RubyGems - zaikio-jwt_auth - Versions diffs - 0.1.7 → 0.2.0 - Mend

zaikio-jwt_auth 0.1.7 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +33 -40
data/app/jobs/zaikio/jwt_auth/revoke_access_token_job.rb +12 -0
data/lib/zaikio/jwt_auth.rb +7 -0
data/lib/zaikio/jwt_auth/configuration.rb +1 -0
data/lib/zaikio/jwt_auth/engine.rb +9 -0
data/lib/zaikio/jwt_auth/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa5cedf782b4972795398012fb5d50f5156995a34951a077b49ab8c72d47af6c
-  data.tar.gz: 2e76b158eaddb1c7993412883fe0926af121ac1e959c8f0ff6e9fdc4a71fd17c
+  metadata.gz: 608b4341e5cb5797a302e65439882e050044fd2676b0fc01f7931783529ee032
+  data.tar.gz: 1dcaeb58daa1f352c352b8a3e65bab7e46618c4dba30f64af2141c25bb1f2dee
 SHA512:
-  metadata.gz: 0c837c489820a0bfe172813a22e0a974bb5686724826db11a76c88cf08085c2ca250124310dedc95146e640b6755ad32e18490a35cf617270c736ab63fbe46b1
-  data.tar.gz: da668d14415c81d38a08b8d1bed52390b7040476301ac049a43c63a8e96eb973b229ebd5ad689b215b244b99dd18edbc0e3ff78f24eb84d1245babb977b09cdf
+  metadata.gz: 2289f1f2fc4ddc1a84070f6df75ebbfb143b4b0634ff8a64d3c54cfa5fb2741de8734aaa398989fd9fb63a43dde8ccb4849fa497eee8f6e3a1897acd5fde4dcf
+  data.tar.gz: 4b935055a6461f2f2e22dec109634e41b40222773fb363811e76d29327eea22d81210a470e6d9865092473d114c1c21646a99bcbb0942cdc4e39229f7f4e8291

data/README.md CHANGED

@@ -2,11 +2,9 @@
 Gem for JWT-Based authentication and authorization with zaikio.
-## Usage
 ## Installation
-1. Add this line to your application's Gemfile:
+### 1. Add this line to your application's Gemfile:
 ```ruby
 gem 'zaikio-jwt_auth'
@@ -22,7 +20,7 @@ Or install it yourself as:
 $ gem install zaikio-jwt_auth
 ```
-2. Configure the gem:
+### 2. Configure the gem:
 ```rb
 # config/initializers/zaikio_jwt_auth.rb
@@ -34,7 +32,7 @@ Zaikio::JWTAuth.configure do |config|
 end
 ```
-3. Extend your API application controller:
+### 3. Extend your API application controller:
 ```rb
 class API::ApplicationController < ActionController::Base
@@ -49,42 +47,12 @@ class API::ApplicationController < ActionController::Base
 end
 ```
-4. Update Revoked Access Tokens by Webhook
-```rb
-# ENV['ZAIKIO_SHARED_SECRET'] needs to be defined first, you can find it on your
-# app details page in zaikio. Fore more help read:
-# https://docs.zaikio.com/guide/loom/receiving-events.html
-class WebhooksController < ActionController::Base
-  include Zaikio::JWTAuth
-  before_action :verify_signature
-  before_action :update_blacklisted_access_tokens_by_webhook
+### 4. Update Revoked Access Tokens by Webhook
-  def create
-    case params[:name]
-      # Manage other events
-    end
+This gem automatically registers a webhook, if you have properly setup [Zaikio::Webhooks](https://github.com/crispymtn/zaikio-webhooks).
-    render json: { received: true }
-  end
-  private
-  def verify_signature
-    # Read More: https://docs.zaikio.com/guide/loom/receiving-events.html
-    unless ActiveSupport::SecurityUtils.secure_compare(
-      OpenSSL::HMAC.hexdigest("SHA256", "shared-secret", request.body.read),
-      request.headers["X-Loom-Signature"]
-    )
-      render json: { received: true }
-    end
-  end
-end
-```
-5. Add more restrictions to your resources:
+### 5. Add more restrictions to your resources:
 ```rb
 class API::ResourcesController < API::ApplicationController
@@ -93,7 +61,7 @@ class API::ResourcesController < API::ApplicationController
 end
 ```
-6. Optionally, if you are using SSO: Check revoked tokens
+### 6. Optionally, if you are using SSO: Check revoked tokens
 Additionally, the API provides a method called `revoked_jwt?` which expects the `jti` of the JWT.
@@ -101,7 +69,7 @@ Additionally, the API provides a method called `revoked_jwt?` which expects the
 Zaikio::JWTAuth.revoked_jwt?('jti-of-token') # returns true if token was revoked
 ```
-7. Optionally, use the test helper module to mock JWTs in your minitests
+### 7. Optionally, use the test helper module to mock JWTs in your minitests
 ```rb
 # in your test_helper.rb
@@ -110,3 +78,28 @@ include Zaikio::JWTAuth::TestHelper
 # in your tests you can use:
 mock_jwt(sub: 'Organization/123', scope: ['directory.organization.r'])
 ```
+## Advanced
+### `only` and `except`
+Similar to Rails' controller callbacks, `authorize_by_jwt_scopes` can also be passed a list of actions:
+```rb
+class API::ResourcesController < API::ApplicationController
+  authorize_by_jwt_subject_type 'Organization'
+  authorize_by_jwt_scopes 'resources', except: :destroy
+  authorize_by_jwt_scopes 'remove_resources', only: [:destroy]
+end
+```
+### `if` and `unless`
+Similar to Rails' controller callbacks, `authorize_by_jwt_scopes` can also handle a lambda in the context of the controller to request parameters.
+```rb
+class API::ResourcesController < API::ApplicationController
+  authorize_by_jwt_scopes 'resources', unless: -> { params[:skip] == '1' }
+end
+```

data/app/jobs/zaikio/jwt_auth/revoke_access_token_job.rb ADDED

@@ -0,0 +1,12 @@
+module Zaikio
+  module JWTAuth
+    class RevokeAccessTokenJob < ApplicationJob
+      def perform(event)
+        DirectoryCache.update("api/v1/blacklisted_access_tokens.json", expires_after: 60.minutes) do |data|
+          data["blacklisted_token_ids"] << event.payload["access_token_id"]
+          data
+        end
+      end
+    end
+  end
+end

data/lib/zaikio/jwt_auth.rb CHANGED

@@ -5,6 +5,7 @@ require "zaikio/jwt_auth/configuration"
 require "zaikio/jwt_auth/directory_cache"
 require "zaikio/jwt_auth/jwk"
 require "zaikio/jwt_auth/token_data"
+require "zaikio/jwt_auth/engine"
 require "zaikio/jwt_auth/test_helper"
 module Zaikio
@@ -15,6 +16,12 @@ module Zaikio
     def self.configure
       self.configuration ||= Configuration.new
+      if Zaikio.const_defined?("Webhooks")
+        Zaikio::Webhooks.on "directory.revoked_access_token", Zaikio::JWTAuth::RevokeAccessTokenJob,
+                            perform_now: true
+      end
       yield(configuration)
     end

data/lib/zaikio/jwt_auth/configuration.rb CHANGED

@@ -18,6 +18,7 @@ module Zaikio
       def initialize
         @environment = :sandbox
+        @blacklisted_token_ids = nil
       end
       def logger

data/lib/zaikio/jwt_auth/engine.rb ADDED

@@ -0,0 +1,9 @@
+module Zaikio
+  module JWTAuth
+    class Engine < ::Rails::Engine
+      isolate_namespace Zaikio::JWTAuth
+      engine_name "zaikio_jwt_auth"
+      config.generators.api_only = true
+    end
+  end
+end

data/lib/zaikio/jwt_auth/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Zaikio
   module JWTAuth
-    VERSION = "0.1.7".freeze
+    VERSION = "0.2.0".freeze
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.2.0
 platform: ruby
 authors:
 - Crispy Mountain GmbH
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-20 00:00:00.000000000 Z
+date: 2020-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oj
@@ -62,10 +62,12 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
+- app/jobs/zaikio/jwt_auth/revoke_access_token_job.rb
 - lib/tasks/zaikio/jwt_auth_tasks.rake
 - lib/zaikio/jwt_auth.rb
 - lib/zaikio/jwt_auth/configuration.rb
 - lib/zaikio/jwt_auth/directory_cache.rb
+- lib/zaikio/jwt_auth/engine.rb
 - lib/zaikio/jwt_auth/jwk.rb
 - lib/zaikio/jwt_auth/railtie.rb
 - lib/zaikio/jwt_auth/test_helper.rb