warden_openid_bearer 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -1
- data/lib/warden_openid_bearer/cache_mixin.rb +5 -5
- data/lib/warden_openid_bearer/discovered_config.rb +6 -8
- data/lib/warden_openid_bearer/net_https.rb +2 -2
- data/lib/warden_openid_bearer/strategy.rb +5 -5
- data/lib/warden_openid_bearer/version.rb +1 -1
- data/lib/warden_openid_bearer.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3185e14bde01f3b44bae689e3942051973e8a38ee25eb382c549a87175a80597
|
4
|
+
data.tar.gz: 00d8d47d1f1656ac9dafd8257b818c80b32ca3df22d63895b50765cabc29d199
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 15407ea9f324dca19089df0862d150a303fe695313c3e1aad83dc023c824a6bcdbaa367e182c4f86014d8199d6341e9d62ec75b362e87c2a2e9ab41b742512a0
|
7
|
+
data.tar.gz: 80efe7bdd1fb90077dd74718144b5c014b165b04395ae3d8e4e54894e49436a211c844e74319cf4342b192cc1e6c024835ed4994147f1ef96d9a191389820942
|
data/CHANGELOG.md
CHANGED
@@ -1,7 +1,9 @@
|
|
1
|
-
## [0.2.
|
1
|
+
## [0.2.1] - 2023-11-02
|
2
2
|
- Rewritten to *not* depend on the auth token being JWT (an assumption which only works with Keycloak)
|
3
3
|
- Support user-configured (bogus) certificate for development
|
4
4
|
|
5
|
+
N.B.: 0.2.0 only differs from 0.2.1 by the fact that `rake standard:fix` ran inbetweeen both.
|
6
|
+
|
5
7
|
## [0.1.4] - 2022-10-11
|
6
8
|
- Clean up a stray `puts` left when debugging
|
7
9
|
|
@@ -7,21 +7,21 @@ module WardenOpenidBearer
|
|
7
7
|
def cached_by(*keys, &do_it)
|
8
8
|
@__cache_mixin__cache ||= {}
|
9
9
|
|
10
|
-
caller_method = caller[
|
10
|
+
caller_method = caller(1..1).first[/`.*'/][1..-2]
|
11
11
|
keys.unshift(caller_method)
|
12
12
|
|
13
13
|
first_keys = keys.slice!(0, keys.length - 1).join("|")
|
14
14
|
last_key = keys[0]
|
15
15
|
|
16
16
|
last_key_is_value_type = last_key.is_a? String
|
17
|
-
cache = if last_key_is_value_type
|
18
|
-
|
17
|
+
cache = @__cache_mixin__cache[first_keys] ||= if last_key_is_value_type
|
18
|
+
{}
|
19
19
|
else
|
20
20
|
# Use the ::ObjectSpace::WeakMap private API, because the
|
21
21
|
# endeavor of reinventing weak maps on top of (public)
|
22
22
|
# WeakRef's would be called an inversion of abstraction and
|
23
23
|
# would be considered harmful. Sue me (I have unit tests).
|
24
|
-
|
24
|
+
::ObjectSpace::WeakMap.new
|
25
25
|
end
|
26
26
|
|
27
27
|
now = Time.now()
|
@@ -33,7 +33,7 @@ module WardenOpenidBearer
|
|
33
33
|
end
|
34
34
|
|
35
35
|
retval = do_it.call
|
36
|
-
cache[last_key] = {
|
36
|
+
cache[last_key] = {payload: retval, fetched_at: now}
|
37
37
|
retval
|
38
38
|
end
|
39
39
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "net/http"
|
4
|
+
require "warden_openid_bearer/net_https"
|
5
5
|
|
6
6
|
module WardenOpenidBearer
|
7
7
|
# Cacheable configuration (periodically re-)fetched starting from
|
@@ -24,9 +24,7 @@ module WardenOpenidBearer
|
|
24
24
|
metadata[:userinfo_endpoint]
|
25
25
|
end
|
26
26
|
|
27
|
-
|
28
|
-
@peer_cert = peer_cert
|
29
|
-
end
|
27
|
+
attr_writer :peer_cert
|
30
28
|
|
31
29
|
private
|
32
30
|
|
@@ -36,10 +34,10 @@ module WardenOpenidBearer
|
|
36
34
|
|
37
35
|
def json(uri)
|
38
36
|
cached_by(uri) do
|
39
|
-
if uri.scheme ==
|
40
|
-
|
37
|
+
response = if uri.scheme == "https"
|
38
|
+
WardenOpenidBearer::NetHTTPS.get_response(URI(uri), @peer_cert)
|
41
39
|
else
|
42
|
-
|
40
|
+
Net::HTTP.get_response(URI(uri))
|
43
41
|
end
|
44
42
|
JSON.parse(response.body, symbolize_names: true)
|
45
43
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "net/http"
|
4
4
|
|
5
5
|
module WardenOpenidBearer
|
6
6
|
# Like Net::HTTP, but with TLS and VERIFY_PEER always on.
|
@@ -22,7 +22,7 @@ module WardenOpenidBearer
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def self.get_response(uri, peer_cert = nil)
|
25
|
-
https =
|
25
|
+
https = new(uri.hostname, uri.port)
|
26
26
|
https.peer_cert = peer_cert if peer_cert
|
27
27
|
|
28
28
|
req = Net::HTTP::Get.new(uri)
|
@@ -1,8 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require "uri"
|
4
|
+
require "net/http"
|
5
|
+
require "warden_openid_bearer/net_https"
|
6
6
|
|
7
7
|
module WardenOpenidBearer
|
8
8
|
# Like `WardenOpenidAuth::Strategy` in
|
@@ -119,9 +119,9 @@ module WardenOpenidBearer
|
|
119
119
|
def _do_oauth2_userinfo
|
120
120
|
uri = URI.parse(config.userinfo_endpoint)
|
121
121
|
req = Net::HTTP::Get.new(uri)
|
122
|
-
req[
|
122
|
+
req["Authorization"] = "Bearer #{token}"
|
123
123
|
|
124
|
-
if uri.scheme ==
|
124
|
+
if uri.scheme == "https"
|
125
125
|
http = WardenOpenidBearer::NetHTTPS.new(uri.hostname, uri.port)
|
126
126
|
if (peer_cert = WardenOpenidBearer.config.openid_server_certificate)
|
127
127
|
http.peer_cert = peer_cert
|
data/lib/warden_openid_bearer.rb
CHANGED
@@ -14,6 +14,6 @@ module WardenOpenidBearer
|
|
14
14
|
extend Dry::Configurable
|
15
15
|
|
16
16
|
setting :openid_metadata_url, constructor: ->(url) { URI(url) }
|
17
|
-
setting :openid_server_certificate, default: nil, constructor: ->(pem) {
|
17
|
+
setting :openid_server_certificate, default: nil, constructor: ->(pem) { pem ? OpenSSL::X509::Certificate.new(pem) : nil }
|
18
18
|
setting :cache_timeout, default: 900
|
19
19
|
end
|