zaikio-oauth_client 0.17.1 → 0.18.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -4
- data/app/models/zaikio/access_token.rb +5 -1
- data/db/migrate/20220425130923_encrypt_tokens.rb +45 -0
- data/lib/zaikio/oauth_client/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 25dbc767b924d59fa2706f4d7da22fd940ff80da966856447b8027e1ebca986c
|
4
|
+
data.tar.gz: 0a7dbef1ae4c475583c5958ce4320285ca32532b7f55cc7a2b33386109657e2d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f7c542585a0f6d9b47736f587f3b4f75b4544c439f23da8013c67d2f5d27d081c649e7c62985d787956bc04363c0d27315a6cdeb6085c8d2d51b30e022f5e55c
|
7
|
+
data.tar.gz: 2f418622e4ff38e2f2e3f0b9550ffc170a0278584cc2261012a2632c5e7d7de6ca472f73e0a2720e11dcc8129663377772e692085ffc28cd13cac0573e3f9d4b
|
data/README.md
CHANGED
@@ -14,7 +14,17 @@ Then run `bundle install`.
|
|
14
14
|
|
15
15
|
## Setup & Configuration
|
16
16
|
|
17
|
-
### 1.
|
17
|
+
### 1. Setup Active Record encryption
|
18
|
+
|
19
|
+
Setup [Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) by running:
|
20
|
+
|
21
|
+
```
|
22
|
+
rails db:encryption:init
|
23
|
+
```
|
24
|
+
|
25
|
+
(Continue generating the credentials each for different environments)
|
26
|
+
|
27
|
+
### 2. Copy & run Migrations
|
18
28
|
|
19
29
|
```bash
|
20
30
|
rails zaikio_oauth_client:install:migrations
|
@@ -24,7 +34,7 @@ rails db:migrate
|
|
24
34
|
This will create the tables:
|
25
35
|
+ `zaikio_access_tokens`
|
26
36
|
|
27
|
-
###
|
37
|
+
### 3. Mount routes
|
28
38
|
|
29
39
|
Add this to `config/routes.rb`:
|
30
40
|
|
@@ -32,7 +42,7 @@ Add this to `config/routes.rb`:
|
|
32
42
|
mount Zaikio::OAuthClient::Engine => "/zaikio"
|
33
43
|
```
|
34
44
|
|
35
|
-
###
|
45
|
+
### 4. Configure Gem
|
36
46
|
|
37
47
|
```rb
|
38
48
|
# config/initializers/zaikio_oauth_client.rb
|
@@ -70,7 +80,7 @@ end
|
|
70
80
|
```
|
71
81
|
|
72
82
|
|
73
|
-
###
|
83
|
+
### 5. Clean up outdated access tokens (recommended)
|
74
84
|
|
75
85
|
To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
|
76
86
|
|
@@ -5,6 +5,10 @@ module Zaikio
|
|
5
5
|
class AccessToken < ApplicationRecord
|
6
6
|
self.table_name = "zaikio_access_tokens"
|
7
7
|
|
8
|
+
# Encryption
|
9
|
+
encrypts :token
|
10
|
+
encrypts :refresh_token
|
11
|
+
|
8
12
|
def self.build_from_access_token(access_token, requested_scopes: nil)
|
9
13
|
payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
|
10
14
|
scopes = access_token.params["scope"].split(",")
|
@@ -63,7 +67,7 @@ module Zaikio
|
|
63
67
|
end
|
64
68
|
|
65
69
|
def bearer_klass
|
66
|
-
return unless Zaikio.const_defined?(
|
70
|
+
return unless Zaikio.const_defined?("Hub::Models", false) # rubocop:disable Performance/StringIdentifierArgument
|
67
71
|
|
68
72
|
if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
|
69
73
|
Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
|
@@ -0,0 +1,45 @@
|
|
1
|
+
class EncryptTokens < ActiveRecord::Migration[7.0]
|
2
|
+
def change
|
3
|
+
reversible do |dir|
|
4
|
+
dir.up do
|
5
|
+
rename_column :zaikio_access_tokens, :token, :unencrypted_token
|
6
|
+
rename_column :zaikio_access_tokens, :refresh_token, :unencrypted_refresh_token
|
7
|
+
|
8
|
+
add_column :zaikio_access_tokens, :token, :string
|
9
|
+
add_column :zaikio_access_tokens, :refresh_token, :string
|
10
|
+
|
11
|
+
Zaikio::AccessToken.find_each do |access_token|
|
12
|
+
access_token.update(
|
13
|
+
token: access_token.unencrypted_token,
|
14
|
+
refresh_token: access_token.unencrypted_refresh_token
|
15
|
+
)
|
16
|
+
end
|
17
|
+
|
18
|
+
change_column_null :zaikio_access_tokens, :token, false
|
19
|
+
|
20
|
+
remove_column :zaikio_access_tokens, :unencrypted_token, :string
|
21
|
+
remove_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
|
22
|
+
end
|
23
|
+
|
24
|
+
dir.down do
|
25
|
+
add_column :zaikio_access_tokens, :unencrypted_token, :string
|
26
|
+
add_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
|
27
|
+
|
28
|
+
Zaikio::AccessToken.find_each do |access_token|
|
29
|
+
access_token.update_columns(
|
30
|
+
unencrypted_token: access_token.token,
|
31
|
+
unencrypted_refresh_token: access_token.refresh_token
|
32
|
+
)
|
33
|
+
end
|
34
|
+
|
35
|
+
remove_column :zaikio_access_tokens, :token, :string
|
36
|
+
remove_column :zaikio_access_tokens, :refresh_token, :string
|
37
|
+
|
38
|
+
rename_column :zaikio_access_tokens, :unencrypted_token, :token
|
39
|
+
rename_column :zaikio_access_tokens, :unencrypted_refresh_token, :refresh_token
|
40
|
+
|
41
|
+
change_column_null :zaikio_access_tokens, :token, false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-oauth_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.18.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Zaikio GmbH
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|
@@ -89,7 +89,7 @@ dependencies:
|
|
89
89
|
version: '0.5'
|
90
90
|
- - "<"
|
91
91
|
- !ruby/object:Gem::Version
|
92
|
-
version: '
|
92
|
+
version: '3.0'
|
93
93
|
type: :runtime
|
94
94
|
prerelease: false
|
95
95
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -99,7 +99,7 @@ dependencies:
|
|
99
99
|
version: '0.5'
|
100
100
|
- - "<"
|
101
101
|
- !ruby/object:Gem::Version
|
102
|
-
version: '
|
102
|
+
version: '3.0'
|
103
103
|
- !ruby/object:Gem::Dependency
|
104
104
|
name: pg
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -157,6 +157,7 @@ files:
|
|
157
157
|
- db/migrate/20191017132048_create_zaikio_access_tokens.rb
|
158
158
|
- db/migrate/20210222135920_enhance_access_token_index.rb
|
159
159
|
- db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
|
160
|
+
- db/migrate/20220425130923_encrypt_tokens.rb
|
160
161
|
- lib/tasks/zaikio_tasks.rake
|
161
162
|
- lib/zaikio/oauth_client.rb
|
162
163
|
- lib/zaikio/oauth_client/authenticatable.rb
|