zaikio-jwt_auth 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 590caa5aad36a46fd406e074f022ea4b89b22c9e701673cdc2d755de3cbbb15f
-  data.tar.gz: 16d71074b163e50dd491028e7c59cd3bcab6a6b4817fa6a53ff1e6420d5f5fa3
+  metadata.gz: '0559a98a2221978a8a5c35e6968d667d9c17287b1421500ae0062bad169c0ece'
+  data.tar.gz: be9a95f5684dd8329f1b5446400ad8704f46422a364de01675538f3001c0bf59
 SHA512:
-  metadata.gz: d194f56893bcaf2682397e4879c3ffad102146bd7ac78f08c3676ccb854fbf258a938a9f59c3b2338ce299b3c4b4b1ac54b991c37da52f71211b0f615494ad84
-  data.tar.gz: 9264c519c109d025f38bc4f95c9c4543e5b3d084d8bbe6241a42e42a3e70235b036f0fe7b63c21a44b2f5e89b2490268262aa237d6aa0e7cd28a5cbbe6f9567d
+  metadata.gz: d4f1a51bed19e09d9ca09eb873377639f6f197f289742d74e17a6d6fba3e130608547530ca65daa6ab40c3faad4a00a8b695582fee084d78b8e96e897165301f
+  data.tar.gz: bf0eab6e6761239b33ae00d565ffc0b884fd70ddea3d589a91a0a1c7b2bf124e955048e8a5eebfbc7e42d1b37ed41fd96b0d6139b5f19ce5b60358bf69525612

data/README.md

@@ -92,3 +92,21 @@ class API::ResourcesController < API::ApplicationController
   authorize_by_jwt_scopes 'resources'
 end
 ```
+
+6. Optionally, if you are using SSO: Check revoked tokens
+
+Additionally, the API provides a method called `revoked_jwt?` which expects the `jti` of the JWT.
+
+```rb
+Zaikio::JWTAuth.revoked_jwt?('jti-of-token') # returns true if token was revoked
+```
+
+7. Optionally, use the test helper module to mock JWTs in your minitests
+
+```rb
+# in your test_helper.rb
+include Zaikio::JWTAuth::TestHelper
+
+# in your tests you can use:
+mock_jwt(sub: 'Organization/123', scope: ['directory.organization.r'])
+```

data/lib/zaikio/jwt_auth.rb

@@ -5,6 +5,7 @@ require "zaikio/jwt_auth/configuration"
 require "zaikio/jwt_auth/directory_cache"
 require "zaikio/jwt_auth/jwk"
 require "zaikio/jwt_auth/token_data"
+require "zaikio/jwt_auth/test_helper"
 
 module Zaikio
   module JWTAuth
@@ -17,11 +18,31 @@ module Zaikio
       yield(configuration)
     end
 
+    def self.revoked_jwt?(jti)
+      blacklisted_token_ids.include?(jti)
+    end
+
+    def self.blacklisted_token_ids
+      return [] if mocked_jwt_payload
+
+      return configuration.blacklisted_token_ids if configuration.blacklisted_token_ids
+
+      DirectoryCache.fetch("api/v1/blacklisted_access_tokens.json", expires_after: 60.minutes)["blacklisted_token_ids"]
+    end
+
     def self.included(base)
       base.send :include, InstanceMethods
       base.send :extend, ClassMethods
     end
 
+    def self.mocked_jwt_payload
+      @mocked_jwt_payload
+    end
+
+    def self.mocked_jwt_payload=(payload)
+      @mocked_jwt_payload = payload
+    end
+
     module ClassMethods
       def authorize_by_jwt_subject_type(type = nil)
         @authorize_by_jwt_subject_type ||= type
@@ -65,11 +86,15 @@ module Zaikio
       private
 
       def jwt_from_auth_header
+        return true if Zaikio::JWTAuth.mocked_jwt_payload
+
         auth_header = request.headers["Authorization"]
         auth_header.split("Bearer ").last if /Bearer/.match?(auth_header)
       end
 
       def jwt_payload
+        return Zaikio::JWTAuth.mocked_jwt_payload if Zaikio::JWTAuth.mocked_jwt_payload
+
         payload, = JWT.decode(jwt_from_auth_header, nil, true, algorithms: ["RS256"], jwks: JWK.loader)
 
         payload
@@ -92,20 +117,11 @@ module Zaikio
       end
 
       def show_error_if_token_is_blacklisted(token_data)
-        return unless blacklisted_token_ids.include?(token_data.jti)
+        return unless Zaikio::JWTAuth.revoked_jwt?(token_data.jti)
 
         render_error("invalid_jwt")
       end
 
-      def blacklisted_token_ids
-        if Zaikio::JWTAuth.configuration.blacklisted_token_ids
-          return Zaikio::JWTAuth.configuration.blacklisted_token_ids
-        end
-
-        DirectoryCache.fetch("api/v1/blacklisted_access_tokens.json",
-                             expires_after: 60.minutes)["blacklisted_token_ids"]
-      end
-
       def render_error(error, status: :forbidden)
         render(status: status, json: { "errors" => [error] })
       end

data/lib/zaikio/jwt_auth/test_helper.rb

@@ -0,0 +1,23 @@
+module Zaikio
+  module JWTAuth
+    module TestHelper
+      def after_setup
+        Zaikio::JWTAuth.mocked_jwt_payload = nil
+        super
+      end
+
+      def mock_jwt(extra_payload)
+        Zaikio::JWTAuth.mocked_jwt_payload = {
+          iss: "ZAI",
+          sub: nil,
+          aud: %w[test_app],
+          jti: "unique-access-token-id",
+          nbf: Time.now.to_i,
+          exp: 1.hour.from_now.to_i,
+          jku: "http://directory.zaikio.test/api/v1/jwt_public_keys.json",
+          scope: []
+        }.merge(extra_payload).stringify_keys
+      end
+    end
+  end
+end

data/lib/zaikio/jwt_auth/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module JWTAuth
-    VERSION = "0.1.4".freeze
+    VERSION = "0.1.5".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Crispy Mountain GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-04 00:00:00.000000000 Z
+date: 2020-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oj
@@ -68,6 +68,7 @@ files:
 - lib/zaikio/jwt_auth/directory_cache.rb
 - lib/zaikio/jwt_auth/jwk.rb
 - lib/zaikio/jwt_auth/railtie.rb
+- lib/zaikio/jwt_auth/test_helper.rb
 - lib/zaikio/jwt_auth/token_data.rb
 - lib/zaikio/jwt_auth/version.rb
 homepage: https://www.zaikio.com/