zaikio-oauth_client 0.17.2 → 0.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 605b297bfe708d26eb51ed1060bf243fc3060fd27df8f4ec481dcf94a471fcc2
4
- data.tar.gz: 839bb62b7d00b272978fa3f225bd7416a7c12cf7508e4ab2242183fcb7c8d801
3
+ metadata.gz: 4f6d99b08d0e3fc512ce6a4bf8184be7c7d95144f3798062756f8f8159f86655
4
+ data.tar.gz: 4ed2286c417bdac976e6ad1f26c4ec84fc8d18b52312b082fd548800edfbec9b
5
5
  SHA512:
6
- metadata.gz: 2c7e04798b1ca7338e30005794e2d804a90633816323f678bd2f9a7bcb7f9b8f368e3e68ac38490c44bf48761db785169f41e8f9cf22ce7cdee7b40b82e5ee05
7
- data.tar.gz: 189afa394a1a0739d5a4ed60ed4fc667ee8aed698329fb7eb87cc6785bfc88ee610028d9b5fb4ac8ba389c399104e8956c8656ce0a4bbb1132b039f6b1612446
6
+ metadata.gz: fb66005f53cbb480678247a36aa77af00c32fb93cdf4ca9615aa3bf51efa82e83e60fdf4f61d68123e331a369451db548b40a8cc0f8e57cec3d6cd686872918f
7
+ data.tar.gz: 63e5d71e4025046ef18c1759d582262f319581a8462092026b7f21e19640250ce94f6caefe5a6365e823c910eb4d8a390cb3a65a328a579739b06387e2732141
data/README.md CHANGED
@@ -14,7 +14,17 @@ Then run `bundle install`.
14
14
 
15
15
  ## Setup & Configuration
16
16
 
17
- ### 1. Copy & run Migrations
17
+ ### 1. Setup Active Record encryption
18
+
19
+ Setup [Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) by running:
20
+
21
+ ```
22
+ rails db:encryption:init
23
+ ```
24
+
25
+ (Continue generating the credentials each for different environments)
26
+
27
+ ### 2. Copy & run Migrations
18
28
 
19
29
  ```bash
20
30
  rails zaikio_oauth_client:install:migrations
@@ -24,7 +34,7 @@ rails db:migrate
24
34
  This will create the tables:
25
35
  + `zaikio_access_tokens`
26
36
 
27
- ### 2. Mount routes
37
+ ### 3. Mount routes
28
38
 
29
39
  Add this to `config/routes.rb`:
30
40
 
@@ -32,7 +42,7 @@ Add this to `config/routes.rb`:
32
42
  mount Zaikio::OAuthClient::Engine => "/zaikio"
33
43
  ```
34
44
 
35
- ### 3. Configure Gem
45
+ ### 4. Configure Gem
36
46
 
37
47
  ```rb
38
48
  # config/initializers/zaikio_oauth_client.rb
@@ -70,7 +80,7 @@ end
70
80
  ```
71
81
 
72
82
 
73
- ### 4. Clean up outdated access tokens (recommended)
83
+ ### 5. Clean up outdated access tokens (recommended)
74
84
 
75
85
  To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
76
86
 
@@ -5,6 +5,10 @@ module Zaikio
5
5
  class AccessToken < ApplicationRecord
6
6
  self.table_name = "zaikio_access_tokens"
7
7
 
8
+ # Encryption
9
+ encrypts :token
10
+ encrypts :refresh_token
11
+
8
12
  def self.build_from_access_token(access_token, requested_scopes: nil)
9
13
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
10
14
  scopes = access_token.params["scope"].split(",")
@@ -0,0 +1,45 @@
1
+ class EncryptTokens < ActiveRecord::Migration[7.0]
2
+ def change
3
+ reversible do |dir|
4
+ dir.up do
5
+ rename_column :zaikio_access_tokens, :token, :unencrypted_token
6
+ rename_column :zaikio_access_tokens, :refresh_token, :unencrypted_refresh_token
7
+
8
+ add_column :zaikio_access_tokens, :token, :string
9
+ add_column :zaikio_access_tokens, :refresh_token, :string
10
+
11
+ Zaikio::AccessToken.find_each do |access_token|
12
+ access_token.update(
13
+ token: access_token.unencrypted_token,
14
+ refresh_token: access_token.unencrypted_refresh_token
15
+ )
16
+ end
17
+
18
+ change_column_null :zaikio_access_tokens, :token, false
19
+
20
+ remove_column :zaikio_access_tokens, :unencrypted_token, :string
21
+ remove_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
22
+ end
23
+
24
+ dir.down do
25
+ add_column :zaikio_access_tokens, :unencrypted_token, :string
26
+ add_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
27
+
28
+ Zaikio::AccessToken.find_each do |access_token|
29
+ access_token.update_columns(
30
+ unencrypted_token: access_token.token,
31
+ unencrypted_refresh_token: access_token.refresh_token
32
+ )
33
+ end
34
+
35
+ remove_column :zaikio_access_tokens, :token, :string
36
+ remove_column :zaikio_access_tokens, :refresh_token, :string
37
+
38
+ rename_column :zaikio_access_tokens, :unencrypted_token, :token
39
+ rename_column :zaikio_access_tokens, :unencrypted_refresh_token, :refresh_token
40
+
41
+ change_column_null :zaikio_access_tokens, :token, false
42
+ end
43
+ end
44
+ end
45
+ end
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.17.2".freeze
3
+ VERSION = "0.18.0".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.17.2
4
+ version: 0.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-07 00:00:00.000000000 Z
11
+ date: 2022-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -157,6 +157,7 @@ files:
157
157
  - db/migrate/20191017132048_create_zaikio_access_tokens.rb
158
158
  - db/migrate/20210222135920_enhance_access_token_index.rb
159
159
  - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
160
+ - db/migrate/20220425130923_encrypt_tokens.rb
160
161
  - lib/tasks/zaikio_tasks.rake
161
162
  - lib/zaikio/oauth_client.rb
162
163
  - lib/zaikio/oauth_client/authenticatable.rb