zaikio-oauth_client 0.3.3 → 0.3.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 331698c5601daa90812282be1d71a0009a7814892725edfadf4c2c74e587fd01
-  data.tar.gz: ea380a6d82e708c877016d76fdef4b37f1c5eacaff1794f699ee58c333a8ffed
+  metadata.gz: 8fa2e5f7ed7f309196e150d97aeabd9bf9480fc9d434a97df1bd3f24c12ea10f
+  data.tar.gz: acabd48829a55be6e5f358ff62136cdee973dd2e3e71fb17af4f3dff1b0bf9e9
 SHA512:
-  metadata.gz: d3d5325374e9eab95c6f71fe4685a2b78ea02bfbf397fd924d426e72916a1dc164b36d0e2fd3deff867cff82940d4a85edb59d4942c496b5e7e037d438536c07
-  data.tar.gz: 3953445f638417b51d1a46f25e85e98fbe706bc5adf221c4aa84e6976290cde61f465c9d9a37d2fe4b6bcbde27c786786352a4ec32ecb858d425bfd18116e4cf
+  metadata.gz: 4a6fc57330881a9c13164aedf78bb9138f7baa6b8a062e17ff674ada1527e291314177c65fc81eb02e4a563d29c7f8c8018854ef9613545666a07bbecd793057
+  data.tar.gz: ffda5ec35029860201e0c42b50c2dc303f78f9b5e726c19282dd2f023c684516cb3f2ea6a5c092b359b9e8f6c3a03a5d5d91226e0170760ca288752368ac89c3

data/README.md

@@ -5,27 +5,13 @@ This Gem enables you to easily connect to the Zaikio Directory and use the OAuth
 
 ## Installation
 
-This gem is a **Ruby Gem** and is hosted privately in the **GitHub Package Registry**.
-
-To fetch it from the GitHub Package Registry follow these steps:
-
-1. You must use a personal access token with the `read:packages` and `write:packages` scopes to publish and delete public packages in the GitHub Package Registry with RubyGems. Your personal access token must also have the `repo` scope when the repository is private. For more information, see "[Creating a personal access token for the command line](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line)."
-
-2. Set an ENV variable that will be used for both gem and npm. *This will also work on Heroku or your CI App if you set the ENV variable there.*
-```bash
-export BUNDLE_RUBYGEMS__PKG__GITHUB__COM=#Your-Token-Here#
-```
-
-3. Add the following in your Gemfile
+Simply add the following in your Gemfile:
 
 ```ruby
-source "https://rubygems.pkg.github.com/crispymtn" do
-  gem "zaikio-oauth_client"
-end
+gem "zaikio-oauth_client"
 ```
 Then run `bundle install`.
 
-
 ## Setup & Configuration
 
 ### 1. Copy & run Migrations
@@ -40,6 +26,8 @@ This will create the tables:
 
 ### 2. Mount routes
 
+Add this to `config/routes.rb`:
+
 ```rb
 mount Zaikio::OAuthClient::Engine => "/zaikio"
 ```
@@ -49,7 +37,7 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
 ```rb
 # config/initializers/zaikio_oauth_client.rb
 Zaikio::OAuthClient.configure do |config|
-  config.environment = :test
+  config.environment = :sandbox
 
   config.register_client :warehouse do |warehouse|
     warehouse.client_id       = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
@@ -79,6 +67,28 @@ Zaikio::OAuthClient.configure do |config|
 end
 ```
 
+
+### 4. Clean up outdated access tokens (recommended)
+
+To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
+
+Simply add the following to your Gemfile:
+
+```rb
+gem "sidekiq"
+gem "sidekiq-scheduler"
+```
+Then run `bundle install`.
+
+Configure sidekiq scheduler in `config/sidekiq.yml`:
+```yaml
+:schedule:
+  cleanup_acces_tokens_job:
+    cron: '0 3 * * *'               # This will delete all expired tokens every day at 3am.
+    class: 'Zaikio::CleanupAccessTokensJob'
+```
+
+
 ## Usage
 
 ### OAuth Flow
@@ -109,6 +119,24 @@ You can then use `Current.user` anywhere.
 
 For **logout** use: `zaikio_oauth_client.session_path, method: :delete` or build your own controller for deleting the cookie.
 
+#### Multiple clients
+
+When performing requests against directory APIs, it is important to always provide the correct client in order to use the client credentials flow correctly. Otherwise always the first client will be used. It is recommended to specify an `around_action`:
+
+```rb
+class ApplicationController < ActionController::Base
+  around_action :with_client
+
+  private
+
+  def with_client
+    Zaikio::OAuthClient.with_client Current.client_name do
+      yield
+    end
+  end
+end
+```
+
 #### Redirecting
 
 The `zaikio_oauth_client.new_session_path` which was used for the first initiation of the OAuth flow, accepts an optional parameter `origin` which will then be used to redirect the user at the end of a completed & successful OAuth flow.
@@ -136,6 +164,27 @@ class ApplicationController < ActionController::Base
 end
 ```
 
+#### Custom behavior
+
+Since the built in `SessionsController` and `ConnectionsController` are inheriting from the main app's `ApplicationController` all behaviour will be added there, too. In some cases you might want to explicitly skip a `before_action` or add custom `before_action` callbacks.
+
+You can achieve this by adding a custom controller name to your configuration:
+
+```rb
+# app/controllers/sessions_controller.rb
+class SessionsController < Zaikio::OAuthClient::SessionsController
+  skip_before_action :redirect_unless_authenticated
+end
+
+# config/initializers/zaikio_oauth_client.rb
+Zaikio::OAuthClient.configure do |config|
+  # ...
+  config.sessions_controller_name = "sessions"
+  # config.connections_controller_name = "connections"
+  # ...
+end
+```
+
 #### Testing
 
 You can use our test helper to login different users:

data/app/controllers/zaikio/oauth_client/connections_controller.rb

@@ -6,7 +6,7 @@ module Zaikio
       private
 
       def approve_url(client_name = nil)
-        approve_connection_url(client_name)
+        zaikio_oauth_client.approve_connection_url(client_name)
       end
 
       def use_org_config?

data/app/jobs/zaikio/cleanup_access_tokens_job.rb

@@ -0,0 +1,7 @@
+module Zaikio
+  class CleanupAccessTokensJob < ApplicationJob
+    def perform
+      Zaikio::AccessToken.with_invalid_refresh_token.delete_all
+    end
+  end
+end

data/app/models/zaikio/access_token.rb

@@ -28,10 +28,14 @@ module Zaikio
       where("expires_at > :now", now: Time.current)
         .where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
     }
+    scope :with_invalid_refresh_token, lambda {
+      where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
+    }
     scope :valid_refresh, lambda {
       where("expires_at <= :now AND created_at > :created_at_max",
             now: Time.current,
             created_at_max: Time.current - refresh_token_valid_for)
+        .where("refresh_token IS NOT NULL")
         .where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
     }
     scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|

data/config/routes.rb

@@ -1,10 +1,15 @@
 Zaikio::OAuthClient::Engine.routes.draw do
+  sessions_controller = Zaikio::OAuthClient.configuration.sessions_controller_name
+  connections_controller = Zaikio::OAuthClient.configuration.connections_controller_name
+
   # People
-  get "(/:client_name)/sessions/new", to: "sessions#new", as: :new_session
-  get "(/:client_name)/sessions/approve", to: "sessions#approve", as: :approve_session
-  delete "(/:client_name)/session", to: "sessions#destroy", as: :session
+  get "(/:client_name)/sessions/new", action: :new, controller: sessions_controller, as: :new_session
+  get "(/:client_name)/sessions/approve", action: :approve, controller: sessions_controller, as: :approve_session
+  delete "(/:client_name)/session", action: :destroy, controller: sessions_controller, as: :session
 
   # Organizations
-  get "(/:client_name)/connections/new", to: "connections#new", as: :new_connection
-  get "(/:client_name)/connections/approve", to: "connections#approve", as: :approve_connection
+  get "(/:client_name)/connections/new", action: :new,
+                                         controller: connections_controller, as: :new_connection
+  get "(/:client_name)/connections/approve", action: :approve,
+                                             controller: connections_controller, as: :approve_connection
 end

data/lib/zaikio/oauth_client.rb

@@ -7,13 +7,17 @@ require "zaikio/oauth_client/authenticatable"
 module Zaikio
   module OAuthClient
     class << self
-      attr_accessor :configuration
+      attr_reader :client_name
 
       def configure
-        self.configuration ||= Configuration.new
+        @configuration ||= Configuration.new
         yield(configuration)
       end
 
+      def configuration
+        @configuration ||= Configuration.new
+      end
+
       def for(client_name = nil)
         client_config_for(client_name).oauth_client
       end
@@ -29,6 +33,14 @@ module Zaikio
         @oauth_scheme = :request_body
       end
 
+      def with_client(client_name)
+        original_client_name = @client_name || nil
+        @client_name = client_name
+        yield
+      ensure
+        @client_name = original_client_name
+      end
+
       def with_auth(options_or_access_token, &block)
         access_token = if options_or_access_token.is_a?(Zaikio::AccessToken)
                          options_or_access_token
@@ -46,6 +58,7 @@ module Zaikio
       end
 
       def get_access_token(client_name: nil, bearer_type: "Person", bearer_id: nil, scopes: nil) # rubocop:disable Metrics/MethodLength
+        client_name ||= self.client_name
         client_config = client_config_for(client_name)
         scopes ||= client_config.default_scopes_for(bearer_type)
 

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -39,7 +39,7 @@ module Zaikio
       private
 
       def approve_url(client_name = nil)
-        approve_session_url(client_name)
+        zaikio_oauth_client.approve_session_url(client_name)
       end
 
       def use_org_config?

data/lib/zaikio/oauth_client/configuration.rb

@@ -5,20 +5,23 @@ module Zaikio
   module OAuthClient
     class Configuration
       HOSTS = {
-        development: "http://directory.zaikio.test",
-        test: "http://directory.zaikio.test",
+        development: "http://hub.zaikio.test",
+        test: "http://hub.zaikio.test",
         staging: "https://directory.staging.zaikio.com",
         sandbox: "https://directory.sandbox.zaikio.com",
-        production: "https://directory.zaikio.com"
+        production: "https://hub.zaikio.com"
       }.freeze
 
       attr_accessor :host
       attr_writer :logger
-      attr_reader :client_configurations, :environment, :around_auth_block
+      attr_reader :client_configurations, :environment, :around_auth_block,
+                  :sessions_controller_name, :connections_controller_name
 
       def initialize
         @client_configurations = {}
         @around_auth_block = nil
+        @sessions_controller_name = "sessions"
+        @connections_controller_name = "connections"
       end
 
       def logger
@@ -47,6 +50,14 @@ module Zaikio
         @around_auth_block = block
       end
 
+      def sessions_controller_name=(name)
+        @sessions_controller_name = "/#{name}"
+      end
+
+      def connections_controller_name=(name)
+        @connections_controller_name = "/#{name}"
+      end
+
       private
 
       def host_for(environment)

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.3.3".freeze
+    VERSION = "0.3.8".freeze
   end
 end

metadata

@@ -1,16 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.8
 platform: ruby
 authors:
-- Steffen Boller
-- Christian Weyer
-- Matthias Prinz
+- Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-28 00:00:00.000000000 Z
+date: 2020-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -44,16 +42,22 @@ dependencies:
   name: zaikio-jwt_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -85,9 +89,10 @@ dependencies:
 description: This gem provides a mountable Rails engine that provides single sign
   on, directory access and further Zaikio platform connectivity.
 email:
-- sb@crispymtn.com
-- cw@crispymtn.com
-- mp@crispymtn.com
+- sb@zaikio.com
+- cw@zaikio.com
+- mp@zaikio.com
+- js@zaikio.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -99,6 +104,7 @@ files:
 - app/controllers/zaikio/oauth_client/sessions_controller.rb
 - app/helpers/zaikio/application_helper.rb
 - app/jobs/zaikio/application_job.rb
+- app/jobs/zaikio/cleanup_access_tokens_job.rb
 - app/models/zaikio/access_token.rb
 - config/initializers/inflections.rb
 - config/locales/en.yml