zaikio-oauth_client 0.17.1 → 0.18.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +14 -4
  3. data/app/models/zaikio/access_token.rb +5 -1
  4. data/db/migrate/20220425130923_encrypt_tokens.rb +45 -0
  5. data/lib/zaikio/oauth_client/version.rb +1 -1
  6. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 237bdb03b2ab2870ef2c0b9a92c9dac64fb2c67df2bba8e9234831eb14954f42
4
- data.tar.gz: ae977109316a023585e008e669958775534eef2ecea309ede9b373d44f368fd4
3
+ metadata.gz: 25dbc767b924d59fa2706f4d7da22fd940ff80da966856447b8027e1ebca986c
4
+ data.tar.gz: 0a7dbef1ae4c475583c5958ce4320285ca32532b7f55cc7a2b33386109657e2d
5
5
  SHA512:
6
- metadata.gz: 44945aba1999049638cca10555d4dc192e191fa1fdf81965fa43fe31d1ab01c5e6054769a94efe0e862feee171a24b6d9a50853395628e497e30fb4629295ddf
7
- data.tar.gz: b97fe832a40614ef14da36d12492e368c86460b0dde1867f411d0360d581fb3fe60256b3efea8d1653d744a1598908d9636d1a97c7043a59de56f6b87deb23ee
6
+ metadata.gz: f7c542585a0f6d9b47736f587f3b4f75b4544c439f23da8013c67d2f5d27d081c649e7c62985d787956bc04363c0d27315a6cdeb6085c8d2d51b30e022f5e55c
7
+ data.tar.gz: 2f418622e4ff38e2f2e3f0b9550ffc170a0278584cc2261012a2632c5e7d7de6ca472f73e0a2720e11dcc8129663377772e692085ffc28cd13cac0573e3f9d4b
data/README.md CHANGED
@@ -14,7 +14,17 @@ Then run `bundle install`.
14
14
 
15
15
  ## Setup & Configuration
16
16
 
17
- ### 1. Copy & run Migrations
17
+ ### 1. Setup Active Record encryption
18
+
19
+ Setup [Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) by running:
20
+
21
+ ```
22
+ rails db:encryption:init
23
+ ```
24
+
25
+ (Continue generating the credentials each for different environments)
26
+
27
+ ### 2. Copy & run Migrations
18
28
 
19
29
  ```bash
20
30
  rails zaikio_oauth_client:install:migrations
@@ -24,7 +34,7 @@ rails db:migrate
24
34
  This will create the tables:
25
35
  + `zaikio_access_tokens`
26
36
 
27
- ### 2. Mount routes
37
+ ### 3. Mount routes
28
38
 
29
39
  Add this to `config/routes.rb`:
30
40
 
@@ -32,7 +42,7 @@ Add this to `config/routes.rb`:
32
42
  mount Zaikio::OAuthClient::Engine => "/zaikio"
33
43
  ```
34
44
 
35
- ### 3. Configure Gem
45
+ ### 4. Configure Gem
36
46
 
37
47
  ```rb
38
48
  # config/initializers/zaikio_oauth_client.rb
@@ -70,7 +80,7 @@ end
70
80
  ```
71
81
 
72
82
 
73
- ### 4. Clean up outdated access tokens (recommended)
83
+ ### 5. Clean up outdated access tokens (recommended)
74
84
 
75
85
  To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
76
86
 
data/app/models/zaikio/access_token.rb CHANGED
@@ -5,6 +5,10 @@ module Zaikio
5
5
  class AccessToken < ApplicationRecord
6
6
  self.table_name = "zaikio_access_tokens"
7
7
 
8
+ # Encryption
9
+ encrypts :token
10
+ encrypts :refresh_token
11
+
8
12
  def self.build_from_access_token(access_token, requested_scopes: nil)
9
13
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
10
14
  scopes = access_token.params["scope"].split(",")
@@ -63,7 +67,7 @@ module Zaikio
63
67
  end
64
68
 
65
69
  def bearer_klass
66
- return unless Zaikio.const_defined?(:"Hub::Models", false)
70
+ return unless Zaikio.const_defined?("Hub::Models", false) # rubocop:disable Performance/StringIdentifierArgument
67
71
 
68
72
  if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
69
73
  Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
data/db/migrate/20220425130923_encrypt_tokens.rb ADDED
@@ -0,0 +1,45 @@
1
+ class EncryptTokens < ActiveRecord::Migration[7.0]
2
+ def change
3
+ reversible do |dir|
4
+ dir.up do
5
+ rename_column :zaikio_access_tokens, :token, :unencrypted_token
6
+ rename_column :zaikio_access_tokens, :refresh_token, :unencrypted_refresh_token
7
+
8
+ add_column :zaikio_access_tokens, :token, :string
9
+ add_column :zaikio_access_tokens, :refresh_token, :string
10
+
11
+ Zaikio::AccessToken.find_each do |access_token|
12
+ access_token.update(
13
+ token: access_token.unencrypted_token,
14
+ refresh_token: access_token.unencrypted_refresh_token
15
+ )
16
+ end
17
+
18
+ change_column_null :zaikio_access_tokens, :token, false
19
+
20
+ remove_column :zaikio_access_tokens, :unencrypted_token, :string
21
+ remove_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
22
+ end
23
+
24
+ dir.down do
25
+ add_column :zaikio_access_tokens, :unencrypted_token, :string
26
+ add_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
27
+
28
+ Zaikio::AccessToken.find_each do |access_token|
29
+ access_token.update_columns(
30
+ unencrypted_token: access_token.token,
31
+ unencrypted_refresh_token: access_token.refresh_token
32
+ )
33
+ end
34
+
35
+ remove_column :zaikio_access_tokens, :token, :string
36
+ remove_column :zaikio_access_tokens, :refresh_token, :string
37
+
38
+ rename_column :zaikio_access_tokens, :unencrypted_token, :token
39
+ rename_column :zaikio_access_tokens, :unencrypted_refresh_token, :refresh_token
40
+
41
+ change_column_null :zaikio_access_tokens, :token, false
42
+ end
43
+ end
44
+ end
45
+ end
data/lib/zaikio/oauth_client/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.17.1".freeze
3
+ VERSION = "0.18.1".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.17.1
4
+ version: 0.18.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-07 00:00:00.000000000 Z
11
+ date: 2022-04-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -89,7 +89,7 @@ dependencies:
89
89
  version: '0.5'
90
90
  - - "<"
91
91
  - !ruby/object:Gem::Version
92
- version: '2.0'
92
+ version: '3.0'
93
93
  type: :runtime
94
94
  prerelease: false
95
95
  version_requirements: !ruby/object:Gem::Requirement
@@ -99,7 +99,7 @@ dependencies:
99
99
  version: '0.5'
100
100
  - - "<"
101
101
  - !ruby/object:Gem::Version
102
- version: '2.0'
102
+ version: '3.0'
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: pg
105
105
  requirement: !ruby/object:Gem::Requirement
@@ -157,6 +157,7 @@ files:
157
157
  - db/migrate/20191017132048_create_zaikio_access_tokens.rb
158
158
  - db/migrate/20210222135920_enhance_access_token_index.rb
159
159
  - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
160
+ - db/migrate/20220425130923_encrypt_tokens.rb
160
161
  - lib/tasks/zaikio_tasks.rake
161
162
  - lib/zaikio/oauth_client.rb
162
163
  - lib/zaikio/oauth_client/authenticatable.rb