strongmind-auth 1.0.16 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +1 -1
  3. data/app/controllers/concerns/jwt_utilities.rb +43 -26
  4. data/app/controllers/concerns/strong_mind_nav.rb +2 -2
  5. data/app/views/logins/index.html.erb +2 -7
  6. data/config/routes.rb +1 -0
  7. data/lib/strongmind/auth/engine.rb +5 -0
  8. data/lib/strongmind/auth/version.rb +1 -1
  9. data/lib/strongmind/common_nav_fetcher.rb +3 -0
  10. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2306b7e1bd1a267836f1fef6f86f79233f31c12cd5dcb792332d822f0ad48b7a
4
- data.tar.gz: 28f82b40cd09b68cd707d44f3da9db20050a7696576fa132f095ea730df1dbd8
3
+ metadata.gz: 1526ec8b78d6caea36cd40f7c943b5e376a4da4fcb0a5f37a4a3222d658e612f
4
+ data.tar.gz: f8bd96c7bb4d8658961224bf6c5ed9f1b9c2f9afd789d683e95afd3817a93864
5
5
  SHA512:
6
- metadata.gz: 80a6b9990e257f8ce2c3a5a3cd84a52a6531cfbaeafaabcff14e6db4595143c5ddd0d33d24c4766c05fba0ee0f7a7e1ba1ea1fe462293d2ee463bd007c47c596
7
- data.tar.gz: dfe36023e2f0cfac32111a853748cc01a7822959b1702416cbb3f8ee2d08f58afda4cc2ea7f80b6746b47fd9f9da3395f2a24cbf9f0424a25dc9e94d1799d91f
6
+ metadata.gz: 06353b6d2d5f5d8554af61ba484e97ad6bc2b287a0d44a0e26f447a26df6e6c2de095b991f9b8002aaf676e3b6f080c1e095b1890ec2559f19bbbcb8292cb6d2
7
+ data.tar.gz: b37c854e2fc115f6a802b5dee2fcc6d45393951a4ad6891f78efa80bb3e24aa7e4e5ab08c86ad7baa4b28c67e12db3eabad4a84d84f15ab312b4a07ecdd9b290
data/Rakefile CHANGED
@@ -1,6 +1,6 @@
1
1
  require "bundler/setup"
2
2
 
3
- APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
3
+ APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
4
4
  load "rails/tasks/engine.rake"
5
5
 
6
6
  load "rails/tasks/statistics.rake"
data/app/controllers/concerns/jwt_utilities.rb CHANGED
@@ -4,32 +4,14 @@
4
4
  module JwtUtilities
5
5
  extend ActiveSupport::Concern
6
6
 
7
- def jwt_valid?(jwt, condition_key = nil, scopes = [])
8
- begin
9
- payload, _header = JWT.decode(jwt, public_key, true, {
10
- verify_iat: true,
11
- verify_iss: true,
12
- verify_aud: true,
13
- verify_sub: true,
14
- algorithm: 'RS256',
15
- leeway: 60
16
- })
17
- rescue JWT::DecodeError => e
18
- Rails.logger.error e.message
19
- return false
20
- end
21
-
22
- payload = payload.with_indifferent_access
23
-
24
- unless !scopes.empty? && payload['scope'].present? && payload['scope'].all? { |elem| scopes.include?(elem) }
25
- return false
26
- end
27
-
28
- return false unless payload['nonce'].nil?
29
-
30
- return false unless condition_key.nil? || payload['events'].key?(condition_key)
31
-
32
- true
7
+ def jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = [])
8
+ payload = decode_jwt(jwt)
9
+ return false unless payload
10
+
11
+ scope_valid?(payload,
12
+ scopes) && nonce_valid?(payload) && condition_key_valid?(payload,
13
+ condition_key) && attributes_valid?(payload,
14
+ attributes)
33
15
  end
34
16
 
35
17
  def public_key
@@ -42,6 +24,41 @@ module JwtUtilities
42
24
 
43
25
  private
44
26
 
27
+ def decode_jwt(jwt)
28
+ payload, _header = JWT.decode(jwt, public_key, true, jwt_decode_options)
29
+ payload.with_indifferent_access
30
+ rescue JWT::DecodeError => e
31
+ Rails.logger.error e.message
32
+ nil
33
+ end
34
+
35
+ def jwt_decode_options
36
+ {
37
+ verify_iat: true,
38
+ verify_iss: true,
39
+ verify_aud: true,
40
+ verify_sub: true,
41
+ algorithm: 'RS256',
42
+ leeway: 60
43
+ }
44
+ end
45
+
46
+ def scope_valid?(payload, scopes)
47
+ scopes.empty? || (payload['scope'].present? && scopes.all? { |scope| payload['scope'].include?(scope) })
48
+ end
49
+
50
+ def nonce_valid?(payload)
51
+ payload['nonce'].nil?
52
+ end
53
+
54
+ def condition_key_valid?(payload, condition_key)
55
+ condition_key.nil? || payload['events'].to_h.key?(condition_key)
56
+ end
57
+
58
+ def attributes_valid?(payload, attributes)
59
+ attributes.empty? || attributes.all? { |attribute| payload.include?(attribute) }
60
+ end
61
+
45
62
  def fetch_user_token_info
46
63
  user_jwt(session)
47
64
  end
data/app/controllers/concerns/strong_mind_nav.rb CHANGED
@@ -14,8 +14,8 @@ module StrongMindNav
14
14
  rescue Strongmind::Exceptions::TokenNotFoundError, Strongmind::Exceptions::UserNotFoundError => e
15
15
  Sentry.capture_exception(e)
16
16
  Rails.logger.error(e)
17
- flash[:alert] = e.inspect if Rails.env.development?
18
- @stop_redirect = true if Rails.env.development?
17
+ flash[:alert] = e.inspect if Rails.env.development? || Rails.env.test?
18
+ @stop_redirect = true if Rails.env.development? || Rails.env.test?
19
19
  render 'logins/index'
20
20
  rescue Exception => e
21
21
  Sentry.capture_exception(e)
data/app/views/logins/index.html.erb CHANGED
@@ -16,16 +16,11 @@
16
16
  </style>
17
17
  <%= button_to 'Sign in with StrongMind', '/users/auth/strongmind', style: 'display:none' %>
18
18
  <script type="text/javascript">
19
- function submitForm() {
20
- document.forms[0].submit();
21
- }
22
-
23
19
  // Submit the form on load
24
20
  window.addEventListener("load", (event) => {
25
- <% if @stop_redirect %>
26
- return;
21
+ <% unless @stop_redirect %>
22
+ document.forms[0].submit();
27
23
  <% end %>
28
- submitForm();
29
24
  });
30
25
 
31
26
  </script>
data/config/routes.rb CHANGED
@@ -9,6 +9,7 @@ Rails.application.routes.draw do
9
9
 
10
10
  devise_scope :user do
11
11
  get 'users/sign_out', to: 'users/sessions#initiate_backchannel_logout'
12
+ post 'users/endsession', to: 'users/sessions#endsession'
12
13
 
13
14
  unauthenticated do
14
15
  root 'logins#index', as: :unauthenticated_root
data/lib/strongmind/auth/engine.rb CHANGED
@@ -1,6 +1,11 @@
1
1
  module Strongmind
2
2
  module Auth
3
3
  class Engine < ::Rails::Engine
4
+ config.generators do |g|
5
+ g.test_framework :rspec
6
+ g.fixture_replacement :factory_bot
7
+ g.factory_bot dir: 'spec/factories'
8
+ end
4
9
  end
5
10
  end
6
11
  end
data/lib/strongmind/auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Strongmind
2
2
  module Auth
3
- VERSION = "1.0.16"
3
+ VERSION = "1.1.0"
4
4
  end
5
5
  end
data/lib/strongmind/common_nav_fetcher.rb CHANGED
@@ -12,6 +12,9 @@ module Strongmind
12
12
  def initialize(user, request)
13
13
  raise Strongmind::Exceptions::UserNotFoundError, 'User not found' unless user.present?
14
14
  raise ArgumentError, 'Request not found' unless request.present?
15
+ raise ArgumentError, 'Identity base URL not found at IDENTITY_BASE_URL in environment' unless ENV['IDENTITY_BASE_URL'].present?
16
+ raise ArgumentError, 'Identity client ID not found at IDENTITY_CLIENT_ID in environment' unless ENV['IDENTITY_CLIENT_ID'].present?
17
+ raise ArgumentError, 'Identity client secret not found at IDENTITY_CLIENT_SECRET in environment' unless ENV['IDENTITY_CLIENT_SECRET'].present?
15
18
 
16
19
  @user = user
17
20
  @request = request
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: strongmind-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.16
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Team Belding