zaikio-jwt_auth 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +28 -1
- data/lib/zaikio/jwt_auth/configuration.rb +1 -1
- data/lib/zaikio/jwt_auth/directory_cache.rb +15 -9
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- data/lib/zaikio/jwt_auth.rb +14 -3
- metadata +17 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c782ad558e422167c59f3c29dfdd9533d97153a17f05955a12eb127e32d55a68
|
4
|
+
data.tar.gz: 063fc86f98d24d70e496f324ccc87ec32f71f61ba50c91a70708ca20afe8b1c7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4b24750a7edda299537d85f6bf852a85aaba442f77a18d6c9998d3ef491fa1b329b843b23ddc7b2b6f309ab3abac2c94e0448eef2c7370a9a59014e8823add84
|
7
|
+
data.tar.gz: 8b39b2cdaa531bb985b59a374584e6ba2d0167213f9e70185be84462843044478026bc74b8d24e972cd840e1a4402a8ff5390245948fd0b3393ebb1ccc31baa7
|
data/README.md
CHANGED
@@ -28,7 +28,9 @@ $ gem install zaikio-jwt_auth
|
|
28
28
|
Zaikio::JWTAuth.configure do |config|
|
29
29
|
config.environment = :sandbox # or production
|
30
30
|
config.app_name = "test_app" # Your Zaikio App-Name
|
31
|
-
|
31
|
+
|
32
|
+
# Enable caching Hub API responses for e.g. revoked tokens
|
33
|
+
config.cache = Rails.cache
|
32
34
|
end
|
33
35
|
```
|
34
36
|
|
@@ -63,6 +65,24 @@ end
|
|
63
65
|
|
64
66
|
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
65
67
|
|
68
|
+
Both of these behaviours are automatically inherited by child classes, for example:
|
69
|
+
|
70
|
+
```ruby
|
71
|
+
class API::ChildController < API::ResourcesController
|
72
|
+
end
|
73
|
+
|
74
|
+
API::ChildController.authorize_by_jwt_subject_type
|
75
|
+
#=> "Organization"
|
76
|
+
```
|
77
|
+
|
78
|
+
You can always override the behaviour in children if needed:
|
79
|
+
|
80
|
+
```ruby
|
81
|
+
class API::ChildController < API::ResourcesController
|
82
|
+
authorize_by_jwt_subject_type nil
|
83
|
+
end
|
84
|
+
```
|
85
|
+
|
66
86
|
#### Modifying required scopes
|
67
87
|
If you nonetheless want to change the required scopes for CRUD routes, you can use the `type` option which accepts the following values: `:read`, `:write`, `:read_write`
|
68
88
|
|
@@ -165,6 +185,13 @@ rescue JWT::DecodeError, JWT::ExpiredSignature
|
|
165
185
|
end
|
166
186
|
```
|
167
187
|
|
188
|
+
### Using a different cache backend
|
189
|
+
|
190
|
+
This client supports any implementation of
|
191
|
+
[`ActiveSupport::Cache::Store`](https://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html),
|
192
|
+
but you can also write your own client that supports these methods: `#read(key)`,
|
193
|
+
`#write(key, value)`, `#delete(key)`
|
194
|
+
|
168
195
|
## Contributing
|
169
196
|
|
170
197
|
**Make sure you have the dummy app running locally to validate your changes.**
|
@@ -16,7 +16,7 @@ module Zaikio
|
|
16
16
|
|
17
17
|
class << self
|
18
18
|
def fetch(directory_path, options = {})
|
19
|
-
cache = Zaikio::JWTAuth.configuration.
|
19
|
+
cache = Zaikio::JWTAuth.configuration.cache.read("zaikio::jwt_auth::#{directory_path}")
|
20
20
|
|
21
21
|
json = Oj.load(cache) if cache
|
22
22
|
|
@@ -31,14 +31,14 @@ module Zaikio
|
|
31
31
|
def update(directory_path, options = {})
|
32
32
|
data = fetch(directory_path, options)
|
33
33
|
data = yield(data)
|
34
|
-
Zaikio::JWTAuth.configuration.
|
34
|
+
Zaikio::JWTAuth.configuration.cache.write("zaikio::jwt_auth::#{directory_path}", {
|
35
35
|
fetched_at: Time.now.to_i,
|
36
36
|
data: data
|
37
37
|
}.to_json)
|
38
38
|
end
|
39
39
|
|
40
40
|
def reset(directory_path)
|
41
|
-
Zaikio::JWTAuth.configuration.
|
41
|
+
Zaikio::JWTAuth.configuration.cache.delete("zaikio::jwt_auth::#{directory_path}")
|
42
42
|
end
|
43
43
|
|
44
44
|
private
|
@@ -49,28 +49,34 @@ module Zaikio
|
|
49
49
|
|
50
50
|
def reload_or_enqueue(directory_path)
|
51
51
|
data = fetch_from_directory(directory_path)
|
52
|
-
Zaikio::JWTAuth.configuration.
|
52
|
+
Zaikio::JWTAuth.configuration.cache.write("zaikio::jwt_auth::#{directory_path}", {
|
53
53
|
fetched_at: Time.now.to_i,
|
54
54
|
data: data
|
55
55
|
}.to_json)
|
56
56
|
|
57
57
|
data
|
58
58
|
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
|
59
|
-
Zaikio::JWTAuth.configuration.logger
|
59
|
+
Zaikio::JWTAuth.configuration.logger
|
60
|
+
.info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
|
60
61
|
UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
|
61
62
|
nil
|
62
63
|
end
|
63
64
|
|
64
65
|
def fetch_from_directory(directory_path)
|
65
|
-
|
66
|
-
|
67
|
-
http.use_ssl = uri.scheme == "https"
|
68
|
-
response = http.request(Net::HTTP::Get.new(uri.request_uri))
|
66
|
+
response = make_http_request(directory_path)
|
67
|
+
|
69
68
|
raise BadResponseError unless (200..299).cover?(response.code.to_i)
|
70
69
|
raise BadResponseError unless response["content-type"].to_s.include?("application/json")
|
71
70
|
|
72
71
|
Oj.load(response.body)
|
73
72
|
end
|
73
|
+
|
74
|
+
def make_http_request(directory_path)
|
75
|
+
uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
|
76
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
77
|
+
http.use_ssl = uri.scheme == "https"
|
78
|
+
http.request(Net::HTTP::Get.new(uri.request_uri))
|
79
|
+
end
|
74
80
|
end
|
75
81
|
end
|
76
82
|
end
|
data/lib/zaikio/jwt_auth.rb
CHANGED
@@ -45,7 +45,7 @@ module Zaikio
|
|
45
45
|
end
|
46
46
|
|
47
47
|
def self.mocked_jwt_payload
|
48
|
-
@mocked_jwt_payload
|
48
|
+
instance_variable_defined?(:@mocked_jwt_payload) && @mocked_jwt_payload
|
49
49
|
end
|
50
50
|
|
51
51
|
def self.mocked_jwt_payload=(payload)
|
@@ -67,8 +67,12 @@ module Zaikio
|
|
67
67
|
end
|
68
68
|
|
69
69
|
module ClassMethods
|
70
|
-
def authorize_by_jwt_subject_type(type =
|
71
|
-
|
70
|
+
def authorize_by_jwt_subject_type(type = :_not_given_)
|
71
|
+
if type != :_not_given_
|
72
|
+
@authorize_by_jwt_subject_type = type
|
73
|
+
elsif instance_variable_defined?(:@authorize_by_jwt_subject_type)
|
74
|
+
@authorize_by_jwt_subject_type
|
75
|
+
end
|
72
76
|
end
|
73
77
|
|
74
78
|
def authorize_by_jwt_scopes(scopes = nil, options = {})
|
@@ -78,6 +82,13 @@ module Zaikio
|
|
78
82
|
|
79
83
|
@authorize_by_jwt_scopes
|
80
84
|
end
|
85
|
+
|
86
|
+
def inherited(child)
|
87
|
+
super(child)
|
88
|
+
|
89
|
+
child.instance_variable_set(:@authorize_by_jwt_subject_type, @authorize_by_jwt_subject_type)
|
90
|
+
child.instance_variable_set(:@authorize_by_jwt_scopes, @authorize_by_jwt_scopes)
|
91
|
+
end
|
81
92
|
end
|
82
93
|
|
83
94
|
module InstanceMethods
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-jwt_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- crispymtn
|
@@ -10,8 +10,22 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: activejob
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - ">="
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - ">="
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
version: '0'
|
15
29
|
- !ruby/object:Gem::Dependency
|
16
30
|
name: oj
|
17
31
|
requirement: !ruby/object:Gem::Requirement
|
@@ -99,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
99
113
|
- !ruby/object:Gem::Version
|
100
114
|
version: '0'
|
101
115
|
requirements: []
|
102
|
-
rubygems_version: 3.
|
116
|
+
rubygems_version: 3.3.11
|
103
117
|
signing_key:
|
104
118
|
specification_version: 4
|
105
119
|
summary: JWT-Based authentication and authorization with zaikio
|