prx_auth-rails 1.4.1 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '081a5943f3b2b9a79035ea23b3c9d1273ba09938ea3e7351025cb4c3a836b108'
|
|
4
|
+
data.tar.gz: da3cc2f617261d7e22ad031a43fa903114aa537edb89e90b6de3ab8e132ee7b6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 801452a31c08d21d7c78ff49048f8bf4247d41a0ed7d491bb78165c558464149c9415017939b14351ade8848d81c143b9a1a1ea23cac6605521e654a651720b7
|
|
7
|
+
data.tar.gz: d4e3bd24d1c11838c1275db062c9bb9c4494a12cd13f39f3ef36cba20d5e539480920c06fd638ced3c9a372b4413797ab1e625e2ecb6e2d8f01bfccbfcfb0d8d
|
|
@@ -27,6 +27,11 @@ module PrxAuth::Rails
|
|
|
27
27
|
def show
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
+
def destroy
|
|
31
|
+
sign_out_user
|
|
32
|
+
redirect_to after_sign_out_path
|
|
33
|
+
end
|
|
34
|
+
|
|
30
35
|
def auth_error
|
|
31
36
|
@auth_error_message = params.require(:error)
|
|
32
37
|
end
|
|
@@ -58,6 +63,12 @@ module PrxAuth::Rails
|
|
|
58
63
|
"/"
|
|
59
64
|
end
|
|
60
65
|
|
|
66
|
+
def after_sign_out_path
|
|
67
|
+
return super if defined?(super)
|
|
68
|
+
|
|
69
|
+
"https://#{id_host}/session/sign_out"
|
|
70
|
+
end
|
|
71
|
+
|
|
61
72
|
def id_claims
|
|
62
73
|
id_token = params.require('id_token')
|
|
63
74
|
validate_token(id_token)
|
|
@@ -96,12 +107,15 @@ module PrxAuth::Rails
|
|
|
96
107
|
end
|
|
97
108
|
|
|
98
109
|
def validate_token(token)
|
|
99
|
-
id_host = PrxAuth::Rails.configuration.id_host
|
|
100
110
|
prx_auth_cert = Rack::PrxAuth::Certificate.new("https://#{id_host}/api/v1/certs")
|
|
101
111
|
auth_validator = Rack::PrxAuth::AuthValidator.new(token, prx_auth_cert, id_host)
|
|
102
112
|
auth_validator.
|
|
103
113
|
claims.
|
|
104
114
|
with_indifferent_access
|
|
105
115
|
end
|
|
116
|
+
|
|
117
|
+
def id_host
|
|
118
|
+
PrxAuth::Rails.configuration.id_host
|
|
119
|
+
end
|
|
106
120
|
end
|
|
107
121
|
end
|
|
@@ -6,12 +6,13 @@ module PrxAuth
|
|
|
6
6
|
module Controller
|
|
7
7
|
|
|
8
8
|
PRX_ACCOUNT_NAME_MAPPING_KEY = 'prx.account.name.mapping'.freeze
|
|
9
|
+
PRX_TOKEN_SESSION_KEY = 'prx.auth'.freeze
|
|
9
10
|
|
|
10
11
|
def prx_auth_token
|
|
11
12
|
rack_auth_token = env_prx_auth_token
|
|
12
13
|
return rack_auth_token if rack_auth_token.present?
|
|
13
14
|
|
|
14
|
-
session[
|
|
15
|
+
session[PRX_TOKEN_SESSION_KEY] && Rack::PrxAuth::TokenData.new(session[PRX_TOKEN_SESSION_KEY])
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def prx_authenticated?
|
|
@@ -53,7 +54,11 @@ module PrxAuth
|
|
|
53
54
|
end
|
|
54
55
|
|
|
55
56
|
def sign_in_user(token)
|
|
56
|
-
session[
|
|
57
|
+
session[PRX_TOKEN_SESSION_KEY] = token
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def sign_out_user
|
|
61
|
+
session.delete(PRX_TOKEN_SESSION_KEY)
|
|
57
62
|
end
|
|
58
63
|
|
|
59
64
|
private
|
|
@@ -61,7 +61,7 @@ module PrxAuth::Rails
|
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
test 'should respond with
|
|
64
|
+
test 'should respond with redirect to the auth error page / code if the nonce does not match' do
|
|
65
65
|
@controller.stub(:validate_token, @stub_claims) do
|
|
66
66
|
session[@nonce_session_key] = 'nonce-does-not-match'
|
|
67
67
|
post :create, params: @token_params, format: :json
|
|
@@ -86,13 +86,19 @@ module PrxAuth::Rails
|
|
|
86
86
|
@controller.stub(:id_claims, @stub_claims) do
|
|
87
87
|
@controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
|
|
88
88
|
|
|
89
|
-
|
|
90
|
-
|
|
89
|
+
session[@nonce_session_key] = '123'
|
|
90
|
+
post :create, params: @token_params, format: :json
|
|
91
91
|
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
92
|
+
assert response.code == '302'
|
|
93
|
+
assert response.body.match?(/error=verification_failed/)
|
|
94
|
+
end
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
|
+
|
|
98
|
+
test 'should clear the user token on sign out' do
|
|
99
|
+
session[PrxAuth::Rails::Controller::PRX_TOKEN_SESSION_KEY] = 'some-token'
|
|
100
|
+
post :destroy
|
|
101
|
+
assert session[PrxAuth::Rails::Controller::PRX_TOKEN_SESSION_KEY] == nil
|
|
102
|
+
end
|
|
97
103
|
end
|
|
98
104
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: prx_auth-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Rhoden
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -241,7 +241,7 @@ homepage: https://github.com/PRX/prx_auth-rails
|
|
|
241
241
|
licenses:
|
|
242
242
|
- MIT
|
|
243
243
|
metadata: {}
|
|
244
|
-
post_install_message:
|
|
244
|
+
post_install_message:
|
|
245
245
|
rdoc_options: []
|
|
246
246
|
require_paths:
|
|
247
247
|
- lib
|
|
@@ -256,8 +256,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
- !ruby/object:Gem::Version
|
|
257
257
|
version: '0'
|
|
258
258
|
requirements: []
|
|
259
|
-
|
|
260
|
-
|
|
259
|
+
rubyforge_project:
|
|
260
|
+
rubygems_version: 2.7.6.2
|
|
261
|
+
signing_key:
|
|
261
262
|
specification_version: 4
|
|
262
263
|
summary: Rails integration for next generation PRX Authorization system.
|
|
263
264
|
test_files:
|