prx_auth-rails 4.0.0 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/prx_auth/rails/sessions_controller.rb +13 -3
  3. data/app/views/prx_auth/rails/sessions/show.html.erb +4 -1
  4. data/lib/prx_auth/rails/configuration.rb +2 -0
  5. data/lib/prx_auth/rails/ext/controller.rb +7 -3
  6. data/lib/prx_auth/rails/version.rb +1 -1
  7. data/test/prx_auth/rails/configuration_test.rb +3 -0
  8. data/test/prx_auth/rails/ext/controller_test.rb +13 -6
  9. data/test/prx_auth/rails/sessions_controller_test.rb +2 -0
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1eed8329985438f59a1adc529c8e33748cbfca9becbd285475385c16b25639e6
4
- data.tar.gz: 0a065d8fdf1e4d077fdd43da82cc37c3110ada401d31e6eadb5e154ae7001c6f
3
+ metadata.gz: d46435a82e0473d353a1f1849bfcedfb4db925e5a1bce443a8043ca948bfda69
4
+ data.tar.gz: b867f26410a93aee077e2bad3515b2fb9fb0ee4a9499cbb6bdaef9287639c158
5
5
  SHA512:
6
- metadata.gz: 9f45b17435edca7e49910164e330eea45df6c466514b700af6f04182e7df99748d3978911cd777325fb9142e4e9f0e1723bec10917eeea8c04b54b4c98c521b1
7
- data.tar.gz: 1dffecbaef3bf75a75759f6312a9acfb3442e5a6ff7b4354abc9e8b19816618f5fe57fd515317cfa03eaf7da0b231c2489b30c3a1f1aab2eca93f9a3e3b17d6b
6
+ metadata.gz: 308dd3bc5e3eacf014613bac983b097d677f823d60185eb76303345d698f1096e2fa7e24ad74b2f7bf5a2eef4a3222a9bf9ec51a28c1d82698bad48de8d500ad
7
+ data.tar.gz: b2bf8e7fe515a27e970a4612b7075564366f0a0270c62dca1602e6d51d1dceb7ffe4d5e2143927126bb02b4335bcd09dac501f950c5511cf456c4ffaa309cd42
data/app/controllers/prx_auth/rails/sessions_controller.rb CHANGED
@@ -10,19 +10,29 @@ module PrxAuth::Rails
10
10
  before_action :set_after_sign_in_path
11
11
 
12
12
  ID_NONCE_SESSION_KEY = 'id_prx_openid_nonce'
13
+ DEFAULT_SCOPES = 'openid apps'
13
14
 
14
15
  def new
15
16
  config = PrxAuth::Rails.configuration
16
17
 
18
+ scope =
19
+ if config.prx_scope.present?
20
+ "#{DEFAULT_SCOPES} #{config.prx_scope}"
21
+ else
22
+ DEFAULT_SCOPES
23
+ end
24
+
17
25
  id_auth_params = {
18
26
  client_id: config.prx_client_id,
19
27
  nonce: fetch_nonce,
20
28
  response_type: 'id_token token',
21
- scope: 'openid apps',
29
+ scope: scope,
22
30
  prompt: 'necessary'
23
31
  }
24
32
 
25
- redirect_to '//' + config.id_host + '/authorize?' + id_auth_params.to_query
33
+ url = '//' + config.id_host + '/authorize?' + id_auth_params.to_query
34
+
35
+ redirect_to url, allow_other_host: true
26
36
  end
27
37
 
28
38
  def show
@@ -44,7 +54,7 @@ module PrxAuth::Rails
44
54
  redirect_to after_sign_in_path_for(current_user)
45
55
  else
46
56
  clear_nonce!
47
- redirect_to auth_error_sessions_path(error: 'verification_failed')
57
+ redirect_to auth_error_sessions_path(error: params[:error] || 'unknown_error')
48
58
  end
49
59
  end
50
60
 
data/app/views/prx_auth/rails/sessions/show.html.erb CHANGED
@@ -2,6 +2,7 @@
2
2
  <%= form_for(:sessions, :url => PrxAuth::Rails::Engine.routes.url_helpers.sessions_path) do |f| %>
3
3
  <%= hidden_field_tag :access_token, '', id: 'access-token-field' %>
4
4
  <%= hidden_field_tag :id_token, '', id: 'id-token-field' %>
5
+ <%= hidden_field_tag :error, '', id: 'error-field' %>
5
6
  <%= f.submit id: 'sessions-form-submit' %>
6
7
  <% end %>
7
8
  </div>
@@ -23,14 +24,16 @@
23
24
  }
24
25
 
25
26
  window.addEventListener("load", () => {
26
- var idToken = document.querySelector("#id-token-field");
27
27
  var accessToken = document.querySelector("#access-token-field");
28
+ var idToken = document.querySelector("#id-token-field");
29
+ var error = document.querySelector("#error-field");
28
30
  var submit = document.querySelector("input#sessions-form-submit[type=submit]");
29
31
 
30
32
  var hashParams = parseURLFragment();
31
33
 
32
34
  accessToken.value = hashParams['access_token'];
33
35
  idToken.value = hashParams['id_token'];
36
+ error.value = hashParams['error'];
34
37
 
35
38
  submit.click();
36
39
  });
data/lib/prx_auth/rails/configuration.rb CHANGED
@@ -2,6 +2,7 @@ class PrxAuth::Rails::Configuration
2
2
  attr_accessor :install_middleware,
3
3
  :namespace,
4
4
  :prx_client_id,
5
+ :prx_scope,
5
6
  :id_host,
6
7
  :cert_path
7
8
 
@@ -11,6 +12,7 @@ class PrxAuth::Rails::Configuration
11
12
  def initialize
12
13
  @install_middleware = true
13
14
  @prx_client_id = nil
15
+ @prx_scope = nil
14
16
  @id_host = DEFAULT_ID_HOST
15
17
  @cert_path = DEFAULT_CERT_PATH
16
18
 
data/lib/prx_auth/rails/ext/controller.rb CHANGED
@@ -52,7 +52,10 @@ module PrxAuth
52
52
  end
53
53
 
54
54
  def current_user_info
55
- session[PRX_USER_INFO_SESSION_KEY] ||= fetch_userinfo
55
+ session[PRX_USER_INFO_SESSION_KEY] ||= begin
56
+ info = fetch_userinfo
57
+ info.slice('name', 'preferred_username', 'email', 'image_href', 'apps')
58
+ end
56
59
  end
57
60
 
58
61
  def current_user_name
@@ -87,7 +90,7 @@ module PrxAuth
87
90
  end
88
91
 
89
92
  def account_name_for(account_id)
90
- account_for(account_id).try(:[], :name)
93
+ account_for(account_id).try(:[], 'name')
91
94
  end
92
95
 
93
96
  def account_for(account_id)
@@ -107,7 +110,8 @@ module PrxAuth
107
110
  missing = ids - session[PRX_ACCOUNT_MAPPING_SESSION_KEY].keys
108
111
  if missing.present?
109
112
  fetch_accounts(missing).each do |account|
110
- session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = account.with_indifferent_access
113
+ minimal = account.slice('name', 'type')
114
+ session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account['id']] = minimal
111
115
  end
112
116
  end
113
117
 
data/lib/prx_auth/rails/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module PrxAuth
4
4
  module Rails
5
- VERSION = '4.0.0'
5
+ VERSION = '4.1.0'
6
6
  end
7
7
  end
data/test/prx_auth/rails/configuration_test.rb CHANGED
@@ -7,6 +7,7 @@ describe PrxAuth::Rails::Configuration do
7
7
  it 'initializes with defaults' do
8
8
  assert subject.install_middleware
9
9
  assert_nil subject.prx_client_id
10
+ assert_nil subject.prx_scope
10
11
  assert_equal 'id.prx.org', subject.id_host
11
12
  assert_equal 'api/v1/certs', subject.cert_path
12
13
  end
@@ -20,6 +21,7 @@ describe PrxAuth::Rails::Configuration do
20
21
  PrxAuth::Rails.configure do |config|
21
22
  config.install_middleware = false
22
23
  config.prx_client_id = 'some-id'
24
+ config.prx_scope = 'appname:*'
23
25
  config.id_host = 'id.prx.blah'
24
26
  config.cert_path = 'cert/path'
25
27
  config.namespace = :new_test
@@ -28,6 +30,7 @@ describe PrxAuth::Rails::Configuration do
28
30
 
29
31
  refute subject.install_middleware
30
32
  assert_equal 'some-id', subject.prx_client_id
33
+ assert_equal 'appname:*', subject.prx_scope
31
34
  assert_equal 'id.prx.blah', subject.id_host
32
35
  assert_equal 'cert/path', subject.cert_path
33
36
  assert_equal :new_test, subject.namespace
data/test/prx_auth/rails/ext/controller_test.rb CHANGED
@@ -71,7 +71,7 @@ module PrxAuth::Rails::Ext
71
71
  to_return(status: 200, body: JSON.generate(body))
72
72
 
73
73
  assert session[@user_info_key] == nil
74
- assert_equal @controller.current_user_info, body
74
+ assert_equal @controller.current_user_info, body.slice('name', 'apps')
75
75
  refute session[@user_info_key] == nil
76
76
  assert_equal @controller.current_user_name, 'Some Username'
77
77
  assert_equal @controller.current_user_apps, {'PRX Publish' => 'https://publish.prx.test'}
@@ -117,15 +117,18 @@ module PrxAuth::Rails::Ext
117
117
  three = {'id' => 3, 'type' => 'GroupAccount', 'name' => 'Three'}
118
118
  body = {'_embedded' => {'prx:items' => [one, three]}}
119
119
 
120
+ min_one = one.slice('name', 'type')
121
+ min_three = three.slice('name', 'type')
122
+
120
123
  id_host = PrxAuth::Rails.configuration.id_host
121
124
  stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=1,2,3").
122
125
  to_return(status: 200, body: JSON.generate(body))
123
126
 
124
127
  assert_nil session[@account_mapping_key]
125
- assert_equal @controller.accounts_for([1, 2, 3]), [one, nil, three]
128
+ assert_equal @controller.accounts_for([1, 2, 3]), [min_one, nil, min_three]
126
129
  refute_nil session[@account_mapping_key]
127
- assert_equal @controller.account_for(1), one
128
- assert_equal @controller.account_for(3), three
130
+ assert_equal @controller.account_for(1), min_one
131
+ assert_equal @controller.account_for(3), min_three
129
132
  assert_equal @controller.account_name_for(1), 'One'
130
133
  assert_equal @controller.account_name_for(3), 'Three'
131
134
  end
@@ -152,12 +155,16 @@ module PrxAuth::Rails::Ext
152
155
  session[@account_mapping_key] = {1 => one, 3 => three}
153
156
  body = {'_embedded' => {'prx:items' => [two]}}
154
157
 
158
+ min_one = one.slice('name', 'type')
159
+ min_two = two.slice('name', 'type')
160
+ min_three = three.slice('name', 'type')
161
+
155
162
  id_host = PrxAuth::Rails.configuration.id_host
156
163
  stub_request(:get, "https://#{id_host}/api/v1/accounts?account_ids=2").
157
164
  to_return(status: 200, body: JSON.generate(body))
158
165
 
159
- assert_equal @controller.accounts_for([1, 2, 3]), [one, two, three]
160
- assert_equal @controller.account_for(2), two
166
+ assert_equal @controller.accounts_for([1, 2, 3]), [min_one, min_two, min_three]
167
+ assert_equal @controller.account_for(2), min_two
161
168
  assert_equal @controller.account_name_for(2), 'Two'
162
169
  end
163
170
  end
data/test/prx_auth/rails/sessions_controller_test.rb CHANGED
@@ -82,6 +82,7 @@ module PrxAuth::Rails
82
82
 
83
83
  test 'should respond with redirect to the auth error page / code if the nonce does not match' do
84
84
  @controller.stub(:validate_token, @stub_claims) do
85
+ @token_params[:error] = 'verification_failed'
85
86
  session[@nonce_session_key] = 'nonce-does-not-match'
86
87
  post :create, params: @token_params, format: :json
87
88
  assert response.code == '302'
@@ -105,6 +106,7 @@ module PrxAuth::Rails
105
106
  @controller.stub(:id_claims, @stub_claims) do
106
107
  @controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
107
108
 
109
+ @token_params[:error] = 'verification_failed'
108
110
  session[@nonce_session_key] = '123'
109
111
  post :create, params: @token_params, format: :json
110
112
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: prx_auth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Rhoden
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-06 00:00:00.000000000 Z
11
+ date: 2023-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack