zaikio-jwt_auth 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/zaikio/jwt_auth/directory_cache.rb +11 -5
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- data/lib/zaikio/jwt_auth.rb +14 -3
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b3b79eed92b123729aea0048bfcd019ca98bb914430a5d8cd1f081241ef3752
|
|
4
|
+
data.tar.gz: d148777cff0767854dfedd703eaf55713666fd6e96d2551f6cd68103f59f52bc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 891bf2b7f94f9ee25878ebd46e49e7e2fcf8e7472d2688e9c00716241199b78ad2d57c14a5ac3b0ff9605ce1059c8be2285c9d97513a192c1eb989ab8ba1ed65
|
|
7
|
+
data.tar.gz: d44a02245269d8693380ba6a6e7a389214582848b3264ae5fc2b11678c8d2ba5bb2f77781bb63c85e4c110ec08490fd0f87c309b1770253388a7b76707107d87
|
data/README.md
CHANGED
|
@@ -63,6 +63,24 @@ end
|
|
|
63
63
|
|
|
64
64
|
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
|
65
65
|
|
|
66
|
+
Both of these behaviours are automatically inherited by child classes, for example:
|
|
67
|
+
|
|
68
|
+
```ruby
|
|
69
|
+
class API::ChildController < API::ResourcesController
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
API::ChildController.authorize_by_jwt_subject_type
|
|
73
|
+
#=> "Organization"
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
You can always override the behaviour in children if needed:
|
|
77
|
+
|
|
78
|
+
```ruby
|
|
79
|
+
class API::ChildController < API::ResourcesController
|
|
80
|
+
authorize_by_jwt_subject_type nil
|
|
81
|
+
end
|
|
82
|
+
```
|
|
83
|
+
|
|
66
84
|
#### Modifying required scopes
|
|
67
85
|
If you nonetheless want to change the required scopes for CRUD routes, you can use the `type` option which accepts the following values: `:read`, `:write`, `:read_write`
|
|
68
86
|
|
|
@@ -56,21 +56,27 @@ module Zaikio
|
|
|
56
56
|
|
|
57
57
|
data
|
|
58
58
|
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
|
|
59
|
-
Zaikio::JWTAuth.configuration.logger
|
|
59
|
+
Zaikio::JWTAuth.configuration.logger
|
|
60
|
+
.info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
|
|
60
61
|
UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
|
|
61
62
|
nil
|
|
62
63
|
end
|
|
63
64
|
|
|
64
65
|
def fetch_from_directory(directory_path)
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
http.use_ssl = uri.scheme == "https"
|
|
68
|
-
response = http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
66
|
+
response = make_http_request(directory_path)
|
|
67
|
+
|
|
69
68
|
raise BadResponseError unless (200..299).cover?(response.code.to_i)
|
|
70
69
|
raise BadResponseError unless response["content-type"].to_s.include?("application/json")
|
|
71
70
|
|
|
72
71
|
Oj.load(response.body)
|
|
73
72
|
end
|
|
73
|
+
|
|
74
|
+
def make_http_request(directory_path)
|
|
75
|
+
uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
|
|
76
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
77
|
+
http.use_ssl = uri.scheme == "https"
|
|
78
|
+
http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
79
|
+
end
|
|
74
80
|
end
|
|
75
81
|
end
|
|
76
82
|
end
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -45,7 +45,7 @@ module Zaikio
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def self.mocked_jwt_payload
|
|
48
|
-
@mocked_jwt_payload
|
|
48
|
+
instance_variable_defined?(:@mocked_jwt_payload) && @mocked_jwt_payload
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def self.mocked_jwt_payload=(payload)
|
|
@@ -67,8 +67,12 @@ module Zaikio
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
module ClassMethods
|
|
70
|
-
def authorize_by_jwt_subject_type(type =
|
|
71
|
-
|
|
70
|
+
def authorize_by_jwt_subject_type(type = :_not_given_)
|
|
71
|
+
if type != :_not_given_
|
|
72
|
+
@authorize_by_jwt_subject_type = type
|
|
73
|
+
elsif instance_variable_defined?(:@authorize_by_jwt_subject_type)
|
|
74
|
+
@authorize_by_jwt_subject_type
|
|
75
|
+
end
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
def authorize_by_jwt_scopes(scopes = nil, options = {})
|
|
@@ -78,6 +82,13 @@ module Zaikio
|
|
|
78
82
|
|
|
79
83
|
@authorize_by_jwt_scopes
|
|
80
84
|
end
|
|
85
|
+
|
|
86
|
+
def inherited(child)
|
|
87
|
+
super(child)
|
|
88
|
+
|
|
89
|
+
child.instance_variable_set(:@authorize_by_jwt_subject_type, @authorize_by_jwt_subject_type)
|
|
90
|
+
child.instance_variable_set(:@authorize_by_jwt_scopes, @authorize_by_jwt_scopes)
|
|
91
|
+
end
|
|
81
92
|
end
|
|
82
93
|
|
|
83
94
|
module InstanceMethods
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2022-04-22 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activejob
|
|
@@ -113,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
113
113
|
- !ruby/object:Gem::Version
|
|
114
114
|
version: '0'
|
|
115
115
|
requirements: []
|
|
116
|
-
rubygems_version: 3.
|
|
116
|
+
rubygems_version: 3.3.11
|
|
117
117
|
signing_key:
|
|
118
118
|
specification_version: 4
|
|
119
119
|
summary: JWT-Based authentication and authorization with zaikio
|