zaikio-jwt_auth 2.6.0 → 2.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c6aca1e0e80a0c54812e20a453cc9dab23dcee7063a1930912cb80fc2c4f9954
|
|
4
|
+
data.tar.gz: 25ea09ed2b55152eaad0b128a6a77e45789726dfa40cb29c486fbca432cd158e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 125f688a9367a99cb4c3435e2d847e4d72cf1f293a632371b264a196c055ff7a54faad82e47e92ca3ea186e401bb56704701f9baeb7d9228c3ab511c8c42bde9
|
|
7
|
+
data.tar.gz: 3e906f56c06db29e6170ccb166df86196c2dfaa1c798ebc01d58f5f1f575aaa90436ba63a78905fb4007cf92ea6ca74877fb01968c728bcbbcbe29c03ff2a207
|
|
@@ -11,7 +11,7 @@ module Zaikio
|
|
|
11
11
|
production: "https://hub.zaikio.com"
|
|
12
12
|
}.freeze
|
|
13
13
|
|
|
14
|
-
attr_accessor :app_name, :cache, :host
|
|
14
|
+
attr_accessor :app_name, :cache, :host, :test_mode
|
|
15
15
|
attr_reader :environment
|
|
16
16
|
attr_writer :logger, :revoked_token_ids, :keys
|
|
17
17
|
|
|
@@ -19,6 +19,7 @@ module Zaikio
|
|
|
19
19
|
@environment = :sandbox
|
|
20
20
|
@revoked_token_ids = nil
|
|
21
21
|
@keys = nil
|
|
22
|
+
@test_mode = false
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
def logger
|
|
@@ -29,7 +29,14 @@ module Zaikio
|
|
|
29
29
|
# @returns Hash (in the happy path)
|
|
30
30
|
# @returns nil (if the cache is unavailable and the API is down)
|
|
31
31
|
def fetch(directory_path, options = {})
|
|
32
|
-
cache =
|
|
32
|
+
cache = begin
|
|
33
|
+
Zaikio::JWTAuth.configuration.cache.read("zaikio::jwt_auth::#{directory_path}")
|
|
34
|
+
rescue StandardError => e
|
|
35
|
+
Zaikio::JWTAuth.configuration.logger
|
|
36
|
+
.warn("Error reading DirectoryCache(#{directory_path}) from Cache, falling "\
|
|
37
|
+
"back to API: #{e.inspect}")
|
|
38
|
+
nil
|
|
39
|
+
end
|
|
33
40
|
|
|
34
41
|
return reload_or_enqueue(directory_path) unless cache
|
|
35
42
|
|
data/lib/zaikio/jwt_auth/jwk.rb
CHANGED
|
@@ -10,7 +10,10 @@ module Zaikio
|
|
|
10
10
|
class << self
|
|
11
11
|
def loader
|
|
12
12
|
lambda do |options|
|
|
13
|
+
return TestHelper.jwk_set if JWTAuth.configuration.test_mode
|
|
14
|
+
|
|
13
15
|
reload_keys if options[:invalidate]
|
|
16
|
+
|
|
14
17
|
{
|
|
15
18
|
keys: keys.map do |key_data|
|
|
16
19
|
JWT::JWK.import(key_data.with_indifferent_access).export
|
|
@@ -1,13 +1,36 @@
|
|
|
1
1
|
module Zaikio
|
|
2
2
|
module JWTAuth
|
|
3
3
|
module TestHelper
|
|
4
|
+
def self.jwk
|
|
5
|
+
@jwk ||= JWT::JWK.new(OpenSSL::PKey::RSA.new(2048), { kid: "test-kid", use: "sig", alg: "RS256" })
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.jwk_set
|
|
9
|
+
@jwk_set ||= JWT::JWK::Set.new(jwk).export
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
4
14
|
def after_teardown
|
|
5
15
|
Zaikio::JWTAuth.mocked_jwt_payload = nil
|
|
6
16
|
super
|
|
7
17
|
end
|
|
8
18
|
|
|
9
|
-
def mock_jwt(
|
|
10
|
-
Zaikio::JWTAuth.mocked_jwt_payload =
|
|
19
|
+
def mock_jwt(params)
|
|
20
|
+
Zaikio::JWTAuth.mocked_jwt_payload = generate_token_payload(params)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def issue_mock_jwt_token(params)
|
|
24
|
+
JWT.encode(
|
|
25
|
+
generate_token_payload(params),
|
|
26
|
+
jwk.signing_key,
|
|
27
|
+
jwk[:alg],
|
|
28
|
+
kid: jwk[:kid]
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def generate_token_payload(params)
|
|
33
|
+
{
|
|
11
34
|
iss: "ZAI",
|
|
12
35
|
sub: nil,
|
|
13
36
|
aud: %w[test_app],
|
|
@@ -16,8 +39,10 @@ module Zaikio
|
|
|
16
39
|
exp: 1.hour.from_now.to_i,
|
|
17
40
|
jku: "http://hub.zaikio.test/api/v1/jwt_public_keys.json",
|
|
18
41
|
scope: []
|
|
19
|
-
}.merge(
|
|
42
|
+
}.merge(params).stringify_keys
|
|
20
43
|
end
|
|
44
|
+
|
|
45
|
+
def jwk = Zaikio::JWTAuth::TestHelper.jwk
|
|
21
46
|
end
|
|
22
47
|
end
|
|
23
48
|
end
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -75,6 +75,12 @@ module Zaikio
|
|
|
75
75
|
TokenData.new(payload)
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
+
def self.decode_jwt(token, **options)
|
|
79
|
+
options = options.reverse_merge(algorithms: ["RS256"], jwks: JWK.loader)
|
|
80
|
+
payload, = JWT.decode(token, nil, true, **options)
|
|
81
|
+
TokenData.new(payload)
|
|
82
|
+
end
|
|
83
|
+
|
|
78
84
|
module ClassMethods
|
|
79
85
|
def authorize_by_jwt_subject_type(type = :_not_given_)
|
|
80
86
|
if type != :_not_given_
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2023-
|
|
13
|
+
date: 2023-07-21 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activejob
|
|
@@ -68,7 +68,7 @@ dependencies:
|
|
|
68
68
|
- - ">="
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
70
|
version: 2.2.1
|
|
71
|
-
description: JWT-Based authentication and authorization with
|
|
71
|
+
description: JWT-Based authentication and authorization with Zaikio.
|
|
72
72
|
email:
|
|
73
73
|
- op@crispymtn.com
|
|
74
74
|
- js@crispymtn.com
|
|
@@ -117,5 +117,5 @@ requirements: []
|
|
|
117
117
|
rubygems_version: 3.3.11
|
|
118
118
|
signing_key:
|
|
119
119
|
specification_version: 4
|
|
120
|
-
summary: JWT-Based authentication and authorization with
|
|
120
|
+
summary: JWT-Based authentication and authorization with Zaikio
|
|
121
121
|
test_files: []
|