zaikio-oauth_client 0.15.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a2ab7697b4dc9fc67d8558ae29f3ccff27c56c408c1c900e2331ab027c11bf7
|
|
4
|
+
data.tar.gz: b2a2d6424454e99e57a43cbad9762506d13ffd5709e7ca1dee8f1c2c96d7631b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8dc646a77bc4c31ee4ec0affc44017ebf7dc27cdfbd9c950e2fa6f542c030c82ee3be913f50474cc10f714e3c88132bcd601963170c3a02da05e677e8c2f23f1
|
|
7
|
+
data.tar.gz: 8b120868bccadf82c34a47e9eba11cfd0c3924a5db89c6463264cb1cc7ccbab7bcdad38d6a56138dfbfa334f9807fb200c470ebba7baa223a87d39b0e3cb212f
|
|
@@ -26,17 +26,17 @@ module Zaikio
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
# Scopes
|
|
29
|
-
scope :valid, lambda {
|
|
30
|
-
where("expires_at > :
|
|
29
|
+
scope :valid, lambda { |valid_until = Time.current|
|
|
30
|
+
where("expires_at > :valid_until", valid_until: valid_until)
|
|
31
31
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
32
32
|
}
|
|
33
33
|
scope :with_invalid_refresh_token, lambda {
|
|
34
34
|
where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
|
|
35
35
|
}
|
|
36
|
-
scope :valid_refresh, lambda {
|
|
37
|
-
where("expires_at <= :
|
|
38
|
-
|
|
39
|
-
created_at_max:
|
|
36
|
+
scope :valid_refresh, lambda { |valid_until = Time.current|
|
|
37
|
+
where("expires_at <= :valid_until AND created_at > :created_at_max",
|
|
38
|
+
valid_until: valid_until,
|
|
39
|
+
created_at_max: valid_until - refresh_token_valid_for)
|
|
40
40
|
.where.not(refresh_token: nil)
|
|
41
41
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
42
42
|
}
|
|
@@ -44,9 +44,10 @@ module Zaikio
|
|
|
44
44
|
where(bearer_type: bearer_type, bearer_id: bearer_id)
|
|
45
45
|
.where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
|
|
46
46
|
}
|
|
47
|
-
scope :usable, lambda { |options|
|
|
48
|
-
by_bearer(**options).valid.or(
|
|
49
|
-
|
|
47
|
+
scope :usable, lambda { |valid_until: Time.current, **options|
|
|
48
|
+
by_bearer(**options).valid(valid_until).or(
|
|
49
|
+
by_bearer(**options).valid_refresh
|
|
50
|
+
).order(expires_at: :desc)
|
|
50
51
|
}
|
|
51
52
|
|
|
52
53
|
def expired?
|
|
@@ -72,6 +73,8 @@ module Zaikio
|
|
|
72
73
|
end
|
|
73
74
|
|
|
74
75
|
def refresh!
|
|
76
|
+
return unless refresh_token?
|
|
77
|
+
|
|
75
78
|
Zaikio::OAuthClient.with_oauth_scheme(:basic_auth) do
|
|
76
79
|
refreshed_token = OAuth2::AccessToken.from_hash(
|
|
77
80
|
Zaikio::OAuthClient.for(audience),
|
|
@@ -80,16 +83,12 @@ module Zaikio
|
|
|
80
83
|
|
|
81
84
|
destroy
|
|
82
85
|
|
|
83
|
-
self.class.build_from_access_token(
|
|
84
|
-
refreshed_token,
|
|
85
|
-
requested_scopes: requested_scopes
|
|
86
|
-
).tap(&:save!)
|
|
86
|
+
self.class.build_from_access_token(refreshed_token, requested_scopes: requested_scopes).tap(&:save!)
|
|
87
87
|
end
|
|
88
88
|
rescue OAuth2::Error => e
|
|
89
89
|
raise unless e.code == "invalid_grant"
|
|
90
90
|
|
|
91
91
|
destroy
|
|
92
|
-
|
|
93
92
|
nil
|
|
94
93
|
end
|
|
95
94
|
end
|
|
@@ -4,7 +4,8 @@ module Zaikio
|
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
|
-
opts = params.permit(:client_name, :show_signup, :prompt, :
|
|
7
|
+
opts = params.permit(:client_name, :show_signup, :prompt, :prompt_email_confirmation,
|
|
8
|
+
:force_login, :state, :lang)
|
|
8
9
|
opts[:lang] ||= I18n.locale if defined?(I18n)
|
|
9
10
|
client_name = opts.delete(:client_name)
|
|
10
11
|
opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
|
|
@@ -16,7 +17,7 @@ module Zaikio
|
|
|
16
17
|
)
|
|
17
18
|
end
|
|
18
19
|
|
|
19
|
-
def approve # rubocop:disable Metrics/MethodLength,Metrics/AbcSize
|
|
20
|
+
def approve # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
20
21
|
if params[:error].present?
|
|
21
22
|
redirect_to send(
|
|
22
23
|
respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
|
|
@@ -36,6 +37,7 @@ module Zaikio
|
|
|
36
37
|
|
|
37
38
|
origin = session[:origin]
|
|
38
39
|
session.delete(:origin)
|
|
40
|
+
session.delete(:oauth_attempts)
|
|
39
41
|
|
|
40
42
|
session[:zaikio_access_token_id] = access_token.id unless access_token.organization?
|
|
41
43
|
|
|
@@ -43,6 +45,13 @@ module Zaikio
|
|
|
43
45
|
respond_to?(:after_approve_path_for) ? :after_approve_path_for : :default_after_approve_path_for,
|
|
44
46
|
access_token, origin
|
|
45
47
|
)
|
|
48
|
+
rescue OAuth2::Error => e
|
|
49
|
+
raise e unless e.code == "invalid_grant"
|
|
50
|
+
raise e if session[:oauth_attempts].to_i >= 3
|
|
51
|
+
|
|
52
|
+
session[:oauth_attempts] = session[:oauth_attempts].to_i + 1
|
|
53
|
+
|
|
54
|
+
redirect_to new_path(client_name: params[:client_name])
|
|
46
55
|
end
|
|
47
56
|
|
|
48
57
|
def destroy
|
|
@@ -58,6 +67,10 @@ module Zaikio
|
|
|
58
67
|
|
|
59
68
|
private
|
|
60
69
|
|
|
70
|
+
def new_path(options = {})
|
|
71
|
+
zaikio_oauth_client.new_session_path(options)
|
|
72
|
+
end
|
|
73
|
+
|
|
61
74
|
def approve_url(client_name = nil)
|
|
62
75
|
zaikio_oauth_client.approve_session_url(client_name)
|
|
63
76
|
end
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -69,9 +69,10 @@ module Zaikio
|
|
|
69
69
|
token = find_usable_access_token(client_name: client_config.client_name,
|
|
70
70
|
bearer_type: bearer_type,
|
|
71
71
|
bearer_id: bearer_id,
|
|
72
|
-
requested_scopes: scopes
|
|
72
|
+
requested_scopes: scopes,
|
|
73
|
+
valid_for: valid_for)
|
|
73
74
|
|
|
74
|
-
token = token.refresh! if token
|
|
75
|
+
token = token.refresh! if token&.expired?
|
|
75
76
|
|
|
76
77
|
token ||= fetch_new_token(client_config: client_config,
|
|
77
78
|
bearer_type: bearer_type,
|
|
@@ -82,7 +83,7 @@ module Zaikio
|
|
|
82
83
|
|
|
83
84
|
# Finds the best usable access token. Note that this token may have expired and
|
|
84
85
|
# would require refreshing.
|
|
85
|
-
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:) # rubocop:disable Metrics/MethodLength
|
|
86
|
+
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
|
|
86
87
|
configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
|
|
87
88
|
"bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
|
|
88
89
|
|
|
@@ -92,7 +93,8 @@ module Zaikio
|
|
|
92
93
|
.usable(
|
|
93
94
|
bearer_type: bearer_type,
|
|
94
95
|
bearer_id: bearer_id,
|
|
95
|
-
requested_scopes: requested_scopes
|
|
96
|
+
requested_scopes: requested_scopes,
|
|
97
|
+
valid_until: valid_for.from_now
|
|
96
98
|
)
|
|
97
99
|
.first
|
|
98
100
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.17.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
187
187
|
- !ruby/object:Gem::Version
|
|
188
188
|
version: '0'
|
|
189
189
|
requirements: []
|
|
190
|
-
rubygems_version: 3.2.
|
|
190
|
+
rubygems_version: 3.2.22
|
|
191
191
|
signing_key:
|
|
192
192
|
specification_version: 4
|
|
193
193
|
summary: Zaikio Platform Connectivity
|