zaikio-oauth_client 0.17.0 → 0.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -4
- data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb +1 -1
- data/app/models/zaikio/access_token.rb +5 -1
- data/db/migrate/20220425130923_encrypt_tokens.rb +45 -0
- data/lib/zaikio/oauth_client/authenticatable.rb +2 -2
- data/lib/zaikio/oauth_client/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4f6d99b08d0e3fc512ce6a4bf8184be7c7d95144f3798062756f8f8159f86655
|
|
4
|
+
data.tar.gz: 4ed2286c417bdac976e6ad1f26c4ec84fc8d18b52312b082fd548800edfbec9b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fb66005f53cbb480678247a36aa77af00c32fb93cdf4ca9615aa3bf51efa82e83e60fdf4f61d68123e331a369451db548b40a8cc0f8e57cec3d6cd686872918f
|
|
7
|
+
data.tar.gz: 63e5d71e4025046ef18c1759d582262f319581a8462092026b7f21e19640250ce94f6caefe5a6365e823c910eb4d8a390cb3a65a328a579739b06387e2732141
|
data/README.md
CHANGED
|
@@ -14,7 +14,17 @@ Then run `bundle install`.
|
|
|
14
14
|
|
|
15
15
|
## Setup & Configuration
|
|
16
16
|
|
|
17
|
-
### 1.
|
|
17
|
+
### 1. Setup Active Record encryption
|
|
18
|
+
|
|
19
|
+
Setup [Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) by running:
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
rails db:encryption:init
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
(Continue generating the credentials each for different environments)
|
|
26
|
+
|
|
27
|
+
### 2. Copy & run Migrations
|
|
18
28
|
|
|
19
29
|
```bash
|
|
20
30
|
rails zaikio_oauth_client:install:migrations
|
|
@@ -24,7 +34,7 @@ rails db:migrate
|
|
|
24
34
|
This will create the tables:
|
|
25
35
|
+ `zaikio_access_tokens`
|
|
26
36
|
|
|
27
|
-
###
|
|
37
|
+
### 3. Mount routes
|
|
28
38
|
|
|
29
39
|
Add this to `config/routes.rb`:
|
|
30
40
|
|
|
@@ -32,7 +42,7 @@ Add this to `config/routes.rb`:
|
|
|
32
42
|
mount Zaikio::OAuthClient::Engine => "/zaikio"
|
|
33
43
|
```
|
|
34
44
|
|
|
35
|
-
###
|
|
45
|
+
### 4. Configure Gem
|
|
36
46
|
|
|
37
47
|
```rb
|
|
38
48
|
# config/initializers/zaikio_oauth_client.rb
|
|
@@ -70,7 +80,7 @@ end
|
|
|
70
80
|
```
|
|
71
81
|
|
|
72
82
|
|
|
73
|
-
###
|
|
83
|
+
### 5. Clean up outdated access tokens (recommended)
|
|
74
84
|
|
|
75
85
|
To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
|
|
76
86
|
|
|
@@ -5,6 +5,10 @@ module Zaikio
|
|
|
5
5
|
class AccessToken < ApplicationRecord
|
|
6
6
|
self.table_name = "zaikio_access_tokens"
|
|
7
7
|
|
|
8
|
+
# Encryption
|
|
9
|
+
encrypts :token
|
|
10
|
+
encrypts :refresh_token
|
|
11
|
+
|
|
8
12
|
def self.build_from_access_token(access_token, requested_scopes: nil)
|
|
9
13
|
payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
|
|
10
14
|
scopes = access_token.params["scope"].split(",")
|
|
@@ -63,7 +67,7 @@ module Zaikio
|
|
|
63
67
|
end
|
|
64
68
|
|
|
65
69
|
def bearer_klass
|
|
66
|
-
return unless Zaikio.const_defined?("Hub::Models", false)
|
|
70
|
+
return unless Zaikio.const_defined?("Hub::Models", false) # rubocop:disable Performance/StringIdentifierArgument
|
|
67
71
|
|
|
68
72
|
if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
|
|
69
73
|
Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
class EncryptTokens < ActiveRecord::Migration[7.0]
|
|
2
|
+
def change
|
|
3
|
+
reversible do |dir|
|
|
4
|
+
dir.up do
|
|
5
|
+
rename_column :zaikio_access_tokens, :token, :unencrypted_token
|
|
6
|
+
rename_column :zaikio_access_tokens, :refresh_token, :unencrypted_refresh_token
|
|
7
|
+
|
|
8
|
+
add_column :zaikio_access_tokens, :token, :string
|
|
9
|
+
add_column :zaikio_access_tokens, :refresh_token, :string
|
|
10
|
+
|
|
11
|
+
Zaikio::AccessToken.find_each do |access_token|
|
|
12
|
+
access_token.update(
|
|
13
|
+
token: access_token.unencrypted_token,
|
|
14
|
+
refresh_token: access_token.unencrypted_refresh_token
|
|
15
|
+
)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
change_column_null :zaikio_access_tokens, :token, false
|
|
19
|
+
|
|
20
|
+
remove_column :zaikio_access_tokens, :unencrypted_token, :string
|
|
21
|
+
remove_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
dir.down do
|
|
25
|
+
add_column :zaikio_access_tokens, :unencrypted_token, :string
|
|
26
|
+
add_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
|
|
27
|
+
|
|
28
|
+
Zaikio::AccessToken.find_each do |access_token|
|
|
29
|
+
access_token.update_columns(
|
|
30
|
+
unencrypted_token: access_token.token,
|
|
31
|
+
unencrypted_refresh_token: access_token.refresh_token
|
|
32
|
+
)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
remove_column :zaikio_access_tokens, :token, :string
|
|
36
|
+
remove_column :zaikio_access_tokens, :refresh_token, :string
|
|
37
|
+
|
|
38
|
+
rename_column :zaikio_access_tokens, :unencrypted_token, :token
|
|
39
|
+
rename_column :zaikio_access_tokens, :unencrypted_refresh_token, :refresh_token
|
|
40
|
+
|
|
41
|
+
change_column_null :zaikio_access_tokens, :token, false
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -14,7 +14,7 @@ module Zaikio
|
|
|
14
14
|
redirect_uri: approve_url(client_name),
|
|
15
15
|
scope: oauth_scope,
|
|
16
16
|
**opts
|
|
17
|
-
)
|
|
17
|
+
), allow_other_host: true
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def approve # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
@@ -46,7 +46,7 @@ module Zaikio
|
|
|
46
46
|
access_token, origin
|
|
47
47
|
)
|
|
48
48
|
rescue OAuth2::Error => e
|
|
49
|
-
raise e unless e.code == "invalid_grant"
|
|
49
|
+
raise e unless e.code == "invalid_grant" || e.code == "invalid_request"
|
|
50
50
|
raise e if session[:oauth_attempts].to_i >= 3
|
|
51
51
|
|
|
52
52
|
session[:oauth_attempts] = session[:oauth_attempts].to_i + 1
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-04-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -157,6 +157,7 @@ files:
|
|
|
157
157
|
- db/migrate/20191017132048_create_zaikio_access_tokens.rb
|
|
158
158
|
- db/migrate/20210222135920_enhance_access_token_index.rb
|
|
159
159
|
- db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
|
|
160
|
+
- db/migrate/20220425130923_encrypt_tokens.rb
|
|
160
161
|
- lib/tasks/zaikio_tasks.rake
|
|
161
162
|
- lib/zaikio/oauth_client.rb
|
|
162
163
|
- lib/zaikio/oauth_client/authenticatable.rb
|