zaikio-jwt_auth 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +30 -1
- data/lib/zaikio/jwt_auth.rb +16 -18
- data/lib/zaikio/jwt_auth/configuration.rb +2 -1
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fd2758c610957007baf7499e46f22d286a5c61dceb5895270080f20af8e5a57d
|
|
4
|
+
data.tar.gz: 5c945887dca4cd07ebfc836a5cbadb81667a56dbed0c6f67152dba297d4399fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 73a3192d97b3f20caab44a96306258cd7b1b0240fb9e912726e3dfd536ef46183e0590a9cb513ed4be6afb66f4ee3c0a415153c4a7e7259a7bd569374e30eab4
|
|
7
|
+
data.tar.gz: bb9db302ba5caafeae825b25c244a91d213c1026d879c62ca2da230db6f29ade726121fcd0c0727c1e5625a84e2ed2cfb282a25ecaa827562efe6e6a9cb1a58f
|
data/README.md
CHANGED
|
@@ -49,7 +49,7 @@ end
|
|
|
49
49
|
|
|
50
50
|
### 4. Update Revoked Access Tokens by Webhook
|
|
51
51
|
|
|
52
|
-
This gem automatically registers a webhook, if you have properly setup [Zaikio::Webhooks](https://github.com/
|
|
52
|
+
This gem automatically registers a webhook, if you have properly setup [Zaikio::Webhooks](https://github.com/zaikio/zaikio-webhooks).
|
|
53
53
|
|
|
54
54
|
|
|
55
55
|
### 5. Add more restrictions to your resources:
|
|
@@ -118,3 +118,32 @@ class API::ResourcesController < API::ApplicationController
|
|
|
118
118
|
authorize_by_jwt_scopes 'resources', unless: -> { params[:skip] == '1' }
|
|
119
119
|
end
|
|
120
120
|
```
|
|
121
|
+
|
|
122
|
+
### Usage outside a Rails controller
|
|
123
|
+
|
|
124
|
+
If you need to access a JWT outside the normal Rails controllers (e.g. in a Rack
|
|
125
|
+
middleware), there's a static helper method `.extract` which you can use:
|
|
126
|
+
|
|
127
|
+
```ruby
|
|
128
|
+
class MyRackMiddleware < Rack::Middleware
|
|
129
|
+
def call(env)
|
|
130
|
+
token = Zaikio::JWTAuth.extract(env["HTTP_AUTHORIZATION"])
|
|
131
|
+
puts token.subject_type #=> "Organization"
|
|
132
|
+
...
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
This function expects to receive the string in the format `"Bearer $token"`.
|
|
136
|
+
|
|
137
|
+
## Contributing
|
|
138
|
+
|
|
139
|
+
**Make sure you have the dummy app running locally to validate your changes.**
|
|
140
|
+
|
|
141
|
+
- Make your changes and submit a pull request for them
|
|
142
|
+
- Make sure to update `CHANGELOG.md`
|
|
143
|
+
|
|
144
|
+
To release a new version of the gem:
|
|
145
|
+
- Update the version in `lib/zaikio/jwt_auth/version.rb`
|
|
146
|
+
- Update `CHANGELOG.md` to include the new version and its release date
|
|
147
|
+
- Commit and push your changes
|
|
148
|
+
- Create a [new release on GitHub](https://github.com/zaikio/zaikio-jwt_auth/releases/new)
|
|
149
|
+
- CircleCI will build the Gem package and push it Rubygems for you
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -52,6 +52,20 @@ module Zaikio
|
|
|
52
52
|
@mocked_jwt_payload = payload
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
+
HEADER_FORMAT = /\ABearer (.+)\z/.freeze
|
|
56
|
+
|
|
57
|
+
def self.extract(authorization_header_string)
|
|
58
|
+
return TokenData.new(Zaikio::JWTAuth.mocked_jwt_payload) if Zaikio::JWTAuth.mocked_jwt_payload
|
|
59
|
+
|
|
60
|
+
return if authorization_header_string.blank?
|
|
61
|
+
|
|
62
|
+
return unless (token = authorization_header_string[HEADER_FORMAT, 1])
|
|
63
|
+
|
|
64
|
+
payload, = JWT.decode(token, nil, true, algorithms: ["RS256"], jwks: JWK.loader)
|
|
65
|
+
|
|
66
|
+
TokenData.new(payload)
|
|
67
|
+
end
|
|
68
|
+
|
|
55
69
|
module ClassMethods
|
|
56
70
|
def authorize_by_jwt_subject_type(type = nil)
|
|
57
71
|
@authorize_by_jwt_subject_type ||= type
|
|
@@ -68,9 +82,8 @@ module Zaikio
|
|
|
68
82
|
|
|
69
83
|
module InstanceMethods
|
|
70
84
|
def authenticate_by_jwt
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
token_data = TokenData.new(jwt_payload)
|
|
85
|
+
token_data = Zaikio::JWTAuth.extract(request.headers["Authorization"])
|
|
86
|
+
return render_error("no_jwt_passed", status: :unauthorized) unless token_data
|
|
74
87
|
|
|
75
88
|
return if show_error_if_token_is_revoked(token_data)
|
|
76
89
|
|
|
@@ -98,21 +111,6 @@ module Zaikio
|
|
|
98
111
|
|
|
99
112
|
private
|
|
100
113
|
|
|
101
|
-
def jwt_from_auth_header
|
|
102
|
-
return true if Zaikio::JWTAuth.mocked_jwt_payload
|
|
103
|
-
|
|
104
|
-
auth_header = request.headers["Authorization"]
|
|
105
|
-
auth_header.split("Bearer ").last if /Bearer/.match?(auth_header)
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
def jwt_payload
|
|
109
|
-
return Zaikio::JWTAuth.mocked_jwt_payload if Zaikio::JWTAuth.mocked_jwt_payload
|
|
110
|
-
|
|
111
|
-
payload, = JWT.decode(jwt_from_auth_header, nil, true, algorithms: ["RS256"], jwks: JWK.loader)
|
|
112
|
-
|
|
113
|
-
payload
|
|
114
|
-
end
|
|
115
|
-
|
|
116
114
|
def show_error_if_authorize_by_jwt_scopes_fails(token_data)
|
|
117
115
|
return if token_data.scope_by_configurations?(
|
|
118
116
|
self.class.authorize_by_jwt_scopes,
|
|
@@ -18,6 +18,7 @@ module Zaikio
|
|
|
18
18
|
def initialize
|
|
19
19
|
@environment = :sandbox
|
|
20
20
|
@revoked_token_ids = nil
|
|
21
|
+
@keys = nil
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
def logger
|
|
@@ -30,7 +31,7 @@ module Zaikio
|
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
def keys
|
|
33
|
-
|
|
34
|
+
@keys.is_a?(Proc) ? @keys.call : @keys
|
|
34
35
|
end
|
|
35
36
|
|
|
36
37
|
def revoked_token_ids
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-02-15 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: oj
|
|
@@ -78,10 +78,12 @@ files:
|
|
|
78
78
|
- lib/zaikio/jwt_auth/test_helper.rb
|
|
79
79
|
- lib/zaikio/jwt_auth/token_data.rb
|
|
80
80
|
- lib/zaikio/jwt_auth/version.rb
|
|
81
|
-
homepage: https://
|
|
81
|
+
homepage: https://github.com/zaikio/zaikio-jwt_auth
|
|
82
82
|
licenses:
|
|
83
83
|
- MIT
|
|
84
|
-
metadata:
|
|
84
|
+
metadata:
|
|
85
|
+
changelog_uri: https://github.com/zaikio/zaikio-jwt_auth/blob/main/CHANGELOG.md
|
|
86
|
+
source_code_uri: https://github.com/zaikio/zaikio-jwt_auth
|
|
85
87
|
post_install_message:
|
|
86
88
|
rdoc_options: []
|
|
87
89
|
require_paths:
|
|
@@ -97,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
97
99
|
- !ruby/object:Gem::Version
|
|
98
100
|
version: '0'
|
|
99
101
|
requirements: []
|
|
100
|
-
rubygems_version: 3.
|
|
102
|
+
rubygems_version: 3.1.4
|
|
101
103
|
signing_key:
|
|
102
104
|
specification_version: 4
|
|
103
105
|
summary: JWT-Based authentication and authorization with zaikio
|