roo_on_rails 1.16.0 → 1.16.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +3 -10
- data/lib/roo_on_rails/rack/populate_env_from_jwt.rb +14 -9
- data/lib/roo_on_rails/railties/roo_identity.rb +7 -5
- data/lib/roo_on_rails/version.rb +1 -1
- data/lib/roo_on_rails.rb +1 -0
- data/roo_on_rails.gemspec +1 -3
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c45afb42c3393f675d0574d777b6608f944bcbf
|
4
|
+
data.tar.gz: f26f2199515da7ab4399301fb9339676a2d8f1c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 16aee8e01002df7a799569af74287305cc64d49f266c2d0ec09f57284a0a445059204c441d870fea6b2df46324fa59d0ced5b0fdfc0eb8bea96722a9f6284850
|
7
|
+
data.tar.gz: bc5068cbd59ec7fa2b69eb2425945fdca17a60ebc07eee44f2b05417ae6dd6944e2b5913afdda072c99cc7382e5a1a051c24a1bf259d782c11022a2c51f55c64
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -227,16 +227,9 @@ details.
|
|
227
227
|
|
228
228
|
### Identity
|
229
229
|
|
230
|
-
If your service wants to accept JWTs for identity claims, then
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
```ruby
|
235
|
-
require 'roo_on_rails/railties/roo_identity'
|
236
|
-
```
|
237
|
-
|
238
|
-
In non-development environments you must also set the `VALID_IDENTITY_URL_PREFIXES` environment
|
239
|
-
variable to be a comma separasted list of the URL prefixes which valid JWTs come from, eg:
|
230
|
+
If your service wants to accept JWTs for identity claims, then setting the
|
231
|
+
`VALID_IDENTITY_URL_PREFIXES` environment variable (to be a comma separasted list of the URL prefixes
|
232
|
+
which valid JWTs come from) will set everything up, eg:
|
240
233
|
|
241
234
|
```
|
242
235
|
https://deliveroo.co.uk/identity-keys/,https://identity.deliveroo.com/jwks/
|
@@ -6,22 +6,22 @@ module RooOnRails
|
|
6
6
|
module Rack
|
7
7
|
class PopulateEnvFromJWT
|
8
8
|
UnacceptableKeyError = Class.new(RuntimeError)
|
9
|
+
VALID_PREFIXES_KEY = 'VALID_IDENTITY_URL_PREFIXES'.freeze
|
10
|
+
|
11
|
+
def self.configured?
|
12
|
+
ENV[VALID_PREFIXES_KEY].present?
|
13
|
+
end
|
9
14
|
|
10
15
|
def initialize(app, logger:, skip_sig_verify: true)
|
11
16
|
@app = app
|
12
17
|
@keys = {}
|
13
18
|
@logger = logger
|
14
19
|
|
15
|
-
if skip_sig_verify &&
|
20
|
+
if skip_sig_verify && non_prod?
|
16
21
|
@logger.warn "JWTs signature verifification has been switched off in development."
|
17
22
|
@verify_sigs = false
|
18
23
|
else
|
19
24
|
@verify_sigs = true
|
20
|
-
@key_prefixes = ENV['VALID_IDENTITY_URL_PREFIXES'].split(',')
|
21
|
-
|
22
|
-
if @key_prefixes.empty?
|
23
|
-
raise "No identity service URLs have been set: ENV['VALID_IDENTITY_URL_PREFIXES']"
|
24
|
-
end
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
@@ -40,12 +40,17 @@ module RooOnRails
|
|
40
40
|
|
41
41
|
private
|
42
42
|
|
43
|
-
def
|
43
|
+
def key_prefixes
|
44
|
+
return [] unless self.class.configured?
|
45
|
+
ENV[VALID_PREFIXES_KEY].split(',')
|
46
|
+
end
|
47
|
+
|
48
|
+
def non_prod?
|
44
49
|
if ENV['RACK_ENV'].nil?
|
45
50
|
@logger.warn "Your RACK_ENV isn't set. You probably want it set to 'development' in dev."
|
46
51
|
end
|
47
52
|
|
48
|
-
ENV['RACK_ENV']
|
53
|
+
%w(development test).include? ENV['RACK_ENV']
|
49
54
|
end
|
50
55
|
|
51
56
|
# @raise [UnacceptableKeyError,Faraday::Error,OpenSSL::OpenSSLError] From `#public_key`
|
@@ -63,7 +68,7 @@ module RooOnRails
|
|
63
68
|
|
64
69
|
def acceptable_key?(key_url)
|
65
70
|
return false if key_url.nil?
|
66
|
-
|
71
|
+
key_prefixes.any? { |acceptable| key_url.starts_with?(acceptable) }
|
67
72
|
end
|
68
73
|
|
69
74
|
# @raise [UnacceptableKeyError] When the key URL is not from a trusted location
|
@@ -1,20 +1,22 @@
|
|
1
|
-
require 'roo_on_rails/
|
1
|
+
require 'roo_on_rails/rack/populate_env_from_jwt'
|
2
2
|
|
3
3
|
module RooOnRails
|
4
4
|
module Railties
|
5
5
|
class RooIdentity < Rails::Railtie
|
6
6
|
initializer 'roo_on_rails.roo_identity.middleware' do |app|
|
7
7
|
Rails.logger.with initializer: 'roo_on_rails.roo_identity' do |log|
|
8
|
-
|
9
|
-
|
8
|
+
if RooOnRails::Rack::PopulateEnvFromJWT.configured?
|
9
|
+
log.debug 'loading'
|
10
|
+
_add_middleware(app, log)
|
11
|
+
else
|
12
|
+
log.warn 'not configured, roo.identity will be unavailable'
|
13
|
+
end
|
10
14
|
end
|
11
15
|
end
|
12
16
|
|
13
17
|
private
|
14
18
|
|
15
19
|
def _add_middleware(app, log)
|
16
|
-
require 'roo_on_rails/rack/populate_env_from_jwt'
|
17
|
-
|
18
20
|
app.config.middleware.use RooOnRails::Rack::PopulateEnvFromJWT, logger: log
|
19
21
|
rescue LoadError
|
20
22
|
log.error 'the json-jwt gem is not in the bundle so Roo Identity will not be available'
|
data/lib/roo_on_rails/version.rb
CHANGED
data/lib/roo_on_rails.rb
CHANGED
data/roo_on_rails.gemspec
CHANGED
@@ -36,9 +36,7 @@ Gem::Specification.new do |spec|
|
|
36
36
|
spec.add_runtime_dependency 'faraday'
|
37
37
|
spec.add_runtime_dependency 'faraday_middleware'
|
38
38
|
spec.add_runtime_dependency 'routemaster-client'
|
39
|
-
|
40
|
-
# Optional gems you may add to your project
|
41
|
-
spec.add_development_dependency 'json-jwt', '~> 1.8'
|
39
|
+
spec.add_runtime_dependency 'json-jwt', '~> 1.8'
|
42
40
|
|
43
41
|
spec.add_development_dependency 'bundler', '~> 1.13'
|
44
42
|
spec.add_development_dependency 'rake', '~> 10.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: roo_on_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.16.
|
4
|
+
version: 1.16.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Julien Letessier
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-11-
|
11
|
+
date: 2017-11-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dotenv-rails
|
@@ -233,7 +233,7 @@ dependencies:
|
|
233
233
|
- - "~>"
|
234
234
|
- !ruby/object:Gem::Version
|
235
235
|
version: '1.8'
|
236
|
-
type: :
|
236
|
+
type: :runtime
|
237
237
|
prerelease: false
|
238
238
|
version_requirements: !ruby/object:Gem::Requirement
|
239
239
|
requirements:
|