strongmind-auth 1.1.73 → 1.1.76

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2671d322d9318a0b88fde814ce8ecfc2061601aedbf589cbb8331909c35f451f
-  data.tar.gz: 6e275ca90f98dfcfb17bcfe444d5d4446fb01b6a2e0516f3bf8d85044322796a
+  metadata.gz: 97c1b7fb5d1dc054c740f5531923c060625e4af1f7d85188db7b3ff3b479ea01
+  data.tar.gz: 7ba5c4d51d0f449e4c78b34cb2f997134f14b7bc64d354cf077460cf31fb0c01
 SHA512:
-  metadata.gz: 41ac60523b02df968aaa978ac258b2de9566f1f59e4d589899943ebcb4f5b3095a00a4a337eff5d6f16a39d4a632ab6e11bd0150417e021ab3e09339eadf2f0e
-  data.tar.gz: b7c122065a47a7f5e0a63be0fa3330631a0de5bfbcb54c81d10db27cc7e4ebaf4a3ecc737ab57f3db1ea8a26b3810fddbf547d670b610f5b32787de533fba46c
+  metadata.gz: 3948cba9f91d973154152d3bd0d9ce92ccb83bd9a2b9724102a76d46cb6f2b481408f6855d416c778ba041576b946a99ea1761d4ed8fcead5318c71dae403bec
+  data.tar.gz: 19e8e94d1fa603bc207bda0a72337441633380808d4bd972a2c7ef039c0c734d15b2f9dd84e3dd6939355166502e6abdbf0aa75319917ffe3315e9b277d6943e

data/app/controllers/concerns/jwt_utilities.rb

@@ -70,38 +70,30 @@ module JwtUtilities
 
   def user_jwt(session_data)
     tokens = current_user.nil? ? nil : Rails.cache.read(current_user&.uid)
-    validate_tokens(tokens) unless tokens.nil?
-
-    if tokens.nil?
-      tokens = generate_tokens(session_data)
-      validate_tokens(tokens)
-
-      unless current_user.nil?
-        tokens[:expires_in] = 1.hour.to_i if tokens[:expires_in].nil?
-        Rails.cache.write(current_user&.uid, tokens, expires_in: tokens[:expires_in].seconds - 10.minutes.in_seconds)
+    auth_client = PlatformSdk::Identity::AuthClient.new(
+      ENV['IDENTITY_BASE_URL'],
+      ENV['IDENTITY_CLIENT_ID'],
+      ENV['IDENTITY_CLIENT_SECRET'])
+    begin
+      if tokens.nil?
+        tokens = auth_client.refresh_token(session_data[:refresh_token])
+      else
+        auth_client.refresh_session(session: tokens)
       end
+      Rails.cache.write(current_user.uid, tokens)
+      tokens
+    rescue PlatformSdk::Identity::ClientError => e
+      handle_refresh_error(e)
     end
-    session_data[:refresh_token] = tokens[:refresh_token]
-
-    tokens
   end
 
-  def validate_tokens(tokens)
-    return unless tokens[:error] == 'invalid_grant' || !tokens[:refresh_token]
+  def handle_refresh_error(error)
+    raise Strongmind::Exceptions::RefreshTokenExpiredError, error.response[:body]['error'] if invalid_grant_error?(error)
 
-    raise Strongmind::Exceptions::RefreshTokenExpiredError, tokens[:error]
+    raise error
   end
 
-  def generate_tokens(session_data)
-    identity_base_url = ENV['IDENTITY_BASE_URL']
-    identity_client_id = ENV['IDENTITY_CLIENT_ID']
-    response = Faraday.post("#{identity_base_url}/connect/token", {
-      client_id: identity_client_id,
-      client_secret: ENV['IDENTITY_CLIENT_SECRET'],
-      grant_type: 'refresh_token',
-      refresh_token: session_data[:refresh_token]
-    })
-
-    JSON.parse(response.body, symbolize_names: true)
+  def invalid_grant_error?(error)
+    error.response[:body]['error'] == 'invalid_grant'
   end
 end

data/app/controllers/concerns/strong_mind_nav.rb

@@ -11,7 +11,7 @@ module StrongMindNav
       @top_navbar_html = navbar[:top_navbar_html]
       @bottom_navbar_html = navbar[:bottom_navbar_html]
       @theme_css = navbar[:theme_css]
-    rescue Strongmind::Exceptions::NilSessionError, Strongmind::Exceptions::TokenNotFoundError, Strongmind::Exceptions::UserNotFoundError, Strongmind::Exceptions::RefreshTokenExpiredError => e
+    rescue Strongmind::Exceptions::TokenNotFoundError, Strongmind::Exceptions::UserNotFoundError, Strongmind::Exceptions::RefreshTokenExpiredError => e
       Sentry.capture_exception(e)
       Rails.logger.error(e)
       flash[:alert] = e.inspect if Rails.env.development? || Rails.env.test?

data/app/controllers/users/omniauth_callbacks_controller.rb

@@ -12,7 +12,7 @@ module Users
 
       render plain: "You do not have permission to access this application.", status: :unauthorized and return if @user.nil?
 
-      session[:refresh_token] = request.env['omniauth.auth'].credentials['refresh_token']
+      session[:refresh_token] = auth.credentials['refresh_token']
       flash.delete(:notice)
 
       if @user.persisted?

data/app/controllers/users/sessions_controller.rb

@@ -34,13 +34,9 @@ module Users
       user_token_info = fetch_user_token_info
 
       id_token_hint = user_token_info[:id_token]
-      token = user_token_info[:access_token]
       current_user&.invalidate_all_sessions!
       identity_base_url = ENV['IDENTITY_BASE_URL']
-      redirect_to "#{identity_base_url}/connect/endsession?id_token_hint=#{id_token_hint}", headers: {
-        'Content-Type' => 'application/json',
-        'Authorization' => "Bearer #{token}"
-      }, allow_other_host: true
+      redirect_to "#{identity_base_url}/connect/endsession?id_token_hint=#{id_token_hint}", allow_other_host: true
     end
 
   end

data/app/models/user_base.rb

@@ -12,9 +12,8 @@ class UserBase < ApplicationRecord
                       {
                         id_token: auth.credentials.id_token,
                         access_token: auth.credentials.token,
-                        refresh_token: auth.credentials.refresh_token
-                      },
-                      expires_in: auth.credentials.expires_in.seconds - 10.minutes
+                        refresh_token: auth.credentials.refresh_token,
+                      }
     )
   end
 

data/lib/strongmind/auth/version.rb

@@ -1,5 +1,5 @@
 module Strongmind
   module Auth
-    VERSION = "1.1.73"
+    VERSION = "1.1.76"
   end
 end

data/lib/strongmind/common_nav_fetcher.rb

@@ -48,8 +48,8 @@ module Strongmind
     end
 
     def fetch_navbar_data(nav_items)
-      refresh_session
-      access_token = token
+      session = refresh_session
+      access_token = session[:access_token]
 
       connection.post(navbar_endpoint, nav_items.to_json, 'Authorization' => "Bearer #{access_token}")
     end
@@ -63,24 +63,16 @@ module Strongmind
       end
     end
 
-    def token
-      cache_data = Rails.cache.fetch(user.uid)
-      cache_missing_message = " - check your caching settings (switch to file or redis)" if Rails.env.development?
-      unless cache_data&.key?(:access_token)
-        raise Strongmind::Exceptions::TokenNotFoundError, "Token not found for user #{user.uid}#{cache_missing_message}"
-      end
-
-      cache_data[:access_token]
-    end
-
     def refresh_session
       session = Rails.cache.fetch(user.uid)
+      cache_missing_message = " - check your caching settings (switch to file or redis)" if Rails.env.development?
       unless session&.key?(:access_token)
-        raise Strongmind::Exceptions::NilSessionError, "Session not found for user #{user.uid}"
+        raise Strongmind::Exceptions::TokenNotFoundError, "Token not found for user #{user.uid}#{cache_missing_message}"
       end
 
       auth_client.refresh_session(session:)
-      Rails.cache.write(user.uid, session, expires_in: session[:expires_in].to_i.seconds - 10.minutes)
+      Rails.cache.write(user.uid, session)
+      session
     rescue PlatformSdk::Identity::ClientError => e
       handle_refresh_error(e)
     end

data/lib/strongmind/exceptions.rb

@@ -6,6 +6,5 @@ module Strongmind
 
     class RefreshTokenExpiredError < StandardError; end
 
-    class NilSessionError < StandardError; end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: strongmind-auth
 version: !ruby/object:Gem::Version
-  version: 1.1.73
+  version: 1.1.76
 platform: ruby
 authors:
 - Team Belding
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-08 00:00:00.000000000 Z
+date: 2024-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails