prx_auth 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9e89ea4feff47dadbac479d38e5a35fa04be2e148cb10ebe4b41d800e2df48c3
|
4
|
+
data.tar.gz: b3ae9ed7381ff2765abc01c4126c3b7ede3db2f06a73cbd9da6918c9ac3a41ab
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 17ffcb56a69a9c5d674f418967a56405a9f44dac40a0359d9bac42bd93421e7273af08632b311718ca10844ac3a37347d1b8753f1cac7f661b62d75752d25875
|
7
|
+
data.tar.gz: bb3d2a19cabf47a5f6d3d62edebf9bdb0ac368521b6c6128c1dc73edb00f2a2d353c8e0a17a46c52334e651a3c2926cfaf9215053d4f260d258a75793ee13d14
|
data/lib/prx_auth/version.rb
CHANGED
@@ -4,9 +4,9 @@ module Rack
|
|
4
4
|
class PrxAuth
|
5
5
|
class AuthValidator
|
6
6
|
|
7
|
-
attr_reader :issuer, :
|
7
|
+
attr_reader :issuer, :token
|
8
8
|
|
9
|
-
def initialize(token, certificate, issuer)
|
9
|
+
def initialize(token, certificate = nil, issuer = nil)
|
10
10
|
@token = token
|
11
11
|
@certificate = certificate
|
12
12
|
@issuer = issuer
|
@@ -35,11 +35,18 @@ module Rack
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def expired?
|
38
|
-
|
39
|
-
|
40
|
-
|
38
|
+
(time_to_live + 30) <= 0 # 30 second clock jitter allowance
|
39
|
+
end
|
40
|
+
|
41
|
+
def time_to_live
|
42
|
+
now = Time.now.to_i
|
43
|
+
if claims['exp'].nil?
|
44
|
+
0
|
45
|
+
elsif claims['iat'].nil? || claims['iat'] <= claims['exp']
|
46
|
+
claims['exp'] - now
|
41
47
|
else
|
42
|
-
|
48
|
+
# malformed - exp is a num-seconds offset from issued-at-time
|
49
|
+
(claims['iat'] + claims['exp']) - now
|
43
50
|
end
|
44
51
|
end
|
45
52
|
|
@@ -9,7 +9,7 @@ describe Rack::PrxAuth::AuthValidator do
|
|
9
9
|
let(:iat) { Time.now.to_i }
|
10
10
|
let(:exp) { 3600 }
|
11
11
|
let(:claims) { {'sub'=>3, 'exp'=>exp, 'iat'=>iat, 'token_type'=>'bearer', 'scope'=>nil, 'iss'=>'id.prx.org'} }
|
12
|
-
let(:certificate) {
|
12
|
+
let(:certificate) { Rack::PrxAuth::Certificate.new }
|
13
13
|
|
14
14
|
describe '#token_issuer_matches' do
|
15
15
|
it 'false if the token is from another issuer' do
|
@@ -89,6 +89,36 @@ describe Rack::PrxAuth::AuthValidator do
|
|
89
89
|
end
|
90
90
|
end
|
91
91
|
|
92
|
+
describe '#time_to_live' do
|
93
|
+
def time_to_live(claims)
|
94
|
+
auth_validator.stub(:claims, claims) do
|
95
|
+
auth_validator.time_to_live
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
it 'returns the ttl without any clock jitter correction' do
|
100
|
+
claims['exp'] = Time.now.to_i + 999
|
101
|
+
assert_equal time_to_live(claims), 999
|
102
|
+
end
|
103
|
+
|
104
|
+
it 'handles missing exp' do
|
105
|
+
claims['exp'] = nil
|
106
|
+
assert_equal time_to_live(claims), 0
|
107
|
+
end
|
108
|
+
|
109
|
+
it 'handles missing iat' do
|
110
|
+
claims['iat'] = nil
|
111
|
+
claims['exp'] = Time.now.to_i + 999
|
112
|
+
assert_equal time_to_live(claims), 999
|
113
|
+
end
|
114
|
+
|
115
|
+
it 'handles malformed exp' do
|
116
|
+
claims['iat'] = Time.now.to_i
|
117
|
+
claims['exp'] = 999
|
118
|
+
assert_equal time_to_live(claims), 999
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
92
122
|
describe '#decode_token' do
|
93
123
|
it 'should return an empty result for a nil token' do
|
94
124
|
auth_validator.stub(:token, nil) do
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: prx_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eve Asher
|
8
8
|
- Chris Rhoden
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-03-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -159,7 +159,7 @@ homepage: https://github.com/PRX/prx_auth
|
|
159
159
|
licenses:
|
160
160
|
- MIT
|
161
161
|
metadata: {}
|
162
|
-
post_install_message:
|
162
|
+
post_install_message:
|
163
163
|
rdoc_options: []
|
164
164
|
require_paths:
|
165
165
|
- lib
|
@@ -175,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
175
|
version: '0'
|
176
176
|
requirements: []
|
177
177
|
rubygems_version: 3.0.3
|
178
|
-
signing_key:
|
178
|
+
signing_key:
|
179
179
|
specification_version: 4
|
180
180
|
summary: Utilites for parsing PRX JWTs and Rack middleware that verifies and attaches
|
181
181
|
the token's claims to env.
|