'allows overriding of the middleware automatic installation' do
+    called = false
+    spy = -> { called = true }
+    PrxAuth::Rails.stub(:install_middleware!, spy) do
+      PrxAuth::Rails.installed_middleware = false
+      PrxAuth::Rails.configure do |config|
+        config.install_middleware = false
+      end
+      refute PrxAuth::Rails.installed_middleware
+    end
+    refute called
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth-rails
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 4.1.0
 platform: ruby
 authors:
 - Chris Rhoden
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-05 00:00:00.000000000 Z
+date: 2023-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -265,12 +265,13 @@ files:
 - test/prx_auth/rails/ext/controller_test.rb
 - test/prx_auth/rails/sessions_controller_test.rb
 - test/prx_auth/rails/token_test.rb
+- test/prx_auth/rails_test.rb
 - test/test_helper.rb
 homepage: https://github.com/PRX/prx_auth-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -285,8 +286,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Rails integration for next generation PRX Authorization system.
 test_files:
@@ -351,4 +352,5 @@ test_files:
 - test/prx_auth/rails/ext/controller_test.rb
 - test/prx_auth/rails/sessions_controller_test.rb
 - test/prx_auth/rails/token_test.rb
+- test/prx_auth/rails_test.rb
 - test/test_helper.rb