RubyGems - prx_auth - Versions diffs - 1.6.0 → 1.7.0 - Mend

prx_auth 1.6.0 → 1.7.0

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7d2d71dd1671a97f1ce4f9181852e8cc7e0a651e91370aca09300c468dfbf86
-  data.tar.gz: f4fcef9ecc2977321ae3ec193a8be62c0735d08f0a564787ff581d3e65bc869a
+  metadata.gz: 9e89ea4feff47dadbac479d38e5a35fa04be2e148cb10ebe4b41d800e2df48c3
+  data.tar.gz: b3ae9ed7381ff2765abc01c4126c3b7ede3db2f06a73cbd9da6918c9ac3a41ab
 SHA512:
-  metadata.gz: 482f861b69e7e05eb6d9b2308b2c0dfc402ac8a8bd01f200e14e04cafd24897adea376de29a6ad1fb6a52eeb08647303c10c344e097a45c1dea6730ace2a4bdf
-  data.tar.gz: 10ada294eda678f2d70c4780db32f33063a869d3caf25c481949cd5350f326bbeb6c5a60d96fa797ef3d1f2548c552edde731a28fd9667ee20a7d336ad936656
+  metadata.gz: 17ffcb56a69a9c5d674f418967a56405a9f44dac40a0359d9bac42bd93421e7273af08632b311718ca10844ac3a37347d1b8753f1cac7f661b62d75752d25875
+  data.tar.gz: bb3d2a19cabf47a5f6d3d62edebf9bdb0ac368521b6c6128c1dc73edb00f2a2d353c8e0a17a46c52334e651a3c2926cfaf9215053d4f260d258a75793ee13d14

data/lib/prx_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PrxAuth
-  VERSION = "1.6.0"
+  VERSION = "1.7.0"
 end

data/lib/rack/prx_auth/auth_validator.rb CHANGED Viewed

@@ -4,9 +4,9 @@ module Rack
   class PrxAuth
     class AuthValidator
-      attr_reader :issuer, :claims, :token
+      attr_reader :issuer, :token
-      def initialize(token, certificate, issuer)
+      def initialize(token, certificate = nil, issuer = nil)
         @token = token
         @certificate = certificate
         @issuer = issuer
@@ -35,11 +35,18 @@ module Rack
       end
       def expired?
-        now = Time.now.to_i - 30 # 30 second clock jitter allowance
-        if claims['iat'] <= claims['exp']
-          now > claims['exp']
+        (time_to_live + 30) <= 0 # 30 second clock jitter allowance
+      end
+      def time_to_live
+        now = Time.now.to_i
+        if claims['exp'].nil?
+          0
+        elsif claims['iat'].nil? || claims['iat'] <= claims['exp']
+          claims['exp'] - now
         else
-          now > (claims['iat'] + claims['exp'])
+          # malformed - exp is a num-seconds offset from issued-at-time
+          (claims['iat'] + claims['exp']) - now
         end
       end

data/lib/rack/prx_auth/certificate.rb CHANGED Viewed

@@ -11,6 +11,7 @@ module Rack
       def initialize(cert_uri = nil)
         @cert_location = cert_uri.nil? ? DEFAULT_CERT_LOC : URI(cert_uri)
+        @certificate = nil
       end
       def valid?(token)

data/test/rack/prx_auth/auth_validator_test.rb CHANGED Viewed

@@ -9,7 +9,7 @@ describe Rack::PrxAuth::AuthValidator do
   let(:iat) { Time.now.to_i }
   let(:exp) { 3600 }
   let(:claims) { {'sub'=>3, 'exp'=>exp, 'iat'=>iat, 'token_type'=>'bearer', 'scope'=>nil, 'iss'=>'id.prx.org'} }
-  let(:certificate) { cert = Rack::PrxAuth::Certificate.new }
+  let(:certificate) { Rack::PrxAuth::Certificate.new }
   describe '#token_issuer_matches' do
     it 'false if the token is from another issuer' do
@@ -89,6 +89,36 @@ describe Rack::PrxAuth::AuthValidator do
     end
   end
+  describe '#time_to_live' do
+    def time_to_live(claims)
+      auth_validator.stub(:claims, claims) do
+        auth_validator.time_to_live
+      end
+    end
+    it 'returns the ttl without any clock jitter correction' do
+      claims['exp'] = Time.now.to_i + 999
+      assert_equal time_to_live(claims), 999
+    end
+    it 'handles missing exp' do
+      claims['exp'] = nil
+      assert_equal time_to_live(claims), 0
+    end
+    it 'handles missing iat' do
+      claims['iat'] = nil
+      claims['exp'] = Time.now.to_i + 999
+      assert_equal time_to_live(claims), 999
+    end
+    it 'handles malformed exp' do
+      claims['iat'] = Time.now.to_i
+      claims['exp'] = 999
+      assert_equal time_to_live(claims), 999
+    end
+  end
   describe '#decode_token' do
     it 'should return an empty result for a nil token' do
         auth_validator.stub(:token, nil) do

metadata CHANGED Viewed

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Eve Asher
 - Chris Rhoden
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-19 00:00:00.000000000 Z
+date: 2021-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -159,7 +159,7 @@ homepage: https://github.com/PRX/prx_auth
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -175,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key:
+signing_key:
 specification_version: 4
 summary: Utilites for parsing PRX JWTs and Rack middleware that verifies and attaches
   the token's claims to env.