zaikio-oauth_client 0.15.0 → 0.17.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a2ab7697b4dc9fc67d8558ae29f3ccff27c56c408c1c900e2331ab027c11bf7
|
|
4
|
+
data.tar.gz: b2a2d6424454e99e57a43cbad9762506d13ffd5709e7ca1dee8f1c2c96d7631b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8dc646a77bc4c31ee4ec0affc44017ebf7dc27cdfbd9c950e2fa6f542c030c82ee3be913f50474cc10f714e3c88132bcd601963170c3a02da05e677e8c2f23f1
|
|
7
|
+
data.tar.gz: 8b120868bccadf82c34a47e9eba11cfd0c3924a5db89c6463264cb1cc7ccbab7bcdad38d6a56138dfbfa334f9807fb200c470ebba7baa223a87d39b0e3cb212f
|
|
@@ -26,17 +26,17 @@ module Zaikio
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
# Scopes
|
|
29
|
-
scope :valid, lambda {
|
|
30
|
-
where("expires_at > :
|
|
29
|
+
scope :valid, lambda { |valid_until = Time.current|
|
|
30
|
+
where("expires_at > :valid_until", valid_until: valid_until)
|
|
31
31
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
32
32
|
}
|
|
33
33
|
scope :with_invalid_refresh_token, lambda {
|
|
34
34
|
where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
|
|
35
35
|
}
|
|
36
|
-
scope :valid_refresh, lambda {
|
|
37
|
-
where("expires_at <= :
|
|
38
|
-
|
|
39
|
-
created_at_max:
|
|
36
|
+
scope :valid_refresh, lambda { |valid_until = Time.current|
|
|
37
|
+
where("expires_at <= :valid_until AND created_at > :created_at_max",
|
|
38
|
+
valid_until: valid_until,
|
|
39
|
+
created_at_max: valid_until - refresh_token_valid_for)
|
|
40
40
|
.where.not(refresh_token: nil)
|
|
41
41
|
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
42
42
|
}
|
|
@@ -44,9 +44,10 @@ module Zaikio
|
|
|
44
44
|
where(bearer_type: bearer_type, bearer_id: bearer_id)
|
|
45
45
|
.where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
|
|
46
46
|
}
|
|
47
|
-
scope :usable, lambda { |options|
|
|
48
|
-
by_bearer(**options).valid.or(
|
|
49
|
-
|
|
47
|
+
scope :usable, lambda { |valid_until: Time.current, **options|
|
|
48
|
+
by_bearer(**options).valid(valid_until).or(
|
|
49
|
+
by_bearer(**options).valid_refresh
|
|
50
|
+
).order(expires_at: :desc)
|
|
50
51
|
}
|
|
51
52
|
|
|
52
53
|
def expired?
|
|
@@ -72,6 +73,8 @@ module Zaikio
|
|
|
72
73
|
end
|
|
73
74
|
|
|
74
75
|
def refresh!
|
|
76
|
+
return unless refresh_token?
|
|
77
|
+
|
|
75
78
|
Zaikio::OAuthClient.with_oauth_scheme(:basic_auth) do
|
|
76
79
|
refreshed_token = OAuth2::AccessToken.from_hash(
|
|
77
80
|
Zaikio::OAuthClient.for(audience),
|
|
@@ -80,16 +83,12 @@ module Zaikio
|
|
|
80
83
|
|
|
81
84
|
destroy
|
|
82
85
|
|
|
83
|
-
self.class.build_from_access_token(
|
|
84
|
-
refreshed_token,
|
|
85
|
-
requested_scopes: requested_scopes
|
|
86
|
-
).tap(&:save!)
|
|
86
|
+
self.class.build_from_access_token(refreshed_token, requested_scopes: requested_scopes).tap(&:save!)
|
|
87
87
|
end
|
|
88
88
|
rescue OAuth2::Error => e
|
|
89
89
|
raise unless e.code == "invalid_grant"
|
|
90
90
|
|
|
91
91
|
destroy
|
|
92
|
-
|
|
93
92
|
nil
|
|
94
93
|
end
|
|
95
94
|
end
|
|
@@ -4,7 +4,8 @@ module Zaikio
|
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
6
|
def new
|
|
7
|
-
opts = params.permit(:client_name, :show_signup, :prompt, :
|
|
7
|
+
opts = params.permit(:client_name, :show_signup, :prompt, :prompt_email_confirmation,
|
|
8
|
+
:force_login, :state, :lang)
|
|
8
9
|
opts[:lang] ||= I18n.locale if defined?(I18n)
|
|
9
10
|
client_name = opts.delete(:client_name)
|
|
10
11
|
opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
|
|
@@ -16,7 +17,7 @@ module Zaikio
|
|
|
16
17
|
)
|
|
17
18
|
end
|
|
18
19
|
|
|
19
|
-
def approve # rubocop:disable Metrics/MethodLength,Metrics/AbcSize
|
|
20
|
+
def approve # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
20
21
|
if params[:error].present?
|
|
21
22
|
redirect_to send(
|
|
22
23
|
respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
|
|
@@ -36,6 +37,7 @@ module Zaikio
|
|
|
36
37
|
|
|
37
38
|
origin = session[:origin]
|
|
38
39
|
session.delete(:origin)
|
|
40
|
+
session.delete(:oauth_attempts)
|
|
39
41
|
|
|
40
42
|
session[:zaikio_access_token_id] = access_token.id unless access_token.organization?
|
|
41
43
|
|
|
@@ -43,6 +45,13 @@ module Zaikio
|
|
|
43
45
|
respond_to?(:after_approve_path_for) ? :after_approve_path_for : :default_after_approve_path_for,
|
|
44
46
|
access_token, origin
|
|
45
47
|
)
|
|
48
|
+
rescue OAuth2::Error => e
|
|
49
|
+
raise e unless e.code == "invalid_grant"
|
|
50
|
+
raise e if session[:oauth_attempts].to_i >= 3
|
|
51
|
+
|
|
52
|
+
session[:oauth_attempts] = session[:oauth_attempts].to_i + 1
|
|
53
|
+
|
|
54
|
+
redirect_to new_path(client_name: params[:client_name])
|
|
46
55
|
end
|
|
47
56
|
|
|
48
57
|
def destroy
|
|
@@ -58,6 +67,10 @@ module Zaikio
|
|
|
58
67
|
|
|
59
68
|
private
|
|
60
69
|
|
|
70
|
+
def new_path(options = {})
|
|
71
|
+
zaikio_oauth_client.new_session_path(options)
|
|
72
|
+
end
|
|
73
|
+
|
|
61
74
|
def approve_url(client_name = nil)
|
|
62
75
|
zaikio_oauth_client.approve_session_url(client_name)
|
|
63
76
|
end
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -69,9 +69,10 @@ module Zaikio
|
|
|
69
69
|
token = find_usable_access_token(client_name: client_config.client_name,
|
|
70
70
|
bearer_type: bearer_type,
|
|
71
71
|
bearer_id: bearer_id,
|
|
72
|
-
requested_scopes: scopes
|
|
72
|
+
requested_scopes: scopes,
|
|
73
|
+
valid_for: valid_for)
|
|
73
74
|
|
|
74
|
-
token = token.refresh! if token
|
|
75
|
+
token = token.refresh! if token&.expired?
|
|
75
76
|
|
|
76
77
|
token ||= fetch_new_token(client_config: client_config,
|
|
77
78
|
bearer_type: bearer_type,
|
|
@@ -82,7 +83,7 @@ module Zaikio
|
|
|
82
83
|
|
|
83
84
|
# Finds the best usable access token. Note that this token may have expired and
|
|
84
85
|
# would require refreshing.
|
|
85
|
-
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:) # rubocop:disable Metrics/MethodLength
|
|
86
|
+
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:, valid_for: 30.seconds) # rubocop:disable Metrics/MethodLength
|
|
86
87
|
configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
|
|
87
88
|
"bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
|
|
88
89
|
|
|
@@ -92,7 +93,8 @@ module Zaikio
|
|
|
92
93
|
.usable(
|
|
93
94
|
bearer_type: bearer_type,
|
|
94
95
|
bearer_id: bearer_id,
|
|
95
|
-
requested_scopes: requested_scopes
|
|
96
|
+
requested_scopes: requested_scopes,
|
|
97
|
+
valid_until: valid_for.from_now
|
|
96
98
|
)
|
|
97
99
|
.first
|
|
98
100
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.17.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
187
187
|
- !ruby/object:Gem::Version
|
|
188
188
|
version: '0'
|
|
189
189
|
requirements: []
|
|
190
|
-
rubygems_version: 3.2.
|
|
190
|
+
rubygems_version: 3.2.22
|
|
191
191
|
signing_key:
|
|
192
192
|
specification_version: 4
|
|
193
193
|
summary: Zaikio Platform Connectivity
|