zaikio-jwt_auth 0.5.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cbd7c7fb4d5cb2a3d1001e5a24036beafbf3dcf76200bd052ee4c1d731c39a2d
-  data.tar.gz: 94a597d69c55f1dee78784967f6b6fa33d0b3aee98d55b4001060bc28ad1cf97
+  metadata.gz: 7b3b79eed92b123729aea0048bfcd019ca98bb914430a5d8cd1f081241ef3752
+  data.tar.gz: d148777cff0767854dfedd703eaf55713666fd6e96d2551f6cd68103f59f52bc
 SHA512:
-  metadata.gz: 6be2c8d3b1000c4dcbe09518fc4afb38a6f550fced5dfb82eca44636755adbcc50897c8ed81729346f8ab2b3838b2a033a0c6b33a7cb37d3e2027644e2e2daad
-  data.tar.gz: 370e9de4ce7973de106fb66259d43186876591770f71e819448d386d5c64f17751ebb32573130533777a4477df6cd0b93997e4fb6de5f7418ef4f2c82d22d560
+  metadata.gz: 891bf2b7f94f9ee25878ebd46e49e7e2fcf8e7472d2688e9c00716241199b78ad2d57c14a5ac3b0ff9605ce1059c8be2285c9d97513a192c1eb989ab8ba1ed65
+  data.tar.gz: d44a02245269d8693380ba6a6e7a389214582848b3264ae5fc2b11678c8d2ba5bb2f77781bb63c85e4c110ec08490fd0f87c309b1770253388a7b76707107d87

data/README.md

@@ -63,6 +63,24 @@ end
 
 By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
 
+Both of these behaviours are automatically inherited by child classes, for example:
+
+```ruby
+class API::ChildController < API::ResourcesController
+end
+
+API::ChildController.authorize_by_jwt_subject_type
+#=> "Organization"
+```
+
+You can always override the behaviour in children if needed:
+
+```ruby
+class API::ChildController < API::ResourcesController
+  authorize_by_jwt_subject_type nil
+end
+```
+
 #### Modifying required scopes
 If you nonetheless want to change the required scopes for CRUD routes, you can use the `type` option which accepts the following values: `:read`, `:write`, `:read_write`
 

data/lib/zaikio/jwt_auth/directory_cache.rb

@@ -5,6 +5,13 @@ require "logger"
 module Zaikio
   module JWTAuth
     class DirectoryCache
+      class UpdateJob < ::ActiveJob::Base
+        def perform(directory_path)
+          DirectoryCache.fetch(directory_path)
+          true # This job will always re-queue until it succeeds.
+        end
+      end
+
       BadResponseError = Class.new(StandardError)
 
       class << self
@@ -14,7 +21,8 @@ module Zaikio
           json = Oj.load(cache) if cache
 
           if !cache || options[:invalidate] || cache_expired?(json, options[:expires_after])
-            return reload(directory_path)
+            new_values = reload_or_enqueue(directory_path)
+            return new_values || json["data"]
           end
 
           json["data"]
@@ -39,36 +47,36 @@ module Zaikio
           DateTime.strptime(json["fetched_at"].to_s, "%s") < Time.now.utc - (expires_after || 1.hour)
         end
 
-        def reload(directory_path)
-          retries = 0
-
-          begin
-            data = fetch_from_directory(directory_path)
-            Zaikio::JWTAuth.configuration.redis.set("zaikio::jwt_auth::#{directory_path}", {
-              fetched_at: Time.now.to_i,
-              data: data
-            }.to_json)
-
-            data
-          rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError => e
-            raise unless (retries += 1) <= 3
+        def reload_or_enqueue(directory_path)
+          data = fetch_from_directory(directory_path)
+          Zaikio::JWTAuth.configuration.redis.set("zaikio::jwt_auth::#{directory_path}", {
+            fetched_at: Time.now.to_i,
+            data: data
+          }.to_json)
 
-            Zaikio::JWTAuth.configuration.logger.info("Timeout (#{e}), retrying in 1 second...")
-            sleep(1)
-            retry
-          end
+          data
+        rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
+          Zaikio::JWTAuth.configuration.logger
+                         .info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
+          UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
+          nil
         end
 
         def fetch_from_directory(directory_path)
-          uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
-          http = Net::HTTP.new(uri.host, uri.port)
-          http.use_ssl = uri.scheme == "https"
-          response = http.request(Net::HTTP::Get.new(uri.request_uri))
+          response = make_http_request(directory_path)
+
           raise BadResponseError unless (200..299).cover?(response.code.to_i)
           raise BadResponseError unless response["content-type"].to_s.include?("application/json")
 
           Oj.load(response.body)
         end
+
+        def make_http_request(directory_path)
+          uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = uri.scheme == "https"
+          http.request(Net::HTTP::Get.new(uri.request_uri))
+        end
       end
     end
   end

data/lib/zaikio/jwt_auth/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module JWTAuth
-    VERSION = "0.5.1".freeze
+    VERSION = "1.0.2".freeze
   end
 end

data/lib/zaikio/jwt_auth.rb

@@ -45,7 +45,7 @@ module Zaikio
     end
 
     def self.mocked_jwt_payload
-      @mocked_jwt_payload
+      instance_variable_defined?(:@mocked_jwt_payload) && @mocked_jwt_payload
     end
 
     def self.mocked_jwt_payload=(payload)
@@ -67,8 +67,12 @@ module Zaikio
     end
 
     module ClassMethods
-      def authorize_by_jwt_subject_type(type = nil)
-        @authorize_by_jwt_subject_type ||= type
+      def authorize_by_jwt_subject_type(type = :_not_given_)
+        if type != :_not_given_
+          @authorize_by_jwt_subject_type = type
+        elsif instance_variable_defined?(:@authorize_by_jwt_subject_type)
+          @authorize_by_jwt_subject_type
+        end
       end
 
       def authorize_by_jwt_scopes(scopes = nil, options = {})
@@ -78,6 +82,13 @@ module Zaikio
 
         @authorize_by_jwt_scopes
       end
+
+      def inherited(child)
+        super(child)
+
+        child.instance_variable_set(:@authorize_by_jwt_subject_type, @authorize_by_jwt_subject_type)
+        child.instance_variable_set(:@authorize_by_jwt_scopes, @authorize_by_jwt_scopes)
+      end
     end
 
     module InstanceMethods

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 1.0.2
 platform: ruby
 authors:
 - crispymtn
@@ -10,8 +10,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-22 00:00:00.000000000 Z
+date: 2022-04-22 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activejob
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: oj
   requirement: !ruby/object:Gem::Requirement
@@ -99,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.3.11
 signing_key: 
 specification_version: 4
 summary: JWT-Based authentication and authorization with zaikio