zaikio-oauth_client 0.17.2 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +14 -4
- data/app/models/zaikio/access_token.rb +4 -0
- data/db/migrate/20220425130923_encrypt_tokens.rb +45 -0
- data/lib/zaikio/oauth_client/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f6d99b08d0e3fc512ce6a4bf8184be7c7d95144f3798062756f8f8159f86655
|
4
|
+
data.tar.gz: 4ed2286c417bdac976e6ad1f26c4ec84fc8d18b52312b082fd548800edfbec9b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fb66005f53cbb480678247a36aa77af00c32fb93cdf4ca9615aa3bf51efa82e83e60fdf4f61d68123e331a369451db548b40a8cc0f8e57cec3d6cd686872918f
|
7
|
+
data.tar.gz: 63e5d71e4025046ef18c1759d582262f319581a8462092026b7f21e19640250ce94f6caefe5a6365e823c910eb4d8a390cb3a65a328a579739b06387e2732141
|
data/README.md
CHANGED
@@ -14,7 +14,17 @@ Then run `bundle install`.
|
|
14
14
|
|
15
15
|
## Setup & Configuration
|
16
16
|
|
17
|
-
### 1.
|
17
|
+
### 1. Setup Active Record encryption
|
18
|
+
|
19
|
+
Setup [Active Record Encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup) by running:
|
20
|
+
|
21
|
+
```
|
22
|
+
rails db:encryption:init
|
23
|
+
```
|
24
|
+
|
25
|
+
(Continue generating the credentials each for different environments)
|
26
|
+
|
27
|
+
### 2. Copy & run Migrations
|
18
28
|
|
19
29
|
```bash
|
20
30
|
rails zaikio_oauth_client:install:migrations
|
@@ -24,7 +34,7 @@ rails db:migrate
|
|
24
34
|
This will create the tables:
|
25
35
|
+ `zaikio_access_tokens`
|
26
36
|
|
27
|
-
###
|
37
|
+
### 3. Mount routes
|
28
38
|
|
29
39
|
Add this to `config/routes.rb`:
|
30
40
|
|
@@ -32,7 +42,7 @@ Add this to `config/routes.rb`:
|
|
32
42
|
mount Zaikio::OAuthClient::Engine => "/zaikio"
|
33
43
|
```
|
34
44
|
|
35
|
-
###
|
45
|
+
### 4. Configure Gem
|
36
46
|
|
37
47
|
```rb
|
38
48
|
# config/initializers/zaikio_oauth_client.rb
|
@@ -70,7 +80,7 @@ end
|
|
70
80
|
```
|
71
81
|
|
72
82
|
|
73
|
-
###
|
83
|
+
### 5. Clean up outdated access tokens (recommended)
|
74
84
|
|
75
85
|
To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
|
76
86
|
|
@@ -5,6 +5,10 @@ module Zaikio
|
|
5
5
|
class AccessToken < ApplicationRecord
|
6
6
|
self.table_name = "zaikio_access_tokens"
|
7
7
|
|
8
|
+
# Encryption
|
9
|
+
encrypts :token
|
10
|
+
encrypts :refresh_token
|
11
|
+
|
8
12
|
def self.build_from_access_token(access_token, requested_scopes: nil)
|
9
13
|
payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
|
10
14
|
scopes = access_token.params["scope"].split(",")
|
@@ -0,0 +1,45 @@
|
|
1
|
+
class EncryptTokens < ActiveRecord::Migration[7.0]
|
2
|
+
def change
|
3
|
+
reversible do |dir|
|
4
|
+
dir.up do
|
5
|
+
rename_column :zaikio_access_tokens, :token, :unencrypted_token
|
6
|
+
rename_column :zaikio_access_tokens, :refresh_token, :unencrypted_refresh_token
|
7
|
+
|
8
|
+
add_column :zaikio_access_tokens, :token, :string
|
9
|
+
add_column :zaikio_access_tokens, :refresh_token, :string
|
10
|
+
|
11
|
+
Zaikio::AccessToken.find_each do |access_token|
|
12
|
+
access_token.update(
|
13
|
+
token: access_token.unencrypted_token,
|
14
|
+
refresh_token: access_token.unencrypted_refresh_token
|
15
|
+
)
|
16
|
+
end
|
17
|
+
|
18
|
+
change_column_null :zaikio_access_tokens, :token, false
|
19
|
+
|
20
|
+
remove_column :zaikio_access_tokens, :unencrypted_token, :string
|
21
|
+
remove_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
|
22
|
+
end
|
23
|
+
|
24
|
+
dir.down do
|
25
|
+
add_column :zaikio_access_tokens, :unencrypted_token, :string
|
26
|
+
add_column :zaikio_access_tokens, :unencrypted_refresh_token, :string
|
27
|
+
|
28
|
+
Zaikio::AccessToken.find_each do |access_token|
|
29
|
+
access_token.update_columns(
|
30
|
+
unencrypted_token: access_token.token,
|
31
|
+
unencrypted_refresh_token: access_token.refresh_token
|
32
|
+
)
|
33
|
+
end
|
34
|
+
|
35
|
+
remove_column :zaikio_access_tokens, :token, :string
|
36
|
+
remove_column :zaikio_access_tokens, :refresh_token, :string
|
37
|
+
|
38
|
+
rename_column :zaikio_access_tokens, :unencrypted_token, :token
|
39
|
+
rename_column :zaikio_access_tokens, :unencrypted_refresh_token, :refresh_token
|
40
|
+
|
41
|
+
change_column_null :zaikio_access_tokens, :token, false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-oauth_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Zaikio GmbH
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|
@@ -157,6 +157,7 @@ files:
|
|
157
157
|
- db/migrate/20191017132048_create_zaikio_access_tokens.rb
|
158
158
|
- db/migrate/20210222135920_enhance_access_token_index.rb
|
159
159
|
- db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
|
160
|
+
- db/migrate/20220425130923_encrypt_tokens.rb
|
160
161
|
- lib/tasks/zaikio_tasks.rake
|
161
162
|
- lib/zaikio/oauth_client.rb
|
162
163
|
- lib/zaikio/oauth_client/authenticatable.rb
|