prx_auth-rails 4.0.0 → 4.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1eed8329985438f59a1adc529c8e33748cbfca9becbd285475385c16b25639e6
4
- data.tar.gz: 0a065d8fdf1e4d077fdd43da82cc37c3110ada401d31e6eadb5e154ae7001c6f
3
+ metadata.gz: d46435a82e0473d353a1f1849bfcedfb4db925e5a1bce443a8043ca948bfda69
4
+ data.tar.gz: b867f26410a93aee077e2bad3515b2fb9fb0ee4a9499cbb6bdaef9287639c158
5
5
  SHA512:
6
- metadata.gz: 9f45b17435edca7e49910164e330eea45df6c466514b700af6f04182e7df99748d3978911cd777325fb9142e4e9f0e1723bec10917eeea8c04b54b4c98c521b1
7
- data.tar.gz: 1dffecbaef3bf75a75759f6312a9acfb3442e5a6ff7b4354abc9e8b19816618f5fe57fd515317cfa03eaf7da0b231c2489b30c3a1f1aab2eca93f9a3e3b17d6b
6
+ metadata.gz: 308dd3bc5e3eacf014613bac983b097d677f823d60185eb76303345d698f1096e2fa7e24ad74b2f7bf5a2eef4a3222a9bf9ec51a28c1d82698bad48de8d500ad
7
+ data.tar.gz: b2bf8e7fe515a27e970a4612b7075564366f0a0270c62dca1602e6d51d1dceb7ffe4d5e2143927126bb02b4335bcd09dac501f950c5511cf456c4ffaa309cd42
@@ -10,19 +10,29 @@ module PrxAuth::Rails
10
10
  before_action :set_after_sign_in_path
11
11
 
12
12
  ID_NONCE_SESSION_KEY = 'id_prx_openid_nonce'
13
+ DEFAULT_SCOPES = 'openid apps'
13
14
 
14
15
  def new
15
16
  config = PrxAuth::Rails.configuration
16
17
 
18
+ scope =
19
+ if config.prx_scope.present?
20
+ "#{DEFAULT_SCOPES} #{config.prx_scope}"
21
+ else
22
+ DEFAULT_SCOPES
23
+ end
24
+
17
25
  id_auth_params = {
18
26
  client_id: config.prx_client_id,
19
27
  nonce: fetch_nonce,
20
28
  response_type: 'id_token token',
21
- scope: 'openid apps',
29
+ scope: scope,
22
30
  prompt: 'necessary'
23
31
  }
24
32
 
25
- redirect_to '//' + config.id_host + '/authorize?' + id_auth_params.to_query
33
+ url = '//' + config.id_host + '/authorize?' + id_auth_params.to_query
34
+
35
+ redirect_to url, allow_other_host: true
26
36
  end
27
37
 
28
38
  def show
@@ -44,7 +54,7 @@ module PrxAuth::Rails
44
54
  redirect_to after_sign_in_path_for(current_user)
45
55
  else
46
56
  clear_nonce!
47
- redirect_to auth_error_sessions_path(error: 'verification_failed')
57
+ redirect_to auth_error_sessions_path(error: params[:error] || 'unknown_error')
48
58
  end
49
59
  end
50
60
 
@@ -2,6 +2,7 @@
2
2
  <%= form_for(:sessions, :url => PrxAuth::Rails::Engine.routes.url_helpers.sessions_path) do |f| %>
3
3
  <%= hidden_field_tag :access_token, '', id: 'access-token-field' %>
4
4
  <%= hidden_field_tag :id_token, '', id: 'id-token-field' %>
5
+ <%= hidden_field_tag :error, '', id: 'error-field' %>
5
6
  <%= f.submit id: 'sessions-form-submit' %>
6
7
  <% end %>
7
8
  </div>
@@ -23,14 +24,16 @@
23
24
  }
24
25
 
25
26
  window.addEventListener("load", () => {
26
- var idToken = document.querySelector("#id-token-field");
27
27
  var accessToken = document.querySelector("#access-token-field");
28
+ var idToken = document.querySelector("#id-token-field");
29
+ var error = document.querySelector("#error-field");
28
30
  var submit = document.querySelector("input#sessions-form-submit[type=submit]");
29
31
 
30
32
  var hashParams = parseURLFragment();
31
33
 
32
34
  accessToken.value = hashParams['access_token'];
33
35
  idToken.value = hashParams['id_token'];
36
+ error.value = hashParams['error'];
34
37
 
35
38
  submit.click();
36
39
  });
@@ -2,6 +2,7 @@ class PrxAuth::Rails::Configuration
2
2
  attr_accessor :install_middleware,
3
3
  :namespace,
4
4
  :prx_client_id,
5
+ :prx_scope,
5
6
  :id_host,
6
7
  :cert_path
7
8
 
@@ -11,6 +12,7 @@ class PrxAuth::Rails::Configuration
11
12
  def initialize
12
13
  @install_middleware = true
13
14
  @prx_client_id = nil
15
+ @prx_scope = nil
14
16
  @id_host = DEFAULT_ID_HOST
15
17
  @cert_path = DEFAULT_CERT_PATH
16
18
 
@@ -52,7 +52,10 @@ module PrxAuth
52
52
  end
53
53
 
54
54
  def current_user_info
55
- session[PRX_USER_INFO_SESSION_KEY] ||= fetch_userinfo
55
+ session[PRX_USER_INFO_SESSION_KEY] ||= begin
56
+ info = fetch_userinfo
57
+ info.slice('name', 'preferred_username', 'email', 'image_href', 'apps')
58
+ end
56
59
  end
57
60
 
58
61
  def current_user_name
@@ -87,7 +90,7 @@ module PrxAuth
87
90
  end
88
91
 
89
92
  def account_name_for(account_id)
90
- account_for(account_id).try(:[], :name)
93
+ account_for(account_id).try(:[], 'name')
91
94
  end
92
95
 
93
96
  def account_for(account_id)
@@ -107,7 +110,8 @@ module PrxAuth
107
110
  missing = ids - session[PRX_ACCOUNT_MAPPING_SESSION_KEY].keys
108
111
  if missing.present?
109
112
  fetch_accounts(missing).each do |account|
110
- session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = account.with_indifferent_access
113
+ minimal = account.slice('name', 'type')
114
+ session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = minimal
111
115
  end
112
116
  end
113
117
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  module PrxAuth
4
4
  module Rails
5
- VERSION = '4.0.0'
5
+ VERSION = '4.1.0'
6
6
  end
7
7
  end
@@ -7,6 +7,7 @@ describe PrxAuth::Rails::Configuration do
7
7
  it 'initializes with defaults' do
8
8
  assert subject.install_middleware
9
9
  assert_nil subject.prx_client_id
10
+ assert_nil subject.prx_scope
10
11
  assert_equal 'id.prx.org', subject.id_host
11
12
  assert_equal 'api/v1/certs', subject.cert_path
12
13
  end
@@ -20,6 +21,7 @@ describe PrxAuth::Rails::Configuration do
20
21
  PrxAuth::Rails.configure do |config|
21
22
  config.install_middleware = false
22
23
  config.prx_client_id = 'some-id'
24
+ config.prx_scope = 'appname:*'
23
25
  config.id_host = 'id.prx.blah'
24
26
  config.cert_path = 'cert/path'
25
27
  config.namespace = :new_test
@@ -28,6 +30,7 @@ describe PrxAuth::Rails::Configuration do
28
30
 
29
31
  refute subject.install_middleware
30
32
  assert_equal 'some-id', subject.prx_client_id
33
+ assert_equal 'appname:*', subject.prx_scope
31
34
  assert_equal 'id.prx.blah', subject.id_host
32
35
  assert_equal 'cert/path', subject.cert_path
33
36
  assert_equal :new_test, subject.namespace
@@ -71,7 +71,7 @@ module PrxAuth::Rails::Ext
71
71
  to_return(status: 200, body: JSON.generate(body))
72
72
 
73
73
  assert session[@user_info_key] == nil
74
- assert_equal @controller.current_user_info, body
74
+ assert_equal @controller.current_user_info, body.slice('name', 'apps')
75
75
  refute session[@user_info_key] == nil
76
76
  assert_equal @controller.current_user_name, 'Some Username'
77
77
  assert_equal @controller.current_user_apps, {'PRX Publish' => 'https://publish.prx.test'}
@@ -117,15 +117,18 @@ module PrxAuth::Rails::Ext
117
117
  three = {'id' => 3, 'type' => 'GroupAccount', 'name' => 'Three'}
118
118
  body = {'_embedded' => {'prx:items' => [one, three]}}
119
119
 
120
+ min_one = one.slice('name', 'type')
121
+ min_three = three.slice('name', 'type')
122
+
120
123
  id_host = PrxAuth::Rails.configuration.id_host
121
124
  stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=1,2,3").
122
125
  to_return(status: 200, body: JSON.generate(body))
123
126
 
124
127
  assert_nil session[@account_mapping_key]
125
- assert_equal @controller.accounts_for([1, 2, 3]), [one, nil, three]
128
+ assert_equal @controller.accounts_for([1, 2, 3]), [min_one, nil, min_three]
126
129
  refute_nil session[@account_mapping_key]
127
- assert_equal @controller.account_for(1), one
128
- assert_equal @controller.account_for(3), three
130
+ assert_equal @controller.account_for(1), min_one
131
+ assert_equal @controller.account_for(3), min_three
129
132
  assert_equal @controller.account_name_for(1), 'One'
130
133
  assert_equal @controller.account_name_for(3), 'Three'
131
134
  end
@@ -152,12 +155,16 @@ module PrxAuth::Rails::Ext
152
155
  session[@account_mapping_key] = {1 => one, 3 => three}
153
156
  body = {'_embedded' => {'prx:items' => [two]}}
154
157
 
158
+ min_one = one.slice('name', 'type')
159
+ min_two = two.slice('name', 'type')
160
+ min_three = three.slice('name', 'type')
161
+
155
162
  id_host = PrxAuth::Rails.configuration.id_host
156
163
  stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=2").
157
164
  to_return(status: 200, body: JSON.generate(body))
158
165
 
159
- assert_equal @controller.accounts_for([1, 2, 3]), [one, two, three]
160
- assert_equal @controller.account_for(2), two
166
+ assert_equal @controller.accounts_for([1, 2, 3]), [min_one, min_two, min_three]
167
+ assert_equal @controller.account_for(2), min_two
161
168
  assert_equal @controller.account_name_for(2), 'Two'
162
169
  end
163
170
  end
@@ -82,6 +82,7 @@ module PrxAuth::Rails
82
82
 
83
83
  test 'should respond with redirect to the auth error page / code if the nonce does not match' do
84
84
  @controller.stub(:validate_token, @stub_claims) do
85
+ @token_params[:error] = 'verification_failed'
85
86
  session[@nonce_session_key] = 'nonce-does-not-match'
86
87
  post :create, params: @token_params, format: :json
87
88
  assert response.code == '302'
@@ -105,6 +106,7 @@ module PrxAuth::Rails
105
106
  @controller.stub(:id_claims, @stub_claims) do
106
107
  @controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
107
108
 
109
+ @token_params[:error] = 'verification_failed'
108
110
  session[@nonce_session_key] = '123'
109
111
  post :create, params: @token_params, format: :json
110
112
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: prx_auth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Rhoden
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-06 00:00:00.000000000 Z
11
+ date: 2023-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack