prx_auth 1.8.2 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/prx_auth/version.rb +1 -1
  3. data/lib/rack/prx_auth/certificate.rb +18 -1
  4. data/prx_auth.gemspec +1 -0
  5. data/test/rack/prx_auth/certificate_test.rb +42 -13
  6. data/test/rack/prx_auth_test.rb +2 -0
  7. data/test/test_helper.rb +4 -0
  8. metadata +17 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eabb6a716e68b05920c7bfa5a8828ef23b81d0e797a7e6c2f46573925b45d1f6
4
- data.tar.gz: 6a04e773977f315361c8a7b8954a44624cd9c6d76d7e7a7189d8070f9cff2cef
3
+ metadata.gz: 071b150dbfc9e832cce6696f1d3c25b735050e0584b975bc2a244853cb7c7978
4
+ data.tar.gz: c51835966977d8416771aa224a68097ceb4d56f995e63af0a5da7293496ccf5c
5
5
  SHA512:
6
- metadata.gz: 23fe7b933f7f1ba58f2a594c5867b79f14862bd72818caa5ef086d57e924279e152979765c97083fa699ae3027f46d80204340e48617fad9486b12cdccece9fb
7
- data.tar.gz: 66b5f283be339e723d617301c33245951ddc3d99f7f83580c51a0d789ca189eb6bd742ce9ed0222723b68c360f8e1b425a42faba129d37323b6d9075469b0234
6
+ metadata.gz: 9dd940c7d66f8e3a5cc9e935ba38cd4d8c68b40c993fd2ee5a503fd972065d25b16d73213db5781a36faee69093d47613141986a4d6d529b65ed47ebc4a19844
7
+ data.tar.gz: 6afae83d719c2f51166795e1f61a7b16fdf80cedffb719f18820e945e148a54619ddff9d720168afdf056c583ddeeee7a695ffa17919ac4669e8e2ebaa00f49d
data/lib/prx_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module PrxAuth
2
- VERSION = "1.8.2"
2
+ VERSION = "1.8.3"
3
3
  end
data/lib/rack/prx_auth/certificate.rb CHANGED
@@ -36,12 +36,29 @@ module Rack
36
36
  end
37
37
 
38
38
  def fetch
39
- certs = JSON.parse(Net::HTTP.get(cert_location))
39
+ certs = JSON.parse(fetch_http)
40
40
  cert_string = certs["certificates"].values[0]
41
41
  @refresh_at = Time.now.to_i + EXPIRES_IN
42
42
  OpenSSL::X509::Certificate.new(cert_string)
43
43
  end
44
44
 
45
+ def fetch_http(retries = 2, sleep_seconds = 0.5)
46
+ host = cert_location.host
47
+ port = cert_location.port
48
+ path = cert_location.path
49
+ ssl = cert_location.scheme == "https"
50
+ res = Net::HTTP.start(host, port, use_ssl: ssl) { |http| http.request_get(path) }
51
+
52
+ if res.is_a?(Net::HTTPSuccess)
53
+ res.body
54
+ elsif res.code.to_i >= 500 && retries > 0
55
+ sleep sleep_seconds
56
+ fetch_http(retries - 1, sleep_seconds)
57
+ else
58
+ raise "Got #{res.code} from #{cert_location}"
59
+ end
60
+ end
61
+
45
62
  def needs_refresh?
46
63
  expired? || @refresh_at <= Time.now.to_i
47
64
  end
data/prx_auth.gemspec CHANGED
@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
26
26
  spec.add_development_dependency "pry"
27
27
  spec.add_development_dependency "standard"
28
28
  spec.add_development_dependency "m"
29
+ spec.add_development_dependency "webmock"
29
30
 
30
31
  spec.add_dependency "rack", ">= 1.5.2"
31
32
  spec.add_dependency "json", ">= 1.8.1"
data/test/rack/prx_auth/certificate_test.rb CHANGED
@@ -1,7 +1,8 @@
1
1
  require "test_helper"
2
2
 
3
3
  describe Rack::PrxAuth::Certificate do
4
- let(:subject) { Rack::PrxAuth::Certificate.new }
4
+ let(:cert_uri) { "http://example.com/certs" }
5
+ let(:subject) { Rack::PrxAuth::Certificate.new(cert_uri) }
5
6
  let(:certificate) { subject }
6
7
 
7
8
  describe "#initialize" do
@@ -11,7 +12,8 @@ describe Rack::PrxAuth::Certificate do
11
12
  end
12
13
 
13
14
  it "defaults to DEFAULT_CERT_LOC" do
14
- assert certificate.cert_location == Rack::PrxAuth::Certificate::DEFAULT_CERT_LOC
15
+ cert = Rack::PrxAuth::Certificate.new
16
+ assert cert.cert_location == Rack::PrxAuth::Certificate::DEFAULT_CERT_LOC
15
17
  end
16
18
  end
17
19
 
@@ -66,24 +68,51 @@ describe Rack::PrxAuth::Certificate do
66
68
  end
67
69
 
68
70
  describe "#fetch" do
71
+ let(:fake_json) { "{\"certificates\":{\"asdf\":\"the-cert-content\"}}" }
72
+
69
73
  it "pulls from `#cert_location`" do
70
- Net::HTTP.stub(:get, ->(x) { "{\"certificates\":{\"asdf\":\"#{x}\"}}" }) do
71
- OpenSSL::X509::Certificate.stub(:new, ->(x) { x }) do
72
- certificate.stub(:cert_location, "a://fake.url/here") do
73
- assert certificate.send(:fetch) == "a://fake.url/here"
74
- end
75
- end
74
+ stub_request(:get, cert_uri).to_return(body: fake_json)
75
+
76
+ OpenSSL::X509::Certificate.stub(:new, ->(x) { x }) do
77
+ assert_equal "the-cert-content", certificate.send(:fetch)
76
78
  end
77
79
  end
78
80
 
79
81
  it "sets the expiration value" do
80
- Net::HTTP.stub(:get, ->(x) { "{\"certificates\":{\"asdf\":\"#{x}\"}}" }) do
81
- OpenSSL::X509::Certificate.stub(:new, ->(_) { Struct.new(:not_after).new(Time.now + 10000) }) do
82
- certificate.send :certificate
83
- assert !certificate.send(:needs_refresh?)
84
- end
82
+ stub_request(:get, cert_uri).to_return(body: fake_json)
83
+
84
+ OpenSSL::X509::Certificate.stub(:new, ->(_) { Struct.new(:not_after).new(Time.now + 10000) }) do
85
+ certificate.send :certificate
86
+ assert !certificate.send(:needs_refresh?)
85
87
  end
86
88
  end
89
+
90
+ it "retries 5XX errors" do
91
+ stub_request(:get, cert_uri)
92
+ .to_return(status: 502)
93
+ .to_return(status: 504)
94
+ .to_return(status: 200, body: TEST_CERT_JSON)
95
+
96
+ assert_equal TEST_CERT_JSON, certificate.send(:fetch_http, 2, 0)
97
+ end
98
+
99
+ it "raises other errors" do
100
+ stub_request(:get, cert_uri)
101
+ .to_return(status: 501)
102
+ .to_return(status: 502)
103
+ .to_return(status: 503)
104
+ .to_return(status: 504)
105
+
106
+ err = assert_raises(RuntimeError) { certificate.send(:fetch_http, 2, 0) }
107
+ assert_equal "Got 503 from #{cert_uri}", err.message
108
+ end
109
+
110
+ it "runs out of retries" do
111
+ stub_request(:get, cert_uri).to_return(status: 502).to_return(status: 401)
112
+
113
+ err = assert_raises(RuntimeError) { certificate.send(:fetch_http, 2, 0) }
114
+ assert_equal "Got 401 from #{cert_uri}", err.message
115
+ end
87
116
  end
88
117
 
89
118
  describe "#expired?" do
data/test/rack/prx_auth_test.rb CHANGED
@@ -60,6 +60,8 @@ describe Rack::PrxAuth do
60
60
  it "attaches claims to request params if verification passes" do
61
61
  auth_validator = prxauth.build_auth_validator("sometoken")
62
62
 
63
+ stub_request(:get, Rack::PrxAuth::Certificate::DEFAULT_CERT_LOC).to_return(body: TEST_CERT_JSON)
64
+
63
65
  JSON::JWT.stub(:decode, claims) do
64
66
  prxauth.stub(:build_auth_validator, auth_validator) do
65
67
  prxauth.call(env)["prx.auth"].tap do |token|
data/test/test_helper.rb CHANGED
@@ -9,3 +9,7 @@ require "pry"
9
9
  require "minitest/autorun"
10
10
  require "minitest/spec"
11
11
  require "minitest/pride"
12
+ require "webmock/minitest"
13
+
14
+ TEST_CERT = "-----BEGIN CERTIFICATE-----\nMIIBGjCBwgIJALc+y9yEBugLMAoGCCqGSM49BAMCMBYxFDASBgNVBAMMC2lkLnBy\neC50ZXN0MB4XDTIyMDYwMzE0MjI0OVoXDTIzMDYwMzE0MjI0OVowFjEUMBIGA1UE\nAwwLaWQucHJ4LnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQP8/BrEA/7\nHttUpOs0oxWNOtcUH2+0h2Oo/eXNyqs7CRScqmWWShKTzhiBlD8UNYZ3o4+kljl1\nazuLnv1Wxg7PMAoGCCqGSM49BAMCA0cAMEQCICXFwNxJQ9OLzyjN9EJnKQIP+2Jz\nfKWPJ1KyASkFDugyAiAxyfe3vR/XaSJOlJf8MjA5/0feEhiJcSszIrtHFweWLQ==\n-----END CERTIFICATE-----\n"
15
+ TEST_CERT_JSON = JSON.generate({certificates: {abcd1234: TEST_CERT}})
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: prx_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.2
4
+ version: 1.8.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eve Asher
8
8
  - Chris Rhoden
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-07-22 00:00:00.000000000 Z
11
+ date: 1980-01-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -122,6 +122,20 @@ dependencies:
122
122
  - - ">="
123
123
  - !ruby/object:Gem::Version
124
124
  version: '0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: webmock
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
125
139
  - !ruby/object:Gem::Dependency
126
140
  name: rack
127
141
  requirement: !ruby/object:Gem::Requirement
@@ -216,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
216
230
  - !ruby/object:Gem::Version
217
231
  version: '0'
218
232
  requirements: []
219
- rubygems_version: 3.6.2
233
+ rubygems_version: 3.6.7
220
234
  specification_version: 4
221
235
  summary: Utilites for parsing PRX JWTs and Rack middleware that verifies and attaches
222
236
  the token's claims to env.