strongmind-auth 1.0.17 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/concerns/jwt_utilities.rb +43 -26
- data/config/routes.rb +1 -0
- data/lib/strongmind/auth/version.rb +1 -1
- metadata +1 -29
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1526ec8b78d6caea36cd40f7c943b5e376a4da4fcb0a5f37a4a3222d658e612f
|
|
4
|
+
data.tar.gz: f8bd96c7bb4d8658961224bf6c5ed9f1b9c2f9afd789d683e95afd3817a93864
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 06353b6d2d5f5d8554af61ba484e97ad6bc2b287a0d44a0e26f447a26df6e6c2de095b991f9b8002aaf676e3b6f080c1e095b1890ec2559f19bbbcb8292cb6d2
|
|
7
|
+
data.tar.gz: b37c854e2fc115f6a802b5dee2fcc6d45393951a4ad6891f78efa80bb3e24aa7e4e5ab08c86ad7baa4b28c67e12db3eabad4a84d84f15ab312b4a07ecdd9b290
|
|
@@ -4,32 +4,14 @@
|
|
|
4
4
|
module JwtUtilities
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
6
|
|
|
7
|
-
def jwt_valid?(jwt, condition_key = nil, scopes = [])
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
leeway: 60
|
|
16
|
-
})
|
|
17
|
-
rescue JWT::DecodeError => e
|
|
18
|
-
Rails.logger.error e.message
|
|
19
|
-
return false
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
payload = payload.with_indifferent_access
|
|
23
|
-
|
|
24
|
-
unless !scopes.empty? && payload['scope'].present? && payload['scope'].all? { |elem| scopes.include?(elem) }
|
|
25
|
-
return false
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
return false unless payload['nonce'].nil?
|
|
29
|
-
|
|
30
|
-
return false unless condition_key.nil? || payload['events'].key?(condition_key)
|
|
31
|
-
|
|
32
|
-
true
|
|
7
|
+
def jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = [])
|
|
8
|
+
payload = decode_jwt(jwt)
|
|
9
|
+
return false unless payload
|
|
10
|
+
|
|
11
|
+
scope_valid?(payload,
|
|
12
|
+
scopes) && nonce_valid?(payload) && condition_key_valid?(payload,
|
|
13
|
+
condition_key) && attributes_valid?(payload,
|
|
14
|
+
attributes)
|
|
33
15
|
end
|
|
34
16
|
|
|
35
17
|
def public_key
|
|
@@ -42,6 +24,41 @@ module JwtUtilities
|
|
|
42
24
|
|
|
43
25
|
private
|
|
44
26
|
|
|
27
|
+
def decode_jwt(jwt)
|
|
28
|
+
payload, _header = JWT.decode(jwt, public_key, true, jwt_decode_options)
|
|
29
|
+
payload.with_indifferent_access
|
|
30
|
+
rescue JWT::DecodeError => e
|
|
31
|
+
Rails.logger.error e.message
|
|
32
|
+
nil
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def jwt_decode_options
|
|
36
|
+
{
|
|
37
|
+
verify_iat: true,
|
|
38
|
+
verify_iss: true,
|
|
39
|
+
verify_aud: true,
|
|
40
|
+
verify_sub: true,
|
|
41
|
+
algorithm: 'RS256',
|
|
42
|
+
leeway: 60
|
|
43
|
+
}
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def scope_valid?(payload, scopes)
|
|
47
|
+
scopes.empty? || (payload['scope'].present? && scopes.all? { |scope| payload['scope'].include?(scope) })
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def nonce_valid?(payload)
|
|
51
|
+
payload['nonce'].nil?
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def condition_key_valid?(payload, condition_key)
|
|
55
|
+
condition_key.nil? || payload['events'].to_h.key?(condition_key)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def attributes_valid?(payload, attributes)
|
|
59
|
+
attributes.empty? || attributes.all? { |attribute| payload.include?(attribute) }
|
|
60
|
+
end
|
|
61
|
+
|
|
45
62
|
def fetch_user_token_info
|
|
46
63
|
user_jwt(session)
|
|
47
64
|
end
|
data/config/routes.rb
CHANGED
|
@@ -9,6 +9,7 @@ Rails.application.routes.draw do
|
|
|
9
9
|
|
|
10
10
|
devise_scope :user do
|
|
11
11
|
get 'users/sign_out', to: 'users/sessions#initiate_backchannel_logout'
|
|
12
|
+
post 'users/endsession', to: 'users/sessions#endsession'
|
|
12
13
|
|
|
13
14
|
unauthenticated do
|
|
14
15
|
root 'logins#index', as: :unauthenticated_root
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strongmind-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Team Belding
|
|
@@ -94,34 +94,6 @@ dependencies:
|
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: rspec-rails
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - ">="
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - ">="
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
111
|
-
- !ruby/object:Gem::Dependency
|
|
112
|
-
name: factory_bot_rails
|
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
|
114
|
-
requirements:
|
|
115
|
-
- - ">="
|
|
116
|
-
- !ruby/object:Gem::Version
|
|
117
|
-
version: '0'
|
|
118
|
-
type: :development
|
|
119
|
-
prerelease: false
|
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
-
requirements:
|
|
122
|
-
- - ">="
|
|
123
|
-
- !ruby/object:Gem::Version
|
|
124
|
-
version: '0'
|
|
125
97
|
description: Ruby gem for StrongMind authentication in a strongmind app
|
|
126
98
|
email:
|
|
127
99
|
- teambelding@strongmind.com
|