sync_attr_with_auth0 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sync_attr_with_auth0/auth0.rb +35 -35
- data/lib/sync_attr_with_auth0/model.rb +145 -143
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f961f26ec9f20c6320ad01bfa180f658fb976f94
|
|
4
|
+
data.tar.gz: 3bd86ae22d10e890b714dcdad22e124d08b705c8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5cb3227dd07170bb1b36ce16e95607c4b6354b920403f0dc18f868de2e671b0e51723d1e9ed5e50b606454e0bfbc1824e1dbc0a4c845cfaec38490a33294f196
|
|
7
|
+
data.tar.gz: 2b7da7127ab533773e50b3a669b4c1f768abe0d45777f17b951bc8ab1f0bac73ef9cdc626c793424901d9b19406bb7a98f3308318a9783612627d57b41bc421d
|
|
@@ -5,7 +5,7 @@ module SyncAttrWithAuth0
|
|
|
5
5
|
|
|
6
6
|
def self.create_auth0_jwt
|
|
7
7
|
payload = {
|
|
8
|
-
'aud' => ENV['
|
|
8
|
+
'aud' => ENV['AUTH0_GLOBAL_CLIENT_ID'],
|
|
9
9
|
'scopes' => {
|
|
10
10
|
'users' => {
|
|
11
11
|
'actions' => ['create', 'update', 'read']
|
|
@@ -15,7 +15,7 @@ module SyncAttrWithAuth0
|
|
|
15
15
|
'jti' => UUIDTools::UUID.timestamp_create.to_s
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
jwt = JWT.encode(payload, ENV['
|
|
18
|
+
jwt = JWT.encode(payload, ENV['AUTH0_GLOBAL_CLIENT_SECRET'])
|
|
19
19
|
|
|
20
20
|
return jwt
|
|
21
21
|
end
|
|
@@ -25,7 +25,7 @@ module SyncAttrWithAuth0
|
|
|
25
25
|
# auth0 = Auth0Client.new(client_id: ENV['AUTH0_CLIENT_ID'], client_secret: ENV['AUTH0_CLIENT_SECRET'], namespace: ENV['AUTH0_DOMAIN'])
|
|
26
26
|
|
|
27
27
|
# v2
|
|
28
|
-
auth0 = Auth0Client.new(api_version: 2,
|
|
28
|
+
auth0 = Auth0Client.new(api_version: 2, access_token: SyncAttrWithAuth0::Auth0.create_auth0_jwt, namespace: ENV['AUTH0_DOMAIN'])
|
|
29
29
|
|
|
30
30
|
return auth0
|
|
31
31
|
end
|
|
@@ -34,38 +34,38 @@ module SyncAttrWithAuth0
|
|
|
34
34
|
# This stuff is legacy now. It's probably best to remove this stuff once the
|
|
35
35
|
# auth0 API stuff is working.
|
|
36
36
|
###
|
|
37
|
-
def self.get_access_token
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
def self.make_request(access_token, method, path, payload=nil)
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
end
|
|
37
|
+
# def self.get_access_token
|
|
38
|
+
# payload = {
|
|
39
|
+
# "client_id" => ENV['AUTH0_CLIENT_ID'],
|
|
40
|
+
# "client_secret" => ENV['AUTH0_CLIENT_SECRET'],
|
|
41
|
+
# "grant_type" => "client_credentials"
|
|
42
|
+
# }
|
|
43
|
+
#
|
|
44
|
+
# response = SyncAttrWithAuth0::Auth0.make_request(nil, 'post', '/oauth/token', payload)
|
|
45
|
+
#
|
|
46
|
+
# response = JSON.parse( response.to_s ) unless response.nil? or response.to_s.empty?
|
|
47
|
+
#
|
|
48
|
+
# response['access_token']
|
|
49
|
+
# end
|
|
50
|
+
#
|
|
51
|
+
# def self.make_request(access_token, method, path, payload=nil)
|
|
52
|
+
# args = [method, "https://#{ENV['AUTH0_DOMAIN']}#{path}"]
|
|
53
|
+
#
|
|
54
|
+
# # The post body wedges in between the request url
|
|
55
|
+
# # and the request headers for POST and PUT methods
|
|
56
|
+
# args << payload if payload
|
|
57
|
+
#
|
|
58
|
+
# if access_token
|
|
59
|
+
# args << { content_type: :json, authorization: "Bearer #{access_token}", accept: "application/json" }
|
|
60
|
+
#
|
|
61
|
+
# else
|
|
62
|
+
# args << { content_type: :json, accept: "application/json" }
|
|
63
|
+
#
|
|
64
|
+
# end
|
|
65
|
+
#
|
|
66
|
+
# # Handle variable length arg lists
|
|
67
|
+
# _response = RestClient.send(*args)
|
|
68
|
+
# end
|
|
69
69
|
|
|
70
70
|
end
|
|
71
71
|
end
|
|
@@ -7,23 +7,25 @@ module SyncAttrWithAuth0
|
|
|
7
7
|
module ClassMethods
|
|
8
8
|
|
|
9
9
|
def sync_attr_with_auth0(options = {})
|
|
10
|
-
class_attribute :
|
|
11
|
-
|
|
12
|
-
class_attribute :
|
|
13
|
-
class_attribute :
|
|
14
|
-
class_attribute :
|
|
15
|
-
class_attribute :
|
|
16
|
-
class_attribute :
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
self.
|
|
23
|
-
self.
|
|
24
|
-
self.
|
|
25
|
-
self.
|
|
26
|
-
self.
|
|
10
|
+
class_attribute :auth0_sync_options
|
|
11
|
+
|
|
12
|
+
# class_attribute :auth0_uid_att
|
|
13
|
+
# class_attribute :auth0_name_att
|
|
14
|
+
# class_attribute :auth0_email_att
|
|
15
|
+
# class_attribute :auth0_password_att
|
|
16
|
+
# class_attribute :auth0_email_verified_att
|
|
17
|
+
# class_attribute :auth0_connection_name
|
|
18
|
+
# class_attribute :auth0_sync_atts
|
|
19
|
+
|
|
20
|
+
merge_default_options(options)
|
|
21
|
+
|
|
22
|
+
# self.auth0_uid_att = _options[:uid_att]
|
|
23
|
+
# self.auth0_name_att = _options[:name_att]
|
|
24
|
+
# self.auth0_email_att = _options[:email_att]
|
|
25
|
+
# self.auth0_password_att = _options[:password_att]
|
|
26
|
+
# self.auth0_email_verified_att = _options[:auth0_email_verified_att]
|
|
27
|
+
# self.auth0_connection_name = _options[:auth0_connection_name]
|
|
28
|
+
# self.auth0_sync_atts = _options[:auth0_sync_atts].collect(&:to_s)
|
|
27
29
|
|
|
28
30
|
after_validation :validate_email_with_auth0
|
|
29
31
|
after_create :create_user_in_auth0
|
|
@@ -33,17 +35,19 @@ module SyncAttrWithAuth0
|
|
|
33
35
|
private
|
|
34
36
|
|
|
35
37
|
def merge_default_options(options)
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
38
|
+
self.auth0_sync_options = {
|
|
39
|
+
uid_att: :uid,
|
|
40
|
+
name_att: :name,
|
|
41
|
+
given_name_att: :given_name,
|
|
42
|
+
family_name_att: :familiy_name,
|
|
43
|
+
email_att: :email,
|
|
44
|
+
password_att: :password,
|
|
45
|
+
email_verified_att: :email_verified,
|
|
46
|
+
connection_name: 'Username-Password-Authentication',
|
|
47
|
+
sync_atts: []
|
|
44
48
|
}
|
|
45
49
|
|
|
46
|
-
|
|
50
|
+
self.auth0_sync_options.merge!(options)
|
|
47
51
|
|
|
48
52
|
return _options
|
|
49
53
|
end
|
|
@@ -57,14 +61,6 @@ module SyncAttrWithAuth0
|
|
|
57
61
|
ok_to_validate = (self.respond_to?(:validate_with_auth0) and !self.validate_with_auth0.nil? ? self.validate_with_auth0 : true)
|
|
58
62
|
|
|
59
63
|
if ok_to_validate and self.email_changed?
|
|
60
|
-
# # Get an access token
|
|
61
|
-
# access_token = SyncAttrWithAuth0::Auth0.get_access_token
|
|
62
|
-
#
|
|
63
|
-
# response = SyncAttrWithAuth0::Auth0.make_request(
|
|
64
|
-
# access_token,
|
|
65
|
-
# 'get',
|
|
66
|
-
# "/api/users?search=email:#{self.send(auth0_email_att)}")
|
|
67
|
-
|
|
68
64
|
auth0 = SyncAttrWithAuth0::Auth0.create_auth0_client
|
|
69
65
|
|
|
70
66
|
response = auth0.users(
|
|
@@ -72,10 +68,10 @@ module SyncAttrWithAuth0
|
|
|
72
68
|
0,
|
|
73
69
|
nil,
|
|
74
70
|
nil,
|
|
75
|
-
|
|
71
|
+
auth0_sync_options[:connection_name],
|
|
76
72
|
nil,
|
|
77
73
|
nil,
|
|
78
|
-
"email:#{self.send(
|
|
74
|
+
"email:#{self.send(auth0_sync_options[:email_att])}"
|
|
79
75
|
)
|
|
80
76
|
|
|
81
77
|
return JSON.parse(response).empty?
|
|
@@ -91,58 +87,52 @@ module SyncAttrWithAuth0
|
|
|
91
87
|
|
|
92
88
|
# Do not create a user in auth0 if the user already has a uid from auth0
|
|
93
89
|
if ok_to_sync
|
|
94
|
-
unless self.send(
|
|
90
|
+
unless self.send(auth0_sync_options[:uid_att]).nil? or self.send(auth0_sync_options[:uid_att]).empty?
|
|
95
91
|
ok_to_sync = false
|
|
96
92
|
end
|
|
97
93
|
end
|
|
98
94
|
|
|
99
95
|
if ok_to_sync
|
|
100
|
-
# #
|
|
101
|
-
#
|
|
102
|
-
|
|
103
|
-
#
|
|
104
|
-
#
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
#
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
end
|
|
96
|
+
# # Look for matches between what's changing
|
|
97
|
+
# # and what needs to be transmitted to Auth0
|
|
98
|
+
# matches = ( (self.class.auth0_sync_options[:sync_atts] || []) & (self.changes.keys || []) )
|
|
99
|
+
#
|
|
100
|
+
# # Figure out what needs to be sent to Auth0
|
|
101
|
+
# changes = {}
|
|
102
|
+
# matches.each do |m|
|
|
103
|
+
# changes[m] = self.send(m) if self.respond_to?(m)
|
|
104
|
+
# end
|
|
105
|
+
|
|
106
|
+
user_metadata = auth0_user_metadata
|
|
107
|
+
|
|
108
|
+
# unless user_metadata['email'].nil?
|
|
109
|
+
# # Email is already being sent
|
|
110
|
+
# user_metadata.delete('email')
|
|
111
|
+
# end
|
|
112
|
+
#
|
|
113
|
+
# unless user_metadata['password'].nil?
|
|
114
|
+
# # Password is already being sent
|
|
115
|
+
# user_metadata.delete('password')
|
|
116
|
+
# end
|
|
122
117
|
|
|
123
118
|
password = auth0_user_password
|
|
124
119
|
email_verified = auth0_email_verified?
|
|
125
120
|
args = {
|
|
126
|
-
'email' => self.send(
|
|
121
|
+
'email' => self.send(auth0_sync_options[:email_att]),
|
|
127
122
|
'password' => password,
|
|
128
|
-
'connection' =>
|
|
129
|
-
'email_verified' => email_verified
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
# response = SyncAttrWithAuth0::Auth0.make_request(
|
|
133
|
-
# access_token,
|
|
134
|
-
# 'post',
|
|
135
|
-
# "/api/users",
|
|
136
|
-
# args)
|
|
123
|
+
'connection' => auth0_sync_options[:connection_name],
|
|
124
|
+
'email_verified' => email_verified,
|
|
125
|
+
'user_metadata' => user_metadata
|
|
126
|
+
}
|
|
137
127
|
|
|
138
128
|
auth0 = SyncAttrWithAuth0::Auth0.create_auth0_client
|
|
139
129
|
|
|
140
|
-
response = auth0.create_user(self.send(
|
|
130
|
+
response = auth0.create_user(self.send(auth0_sync_options[:name_att]), args)
|
|
141
131
|
|
|
142
132
|
response = JSON.parse(response)
|
|
143
133
|
|
|
144
134
|
# Update the record with the uid
|
|
145
|
-
self.send("#{
|
|
135
|
+
self.send("#{auth0_sync_options[:uid_att]}=", response['user_id'])
|
|
146
136
|
self.save
|
|
147
137
|
end
|
|
148
138
|
|
|
@@ -153,89 +143,87 @@ module SyncAttrWithAuth0
|
|
|
153
143
|
ok_to_sync = (self.respond_to?(:sync_with_auth0_on_update) and !self.sync_with_auth0_on_update.nil? ? self.sync_with_auth0_on_update : true)
|
|
154
144
|
|
|
155
145
|
if ok_to_sync
|
|
156
|
-
# Look for matches between what's changing
|
|
157
|
-
# and what needs to be transmitted to Auth0
|
|
158
|
-
matches = ( (self.class.
|
|
159
|
-
|
|
160
|
-
#
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
# response = SyncAttrWithAuth0::Auth0.make_request(
|
|
184
|
-
# access_token,
|
|
185
|
-
# 'put',
|
|
186
|
-
# "/api/users/#{::URI.escape(uid)}/email",
|
|
187
|
-
# {
|
|
188
|
-
# 'email' => email,
|
|
189
|
-
# 'verify' => false # If the user were to fail to verify it would create a discrepency between auth0 and the local database
|
|
190
|
-
# })
|
|
191
|
-
#
|
|
192
|
-
# response = JSON.parse(response)
|
|
193
|
-
#
|
|
194
|
-
# # Update the record with the uid
|
|
195
|
-
# self.send("#{auth0_uid_att}=", response['user_id'])
|
|
196
|
-
# self.save
|
|
197
|
-
# end
|
|
198
|
-
#
|
|
199
|
-
# # Determine if the password was changed
|
|
200
|
-
# unless changes['password'].nil?
|
|
201
|
-
# password = changes.delete('password')
|
|
202
|
-
#
|
|
203
|
-
# response = SyncAttrWithAuth0::Auth0.make_request(
|
|
204
|
-
# access_token,
|
|
205
|
-
# 'put',
|
|
206
|
-
# "/api/users/#{::URI.escape(uid)}/password",
|
|
207
|
-
# {
|
|
208
|
-
# 'password' => password,
|
|
209
|
-
# 'verify' => true
|
|
210
|
-
# })
|
|
211
|
-
# end
|
|
212
|
-
#
|
|
213
|
-
# # Patch the changes
|
|
214
|
-
# response = SyncAttrWithAuth0::Auth0.make_request(
|
|
215
|
-
# access_token,
|
|
216
|
-
# 'patch',
|
|
217
|
-
# "/api/users/#{::URI.escape(uid)}/metadata",
|
|
218
|
-
# changes)
|
|
219
|
-
|
|
220
|
-
auth0 = SyncAttrWithAuth0::Auth0.create_auth0_client
|
|
221
|
-
|
|
222
|
-
response = auth0.patch_user(uid, changes)
|
|
223
|
-
end
|
|
224
|
-
|
|
225
|
-
end
|
|
146
|
+
# # Look for matches between what's changing
|
|
147
|
+
# # and what needs to be transmitted to Auth0
|
|
148
|
+
# matches = ( (self.class.auth0_sync_options[:sync_atts] || []) & (self.changes.keys || []) )
|
|
149
|
+
|
|
150
|
+
# Get the auth0 uid
|
|
151
|
+
uid = self.send(auth0_sync_options[:uid_att])
|
|
152
|
+
|
|
153
|
+
# Don't try to update auth0 if the user doesn't have a uid
|
|
154
|
+
unless uid.nil?
|
|
155
|
+
user_metadata = auth0_user_metadata
|
|
156
|
+
|
|
157
|
+
auth0 = SyncAttrWithAuth0::Auth0.create_auth0_client
|
|
158
|
+
|
|
159
|
+
args = {
|
|
160
|
+
'app_metadata' => {
|
|
161
|
+
'name' => self.send(auth0_sync_options[:name_att]),
|
|
162
|
+
'nickname' => self.send(auth0_sync_options[:name_att]),
|
|
163
|
+
'given_name' => self.send(auth0_sync_options[:given_name_att]),
|
|
164
|
+
'family_name' => self.send(auth0_sync_options[:family_name_att]),
|
|
165
|
+
'email' => self.send(auth0_sync_options[:email_att]),
|
|
166
|
+
'password' => self.send(auth0_sync_options[:password_att])
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
args['user_metadata'] = user_metadata
|
|
171
|
+
|
|
172
|
+
response = auth0.patch_user(uid, args)
|
|
226
173
|
end
|
|
227
174
|
|
|
175
|
+
# # If we find matches
|
|
176
|
+
# unless matches.empty?
|
|
177
|
+
# # Figure out what needs to be sent to Auth0
|
|
178
|
+
# changes = {}
|
|
179
|
+
# matches.each do |m|
|
|
180
|
+
# changes[m] = self.send(m)
|
|
181
|
+
# end
|
|
182
|
+
#
|
|
183
|
+
# # If we actually have changes
|
|
184
|
+
# unless changes.empty?
|
|
185
|
+
# # Get the auth0 uid
|
|
186
|
+
# uid = self.send(auth0_sync_options[:uid_att])
|
|
187
|
+
#
|
|
188
|
+
# # Don't try to update auth0 if the user doesn't have a uid
|
|
189
|
+
# unless uid.nil?
|
|
190
|
+
# auth0 = SyncAttrWithAuth0::Auth0.create_auth0_client
|
|
191
|
+
#
|
|
192
|
+
# args = {
|
|
193
|
+
# 'app_metadata' => {
|
|
194
|
+
# 'name' => self.send(auth0_sync_options[:name_att]),
|
|
195
|
+
# 'nickname' => self.send(auth0_sync_options[:name_att]),
|
|
196
|
+
# 'given_name' => self.send(auth0_sync_options[:given_name_att]),
|
|
197
|
+
# 'family_name' => self.send(auth0_sync_options[:family_name_att])
|
|
198
|
+
# }
|
|
199
|
+
# }
|
|
200
|
+
# unless changes['email'].nil?
|
|
201
|
+
# args['app_metadata']['username'] = changes.delete('email')
|
|
202
|
+
# end
|
|
203
|
+
#
|
|
204
|
+
# unless changes['password'].nil?
|
|
205
|
+
# args['app_metadata']['password'] = changes.delete('password')
|
|
206
|
+
# end
|
|
207
|
+
#
|
|
208
|
+
# args['user_metadata'] = changes
|
|
209
|
+
#
|
|
210
|
+
# response = auth0.patch_user(uid, args)
|
|
211
|
+
# end
|
|
212
|
+
#
|
|
213
|
+
# end
|
|
214
|
+
# end
|
|
215
|
+
|
|
228
216
|
end
|
|
229
217
|
|
|
230
218
|
true # don't abort the callback chain
|
|
231
219
|
end
|
|
232
220
|
|
|
233
221
|
def auth0_user_password
|
|
234
|
-
self.respond_to?(
|
|
222
|
+
self.respond_to?(auth0_sync_options[:password_att]) ? self.send(auth0_sync_options[:password_att]) : auth0_default_password
|
|
235
223
|
end
|
|
236
224
|
|
|
237
225
|
def auth0_email_verified?
|
|
238
|
-
!!(self.respond_to?(
|
|
226
|
+
!!(self.respond_to?(auth0_sync_options[:email_verified_att]) ? self.send(auth0_sync_options[:email_verified_att]) : false)
|
|
239
227
|
end
|
|
240
228
|
|
|
241
229
|
def auth0_default_password
|
|
@@ -247,5 +235,19 @@ module SyncAttrWithAuth0
|
|
|
247
235
|
::UUIDTools::UUID.random_create().to_s
|
|
248
236
|
end
|
|
249
237
|
|
|
238
|
+
def auth0_user_metadata
|
|
239
|
+
user_metadata = {}
|
|
240
|
+
app_metadata_keys = [auth0_sync_options[:family_name_att],
|
|
241
|
+
auth0_sync_options[:given_name_att], auth0_sync_options[:email_att],
|
|
242
|
+
auth0_sync_options[:password_att],
|
|
243
|
+
auth0_sync_options[:email_verified_att], auth0_sync_options[:name_att]]
|
|
244
|
+
|
|
245
|
+
auth0_sync_options[:sync_atts].each do |key|
|
|
246
|
+
user_metadata[key] = self.send(key) if self.respond_to?(key) and app_metadata_keys.index(key).nil?
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
return user_metadata
|
|
250
|
+
end
|
|
251
|
+
|
|
250
252
|
end
|
|
251
253
|
end
|