zaikio-oauth_client 0.17.2 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 605b297bfe708d26eb51ed1060bf243fc3060fd27df8f4ec481dcf94a471fcc2
-  data.tar.gz: 839bb62b7d00b272978fa3f225bd7416a7c12cf7508e4ab2242183fcb7c8d801
+  metadata.gz: 4f6d99b08d0e3fc512ce6a4bf8184be7c7d95144f3798062756f8f8159f86655
+  data.tar.gz: 4ed2286c417bdac976e6ad1f26c4ec84fc8d18b52312b082fd548800edfbec9b
 SHA512:
-  metadata.gz: 2c7e04798b1ca7338e30005794e2d804a90633816323f678bd2f9a7bcb7f9b8f368e3e68ac38490c44bf48761db785169f41e8f9cf22ce7cdee7b40b82e5ee05
-  data.tar.gz: 189afa394a1a0739d5a4ed60ed4fc667ee8aed698329fb7eb87cc6785bfc88ee610028d9b5fb4ac8ba389c399104e8956c8656ce0a4bbb1132b039f6b1612446
+  metadata.gz: fb66005f53cbb480678247a36aa77af00c32fb93cdf4ca9615aa3bf51efa82e83e60fdf4f61d68123e331a369451db548b40a8cc0f8e57cec3d6cd686872918f
+  data.tar.gz: 63e5d71e4025046ef18c1759d582262f319581a8462092026b7f21e19640250ce94f6caefe5a6365e823c910eb4d8a390cb3a65a328a579739b06387e2732141

data/README.md

@@ -14,7 +14,17 @@ Then run `bundle install`.
 
 ## Setup & Configuration
 
-### 1. Copy & run Migrations
+### 1. Setup Active Record encryption
+
+Setup [Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) by running:
+
+```
+rails db:encryption:init
+```
+
+(Continue generating the credentials each for different environments)
+
+### 2. Copy & run Migrations
 
 ```bash
 rails zaikio_oauth_client:install:migrations
@@ -24,7 +34,7 @@ rails db:migrate
 This will create the tables:
 + `zaikio_access_tokens`
 
-### 2. Mount routes
+### 3. Mount routes
 
 Add this to `config/routes.rb`:
 
@@ -32,7 +42,7 @@ Add this to `config/routes.rb`:
 mount Zaikio::OAuthClient::Engine => "/zaikio"
 ```
 
-### 3. Configure Gem
+### 4. Configure Gem
 
 ```rb
 # config/initializers/zaikio_oauth_client.rb
@@ -70,7 +80,7 @@ end
 ```
 
 
-### 4. Clean up outdated access tokens (recommended)
+### 5. Clean up outdated access tokens (recommended)
 
 To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
 

data/app/models/zaikio/access_token.rb

@@ -5,6 +5,10 @@ module Zaikio
   class AccessToken < ApplicationRecord
     self.table_name = "zaikio_access_tokens"
 
+    # Encryption
+    encrypts :token
+    encrypts :refresh_token
+
     def self.build_from_access_token(access_token, requested_scopes: nil)
       payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
       scopes = access_token.params["scope"].split(",")

data/db/migrate/20220425130923_encrypt_tokens.rb

@@ -0,0 +1,45 @@
+class EncryptTokens < ActiveRecord::Migration[7.0]
+  def change
+    reversible do |dir|
+      dir.up do
+        rename_column :zaikio_access_tokens, :token, :unencrypted_token
+        rename_column :zaikio_access_tokens, :refresh_token, :unencrypted_refresh_token
+
+        add_column :zaikio_access_tokens, :token, :string
+        add_column :zaikio_access_tokens, :refresh_token, :string
+
+        Zaikio::AccessToken.find_each do |access_token|
+          access_token.update(
+            token: access_token.unencrypted_token,
+            refresh_token: access_token.unencrypted_refresh_token
+          )
+        end
+
+        change_column_null :zaikio_access_tokens, :token, false
+
+        remove_column :zaikio_access_tokens, :unencrypted_token, :string
+        remove_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
+      end
+
+      dir.down do
+        add_column :zaikio_access_tokens, :unencrypted_token, :string
+        add_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
+
+        Zaikio::AccessToken.find_each do |access_token|
+          access_token.update_columns(
+            unencrypted_token: access_token.token,
+            unencrypted_refresh_token: access_token.refresh_token
+          )
+        end
+
+        remove_column :zaikio_access_tokens, :token, :string
+        remove_column :zaikio_access_tokens, :refresh_token, :string
+
+        rename_column :zaikio_access_tokens, :unencrypted_token, :token
+        rename_column :zaikio_access_tokens, :unencrypted_refresh_token, :refresh_token
+
+        change_column_null :zaikio_access_tokens, :token, false
+      end
+    end
+  end
+end

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.17.2".freeze
+    VERSION = "0.18.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.17.2
+  version: 0.18.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-07 00:00:00.000000000 Z
+date: 2022-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -157,6 +157,7 @@ files:
 - db/migrate/20191017132048_create_zaikio_access_tokens.rb
 - db/migrate/20210222135920_enhance_access_token_index.rb
 - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
+- db/migrate/20220425130923_encrypt_tokens.rb
 - lib/tasks/zaikio_tasks.rake
 - lib/zaikio/oauth_client.rb
 - lib/zaikio/oauth_client/authenticatable.rb