zaikio-jwt_auth 2.6.0 → 2.7.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c6aca1e0e80a0c54812e20a453cc9dab23dcee7063a1930912cb80fc2c4f9954
|
|
4
|
+
data.tar.gz: 25ea09ed2b55152eaad0b128a6a77e45789726dfa40cb29c486fbca432cd158e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 125f688a9367a99cb4c3435e2d847e4d72cf1f293a632371b264a196c055ff7a54faad82e47e92ca3ea186e401bb56704701f9baeb7d9228c3ab511c8c42bde9
|
|
7
|
+
data.tar.gz: 3e906f56c06db29e6170ccb166df86196c2dfaa1c798ebc01d58f5f1f575aaa90436ba63a78905fb4007cf92ea6ca74877fb01968c728bcbbcbe29c03ff2a207
|
|
@@ -11,7 +11,7 @@ module Zaikio
|
|
|
11
11
|
production: "https://hub.zaikio.com"
|
|
12
12
|
}.freeze
|
|
13
13
|
|
|
14
|
-
attr_accessor :app_name, :cache, :host
|
|
14
|
+
attr_accessor :app_name, :cache, :host, :test_mode
|
|
15
15
|
attr_reader :environment
|
|
16
16
|
attr_writer :logger, :revoked_token_ids, :keys
|
|
17
17
|
|
|
@@ -19,6 +19,7 @@ module Zaikio
|
|
|
19
19
|
@environment = :sandbox
|
|
20
20
|
@revoked_token_ids = nil
|
|
21
21
|
@keys = nil
|
|
22
|
+
@test_mode = false
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
def logger
|
|
@@ -29,7 +29,14 @@ module Zaikio
|
|
|
29
29
|
# @returns Hash (in the happy path)
|
|
30
30
|
# @returns nil (if the cache is unavailable and the API is down)
|
|
31
31
|
def fetch(directory_path, options = {})
|
|
32
|
-
cache =
|
|
32
|
+
cache = begin
|
|
33
|
+
Zaikio::JWTAuth.configuration.cache.read("zaikio::jwt_auth::#{directory_path}")
|
|
34
|
+
rescue StandardError => e
|
|
35
|
+
Zaikio::JWTAuth.configuration.logger
|
|
36
|
+
.warn("Error reading DirectoryCache(#{directory_path}) from Cache, falling "\
|
|
37
|
+
"back to API: #{e.inspect}")
|
|
38
|
+
nil
|
|
39
|
+
end
|
|
33
40
|
|
|
34
41
|
return reload_or_enqueue(directory_path) unless cache
|
|
35
42
|
|
data/lib/zaikio/jwt_auth/jwk.rb
CHANGED
|
@@ -10,7 +10,10 @@ module Zaikio
|
|
|
10
10
|
class << self
|
|
11
11
|
def loader
|
|
12
12
|
lambda do |options|
|
|
13
|
+
return TestHelper.jwk_set if JWTAuth.configuration.test_mode
|
|
14
|
+
|
|
13
15
|
reload_keys if options[:invalidate]
|
|
16
|
+
|
|
14
17
|
{
|
|
15
18
|
keys: keys.map do |key_data|
|
|
16
19
|
JWT::JWK.import(key_data.with_indifferent_access).export
|
|
@@ -1,13 +1,36 @@
|
|
|
1
1
|
module Zaikio
|
|
2
2
|
module JWTAuth
|
|
3
3
|
module TestHelper
|
|
4
|
+
def self.jwk
|
|
5
|
+
@jwk ||= JWT::JWK.new(OpenSSL::PKey::RSA.new(2048), { kid: "test-kid", use: "sig", alg: "RS256" })
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.jwk_set
|
|
9
|
+
@jwk_set ||= JWT::JWK::Set.new(jwk).export
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
4
14
|
def after_teardown
|
|
5
15
|
Zaikio::JWTAuth.mocked_jwt_payload = nil
|
|
6
16
|
super
|
|
7
17
|
end
|
|
8
18
|
|
|
9
|
-
def mock_jwt(
|
|
10
|
-
Zaikio::JWTAuth.mocked_jwt_payload =
|
|
19
|
+
def mock_jwt(params)
|
|
20
|
+
Zaikio::JWTAuth.mocked_jwt_payload = generate_token_payload(params)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def issue_mock_jwt_token(params)
|
|
24
|
+
JWT.encode(
|
|
25
|
+
generate_token_payload(params),
|
|
26
|
+
jwk.signing_key,
|
|
27
|
+
jwk[:alg],
|
|
28
|
+
kid: jwk[:kid]
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def generate_token_payload(params)
|
|
33
|
+
{
|
|
11
34
|
iss: "ZAI",
|
|
12
35
|
sub: nil,
|
|
13
36
|
aud: %w[test_app],
|
|
@@ -16,8 +39,10 @@ module Zaikio
|
|
|
16
39
|
exp: 1.hour.from_now.to_i,
|
|
17
40
|
jku: "http://hub.zaikio.test/api/v1/jwt_public_keys.json",
|
|
18
41
|
scope: []
|
|
19
|
-
}.merge(
|
|
42
|
+
}.merge(params).stringify_keys
|
|
20
43
|
end
|
|
44
|
+
|
|
45
|
+
def jwk = Zaikio::JWTAuth::TestHelper.jwk
|
|
21
46
|
end
|
|
22
47
|
end
|
|
23
48
|
end
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -75,6 +75,12 @@ module Zaikio
|
|
|
75
75
|
TokenData.new(payload)
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
+
def self.decode_jwt(token, **options)
|
|
79
|
+
options = options.reverse_merge(algorithms: ["RS256"], jwks: JWK.loader)
|
|
80
|
+
payload, = JWT.decode(token, nil, true, **options)
|
|
81
|
+
TokenData.new(payload)
|
|
82
|
+
end
|
|
83
|
+
|
|
78
84
|
module ClassMethods
|
|
79
85
|
def authorize_by_jwt_subject_type(type = :_not_given_)
|
|
80
86
|
if type != :_not_given_
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2023-
|
|
13
|
+
date: 2023-07-21 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activejob
|
|
@@ -68,7 +68,7 @@ dependencies:
|
|
|
68
68
|
- - ">="
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
70
|
version: 2.2.1
|
|
71
|
-
description: JWT-Based authentication and authorization with
|
|
71
|
+
description: JWT-Based authentication and authorization with Zaikio.
|
|
72
72
|
email:
|
|
73
73
|
- op@crispymtn.com
|
|
74
74
|
- js@crispymtn.com
|
|
@@ -117,5 +117,5 @@ requirements: []
|
|
|
117
117
|
rubygems_version: 3.3.11
|
|
118
118
|
signing_key:
|
|
119
119
|
specification_version: 4
|
|
120
|
-
summary: JWT-Based authentication and authorization with
|
|
120
|
+
summary: JWT-Based authentication and authorization with Zaikio
|
|
121
121
|
test_files: []
|