verikloak-bff 0.4.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +14 -0
  3. data/lib/verikloak/bff/forwarded_token.rb +3 -5
  4. data/lib/verikloak/bff/version.rb +1 -1
  5. metadata +6 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3c5f40a546e7c2d93204ed332332ef0a7856f40b01b1b6ad3ca593ad97fc782d
4
- data.tar.gz: 82d641a1d023617ccfdd313228a70e85d5cb314d0de410822789b12210a5b260
3
+ metadata.gz: 9334e103b57c76a8723b73e30fd48f24e0eeb505a6b3d113ece410025b8f0f00
4
+ data.tar.gz: 9b6c0b661cc28b8061176c1c294f28d0e6577b4645bfc286db72ca952b9caf7f
5
5
  SHA512:
6
- metadata.gz: aff00531a727ad605b8b33fc18e0bea74dfebcef456bc3d9f43f1b6274772b00f7694765dffb30cf0be7fd4682d861685117a52fe821cb44405377daad9b7268
7
- data.tar.gz: 37acc8610e94b2606c958217b58f1842b47f8b277f57773f096c37b33099545c98b10f984c8102cc3880e7c4f5148140ca7fa0c5213ecfded1174377834cca0f
6
+ metadata.gz: 4c361c0afec931b6d5cbebfd76be1064362b4fb8eb7cb61d430029c6a10b9a42575973356657152f171ec15d9c0ad291a24db08006d9eb6bd503d791cbe2844a
7
+ data.tar.gz: f222b9c2718aead0b08ae8c1aaed235d62c880a046bf08c81a8f80cf9b6005435087d71262bcf53b7e115bdef0a7963c65a36a7c568c903daa2a96e91138fc29
data/CHANGELOG.md CHANGED
@@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ---
9
9
 
10
+ ## [1.0.0] - 2026-02-15
11
+
12
+ ### Fixed
13
+ - **Token divergence**: `ForwardedToken.set_authorization!` now always overwrites `HTTP_AUTHORIZATION` with the chosen token. Previously, an existing Bearer header would prevent the overwrite, causing the downstream Verikloak middleware to verify a different token than the one selected by the BFF guard
14
+ - **BREAKING**: Minimum `verikloak` dependency raised to `~> 1.0`
15
+
16
+ ### Added
17
+ - **Unit tests**: Added direct unit tests for `ForwardedToken`, `JwtUtils`, and `HeaderSources` modules
18
+
19
+ ### Changed
20
+ - **v1.0.0 stable release**: Public API is now considered stable under Semantic Versioning
21
+
22
+ ---
23
+
10
24
  ## [0.4.0] - 2026-02-15
11
25
 
12
26
  ### Security
data/lib/verikloak/bff/forwarded_token.rb CHANGED
@@ -79,16 +79,14 @@ module Verikloak
79
79
  "Bearer #{s}"
80
80
  end
81
81
 
82
- # Set Authorization header to a normalized Bearer value (no overwrite when present).
82
+ # Set Authorization header to a normalized Bearer value.
83
+ # Always overwrites the existing Authorization header to ensure
84
+ # the chosen token and Authorization are synchronized.
83
85
  #
84
86
  # @param env [Hash]
85
87
  # @param token [String]
86
88
  # @return [void]
87
89
  def set_authorization!(env, token)
88
- existing = env[AUTH_HEADER].to_s
89
- # Overwrite only if Authorization is empty or not a valid Bearer value
90
- return unless existing.empty? || normalize_auth(existing).nil?
91
-
92
90
  env[AUTH_HEADER] = ensure_bearer(token)
93
91
  end
94
92
 
data/lib/verikloak/bff/version.rb CHANGED
@@ -5,6 +5,6 @@
5
5
  # @return [String]
6
6
  module Verikloak
7
7
  module BFF
8
- VERSION = '0.4.0'
8
+ VERSION = '1.0.0'
9
9
  end
10
10
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: verikloak-bff
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - taiyaky
@@ -53,22 +53,16 @@ dependencies:
53
53
  name: verikloak
54
54
  requirement: !ruby/object:Gem::Requirement
55
55
  requirements:
56
- - - ">="
57
- - !ruby/object:Gem::Version
58
- version: 0.4.0
59
- - - "<"
56
+ - - "~>"
60
57
  - !ruby/object:Gem::Version
61
- version: 1.0.0
58
+ version: '1.0'
62
59
  type: :runtime
63
60
  prerelease: false
64
61
  version_requirements: !ruby/object:Gem::Requirement
65
62
  requirements:
66
- - - ">="
67
- - !ruby/object:Gem::Version
68
- version: 0.4.0
69
- - - "<"
63
+ - - "~>"
70
64
  - !ruby/object:Gem::Version
71
- version: 1.0.0
65
+ version: '1.0'
72
66
  description: Framework-agnostic Rack middleware that normalizes forwarded tokens,
73
67
  enforces trust boundaries, and checks header/claims consistency before verikloak.
74
68
  executables: []
@@ -101,7 +95,7 @@ metadata:
101
95
  source_code_uri: https://github.com/taiyaky/verikloak-bff
102
96
  changelog_uri: https://github.com/taiyaky/verikloak-bff/blob/main/CHANGELOG.md
103
97
  bug_tracker_uri: https://github.com/taiyaky/verikloak-bff/issues
104
- documentation_uri: https://rubydoc.info/gems/verikloak-bff/0.4.0
98
+ documentation_uri: https://rubydoc.info/gems/verikloak-bff/1.0.0
105
99
  rubygems_mfa_required: 'true'
106
100
  rdoc_options: []
107
101
  require_paths: