prx_auth-rails 1.4.1 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '081a5943f3b2b9a79035ea23b3c9d1273ba09938ea3e7351025cb4c3a836b108'
|
|
4
|
+
data.tar.gz: da3cc2f617261d7e22ad031a43fa903114aa537edb89e90b6de3ab8e132ee7b6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 801452a31c08d21d7c78ff49048f8bf4247d41a0ed7d491bb78165c558464149c9415017939b14351ade8848d81c143b9a1a1ea23cac6605521e654a651720b7
|
|
7
|
+
data.tar.gz: d4e3bd24d1c11838c1275db062c9bb9c4494a12cd13f39f3ef36cba20d5e539480920c06fd638ced3c9a372b4413797ab1e625e2ecb6e2d8f01bfccbfcfb0d8d
|
|
@@ -27,6 +27,11 @@ module PrxAuth::Rails
|
|
|
27
27
|
def show
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
+
def destroy
|
|
31
|
+
sign_out_user
|
|
32
|
+
redirect_to after_sign_out_path
|
|
33
|
+
end
|
|
34
|
+
|
|
30
35
|
def auth_error
|
|
31
36
|
@auth_error_message = params.require(:error)
|
|
32
37
|
end
|
|
@@ -58,6 +63,12 @@ module PrxAuth::Rails
|
|
|
58
63
|
"/"
|
|
59
64
|
end
|
|
60
65
|
|
|
66
|
+
def after_sign_out_path
|
|
67
|
+
return super if defined?(super)
|
|
68
|
+
|
|
69
|
+
"https://#{id_host}/session/sign_out"
|
|
70
|
+
end
|
|
71
|
+
|
|
61
72
|
def id_claims
|
|
62
73
|
id_token = params.require('id_token')
|
|
63
74
|
validate_token(id_token)
|
|
@@ -96,12 +107,15 @@ module PrxAuth::Rails
|
|
|
96
107
|
end
|
|
97
108
|
|
|
98
109
|
def validate_token(token)
|
|
99
|
-
id_host = PrxAuth::Rails.configuration.id_host
|
|
100
110
|
prx_auth_cert = Rack::PrxAuth::Certificate.new("https://#{id_host}/api/v1/certs")
|
|
101
111
|
auth_validator = Rack::PrxAuth::AuthValidator.new(token, prx_auth_cert, id_host)
|
|
102
112
|
auth_validator.
|
|
103
113
|
claims.
|
|
104
114
|
with_indifferent_access
|
|
105
115
|
end
|
|
116
|
+
|
|
117
|
+
def id_host
|
|
118
|
+
PrxAuth::Rails.configuration.id_host
|
|
119
|
+
end
|
|
106
120
|
end
|
|
107
121
|
end
|
|
@@ -6,12 +6,13 @@ module PrxAuth
|
|
|
6
6
|
module Controller
|
|
7
7
|
|
|
8
8
|
PRX_ACCOUNT_NAME_MAPPING_KEY = 'prx.account.name.mapping'.freeze
|
|
9
|
+
PRX_TOKEN_SESSION_KEY = 'prx.auth'.freeze
|
|
9
10
|
|
|
10
11
|
def prx_auth_token
|
|
11
12
|
rack_auth_token = env_prx_auth_token
|
|
12
13
|
return rack_auth_token if rack_auth_token.present?
|
|
13
14
|
|
|
14
|
-
session[
|
|
15
|
+
session[PRX_TOKEN_SESSION_KEY] && Rack::PrxAuth::TokenData.new(session[PRX_TOKEN_SESSION_KEY])
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def prx_authenticated?
|
|
@@ -53,7 +54,11 @@ module PrxAuth
|
|
|
53
54
|
end
|
|
54
55
|
|
|
55
56
|
def sign_in_user(token)
|
|
56
|
-
session[
|
|
57
|
+
session[PRX_TOKEN_SESSION_KEY] = token
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def sign_out_user
|
|
61
|
+
session.delete(PRX_TOKEN_SESSION_KEY)
|
|
57
62
|
end
|
|
58
63
|
|
|
59
64
|
private
|
|
@@ -61,7 +61,7 @@ module PrxAuth::Rails
|
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
test 'should respond with
|
|
64
|
+
test 'should respond with redirect to the auth error page / code if the nonce does not match' do
|
|
65
65
|
@controller.stub(:validate_token, @stub_claims) do
|
|
66
66
|
session[@nonce_session_key] = 'nonce-does-not-match'
|
|
67
67
|
post :create, params: @token_params, format: :json
|
|
@@ -86,13 +86,19 @@ module PrxAuth::Rails
|
|
|
86
86
|
@controller.stub(:id_claims, @stub_claims) do
|
|
87
87
|
@controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
|
|
88
88
|
|
|
89
|
-
|
|
90
|
-
|
|
89
|
+
session[@nonce_session_key] = '123'
|
|
90
|
+
post :create, params: @token_params, format: :json
|
|
91
91
|
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
92
|
+
assert response.code == '302'
|
|
93
|
+
assert response.body.match?(/error=verification_failed/)
|
|
94
|
+
end
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
|
+
|
|
98
|
+
test 'should clear the user token on sign out' do
|
|
99
|
+
session[PrxAuth::Rails::Controller::PRX_TOKEN_SESSION_KEY] = 'some-token'
|
|
100
|
+
post :destroy
|
|
101
|
+
assert session[PrxAuth::Rails::Controller::PRX_TOKEN_SESSION_KEY] == nil
|
|
102
|
+
end
|
|
97
103
|
end
|
|
98
104
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: prx_auth-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Rhoden
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -241,7 +241,7 @@ homepage: https://github.com/PRX/prx_auth-rails
|
|
|
241
241
|
licenses:
|
|
242
242
|
- MIT
|
|
243
243
|
metadata: {}
|
|
244
|
-
post_install_message:
|
|
244
|
+
post_install_message:
|
|
245
245
|
rdoc_options: []
|
|
246
246
|
require_paths:
|
|
247
247
|
- lib
|
|
@@ -256,8 +256,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
- !ruby/object:Gem::Version
|
|
257
257
|
version: '0'
|
|
258
258
|
requirements: []
|
|
259
|
-
|
|
260
|
-
|
|
259
|
+
rubyforge_project:
|
|
260
|
+
rubygems_version: 2.7.6.2
|
|
261
|
+
signing_key:
|
|
261
262
|
specification_version: 4
|
|
262
263
|
summary: Rails integration for next generation PRX Authorization system.
|
|
263
264
|
test_files:
|