zaikio-jwt_auth 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +20 -0
- data/lib/zaikio/jwt_auth/token_data.rb +21 -7
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7fc3c22cfc4c1f3664674815aa450cea8d3607bfc75c9e0fded0849ac199763
|
|
4
|
+
data.tar.gz: e3452768d900d0f992165e60df3d32743a763da97969a2ddf7b331a60d253f6f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fde1af79e8a59aabfbe96d3f020f3180881d220a69ce209e4e4b8d82048e91d9d754c39d97d8604dccbde3aa9c02ef5aa526bb7b444d94b98f53c632efed8932
|
|
7
|
+
data.tar.gz: 538fb9c7471206bee6c72725720869d2545ded691ae9901f09c0966d42d1d77eb94dfecf9ebd31935ad982c93512584a99b17a095bd16c7eb237ad084a4c3d7c
|
data/README.md
CHANGED
|
@@ -63,6 +63,26 @@ end
|
|
|
63
63
|
|
|
64
64
|
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
|
65
65
|
|
|
66
|
+
#### Modifying required scopes
|
|
67
|
+
If you nonetheless want to change the required scopes for CRUD routes, you can use the `type` option which accepts the following values: `:read`, `:write`, `:read_write`
|
|
68
|
+
|
|
69
|
+
```rb
|
|
70
|
+
class API::ResourcesController < API::ApplicationController
|
|
71
|
+
# Require a write or read_write scope on the index route
|
|
72
|
+
authorize_by_jwt_scopes 'resources', only: :index, type: :write
|
|
73
|
+
end
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
#### Using custom actions
|
|
77
|
+
You can also specify authorization for custom actions. When doing so the `type` option is required.
|
|
78
|
+
|
|
79
|
+
```rb
|
|
80
|
+
class API::ResourcesController < API::ApplicationController
|
|
81
|
+
# Require the index use to have a write or read_write scope
|
|
82
|
+
authorize_by_jwt_scopes 'resources', only: :my_custom_route, type: :write
|
|
83
|
+
end
|
|
84
|
+
```
|
|
85
|
+
|
|
66
86
|
### 6. Optionally, if you are using SSO: Check revoked tokens
|
|
67
87
|
|
|
68
88
|
Additionally, the API provides a method called `revoked_jwt?` which expects the `jti` of the JWT.
|
|
@@ -13,6 +13,14 @@ module Zaikio
|
|
|
13
13
|
}.freeze
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
+
def self.permissions_by_type
|
|
17
|
+
{
|
|
18
|
+
read: %w[r rw],
|
|
19
|
+
write: %w[rw w],
|
|
20
|
+
read_write: %w[r rw w]
|
|
21
|
+
}
|
|
22
|
+
end
|
|
23
|
+
|
|
16
24
|
def initialize(payload)
|
|
17
25
|
@payload = payload
|
|
18
26
|
end
|
|
@@ -38,8 +46,8 @@ module Zaikio
|
|
|
38
46
|
end
|
|
39
47
|
|
|
40
48
|
# scope_options is an array of objects with:
|
|
41
|
-
# scope, app_name (optional), except/only (array, optional)
|
|
42
|
-
def scope_by_configurations?(scope_configurations, action_name, context)
|
|
49
|
+
# scope, app_name (optional), except/only (array, optional), type (read, write, readwrite)
|
|
50
|
+
def scope_by_configurations?(scope_configurations, action_name, context) # rubocop:disable Metrics/AbcSize
|
|
43
51
|
configuration = scope_configurations.find do |scope_configuration|
|
|
44
52
|
action_matches = action_matches_config?(scope_configuration, action_name)
|
|
45
53
|
|
|
@@ -54,7 +62,7 @@ module Zaikio
|
|
|
54
62
|
|
|
55
63
|
return true unless configuration
|
|
56
64
|
|
|
57
|
-
scope?(configuration[:scopes], action_name, configuration[:app_name])
|
|
65
|
+
scope?(configuration[:scopes], action_name, app_name: configuration[:app_name], type: configuration[:type])
|
|
58
66
|
end
|
|
59
67
|
|
|
60
68
|
def action_matches_config?(scope_configuration, action_name)
|
|
@@ -67,14 +75,14 @@ module Zaikio
|
|
|
67
75
|
end
|
|
68
76
|
end
|
|
69
77
|
|
|
70
|
-
def scope?(allowed_scopes, action_name, app_name
|
|
78
|
+
def scope?(allowed_scopes, action_name, app_name: nil, type: nil)
|
|
71
79
|
app_name ||= Zaikio::JWTAuth.configuration.app_name
|
|
72
80
|
Array(allowed_scopes).map(&:to_s).any? do |allowed_scope|
|
|
73
81
|
scope.any? do |s|
|
|
74
82
|
parts = s.split(".")
|
|
75
83
|
parts[0] == app_name &&
|
|
76
84
|
parts[1] == allowed_scope &&
|
|
77
|
-
|
|
85
|
+
action_permitted?(action_name, parts[2], type: type)
|
|
78
86
|
end
|
|
79
87
|
end
|
|
80
88
|
end
|
|
@@ -101,8 +109,14 @@ module Zaikio
|
|
|
101
109
|
|
|
102
110
|
private
|
|
103
111
|
|
|
104
|
-
def
|
|
105
|
-
|
|
112
|
+
def action_permitted?(action_name, permission, type: nil)
|
|
113
|
+
if type
|
|
114
|
+
return false unless self.class.permissions_by_type.key?(type)
|
|
115
|
+
|
|
116
|
+
self.class.permissions_by_type[type].include?(permission)
|
|
117
|
+
else
|
|
118
|
+
self.class.actions_by_permission[permission].include?(action_name)
|
|
119
|
+
end
|
|
106
120
|
end
|
|
107
121
|
end
|
|
108
122
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-02-
|
|
13
|
+
date: 2021-02-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: oj
|