zaikio-jwt_auth 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/zaikio/jwt_auth/directory_cache.rb +11 -5
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- data/lib/zaikio/jwt_auth.rb +14 -3
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b3b79eed92b123729aea0048bfcd019ca98bb914430a5d8cd1f081241ef3752
|
|
4
|
+
data.tar.gz: d148777cff0767854dfedd703eaf55713666fd6e96d2551f6cd68103f59f52bc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 891bf2b7f94f9ee25878ebd46e49e7e2fcf8e7472d2688e9c00716241199b78ad2d57c14a5ac3b0ff9605ce1059c8be2285c9d97513a192c1eb989ab8ba1ed65
|
|
7
|
+
data.tar.gz: d44a02245269d8693380ba6a6e7a389214582848b3264ae5fc2b11678c8d2ba5bb2f77781bb63c85e4c110ec08490fd0f87c309b1770253388a7b76707107d87
|
data/README.md
CHANGED
|
@@ -63,6 +63,24 @@ end
|
|
|
63
63
|
|
|
64
64
|
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
|
65
65
|
|
|
66
|
+
Both of these behaviours are automatically inherited by child classes, for example:
|
|
67
|
+
|
|
68
|
+
```ruby
|
|
69
|
+
class API::ChildController < API::ResourcesController
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
API::ChildController.authorize_by_jwt_subject_type
|
|
73
|
+
#=> "Organization"
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
You can always override the behaviour in children if needed:
|
|
77
|
+
|
|
78
|
+
```ruby
|
|
79
|
+
class API::ChildController < API::ResourcesController
|
|
80
|
+
authorize_by_jwt_subject_type nil
|
|
81
|
+
end
|
|
82
|
+
```
|
|
83
|
+
|
|
66
84
|
#### Modifying required scopes
|
|
67
85
|
If you nonetheless want to change the required scopes for CRUD routes, you can use the `type` option which accepts the following values: `:read`, `:write`, `:read_write`
|
|
68
86
|
|
|
@@ -56,21 +56,27 @@ module Zaikio
|
|
|
56
56
|
|
|
57
57
|
data
|
|
58
58
|
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
|
|
59
|
-
Zaikio::JWTAuth.configuration.logger
|
|
59
|
+
Zaikio::JWTAuth.configuration.logger
|
|
60
|
+
.info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
|
|
60
61
|
UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
|
|
61
62
|
nil
|
|
62
63
|
end
|
|
63
64
|
|
|
64
65
|
def fetch_from_directory(directory_path)
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
http.use_ssl = uri.scheme == "https"
|
|
68
|
-
response = http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
66
|
+
response = make_http_request(directory_path)
|
|
67
|
+
|
|
69
68
|
raise BadResponseError unless (200..299).cover?(response.code.to_i)
|
|
70
69
|
raise BadResponseError unless response["content-type"].to_s.include?("application/json")
|
|
71
70
|
|
|
72
71
|
Oj.load(response.body)
|
|
73
72
|
end
|
|
73
|
+
|
|
74
|
+
def make_http_request(directory_path)
|
|
75
|
+
uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
|
|
76
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
77
|
+
http.use_ssl = uri.scheme == "https"
|
|
78
|
+
http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
79
|
+
end
|
|
74
80
|
end
|
|
75
81
|
end
|
|
76
82
|
end
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -45,7 +45,7 @@ module Zaikio
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def self.mocked_jwt_payload
|
|
48
|
-
@mocked_jwt_payload
|
|
48
|
+
instance_variable_defined?(:@mocked_jwt_payload) && @mocked_jwt_payload
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def self.mocked_jwt_payload=(payload)
|
|
@@ -67,8 +67,12 @@ module Zaikio
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
module ClassMethods
|
|
70
|
-
def authorize_by_jwt_subject_type(type =
|
|
71
|
-
|
|
70
|
+
def authorize_by_jwt_subject_type(type = :_not_given_)
|
|
71
|
+
if type != :_not_given_
|
|
72
|
+
@authorize_by_jwt_subject_type = type
|
|
73
|
+
elsif instance_variable_defined?(:@authorize_by_jwt_subject_type)
|
|
74
|
+
@authorize_by_jwt_subject_type
|
|
75
|
+
end
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
def authorize_by_jwt_scopes(scopes = nil, options = {})
|
|
@@ -78,6 +82,13 @@ module Zaikio
|
|
|
78
82
|
|
|
79
83
|
@authorize_by_jwt_scopes
|
|
80
84
|
end
|
|
85
|
+
|
|
86
|
+
def inherited(child)
|
|
87
|
+
super(child)
|
|
88
|
+
|
|
89
|
+
child.instance_variable_set(:@authorize_by_jwt_subject_type, @authorize_by_jwt_subject_type)
|
|
90
|
+
child.instance_variable_set(:@authorize_by_jwt_scopes, @authorize_by_jwt_scopes)
|
|
91
|
+
end
|
|
81
92
|
end
|
|
82
93
|
|
|
83
94
|
module InstanceMethods
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2022-04-22 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activejob
|
|
@@ -113,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
113
113
|
- !ruby/object:Gem::Version
|
|
114
114
|
version: '0'
|
|
115
115
|
requirements: []
|
|
116
|
-
rubygems_version: 3.
|
|
116
|
+
rubygems_version: 3.3.11
|
|
117
117
|
signing_key:
|
|
118
118
|
specification_version: 4
|
|
119
119
|
summary: JWT-Based authentication and authorization with zaikio
|