prx_auth 1.6.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/prx_auth/version.rb +1 -1
  3. data/lib/rack/prx_auth/auth_validator.rb +13 -6
  4. data/lib/rack/prx_auth/certificate.rb +1 -0
  5. data/test/rack/prx_auth/auth_validator_test.rb +31 -1
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f7d2d71dd1671a97f1ce4f9181852e8cc7e0a651e91370aca09300c468dfbf86
4
- data.tar.gz: f4fcef9ecc2977321ae3ec193a8be62c0735d08f0a564787ff581d3e65bc869a
3
+ metadata.gz: 9e89ea4feff47dadbac479d38e5a35fa04be2e148cb10ebe4b41d800e2df48c3
4
+ data.tar.gz: b3ae9ed7381ff2765abc01c4126c3b7ede3db2f06a73cbd9da6918c9ac3a41ab
5
5
  SHA512:
6
- metadata.gz: 482f861b69e7e05eb6d9b2308b2c0dfc402ac8a8bd01f200e14e04cafd24897adea376de29a6ad1fb6a52eeb08647303c10c344e097a45c1dea6730ace2a4bdf
7
- data.tar.gz: 10ada294eda678f2d70c4780db32f33063a869d3caf25c481949cd5350f326bbeb6c5a60d96fa797ef3d1f2548c552edde731a28fd9667ee20a7d336ad936656
6
+ metadata.gz: 17ffcb56a69a9c5d674f418967a56405a9f44dac40a0359d9bac42bd93421e7273af08632b311718ca10844ac3a37347d1b8753f1cac7f661b62d75752d25875
7
+ data.tar.gz: bb3d2a19cabf47a5f6d3d62edebf9bdb0ac368521b6c6128c1dc73edb00f2a2d353c8e0a17a46c52334e651a3c2926cfaf9215053d4f260d258a75793ee13d14
data/lib/prx_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module PrxAuth
2
- VERSION = "1.6.0"
2
+ VERSION = "1.7.0"
3
3
  end
data/lib/rack/prx_auth/auth_validator.rb CHANGED
@@ -4,9 +4,9 @@ module Rack
4
4
  class PrxAuth
5
5
  class AuthValidator
6
6
 
7
- attr_reader :issuer, :claims, :token
7
+ attr_reader :issuer, :token
8
8
 
9
- def initialize(token, certificate, issuer)
9
+ def initialize(token, certificate = nil, issuer = nil)
10
10
  @token = token
11
11
  @certificate = certificate
12
12
  @issuer = issuer
@@ -35,11 +35,18 @@ module Rack
35
35
  end
36
36
 
37
37
  def expired?
38
- now = Time.now.to_i - 30 # 30 second clock jitter allowance
39
- if claims['iat'] <= claims['exp']
40
- now > claims['exp']
38
+ (time_to_live + 30) <= 0 # 30 second clock jitter allowance
39
+ end
40
+
41
+ def time_to_live
42
+ now = Time.now.to_i
43
+ if claims['exp'].nil?
44
+ 0
45
+ elsif claims['iat'].nil? || claims['iat'] <= claims['exp']
46
+ claims['exp'] - now
41
47
  else
42
- now > (claims['iat'] + claims['exp'])
48
+ # malformed - exp is a num-seconds offset from issued-at-time
49
+ (claims['iat'] + claims['exp']) - now
43
50
  end
44
51
  end
45
52
 
data/lib/rack/prx_auth/certificate.rb CHANGED
@@ -11,6 +11,7 @@ module Rack
11
11
 
12
12
  def initialize(cert_uri = nil)
13
13
  @cert_location = cert_uri.nil? ? DEFAULT_CERT_LOC : URI(cert_uri)
14
+ @certificate = nil
14
15
  end
15
16
 
16
17
  def valid?(token)
data/test/rack/prx_auth/auth_validator_test.rb CHANGED
@@ -9,7 +9,7 @@ describe Rack::PrxAuth::AuthValidator do
9
9
  let(:iat) { Time.now.to_i }
10
10
  let(:exp) { 3600 }
11
11
  let(:claims) { {'sub'=>3, 'exp'=>exp, 'iat'=>iat, 'token_type'=>'bearer', 'scope'=>nil, 'iss'=>'id.prx.org'} }
12
- let(:certificate) { cert = Rack::PrxAuth::Certificate.new }
12
+ let(:certificate) { Rack::PrxAuth::Certificate.new }
13
13
 
14
14
  describe '#token_issuer_matches' do
15
15
  it 'false if the token is from another issuer' do
@@ -89,6 +89,36 @@ describe Rack::PrxAuth::AuthValidator do
89
89
  end
90
90
  end
91
91
 
92
+ describe '#time_to_live' do
93
+ def time_to_live(claims)
94
+ auth_validator.stub(:claims, claims) do
95
+ auth_validator.time_to_live
96
+ end
97
+ end
98
+
99
+ it 'returns the ttl without any clock jitter correction' do
100
+ claims['exp'] = Time.now.to_i + 999
101
+ assert_equal time_to_live(claims), 999
102
+ end
103
+
104
+ it 'handles missing exp' do
105
+ claims['exp'] = nil
106
+ assert_equal time_to_live(claims), 0
107
+ end
108
+
109
+ it 'handles missing iat' do
110
+ claims['iat'] = nil
111
+ claims['exp'] = Time.now.to_i + 999
112
+ assert_equal time_to_live(claims), 999
113
+ end
114
+
115
+ it 'handles malformed exp' do
116
+ claims['iat'] = Time.now.to_i
117
+ claims['exp'] = 999
118
+ assert_equal time_to_live(claims), 999
119
+ end
120
+ end
121
+
92
122
  describe '#decode_token' do
93
123
  it 'should return an empty result for a nil token' do
94
124
  auth_validator.stub(:token, nil) do
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: prx_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eve Asher
8
8
  - Chris Rhoden
9
- autorequire:
9
+ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-01-19 00:00:00.000000000 Z
12
+ date: 2021-03-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -159,7 +159,7 @@ homepage: https://github.com/PRX/prx_auth
159
159
  licenses:
160
160
  - MIT
161
161
  metadata: {}
162
- post_install_message:
162
+ post_install_message:
163
163
  rdoc_options: []
164
164
  require_paths:
165
165
  - lib
@@ -175,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
175
175
  version: '0'
176
176
  requirements: []
177
177
  rubygems_version: 3.0.3
178
- signing_key:
178
+ signing_key:
179
179
  specification_version: 4
180
180
  summary: Utilites for parsing PRX JWTs and Rack middleware that verifies and attaches
181
181
  the token's claims to env.