warden_openid_bearer 0.2.0 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -1
- data/lib/warden_openid_bearer/cache_mixin.rb +6 -6
- data/lib/warden_openid_bearer/discovered_config.rb +6 -8
- data/lib/warden_openid_bearer/net_https.rb +2 -2
- data/lib/warden_openid_bearer/strategy.rb +5 -5
- data/lib/warden_openid_bearer/version.rb +1 -1
- data/lib/warden_openid_bearer.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d58e7337331d51c89146e072debd942c84fb6a0ead1e921858c851c6a6037c28
|
|
4
|
+
data.tar.gz: 45459374984b9385b797ed817163ee2fdb8cd4d3fa37a5954b14362f390a88a4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 27e03bfa44c48090373831c3c41f168a9f178e0ca3f4a681fd00c155a1ca5ed5e38c1857da1e0da38cbed53a1b7facb584df0707e7ae5f6a57784ae76b9e4644
|
|
7
|
+
data.tar.gz: b64dc3a0fb23f40c587ecf942dfc8b851a71b69f2c44c425fe7c72d61043dbcff02be81407efa1380063c49ba028d1187a24ee11d57e9cf42ce3097b371216ce
|
data/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
## [0.2.
|
|
1
|
+
## [0.2.2] - 2023-11-02
|
|
2
2
|
- Rewritten to *not* depend on the auth token being JWT (an assumption which only works with Keycloak)
|
|
3
3
|
- Support user-configured (bogus) certificate for development
|
|
4
4
|
|
|
5
|
+
N.B.: 0.2.0 thru 0.2.2 only differ from each other by meaningless style compliance adjustments (`rake standard:fix` et al).
|
|
6
|
+
|
|
5
7
|
## [0.1.4] - 2022-10-11
|
|
6
8
|
- Clean up a stray `puts` left when debugging
|
|
7
9
|
|
|
@@ -7,24 +7,24 @@ module WardenOpenidBearer
|
|
|
7
7
|
def cached_by(*keys, &do_it)
|
|
8
8
|
@__cache_mixin__cache ||= {}
|
|
9
9
|
|
|
10
|
-
caller_method = caller[
|
|
10
|
+
caller_method = caller(1..1).first[/`.*'/][1..-2]
|
|
11
11
|
keys.unshift(caller_method)
|
|
12
12
|
|
|
13
13
|
first_keys = keys.slice!(0, keys.length - 1).join("|")
|
|
14
14
|
last_key = keys[0]
|
|
15
15
|
|
|
16
16
|
last_key_is_value_type = last_key.is_a? String
|
|
17
|
-
cache = if last_key_is_value_type
|
|
18
|
-
|
|
17
|
+
cache = @__cache_mixin__cache[first_keys] ||= if last_key_is_value_type
|
|
18
|
+
{}
|
|
19
19
|
else
|
|
20
20
|
# Use the ::ObjectSpace::WeakMap private API, because the
|
|
21
21
|
# endeavor of reinventing weak maps on top of (public)
|
|
22
22
|
# WeakRef's would be called an inversion of abstraction and
|
|
23
23
|
# would be considered harmful. Sue me (I have unit tests).
|
|
24
|
-
|
|
24
|
+
::ObjectSpace::WeakMap.new
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
now = Time.now
|
|
27
|
+
now = Time.now
|
|
28
28
|
|
|
29
29
|
if (cached = cache[last_key])
|
|
30
30
|
unless respond_to?(:cache_timeout) && now - cached[:fetched_at] > cache_timeout
|
|
@@ -33,7 +33,7 @@ module WardenOpenidBearer
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
retval = do_it.call
|
|
36
|
-
cache[last_key] = {
|
|
36
|
+
cache[last_key] = {payload: retval, fetched_at: now}
|
|
37
37
|
retval
|
|
38
38
|
end
|
|
39
39
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require
|
|
4
|
-
require
|
|
3
|
+
require "net/http"
|
|
4
|
+
require "warden_openid_bearer/net_https"
|
|
5
5
|
|
|
6
6
|
module WardenOpenidBearer
|
|
7
7
|
# Cacheable configuration (periodically re-)fetched starting from
|
|
@@ -24,9 +24,7 @@ module WardenOpenidBearer
|
|
|
24
24
|
metadata[:userinfo_endpoint]
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
|
|
28
|
-
@peer_cert = peer_cert
|
|
29
|
-
end
|
|
27
|
+
attr_writer :peer_cert
|
|
30
28
|
|
|
31
29
|
private
|
|
32
30
|
|
|
@@ -36,10 +34,10 @@ module WardenOpenidBearer
|
|
|
36
34
|
|
|
37
35
|
def json(uri)
|
|
38
36
|
cached_by(uri) do
|
|
39
|
-
if uri.scheme ==
|
|
40
|
-
|
|
37
|
+
response = if uri.scheme == "https"
|
|
38
|
+
WardenOpenidBearer::NetHTTPS.get_response(URI(uri), @peer_cert)
|
|
41
39
|
else
|
|
42
|
-
|
|
40
|
+
Net::HTTP.get_response(URI(uri))
|
|
43
41
|
end
|
|
44
42
|
JSON.parse(response.body, symbolize_names: true)
|
|
45
43
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require
|
|
3
|
+
require "net/http"
|
|
4
4
|
|
|
5
5
|
module WardenOpenidBearer
|
|
6
6
|
# Like Net::HTTP, but with TLS and VERIFY_PEER always on.
|
|
@@ -22,7 +22,7 @@ module WardenOpenidBearer
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def self.get_response(uri, peer_cert = nil)
|
|
25
|
-
https =
|
|
25
|
+
https = new(uri.hostname, uri.port)
|
|
26
26
|
https.peer_cert = peer_cert if peer_cert
|
|
27
27
|
|
|
28
28
|
req = Net::HTTP::Get.new(uri)
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require
|
|
4
|
-
require
|
|
5
|
-
require
|
|
3
|
+
require "uri"
|
|
4
|
+
require "net/http"
|
|
5
|
+
require "warden_openid_bearer/net_https"
|
|
6
6
|
|
|
7
7
|
module WardenOpenidBearer
|
|
8
8
|
# Like `WardenOpenidAuth::Strategy` in
|
|
@@ -119,9 +119,9 @@ module WardenOpenidBearer
|
|
|
119
119
|
def _do_oauth2_userinfo
|
|
120
120
|
uri = URI.parse(config.userinfo_endpoint)
|
|
121
121
|
req = Net::HTTP::Get.new(uri)
|
|
122
|
-
req[
|
|
122
|
+
req["Authorization"] = "Bearer #{token}"
|
|
123
123
|
|
|
124
|
-
if uri.scheme ==
|
|
124
|
+
if uri.scheme == "https"
|
|
125
125
|
http = WardenOpenidBearer::NetHTTPS.new(uri.hostname, uri.port)
|
|
126
126
|
if (peer_cert = WardenOpenidBearer.config.openid_server_certificate)
|
|
127
127
|
http.peer_cert = peer_cert
|
data/lib/warden_openid_bearer.rb
CHANGED
|
@@ -14,6 +14,6 @@ module WardenOpenidBearer
|
|
|
14
14
|
extend Dry::Configurable
|
|
15
15
|
|
|
16
16
|
setting :openid_metadata_url, constructor: ->(url) { URI(url) }
|
|
17
|
-
setting :openid_server_certificate, default: nil, constructor: ->(pem) {
|
|
17
|
+
setting :openid_server_certificate, default: nil, constructor: ->(pem) { pem ? OpenSSL::X509::Certificate.new(pem) : nil }
|
|
18
18
|
setting :cache_timeout, default: 900
|
|
19
19
|
end
|