strongmind-auth 1.0.17 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/concerns/jwt_utilities.rb +43 -26
- data/config/routes.rb +1 -0
- data/lib/strongmind/auth/version.rb +1 -1
- metadata +1 -29
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1526ec8b78d6caea36cd40f7c943b5e376a4da4fcb0a5f37a4a3222d658e612f
|
|
4
|
+
data.tar.gz: f8bd96c7bb4d8658961224bf6c5ed9f1b9c2f9afd789d683e95afd3817a93864
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 06353b6d2d5f5d8554af61ba484e97ad6bc2b287a0d44a0e26f447a26df6e6c2de095b991f9b8002aaf676e3b6f080c1e095b1890ec2559f19bbbcb8292cb6d2
|
|
7
|
+
data.tar.gz: b37c854e2fc115f6a802b5dee2fcc6d45393951a4ad6891f78efa80bb3e24aa7e4e5ab08c86ad7baa4b28c67e12db3eabad4a84d84f15ab312b4a07ecdd9b290
|
|
@@ -4,32 +4,14 @@
|
|
|
4
4
|
module JwtUtilities
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
6
|
|
|
7
|
-
def jwt_valid?(jwt, condition_key = nil, scopes = [])
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
leeway: 60
|
|
16
|
-
})
|
|
17
|
-
rescue JWT::DecodeError => e
|
|
18
|
-
Rails.logger.error e.message
|
|
19
|
-
return false
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
payload = payload.with_indifferent_access
|
|
23
|
-
|
|
24
|
-
unless !scopes.empty? && payload['scope'].present? && payload['scope'].all? { |elem| scopes.include?(elem) }
|
|
25
|
-
return false
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
return false unless payload['nonce'].nil?
|
|
29
|
-
|
|
30
|
-
return false unless condition_key.nil? || payload['events'].key?(condition_key)
|
|
31
|
-
|
|
32
|
-
true
|
|
7
|
+
def jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = [])
|
|
8
|
+
payload = decode_jwt(jwt)
|
|
9
|
+
return false unless payload
|
|
10
|
+
|
|
11
|
+
scope_valid?(payload,
|
|
12
|
+
scopes) && nonce_valid?(payload) && condition_key_valid?(payload,
|
|
13
|
+
condition_key) && attributes_valid?(payload,
|
|
14
|
+
attributes)
|
|
33
15
|
end
|
|
34
16
|
|
|
35
17
|
def public_key
|
|
@@ -42,6 +24,41 @@ module JwtUtilities
|
|
|
42
24
|
|
|
43
25
|
private
|
|
44
26
|
|
|
27
|
+
def decode_jwt(jwt)
|
|
28
|
+
payload, _header = JWT.decode(jwt, public_key, true, jwt_decode_options)
|
|
29
|
+
payload.with_indifferent_access
|
|
30
|
+
rescue JWT::DecodeError => e
|
|
31
|
+
Rails.logger.error e.message
|
|
32
|
+
nil
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def jwt_decode_options
|
|
36
|
+
{
|
|
37
|
+
verify_iat: true,
|
|
38
|
+
verify_iss: true,
|
|
39
|
+
verify_aud: true,
|
|
40
|
+
verify_sub: true,
|
|
41
|
+
algorithm: 'RS256',
|
|
42
|
+
leeway: 60
|
|
43
|
+
}
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def scope_valid?(payload, scopes)
|
|
47
|
+
scopes.empty? || (payload['scope'].present? && scopes.all? { |scope| payload['scope'].include?(scope) })
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def nonce_valid?(payload)
|
|
51
|
+
payload['nonce'].nil?
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def condition_key_valid?(payload, condition_key)
|
|
55
|
+
condition_key.nil? || payload['events'].to_h.key?(condition_key)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def attributes_valid?(payload, attributes)
|
|
59
|
+
attributes.empty? || attributes.all? { |attribute| payload.include?(attribute) }
|
|
60
|
+
end
|
|
61
|
+
|
|
45
62
|
def fetch_user_token_info
|
|
46
63
|
user_jwt(session)
|
|
47
64
|
end
|
data/config/routes.rb
CHANGED
|
@@ -9,6 +9,7 @@ Rails.application.routes.draw do
|
|
|
9
9
|
|
|
10
10
|
devise_scope :user do
|
|
11
11
|
get 'users/sign_out', to: 'users/sessions#initiate_backchannel_logout'
|
|
12
|
+
post 'users/endsession', to: 'users/sessions#endsession'
|
|
12
13
|
|
|
13
14
|
unauthenticated do
|
|
14
15
|
root 'logins#index', as: :unauthenticated_root
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strongmind-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Team Belding
|
|
@@ -94,34 +94,6 @@ dependencies:
|
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: rspec-rails
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - ">="
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - ">="
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
111
|
-
- !ruby/object:Gem::Dependency
|
|
112
|
-
name: factory_bot_rails
|
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
|
114
|
-
requirements:
|
|
115
|
-
- - ">="
|
|
116
|
-
- !ruby/object:Gem::Version
|
|
117
|
-
version: '0'
|
|
118
|
-
type: :development
|
|
119
|
-
prerelease: false
|
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
-
requirements:
|
|
122
|
-
- - ">="
|
|
123
|
-
- !ruby/object:Gem::Version
|
|
124
|
-
version: '0'
|
|
125
97
|
description: Ruby gem for StrongMind authentication in a strongmind app
|
|
126
98
|
email:
|
|
127
99
|
- teambelding@strongmind.com
|