zaikio-oauth_client 0.12.0 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e007c62cd36b1b00aa8e542958bb5d627b5ca417ffc6559f45de3868e79149a
-  data.tar.gz: 9977c82c5f734d93b05269a7e9fb30e6fe6df1b15a291d680a48fa38bea079a8
+  metadata.gz: fb0748eddd282729e6a9ca264b17a59d58b9822c5e900f1bc3690b2b10549567
+  data.tar.gz: 191d4f0652fa8dfb9dae28bbfcd550ef8b2114366ef41ad291f25620011e8d3e
 SHA512:
-  metadata.gz: eeb3f43dc40d4cabeb1f585864ff76c716243e6d0336164b0e3b98c7e2e41bdbd25ffdeaeeeb4b7ee1ccefe20cf1f458bd0af62e1cb2238af3ad258ad6cf4804
-  data.tar.gz: e3b47a58b780c92ed0b8a9c5ae0df7011026feed340204e8deb80a88ca2562b4a220cd59c8d5907982488001b6738d5c0eb0ba2495771c0de2a0310f44de42bd
+  metadata.gz: 21c66faa4cd6cad8b787b39f919b0e1c30ec718b912f5442ad0fd4c96b7871a0db798bdf84e798d3ddaf441f8ae96819abea31fad7b4a631b12d2983fef378be
+  data.tar.gz: acc5550981b27d38cb986e0b934d4dad992ea7f3c462d9dd1f6c202a304e4cd13bb8e202db070f66f458e3263606601943d1f078d9967125c89b068d82554126

data/README.md

@@ -36,32 +36,34 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
 
 ```rb
 # config/initializers/zaikio_oauth_client.rb
-Zaikio::OAuthClient.configure do |config|
-  config.environment = :sandbox
-
-  config.register_client :warehouse do |warehouse|
-    warehouse.client_id       = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
-    warehouse.client_secret   = "ShiKTnHqEf3M8nyHQPyZgbz7"
-    warehouse.default_scopes  = %w[directory.person.r]
-
-    warehouse.register_organization_connection do |org|
-      org.default_scopes = %w[directory.organization.r]
+Rails.application.reloader.to_prepare do
+  Zaikio::OAuthClient.configure do |config|
+    config.environment = :sandbox
+
+    config.register_client :warehouse do |warehouse|
+      warehouse.client_id       = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
+      warehouse.client_secret   = "ShiKTnHqEf3M8nyHQPyZgbz7"
+      warehouse.default_scopes  = %w[directory.person.r]
+
+      warehouse.register_organization_connection do |org|
+        org.default_scopes = %w[directory.organization.r]
+      end
     end
-  end
 
-  config.register_client :warehouse_goods_call_of do |warehouse_goods_call_of|
-    warehouse_goods_call_of.client_id       = "12345-7ba2-41ed-8890-97d88e6472f6"
-    warehouse_goods_call_of.client_secret   = "secret"
-    warehouse_goods_call_of.default_scopes  = %w[directory.person.r]
+    config.register_client :warehouse_goods_call_of do |warehouse_goods_call_of|
+      warehouse_goods_call_of.client_id       = "12345-7ba2-41ed-8890-97d88e6472f6"
+      warehouse_goods_call_of.client_secret   = "secret"
+      warehouse_goods_call_of.default_scopes  = %w[directory.person.r]
 
-    warehouse_goods_call_of.register_organization_connection do |org|
-      org.default_scopes = %w[directory.organization.r]
+      warehouse_goods_call_of.register_organization_connection do |org|
+        org.default_scopes = %w[directory.organization.r]
+      end
     end
-  end
 
-  config.around_auth do |access_token, block|
-    Zaikio::Hub.with_token(access_token.token) do
-      block.call(access_token)
+    config.around_auth do |access_token, block|
+      Zaikio::Hub.with_token(access_token.token) do
+        block.call(access_token)
+      end
     end
   end
 end
@@ -239,6 +241,21 @@ class MyControllerTest < ActionDispatch::IntegrationTest
 end
 ```
 
+For system tests (e.g. with a separate browser instance), there's a special helper:
+
+```rb
+class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  include Zaikio::OAuthClient::SystemTestHelper
+
+  test "does request" do
+    person = people(:my_person)
+    logged_in_as(person)
+
+    visit "/"
+  end
+end
+```
+
 #### Authenticated requests
 
 Now further requests to the Directory API or to other Zaikio APIs should be made. For this purpose the OAuthClient provides a helper method `with_auth` that automatically fetches an access token from the database, requests a refresh token or creates a new access token via client credentials flow.
@@ -249,6 +266,18 @@ Zaikio::OAuthClient.with_auth(bearer_type: "Organization", bearer_id: "fd61f5f5-
 end
 ```
 
+If you need the token for a certain period (e.g. a long-running job which makes many
+requests in sequence), you can specify the `valid_for` interval when requesting the token.
+By default, it won't return an access token which was due to expire in less than 30
+seconds from now. If there is an existing token, but it was due to expire before the end
+of the validity period, this will go and get a fresh token anyway:
+
+```rb
+Zaikio::OAuthClient.with_auth(..., valid_for: 10.minutes) do |access_token|
+  # ...
+end
+```
+
 ## Use of dummy app
 
 You can use the included dummy app as a showcase for the workflow and to adjust your own application. To set up the dummy application properly, go into `test/dummy` and use [puma-dev](https://github.com/puma/puma-dev) like this:

data/Rakefile

@@ -35,9 +35,7 @@ require 'rubocop/rake_task'
 
 namespace :test do
   desc 'Runs RuboCop on specified directories'
-  RuboCop::RakeTask.new(:rubocop) do |task|
-    task.fail_on_error = false
-  end
+  RuboCop::RakeTask.new(:rubocop)
 end
 
 Rake::Task[:test].enhance ['test:rubocop']

data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb

@@ -3,7 +3,6 @@ module Zaikio
     class SubscriptionsController < ConnectionsController
       def new
         opts = params.permit(:client_name, :state, :plan, :organization_id)
-        opts[:redirect_with_error] = 1
         opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
 
         plan            = opts.delete(:plan)

data/app/models/zaikio/access_token.rb

@@ -5,7 +5,7 @@ module Zaikio
   class AccessToken < ApplicationRecord
     self.table_name = "zaikio_access_tokens"
 
-    def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
+    def self.build_from_access_token(access_token, requested_scopes: nil)
       payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
       scopes = access_token.params["scope"].split(",")
       new(
@@ -37,7 +37,7 @@ module Zaikio
       where("expires_at <= :now AND created_at > :created_at_max",
             now: Time.current,
             created_at_max: Time.current - refresh_token_valid_for)
-        .where("refresh_token IS NOT NULL")
+        .where.not(refresh_token: nil)
         .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
     }
     scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|

data/lib/zaikio/oauth_client.rb

@@ -49,7 +49,7 @@ module Zaikio
                          get_access_token(**options_or_access_token)
                        end
 
-        return unless block_given?
+        return unless block
 
         if configuration.around_auth_block
           configuration.around_auth_block.call(access_token, block)
@@ -62,7 +62,7 @@ module Zaikio
       #   * If the token has expired, it will be refreshed using the refresh_token flow
       #     (if this fails, we fallback to getting a new token using client_credentials)
       #   * If the token does not exist, we'll get a new one using the client_credentials flow
-      def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil)
+      def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil, valid_for: 30.seconds)
         client_config = client_config_for(client_name || self.client_name)
         scopes ||= client_config.default_scopes_for(bearer_type)
 
@@ -71,7 +71,7 @@ module Zaikio
                                          bearer_id: bearer_id,
                                          requested_scopes: scopes)
 
-        token = token.refresh! if token&.expired?
+        token = token.refresh! if token && (token.expired? || token.expires_at < valid_for.from_now)
 
         token ||= fetch_new_token(client_config: client_config,
                                   bearer_type: bearer_type,
@@ -82,9 +82,9 @@ module Zaikio
 
       # Finds the best usable access token. Note that this token may have expired and
       # would require refreshing.
-      def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
+      def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)  # rubocop:disable Metrics/MethodLength
         configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
-          "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
+                                   "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
 
         fetch_access_token = lambda {
           Zaikio::AccessToken
@@ -117,9 +117,9 @@ module Zaikio
 
       def get_plain_scopes(scopes)
         regex = /^((Org|Per)\.)?(.*)$/
-        scopes.map do |scope|
+        scopes.filter_map do |scope|
           (regex.match(scope) || [])[3]
-        end.compact
+        end
       end
 
       private

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -4,8 +4,8 @@ module Zaikio
       extend ActiveSupport::Concern
 
       def new
-        opts = params.permit(:client_name, :show_signup, :force_login, :state)
-        opts[:redirect_with_error] = 1
+        opts = params.permit(:client_name, :show_signup, :prompt, :force_login, :state, :lang)
+        opts[:lang] ||= I18n.locale if defined?(I18n)
         client_name = opts.delete(:client_name)
         opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
 
@@ -16,7 +16,7 @@ module Zaikio
         )
       end
 
-      def approve
+      def approve  # rubocop:disable Metrics/MethodLength,Metrics/AbcSize
         if params[:error].present?
           redirect_to send(
             respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
@@ -81,7 +81,7 @@ module Zaikio
 
       def client_config
         client_config = Zaikio::OAuthClient.configuration.find!(client_name)
-        client_config = use_org_config? ? client_config.org_config : client_config
+        client_config = client_config.org_config if use_org_config?
 
         client_config or raise ActiveRecord::RecordNotFound
       end

data/lib/zaikio/oauth_client/client_configuration.rb

@@ -20,7 +20,7 @@ module Zaikio
           client_secret,
           authorize_url: "oauth/authorize",
           token_url: "oauth/access_token",
-          connection_opts: { headers: { "Accept": "application/json" } },
+          connection_opts: { headers: { Accept: "application/json" } },
           site: Zaikio::OAuthClient.configuration.host
         )
 

data/lib/zaikio/oauth_client/system_test_helper.rb

@@ -0,0 +1,18 @@
+require_relative "./test_helper"
+
+module Zaikio
+  module OAuthClient
+    module SystemTestHelper
+      include ::Zaikio::OAuthClient::TestHelper
+
+      def set_session(key, value)
+        visit "/zaikio/oauth_client/test_helper/session?#{{ key: key, id: value }.to_query}"
+      end
+
+      def get_session(key)
+        visit "/zaikio/oauth_client/test_helper/get_session?#{{ key: key }.to_query}"
+        page.text
+      end
+    end
+  end
+end

data/lib/zaikio/oauth_client/test_helper.rb

@@ -3,7 +3,7 @@ module Zaikio
     module TestHelper
       extend ActiveSupport::Concern
 
-      class TestSessionController < ActionController::Base
+      class TestSessionController < ActionController::Base # rubocop:disable Rails/ApplicationController
         def show
           if session[params[:key]].nil?
             head :no_content

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.12.0".freeze
+    VERSION = "0.15.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.15.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-23 00:00:00.000000000 Z
+date: 2021-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -84,16 +84,22 @@ dependencies:
   name: zaikio-jwt_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -158,6 +164,7 @@ files:
 - lib/zaikio/oauth_client/configuration.rb
 - lib/zaikio/oauth_client/engine.rb
 - lib/zaikio/oauth_client/error.rb
+- lib/zaikio/oauth_client/system_test_helper.rb
 - lib/zaikio/oauth_client/test_helper.rb
 - lib/zaikio/oauth_client/version.rb
 homepage: https://github.com/zaikio/zaikio-oauth_client