stormpath-sdk 1.6.0 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +21 -0
- data/CHANGES.md +11 -0
- data/README.md +23 -25
- data/lib/stormpath-sdk.rb +11 -2
- data/lib/stormpath-sdk/api_key.rb +0 -1
- data/lib/stormpath-sdk/auth/basic_authenticator.rb +7 -7
- data/lib/stormpath-sdk/auth/basic_login_attempt.rb +7 -11
- data/lib/stormpath-sdk/auth/create_factor.rb +1 -1
- data/lib/stormpath-sdk/auth/register_service_provider.rb +41 -0
- data/lib/stormpath-sdk/auth/username_password_request.rb +3 -5
- data/lib/stormpath-sdk/cache/cache.rb +3 -3
- data/lib/stormpath-sdk/cache/cache_entry.rb +2 -2
- data/lib/stormpath-sdk/cache/cache_manager.rb +3 -4
- data/lib/stormpath-sdk/cache/cache_stats.rb +1 -3
- data/lib/stormpath-sdk/cache/disabled_cache_store.rb +5 -8
- data/lib/stormpath-sdk/cache/memory_store.rb +1 -1
- data/lib/stormpath-sdk/cache/redis_store.rb +4 -4
- data/lib/stormpath-sdk/client.rb +35 -33
- data/lib/stormpath-sdk/data_store.rb +278 -257
- data/lib/stormpath-sdk/error.rb +18 -7
- data/lib/stormpath-sdk/http/authc/sauthc1_signer.rb +76 -82
- data/lib/stormpath-sdk/http/http_client_request_executor.rb +10 -8
- data/lib/stormpath-sdk/http/response.rb +5 -7
- data/lib/stormpath-sdk/id_site/id_site_result.rb +5 -6
- data/lib/stormpath-sdk/oauth/access_token_authentication_result.rb +5 -9
- data/lib/stormpath-sdk/oauth/authenticator.rb +2 -2
- data/lib/stormpath-sdk/oauth/error.rb +4 -4
- data/lib/stormpath-sdk/oauth/id_site_grant_request.rb +1 -1
- data/lib/stormpath-sdk/oauth/password_grant_request.rb +1 -1
- data/lib/stormpath-sdk/oauth/refresh_grant_request.rb +2 -2
- data/lib/stormpath-sdk/oauth/stormpath_grant_request.rb +2 -2
- data/lib/stormpath-sdk/provider/account_access.rb +0 -2
- data/lib/stormpath-sdk/provider/account_result.rb +1 -2
- data/lib/stormpath-sdk/provider/facebook/facebook_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/facebook/facebook_provider_data.rb +7 -3
- data/lib/stormpath-sdk/provider/github/github_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/github/github_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/google/google_provider.rb +7 -3
- data/lib/stormpath-sdk/provider/google/google_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/linkedin/linkedin_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/linkedin/linkedin_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/provider.rb +8 -4
- data/lib/stormpath-sdk/provider/provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/saml/saml_provider.rb +10 -4
- data/lib/stormpath-sdk/provider/saml/saml_provider_data.rb +6 -3
- data/lib/stormpath-sdk/provider/stormpath/stormpath_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/stormpath/stormpath_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/twitter/twitter_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/twitter/twitter_provider_data.rb +6 -2
- data/lib/stormpath-sdk/resource/account.rb +46 -40
- data/lib/stormpath-sdk/resource/account_link.rb +9 -5
- data/lib/stormpath-sdk/resource/account_linking_policy.rb +8 -4
- data/lib/stormpath-sdk/resource/account_membership.rb +1 -1
- data/lib/stormpath-sdk/resource/account_overrides.rb +20 -16
- data/lib/stormpath-sdk/resource/account_store.rb +15 -11
- data/lib/stormpath-sdk/resource/account_store_mapping.rb +14 -13
- data/lib/stormpath-sdk/resource/application.rb +147 -136
- data/lib/stormpath-sdk/resource/application_web_config.rb +11 -7
- data/lib/stormpath-sdk/resource/associations.rb +36 -43
- data/lib/stormpath-sdk/resource/attribute_statement_mapping_rules.rb +8 -0
- data/lib/stormpath-sdk/resource/base.rb +201 -200
- data/lib/stormpath-sdk/resource/challenge.rb +12 -8
- data/lib/stormpath-sdk/resource/collection.rb +77 -76
- data/lib/stormpath-sdk/resource/custom_data.rb +60 -61
- data/lib/stormpath-sdk/resource/custom_data_hash_methods.rb +28 -25
- data/lib/stormpath-sdk/resource/custom_data_storage.rb +18 -16
- data/lib/stormpath-sdk/resource/directory.rb +37 -60
- data/lib/stormpath-sdk/resource/email_verification_token.rb +7 -3
- data/lib/stormpath-sdk/resource/error.rb +8 -4
- data/lib/stormpath-sdk/resource/expansion.rb +22 -20
- data/lib/stormpath-sdk/resource/factor.rb +12 -8
- data/lib/stormpath-sdk/resource/field.rb +8 -4
- data/lib/stormpath-sdk/resource/group.rb +21 -16
- data/lib/stormpath-sdk/resource/group_membership.rb +7 -5
- data/lib/stormpath-sdk/resource/instance.rb +10 -6
- data/lib/stormpath-sdk/resource/linked_account.rb +7 -3
- data/lib/stormpath-sdk/resource/oauth_policy.rb +7 -3
- data/lib/stormpath-sdk/resource/organization.rb +14 -10
- data/lib/stormpath-sdk/resource/organization_account_store_mapping.rb +8 -4
- data/lib/stormpath-sdk/resource/password_reset_token.rb +9 -5
- data/lib/stormpath-sdk/resource/phone.rb +8 -4
- data/lib/stormpath-sdk/resource/registered_saml_service_provider.rb +8 -0
- data/lib/stormpath-sdk/resource/saml_identity_provider.rb +14 -0
- data/lib/stormpath-sdk/resource/saml_identity_provider_metadata.rb +9 -0
- data/lib/stormpath-sdk/resource/saml_policy.rb +10 -0
- data/lib/stormpath-sdk/resource/saml_service_provider.rb +7 -0
- data/lib/stormpath-sdk/{provider/saml/saml_mapping_rules.rb → resource/saml_service_provider_metadata.rb} +6 -5
- data/lib/stormpath-sdk/resource/saml_service_provider_registration.rb +11 -0
- data/lib/stormpath-sdk/resource/schema.rb +8 -4
- data/lib/stormpath-sdk/resource/tenant.rb +11 -8
- data/lib/stormpath-sdk/resource/user_info_mapping_rules.rb +7 -3
- data/lib/stormpath-sdk/resource/utils.rb +7 -10
- data/lib/stormpath-sdk/resource/verification_email.rb +7 -3
- data/lib/stormpath-sdk/resource/x_509_certificate.rb +7 -0
- data/lib/stormpath-sdk/util/assert.rb +1 -3
- data/lib/stormpath-sdk/version.rb +2 -2
- data/spec/auth/basic_authenticator_spec.rb +28 -24
- data/spec/auth/register_service_provider_spec.rb +68 -0
- data/spec/auth/sauthc1_signer_spec.rb +8 -4
- data/spec/cache/cache_entry_spec.rb +28 -29
- data/spec/cache/cache_spec.rb +9 -9
- data/spec/cache/cache_stats_spec.rb +1 -1
- data/spec/client_spec.rb +63 -63
- data/spec/data_store_spec.rb +23 -14
- data/spec/oauth/access_token_authentication_result_spec.rb +8 -2
- data/spec/provider/account_resolver_spec.rb +6 -4
- data/spec/provider/provider_spec.rb +6 -6
- data/spec/resource/account_creation_policy_spec.rb +1 -1
- data/spec/resource/account_link_spec.rb +7 -15
- data/spec/resource/account_spec.rb +17 -17
- data/spec/resource/account_store_mapping_spec.rb +16 -22
- data/spec/resource/account_store_spec.rb +3 -3
- data/spec/resource/application_spec.rb +324 -330
- data/spec/resource/base_spec.rb +7 -31
- data/spec/resource/collection_spec.rb +63 -114
- data/spec/resource/custom_data_spec.rb +1 -1
- data/spec/resource/directory_spec.rb +91 -87
- data/spec/resource/expansion_spec.rb +10 -10
- data/spec/resource/factor_spec.rb +1 -1
- data/spec/resource/group_spec.rb +1 -1
- data/spec/resource/linked_account_spec.rb +7 -7
- data/spec/resource/organization_spec.rb +12 -11
- data/spec/resource/phone_spec.rb +1 -1
- data/spec/resource/registered_saml_service_provider_spec.rb +35 -0
- data/spec/resource/saml_identity_provider_metadata_spec.rb +27 -0
- data/spec/resource/saml_identity_provider_spec.rb +94 -0
- data/spec/resource/saml_policy_spec.rb +27 -0
- data/spec/resource/saml_service_provider_registration_spec.rb +58 -0
- data/spec/resource/saml_service_provider_spec.rb +19 -0
- data/spec/resource/status_spec.rb +4 -3
- data/spec/resource/tenant_spec.rb +4 -6
- data/spec/spec_helper.rb +1 -1
- data/spec/support/custom_data_save_period.rb +4 -0
- data/spec/support/custom_data_storage_behavior.rb +7 -8
- data/spec/support/mocked_provider_accounts.rb +101 -101
- data/spec/support/mocked_saml_responses.rb +130 -0
- data/spec/support/resource_factory.rb +4 -4
- data/spec/support/resource_helpers.rb +10 -4
- data/spec/support/resource_matchers.rb +4 -4
- data/spec/support/test_request_executor.rb +2 -2
- metadata +21 -8
- data/lib/stormpath-sdk/provider/saml/saml_provider_metadata.rb +0 -19
- data/spec/fixtures/response/create_saml_directory.json +0 -26
- data/spec/fixtures/response/create_saml_directory_mapping_rules.json +0 -12
- data/spec/fixtures/response/get_saml_directory_provider.json +0 -16
- data/spec/fixtures/response/get_saml_directory_provider_metadata.json +0 -12
data/lib/stormpath-sdk/error.rb
CHANGED
@@ -28,13 +28,24 @@ module Stormpath
|
|
28
28
|
|
29
29
|
private
|
30
30
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
def code; -1 end
|
35
|
-
def developer_message; end
|
36
|
-
def more_info; end
|
37
|
-
def request_id; end
|
31
|
+
class NilError
|
32
|
+
def message
|
33
|
+
''
|
38
34
|
end
|
35
|
+
|
36
|
+
def status
|
37
|
+
-1
|
38
|
+
end
|
39
|
+
|
40
|
+
def code
|
41
|
+
-1
|
42
|
+
end
|
43
|
+
|
44
|
+
def developer_message; end
|
45
|
+
|
46
|
+
def more_info; end
|
47
|
+
|
48
|
+
def request_id; end
|
49
|
+
end
|
39
50
|
end
|
40
51
|
end
|
@@ -21,26 +21,26 @@ module Stormpath
|
|
21
21
|
include UUIDTools
|
22
22
|
include Stormpath::Http::Utils
|
23
23
|
|
24
|
-
DEFAULT_ALGORITHM =
|
25
|
-
HOST_HEADER =
|
26
|
-
AUTHORIZATION_HEADER =
|
27
|
-
STORMPATH_DATE_HEADER =
|
28
|
-
ID_TERMINATOR =
|
29
|
-
ALGORITHM =
|
30
|
-
AUTHENTICATION_SCHEME =
|
31
|
-
SAUTHC1_ID =
|
32
|
-
SAUTHC1_SIGNED_HEADERS =
|
33
|
-
SAUTHC1_SIGNATURE =
|
34
|
-
DATE_FORMAT =
|
35
|
-
TIMESTAMP_FORMAT =
|
36
|
-
#noinspection RubyConstantNamingConvention
|
37
|
-
NL = "\n"
|
38
|
-
|
39
|
-
def initialize(uuid_generator=UUID.method(:random_create))
|
24
|
+
DEFAULT_ALGORITHM = 'SHA256'.freeze
|
25
|
+
HOST_HEADER = 'Host'.freeze
|
26
|
+
AUTHORIZATION_HEADER = 'Authorization'.freeze
|
27
|
+
STORMPATH_DATE_HEADER = 'X-Stormpath-Date'.freeze
|
28
|
+
ID_TERMINATOR = 'sauthc1_request'.freeze
|
29
|
+
ALGORITHM = 'HMAC-SHA-256'.freeze
|
30
|
+
AUTHENTICATION_SCHEME = 'SAuthc1'.freeze
|
31
|
+
SAUTHC1_ID = 'sauthc1Id'.freeze
|
32
|
+
SAUTHC1_SIGNED_HEADERS = 'sauthc1SignedHeaders'.freeze
|
33
|
+
SAUTHC1_SIGNATURE = 'sauthc1Signature'.freeze
|
34
|
+
DATE_FORMAT = '%Y%m%d'.freeze
|
35
|
+
TIMESTAMP_FORMAT = '%Y%m%dT%H%M%SZ'.freeze
|
36
|
+
# noinspection RubyConstantNamingConvention
|
37
|
+
NL = "\n".freeze
|
38
|
+
|
39
|
+
def initialize(uuid_generator = UUID.method(:random_create))
|
40
40
|
@uuid_generator = uuid_generator
|
41
41
|
end
|
42
42
|
|
43
|
-
def sign_request
|
43
|
+
def sign_request(request)
|
44
44
|
request.http_headers.delete(Sauthc1Signer::AUTHORIZATION_HEADER)
|
45
45
|
request.http_headers.delete(Sauthc1Signer::STORMPATH_DATE_HEADER)
|
46
46
|
|
@@ -56,9 +56,7 @@ module Stormpath
|
|
56
56
|
# have to have it in the request by the time we sign.
|
57
57
|
host_header = uri.host
|
58
58
|
|
59
|
-
unless default_port?(uri)
|
60
|
-
host_header << ":" << uri.port.to_s
|
61
|
-
end
|
59
|
+
host_header << ':' << uri.port.to_s unless default_port?(uri)
|
62
60
|
|
63
61
|
request.http_headers.store HOST_HEADER, host_header
|
64
62
|
|
@@ -78,7 +76,7 @@ module Stormpath
|
|
78
76
|
signed_headers_string,
|
79
77
|
request_payload_hash_hex].join(NL)
|
80
78
|
|
81
|
-
id = [request.api_key.id, date_stamp, nonce, ID_TERMINATOR].join(
|
79
|
+
id = [request.api_key.id, date_stamp, nonce, ID_TERMINATOR].join('/')
|
82
80
|
|
83
81
|
canonical_request_hash_hex = to_hex(hash_text(canonical_request))
|
84
82
|
|
@@ -93,16 +91,15 @@ module Stormpath
|
|
93
91
|
signature = sign to_utf8(string_to_sign), k_signing, DEFAULT_ALGORITHM
|
94
92
|
signature_hex = to_hex signature
|
95
93
|
|
96
|
-
authorization_header = AUTHENTICATION_SCHEME +
|
97
|
-
|
98
|
-
|
99
|
-
|
94
|
+
authorization_header = AUTHENTICATION_SCHEME + ' ' +
|
95
|
+
create_name_value_pair(SAUTHC1_ID, id) + ', ' +
|
96
|
+
create_name_value_pair(SAUTHC1_SIGNED_HEADERS, signed_headers_string) + ', ' +
|
97
|
+
create_name_value_pair(SAUTHC1_SIGNATURE, signature_hex)
|
100
98
|
|
101
99
|
request.http_headers.store AUTHORIZATION_HEADER, authorization_header
|
102
100
|
end
|
103
101
|
|
104
|
-
|
105
|
-
def to_hex data
|
102
|
+
def to_hex(data)
|
106
103
|
result = ''
|
107
104
|
|
108
105
|
data.each_byte do |val|
|
@@ -121,72 +118,69 @@ module Stormpath
|
|
121
118
|
|
122
119
|
private
|
123
120
|
|
124
|
-
|
125
|
-
|
126
|
-
|
121
|
+
def canonicalize_query_string(request)
|
122
|
+
request.to_s_query_string true
|
123
|
+
end
|
127
124
|
|
128
|
-
|
129
|
-
|
130
|
-
|
125
|
+
def hash_text(text)
|
126
|
+
Digest.digest DEFAULT_ALGORITHM, to_utf8(text)
|
127
|
+
end
|
131
128
|
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
129
|
+
def sign(data, key, algorithm)
|
130
|
+
digest_data = to_utf8 data
|
131
|
+
digest = Digest.new(algorithm)
|
132
|
+
HMAC.digest(digest, key, digest_data)
|
133
|
+
end
|
137
134
|
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
135
|
+
def to_utf8(str)
|
136
|
+
# we ask for multi line UTF-8 text
|
137
|
+
str.scan(/./mu).join
|
138
|
+
end
|
142
139
|
|
143
|
-
|
144
|
-
|
145
|
-
|
140
|
+
def get_request_payload(request)
|
141
|
+
get_request_payload_without_query_params request
|
142
|
+
end
|
146
143
|
|
147
|
-
|
148
|
-
|
149
|
-
|
144
|
+
def get_request_payload_without_query_params(request)
|
145
|
+
request.body || ''
|
146
|
+
end
|
150
147
|
|
151
|
-
|
152
|
-
|
153
|
-
|
148
|
+
def create_name_value_pair(name, value)
|
149
|
+
"#{name}=#{value}"
|
150
|
+
end
|
154
151
|
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
end
|
152
|
+
def canonicalize_resource_path(resource_path)
|
153
|
+
if resource_path.nil? || resource_path.empty?
|
154
|
+
'/'
|
155
|
+
else
|
156
|
+
encode_url resource_path, true, true
|
161
157
|
end
|
158
|
+
end
|
162
159
|
|
160
|
+
def canonicalize_headers(request)
|
161
|
+
sorted_headers = request.http_headers.keys.sort!
|
162
|
+
result = ''
|
163
163
|
|
164
|
-
|
165
|
-
|
166
|
-
result
|
167
|
-
|
168
|
-
sorted_headers.each do |header|
|
169
|
-
result << header.downcase << ':' << request.http_headers[header].to_s
|
170
|
-
result << NL
|
171
|
-
end
|
172
|
-
result
|
164
|
+
sorted_headers.each do |header|
|
165
|
+
result << header.downcase << ':' << request.http_headers[header].to_s
|
166
|
+
result << NL
|
173
167
|
end
|
168
|
+
result
|
169
|
+
end
|
174
170
|
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
end
|
171
|
+
def get_signed_headers(request)
|
172
|
+
sorted_headers = request.http_headers.keys.sort!
|
173
|
+
result = ''
|
174
|
+
sorted_headers.each do |header|
|
175
|
+
if result.empty?
|
176
|
+
result << header
|
177
|
+
else
|
178
|
+
result << ';' << header
|
184
179
|
end
|
185
|
-
result.downcase
|
186
180
|
end
|
187
|
-
|
188
|
-
|
189
|
-
end#Sauthc1Signer
|
190
|
-
end#Authc
|
191
|
-
end#Http
|
192
|
-
end#Stormpath
|
181
|
+
result.downcase
|
182
|
+
end
|
183
|
+
end # Sauthc1Signer
|
184
|
+
end # Authc
|
185
|
+
end # Http
|
186
|
+
end # Stormpath
|
@@ -21,11 +21,11 @@ module Stormpath
|
|
21
21
|
|
22
22
|
def initialize(options = {})
|
23
23
|
@signer = Sauthc1Signer.new
|
24
|
-
@http_client = HTTPClient.new
|
24
|
+
@http_client = HTTPClient.new(options[:proxy])
|
25
25
|
end
|
26
26
|
|
27
27
|
def execute_request(request, redirects_limit = 10)
|
28
|
-
assert_not_nil request,
|
28
|
+
assert_not_nil request, 'Request argument cannot be null.'
|
29
29
|
|
30
30
|
@redirect_response = nil
|
31
31
|
|
@@ -37,7 +37,7 @@ module Stormpath
|
|
37
37
|
request.href
|
38
38
|
end
|
39
39
|
|
40
|
-
if request.http_headers[
|
40
|
+
if request.http_headers['Content-Type'] == 'application/x-www-form-urlencoded'
|
41
41
|
@http_client.set_auth(request.href, request.api_key.id, request.api_key.secret)
|
42
42
|
end
|
43
43
|
|
@@ -45,17 +45,19 @@ module Stormpath
|
|
45
45
|
|
46
46
|
response = method.call domain, request.body, request.http_headers
|
47
47
|
|
48
|
-
if response.redirect?
|
48
|
+
if response.redirect? && redirects_limit > 0
|
49
49
|
request.href = response.http_header['location'][0]
|
50
50
|
redirects_limit -= 1
|
51
51
|
@redirect_response = execute_request request, redirects_limit
|
52
52
|
return @redirect_response
|
53
53
|
end
|
54
54
|
|
55
|
-
Response.new
|
56
|
-
|
57
|
-
|
58
|
-
|
55
|
+
Response.new(
|
56
|
+
response.http_header.status_code,
|
57
|
+
response.http_header.body_type,
|
58
|
+
response.content,
|
59
|
+
response.http_header.body_size
|
60
|
+
)
|
59
61
|
end
|
60
62
|
end
|
61
63
|
end
|
@@ -16,11 +16,10 @@
|
|
16
16
|
module Stormpath
|
17
17
|
module Http
|
18
18
|
class Response
|
19
|
-
|
20
19
|
attr_reader :http_status, :body
|
21
20
|
attr_accessor :headers
|
22
21
|
|
23
|
-
def initialize
|
22
|
+
def initialize(http_status, content_type, body, content_length)
|
24
23
|
@http_status = http_status
|
25
24
|
@headers = HTTP::Message::Headers.new
|
26
25
|
@body = body
|
@@ -29,17 +28,16 @@ module Stormpath
|
|
29
28
|
end
|
30
29
|
|
31
30
|
def client_error?
|
32
|
-
http_status >= 400
|
31
|
+
(http_status >= 400) && http_status < 500
|
33
32
|
end
|
34
33
|
|
35
34
|
def server_error?
|
36
|
-
http_status >= 500
|
35
|
+
(http_status >= 500) && http_status < 600
|
37
36
|
end
|
38
37
|
|
39
38
|
def error?
|
40
|
-
client_error?
|
39
|
+
client_error? || server_error?
|
41
40
|
end
|
42
|
-
|
43
41
|
end
|
44
42
|
end
|
45
|
-
end
|
43
|
+
end
|
@@ -3,14 +3,14 @@ module Stormpath
|
|
3
3
|
class IdSiteResult
|
4
4
|
attr_accessor :jwt_response, :account_href, :state, :status, :is_new_account
|
5
5
|
|
6
|
-
|
6
|
+
alias new_account? is_new_account
|
7
7
|
|
8
8
|
def initialize(jwt_response)
|
9
9
|
@jwt_response = jwt_response
|
10
|
-
@account_href = jwt_response[
|
11
|
-
@status = jwt_response[
|
12
|
-
@state = jwt_response[
|
13
|
-
@is_new_account = jwt_response[
|
10
|
+
@account_href = jwt_response['sub']
|
11
|
+
@status = jwt_response['status']
|
12
|
+
@state = jwt_response['state']
|
13
|
+
@is_new_account = jwt_response['isNewSub']
|
14
14
|
end
|
15
15
|
|
16
16
|
def jwt_invalid?(api_key_id)
|
@@ -19,4 +19,3 @@ module Stormpath
|
|
19
19
|
end
|
20
20
|
end
|
21
21
|
end
|
22
|
-
|
@@ -3,12 +3,10 @@ module Stormpath
|
|
3
3
|
class AccessTokenAuthenticationResult < Stormpath::Resource::Instance
|
4
4
|
prop_reader :access_token, :refresh_token, :token_type, :expires_in, :stormpath_access_token_href
|
5
5
|
|
6
|
-
|
6
|
+
alias href stormpath_access_token_href
|
7
7
|
|
8
8
|
def delete
|
9
|
-
unless href.respond_to?(:empty)
|
10
|
-
data_store.delete self
|
11
|
-
end
|
9
|
+
data_store.delete(self) unless href.respond_to?(:empty) && href.empty?
|
12
10
|
end
|
13
11
|
|
14
12
|
def account
|
@@ -22,11 +20,9 @@ module Stormpath
|
|
22
20
|
end
|
23
21
|
|
24
22
|
def jwt_response
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
raise Stormpath::Oauth::Error.new(:jwt_expired)
|
29
|
-
end
|
23
|
+
JWT.decode(access_token, data_store.api_key.secret).first
|
24
|
+
rescue JWT::ExpiredSignature => error
|
25
|
+
raise Stormpath::Oauth::Error, :jwt_expired
|
30
26
|
end
|
31
27
|
end
|
32
28
|
end
|
@@ -8,14 +8,14 @@ module Stormpath
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def authenticate(parent_href, request)
|
11
|
-
assert_not_nil parent_href,
|
11
|
+
assert_not_nil parent_href, 'parent_href must be specified'
|
12
12
|
|
13
13
|
clazz = GRANT_CLASSES_BY_TYPE[request.grant_type.to_sym]
|
14
14
|
attempt = @data_store.instantiate(clazz)
|
15
15
|
attempt.set_options(request)
|
16
16
|
href = parent_href + '/oauth/token'
|
17
17
|
|
18
|
-
@data_store.create
|
18
|
+
@data_store.create(href, attempt, Stormpath::Oauth::AccessTokenAuthenticationResult)
|
19
19
|
end
|
20
20
|
|
21
21
|
GRANT_CLASSES_BY_TYPE = {
|
@@ -26,28 +26,28 @@ module Stormpath
|
|
26
26
|
},
|
27
27
|
jwt_expired: {
|
28
28
|
status: 400,
|
29
|
-
code:
|
29
|
+
code: 10_011,
|
30
30
|
message: 'Token is invalid',
|
31
31
|
developer_message: 'Token is no longer valid because it has expired',
|
32
32
|
request_id: 'Oauth error UUID'
|
33
33
|
},
|
34
34
|
jwt_invalid: {
|
35
35
|
status: 400,
|
36
|
-
code:
|
36
|
+
code: 10_012,
|
37
37
|
message: 'Token is invalid',
|
38
38
|
developer_message: 'Token is invalid because the issued at time (iat) is after the current time',
|
39
39
|
request_id: 'Oauth error UUID'
|
40
40
|
},
|
41
41
|
jwt_invalid_issuer: {
|
42
42
|
status: 400,
|
43
|
-
code:
|
43
|
+
code: 10_014,
|
44
44
|
message: 'Token is invalid',
|
45
45
|
developer_message: 'Token is invalid because the issuer of the token does not match the Application validating the token.',
|
46
46
|
request_id: 'Oauth error UUID'
|
47
47
|
},
|
48
48
|
jwt_invalid_signature: {
|
49
49
|
status: 400,
|
50
|
-
code:
|
50
|
+
code: 10_017,
|
51
51
|
message: 'Token is invalid',
|
52
52
|
developer_message: 'Token is invalid because verifying the signature of a JWT failed.',
|
53
53
|
request_id: 'Oauth error UUID'
|