zaikio-jwt_auth 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +30 -1
- data/lib/zaikio/jwt_auth.rb +16 -18
- data/lib/zaikio/jwt_auth/configuration.rb +2 -1
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd2758c610957007baf7499e46f22d286a5c61dceb5895270080f20af8e5a57d
|
4
|
+
data.tar.gz: 5c945887dca4cd07ebfc836a5cbadb81667a56dbed0c6f67152dba297d4399fd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 73a3192d97b3f20caab44a96306258cd7b1b0240fb9e912726e3dfd536ef46183e0590a9cb513ed4be6afb66f4ee3c0a415153c4a7e7259a7bd569374e30eab4
|
7
|
+
data.tar.gz: bb9db302ba5caafeae825b25c244a91d213c1026d879c62ca2da230db6f29ade726121fcd0c0727c1e5625a84e2ed2cfb282a25ecaa827562efe6e6a9cb1a58f
|
data/README.md
CHANGED
@@ -49,7 +49,7 @@ end
|
|
49
49
|
|
50
50
|
### 4. Update Revoked Access Tokens by Webhook
|
51
51
|
|
52
|
-
This gem automatically registers a webhook, if you have properly setup [Zaikio::Webhooks](https://github.com/
|
52
|
+
This gem automatically registers a webhook, if you have properly setup [Zaikio::Webhooks](https://github.com/zaikio/zaikio-webhooks).
|
53
53
|
|
54
54
|
|
55
55
|
### 5. Add more restrictions to your resources:
|
@@ -118,3 +118,32 @@ class API::ResourcesController < API::ApplicationController
|
|
118
118
|
authorize_by_jwt_scopes 'resources', unless: -> { params[:skip] == '1' }
|
119
119
|
end
|
120
120
|
```
|
121
|
+
|
122
|
+
### Usage outside a Rails controller
|
123
|
+
|
124
|
+
If you need to access a JWT outside the normal Rails controllers (e.g. in a Rack
|
125
|
+
middleware), there's a static helper method `.extract` which you can use:
|
126
|
+
|
127
|
+
```ruby
|
128
|
+
class MyRackMiddleware < Rack::Middleware
|
129
|
+
def call(env)
|
130
|
+
token = Zaikio::JWTAuth.extract(env["HTTP_AUTHORIZATION"])
|
131
|
+
puts token.subject_type #=> "Organization"
|
132
|
+
...
|
133
|
+
```
|
134
|
+
|
135
|
+
This function expects to receive the string in the format `"Bearer $token"`.
|
136
|
+
|
137
|
+
## Contributing
|
138
|
+
|
139
|
+
**Make sure you have the dummy app running locally to validate your changes.**
|
140
|
+
|
141
|
+
- Make your changes and submit a pull request for them
|
142
|
+
- Make sure to update `CHANGELOG.md`
|
143
|
+
|
144
|
+
To release a new version of the gem:
|
145
|
+
- Update the version in `lib/zaikio/jwt_auth/version.rb`
|
146
|
+
- Update `CHANGELOG.md` to include the new version and its release date
|
147
|
+
- Commit and push your changes
|
148
|
+
- Create a [new release on GitHub](https://github.com/zaikio/zaikio-jwt_auth/releases/new)
|
149
|
+
- CircleCI will build the Gem package and push it Rubygems for you
|
data/lib/zaikio/jwt_auth.rb
CHANGED
@@ -52,6 +52,20 @@ module Zaikio
|
|
52
52
|
@mocked_jwt_payload = payload
|
53
53
|
end
|
54
54
|
|
55
|
+
HEADER_FORMAT = /\ABearer (.+)\z/.freeze
|
56
|
+
|
57
|
+
def self.extract(authorization_header_string)
|
58
|
+
return TokenData.new(Zaikio::JWTAuth.mocked_jwt_payload) if Zaikio::JWTAuth.mocked_jwt_payload
|
59
|
+
|
60
|
+
return if authorization_header_string.blank?
|
61
|
+
|
62
|
+
return unless (token = authorization_header_string[HEADER_FORMAT, 1])
|
63
|
+
|
64
|
+
payload, = JWT.decode(token, nil, true, algorithms: ["RS256"], jwks: JWK.loader)
|
65
|
+
|
66
|
+
TokenData.new(payload)
|
67
|
+
end
|
68
|
+
|
55
69
|
module ClassMethods
|
56
70
|
def authorize_by_jwt_subject_type(type = nil)
|
57
71
|
@authorize_by_jwt_subject_type ||= type
|
@@ -68,9 +82,8 @@ module Zaikio
|
|
68
82
|
|
69
83
|
module InstanceMethods
|
70
84
|
def authenticate_by_jwt
|
71
|
-
|
72
|
-
|
73
|
-
token_data = TokenData.new(jwt_payload)
|
85
|
+
token_data = Zaikio::JWTAuth.extract(request.headers["Authorization"])
|
86
|
+
return render_error("no_jwt_passed", status: :unauthorized) unless token_data
|
74
87
|
|
75
88
|
return if show_error_if_token_is_revoked(token_data)
|
76
89
|
|
@@ -98,21 +111,6 @@ module Zaikio
|
|
98
111
|
|
99
112
|
private
|
100
113
|
|
101
|
-
def jwt_from_auth_header
|
102
|
-
return true if Zaikio::JWTAuth.mocked_jwt_payload
|
103
|
-
|
104
|
-
auth_header = request.headers["Authorization"]
|
105
|
-
auth_header.split("Bearer ").last if /Bearer/.match?(auth_header)
|
106
|
-
end
|
107
|
-
|
108
|
-
def jwt_payload
|
109
|
-
return Zaikio::JWTAuth.mocked_jwt_payload if Zaikio::JWTAuth.mocked_jwt_payload
|
110
|
-
|
111
|
-
payload, = JWT.decode(jwt_from_auth_header, nil, true, algorithms: ["RS256"], jwks: JWK.loader)
|
112
|
-
|
113
|
-
payload
|
114
|
-
end
|
115
|
-
|
116
114
|
def show_error_if_authorize_by_jwt_scopes_fails(token_data)
|
117
115
|
return if token_data.scope_by_configurations?(
|
118
116
|
self.class.authorize_by_jwt_scopes,
|
@@ -18,6 +18,7 @@ module Zaikio
|
|
18
18
|
def initialize
|
19
19
|
@environment = :sandbox
|
20
20
|
@revoked_token_ids = nil
|
21
|
+
@keys = nil
|
21
22
|
end
|
22
23
|
|
23
24
|
def logger
|
@@ -30,7 +31,7 @@ module Zaikio
|
|
30
31
|
end
|
31
32
|
|
32
33
|
def keys
|
33
|
-
|
34
|
+
@keys.is_a?(Proc) ? @keys.call : @keys
|
34
35
|
end
|
35
36
|
|
36
37
|
def revoked_token_ids
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-jwt_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- crispymtn
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2021-
|
13
|
+
date: 2021-02-15 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: oj
|
@@ -78,10 +78,12 @@ files:
|
|
78
78
|
- lib/zaikio/jwt_auth/test_helper.rb
|
79
79
|
- lib/zaikio/jwt_auth/token_data.rb
|
80
80
|
- lib/zaikio/jwt_auth/version.rb
|
81
|
-
homepage: https://
|
81
|
+
homepage: https://github.com/zaikio/zaikio-jwt_auth
|
82
82
|
licenses:
|
83
83
|
- MIT
|
84
|
-
metadata:
|
84
|
+
metadata:
|
85
|
+
changelog_uri: https://github.com/zaikio/zaikio-jwt_auth/blob/main/CHANGELOG.md
|
86
|
+
source_code_uri: https://github.com/zaikio/zaikio-jwt_auth
|
85
87
|
post_install_message:
|
86
88
|
rdoc_options: []
|
87
89
|
require_paths:
|
@@ -97,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
97
99
|
- !ruby/object:Gem::Version
|
98
100
|
version: '0'
|
99
101
|
requirements: []
|
100
|
-
rubygems_version: 3.
|
102
|
+
rubygems_version: 3.1.4
|
101
103
|
signing_key:
|
102
104
|
specification_version: 4
|
103
105
|
summary: JWT-Based authentication and authorization with zaikio
|