zaikio-oauth_client 0.3.3 → 0.3.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +66 -17
- data/app/controllers/zaikio/oauth_client/connections_controller.rb +1 -1
- data/app/jobs/zaikio/cleanup_access_tokens_job.rb +7 -0
- data/app/models/zaikio/access_token.rb +4 -0
- data/config/routes.rb +10 -5
- data/lib/zaikio/oauth_client.rb +15 -2
- data/lib/zaikio/oauth_client/authenticatable.rb +1 -1
- data/lib/zaikio/oauth_client/configuration.rb +15 -4
- data/lib/zaikio/oauth_client/version.rb +1 -1
- metadata +16 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8fa2e5f7ed7f309196e150d97aeabd9bf9480fc9d434a97df1bd3f24c12ea10f
|
4
|
+
data.tar.gz: acabd48829a55be6e5f358ff62136cdee973dd2e3e71fb17af4f3dff1b0bf9e9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4a6fc57330881a9c13164aedf78bb9138f7baa6b8a062e17ff674ada1527e291314177c65fc81eb02e4a563d29c7f8c8018854ef9613545666a07bbecd793057
|
7
|
+
data.tar.gz: ffda5ec35029860201e0c42b50c2dc303f78f9b5e726c19282dd2f023c684516cb3f2ea6a5c092b359b9e8f6c3a03a5d5d91226e0170760ca288752368ac89c3
|
data/README.md
CHANGED
@@ -5,27 +5,13 @@ This Gem enables you to easily connect to the Zaikio Directory and use the OAuth
|
|
5
5
|
|
6
6
|
## Installation
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
To fetch it from the GitHub Package Registry follow these steps:
|
11
|
-
|
12
|
-
1. You must use a personal access token with the `read:packages` and `write:packages` scopes to publish and delete public packages in the GitHub Package Registry with RubyGems. Your personal access token must also have the `repo` scope when the repository is private. For more information, see "[Creating a personal access token for the command line](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line)."
|
13
|
-
|
14
|
-
2. Set an ENV variable that will be used for both gem and npm. *This will also work on Heroku or your CI App if you set the ENV variable there.*
|
15
|
-
```bash
|
16
|
-
export BUNDLE_RUBYGEMS__PKG__GITHUB__COM=#Your-Token-Here#
|
17
|
-
```
|
18
|
-
|
19
|
-
3. Add the following in your Gemfile
|
8
|
+
Simply add the following in your Gemfile:
|
20
9
|
|
21
10
|
```ruby
|
22
|
-
|
23
|
-
gem "zaikio-oauth_client"
|
24
|
-
end
|
11
|
+
gem "zaikio-oauth_client"
|
25
12
|
```
|
26
13
|
Then run `bundle install`.
|
27
14
|
|
28
|
-
|
29
15
|
## Setup & Configuration
|
30
16
|
|
31
17
|
### 1. Copy & run Migrations
|
@@ -40,6 +26,8 @@ This will create the tables:
|
|
40
26
|
|
41
27
|
### 2. Mount routes
|
42
28
|
|
29
|
+
Add this to `config/routes.rb`:
|
30
|
+
|
43
31
|
```rb
|
44
32
|
mount Zaikio::OAuthClient::Engine => "/zaikio"
|
45
33
|
```
|
@@ -49,7 +37,7 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
|
|
49
37
|
```rb
|
50
38
|
# config/initializers/zaikio_oauth_client.rb
|
51
39
|
Zaikio::OAuthClient.configure do |config|
|
52
|
-
config.environment = :
|
40
|
+
config.environment = :sandbox
|
53
41
|
|
54
42
|
config.register_client :warehouse do |warehouse|
|
55
43
|
warehouse.client_id = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
|
@@ -79,6 +67,28 @@ Zaikio::OAuthClient.configure do |config|
|
|
79
67
|
end
|
80
68
|
```
|
81
69
|
|
70
|
+
|
71
|
+
### 4. Clean up outdated access tokens (recommended)
|
72
|
+
|
73
|
+
To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
|
74
|
+
|
75
|
+
Simply add the following to your Gemfile:
|
76
|
+
|
77
|
+
```rb
|
78
|
+
gem "sidekiq"
|
79
|
+
gem "sidekiq-scheduler"
|
80
|
+
```
|
81
|
+
Then run `bundle install`.
|
82
|
+
|
83
|
+
Configure sidekiq scheduler in `config/sidekiq.yml`:
|
84
|
+
```yaml
|
85
|
+
:schedule:
|
86
|
+
cleanup_acces_tokens_job:
|
87
|
+
cron: '0 3 * * *' # This will delete all expired tokens every day at 3am.
|
88
|
+
class: 'Zaikio::CleanupAccessTokensJob'
|
89
|
+
```
|
90
|
+
|
91
|
+
|
82
92
|
## Usage
|
83
93
|
|
84
94
|
### OAuth Flow
|
@@ -109,6 +119,24 @@ You can then use `Current.user` anywhere.
|
|
109
119
|
|
110
120
|
For **logout** use: `zaikio_oauth_client.session_path, method: :delete` or build your own controller for deleting the cookie.
|
111
121
|
|
122
|
+
#### Multiple clients
|
123
|
+
|
124
|
+
When performing requests against directory APIs, it is important to always provide the correct client in order to use the client credentials flow correctly. Otherwise always the first client will be used. It is recommended to specify an `around_action`:
|
125
|
+
|
126
|
+
```rb
|
127
|
+
class ApplicationController < ActionController::Base
|
128
|
+
around_action :with_client
|
129
|
+
|
130
|
+
private
|
131
|
+
|
132
|
+
def with_client
|
133
|
+
Zaikio::OAuthClient.with_client Current.client_name do
|
134
|
+
yield
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
```
|
139
|
+
|
112
140
|
#### Redirecting
|
113
141
|
|
114
142
|
The `zaikio_oauth_client.new_session_path` which was used for the first initiation of the OAuth flow, accepts an optional parameter `origin` which will then be used to redirect the user at the end of a completed & successful OAuth flow.
|
@@ -136,6 +164,27 @@ class ApplicationController < ActionController::Base
|
|
136
164
|
end
|
137
165
|
```
|
138
166
|
|
167
|
+
#### Custom behavior
|
168
|
+
|
169
|
+
Since the built in `SessionsController` and `ConnectionsController` are inheriting from the main app's `ApplicationController` all behaviour will be added there, too. In some cases you might want to explicitly skip a `before_action` or add custom `before_action` callbacks.
|
170
|
+
|
171
|
+
You can achieve this by adding a custom controller name to your configuration:
|
172
|
+
|
173
|
+
```rb
|
174
|
+
# app/controllers/sessions_controller.rb
|
175
|
+
class SessionsController < Zaikio::OAuthClient::SessionsController
|
176
|
+
skip_before_action :redirect_unless_authenticated
|
177
|
+
end
|
178
|
+
|
179
|
+
# config/initializers/zaikio_oauth_client.rb
|
180
|
+
Zaikio::OAuthClient.configure do |config|
|
181
|
+
# ...
|
182
|
+
config.sessions_controller_name = "sessions"
|
183
|
+
# config.connections_controller_name = "connections"
|
184
|
+
# ...
|
185
|
+
end
|
186
|
+
```
|
187
|
+
|
139
188
|
#### Testing
|
140
189
|
|
141
190
|
You can use our test helper to login different users:
|
@@ -28,10 +28,14 @@ module Zaikio
|
|
28
28
|
where("expires_at > :now", now: Time.current)
|
29
29
|
.where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
|
30
30
|
}
|
31
|
+
scope :with_invalid_refresh_token, lambda {
|
32
|
+
where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
|
33
|
+
}
|
31
34
|
scope :valid_refresh, lambda {
|
32
35
|
where("expires_at <= :now AND created_at > :created_at_max",
|
33
36
|
now: Time.current,
|
34
37
|
created_at_max: Time.current - refresh_token_valid_for)
|
38
|
+
.where("refresh_token IS NOT NULL")
|
35
39
|
.where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
|
36
40
|
}
|
37
41
|
scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|
|
data/config/routes.rb
CHANGED
@@ -1,10 +1,15 @@
|
|
1
1
|
Zaikio::OAuthClient::Engine.routes.draw do
|
2
|
+
sessions_controller = Zaikio::OAuthClient.configuration.sessions_controller_name
|
3
|
+
connections_controller = Zaikio::OAuthClient.configuration.connections_controller_name
|
4
|
+
|
2
5
|
# People
|
3
|
-
get "(/:client_name)/sessions/new",
|
4
|
-
get "(/:client_name)/sessions/approve",
|
5
|
-
delete "(/:client_name)/session",
|
6
|
+
get "(/:client_name)/sessions/new", action: :new, controller: sessions_controller, as: :new_session
|
7
|
+
get "(/:client_name)/sessions/approve", action: :approve, controller: sessions_controller, as: :approve_session
|
8
|
+
delete "(/:client_name)/session", action: :destroy, controller: sessions_controller, as: :session
|
6
9
|
|
7
10
|
# Organizations
|
8
|
-
get "(/:client_name)/connections/new",
|
9
|
-
|
11
|
+
get "(/:client_name)/connections/new", action: :new,
|
12
|
+
controller: connections_controller, as: :new_connection
|
13
|
+
get "(/:client_name)/connections/approve", action: :approve,
|
14
|
+
controller: connections_controller, as: :approve_connection
|
10
15
|
end
|
data/lib/zaikio/oauth_client.rb
CHANGED
@@ -7,13 +7,17 @@ require "zaikio/oauth_client/authenticatable"
|
|
7
7
|
module Zaikio
|
8
8
|
module OAuthClient
|
9
9
|
class << self
|
10
|
-
|
10
|
+
attr_reader :client_name
|
11
11
|
|
12
12
|
def configure
|
13
|
-
|
13
|
+
@configuration ||= Configuration.new
|
14
14
|
yield(configuration)
|
15
15
|
end
|
16
16
|
|
17
|
+
def configuration
|
18
|
+
@configuration ||= Configuration.new
|
19
|
+
end
|
20
|
+
|
17
21
|
def for(client_name = nil)
|
18
22
|
client_config_for(client_name).oauth_client
|
19
23
|
end
|
@@ -29,6 +33,14 @@ module Zaikio
|
|
29
33
|
@oauth_scheme = :request_body
|
30
34
|
end
|
31
35
|
|
36
|
+
def with_client(client_name)
|
37
|
+
original_client_name = @client_name || nil
|
38
|
+
@client_name = client_name
|
39
|
+
yield
|
40
|
+
ensure
|
41
|
+
@client_name = original_client_name
|
42
|
+
end
|
43
|
+
|
32
44
|
def with_auth(options_or_access_token, &block)
|
33
45
|
access_token = if options_or_access_token.is_a?(Zaikio::AccessToken)
|
34
46
|
options_or_access_token
|
@@ -46,6 +58,7 @@ module Zaikio
|
|
46
58
|
end
|
47
59
|
|
48
60
|
def get_access_token(client_name: nil, bearer_type: "Person", bearer_id: nil, scopes: nil) # rubocop:disable Metrics/MethodLength
|
61
|
+
client_name ||= self.client_name
|
49
62
|
client_config = client_config_for(client_name)
|
50
63
|
scopes ||= client_config.default_scopes_for(bearer_type)
|
51
64
|
|
@@ -5,20 +5,23 @@ module Zaikio
|
|
5
5
|
module OAuthClient
|
6
6
|
class Configuration
|
7
7
|
HOSTS = {
|
8
|
-
development: "http://
|
9
|
-
test: "http://
|
8
|
+
development: "http://hub.zaikio.test",
|
9
|
+
test: "http://hub.zaikio.test",
|
10
10
|
staging: "https://directory.staging.zaikio.com",
|
11
11
|
sandbox: "https://directory.sandbox.zaikio.com",
|
12
|
-
production: "https://
|
12
|
+
production: "https://hub.zaikio.com"
|
13
13
|
}.freeze
|
14
14
|
|
15
15
|
attr_accessor :host
|
16
16
|
attr_writer :logger
|
17
|
-
attr_reader :client_configurations, :environment, :around_auth_block
|
17
|
+
attr_reader :client_configurations, :environment, :around_auth_block,
|
18
|
+
:sessions_controller_name, :connections_controller_name
|
18
19
|
|
19
20
|
def initialize
|
20
21
|
@client_configurations = {}
|
21
22
|
@around_auth_block = nil
|
23
|
+
@sessions_controller_name = "sessions"
|
24
|
+
@connections_controller_name = "connections"
|
22
25
|
end
|
23
26
|
|
24
27
|
def logger
|
@@ -47,6 +50,14 @@ module Zaikio
|
|
47
50
|
@around_auth_block = block
|
48
51
|
end
|
49
52
|
|
53
|
+
def sessions_controller_name=(name)
|
54
|
+
@sessions_controller_name = "/#{name}"
|
55
|
+
end
|
56
|
+
|
57
|
+
def connections_controller_name=(name)
|
58
|
+
@connections_controller_name = "/#{name}"
|
59
|
+
end
|
60
|
+
|
50
61
|
private
|
51
62
|
|
52
63
|
def host_for(environment)
|
metadata
CHANGED
@@ -1,16 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-oauth_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
- Christian Weyer
|
9
|
-
- Matthias Prinz
|
7
|
+
- Zaikio GmbH
|
10
8
|
autorequire:
|
11
9
|
bindir: bin
|
12
10
|
cert_chain: []
|
13
|
-
date: 2020-
|
11
|
+
date: 2020-08-18 00:00:00.000000000 Z
|
14
12
|
dependencies:
|
15
13
|
- !ruby/object:Gem::Dependency
|
16
14
|
name: rails
|
@@ -44,16 +42,22 @@ dependencies:
|
|
44
42
|
name: zaikio-jwt_auth
|
45
43
|
requirement: !ruby/object:Gem::Requirement
|
46
44
|
requirements:
|
47
|
-
- - "
|
45
|
+
- - ">="
|
48
46
|
- !ruby/object:Gem::Version
|
49
47
|
version: 0.2.1
|
48
|
+
- - "<"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: 0.4.0
|
50
51
|
type: :runtime
|
51
52
|
prerelease: false
|
52
53
|
version_requirements: !ruby/object:Gem::Requirement
|
53
54
|
requirements:
|
54
|
-
- - "
|
55
|
+
- - ">="
|
55
56
|
- !ruby/object:Gem::Version
|
56
57
|
version: 0.2.1
|
58
|
+
- - "<"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: 0.4.0
|
57
61
|
- !ruby/object:Gem::Dependency
|
58
62
|
name: pg
|
59
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -85,9 +89,10 @@ dependencies:
|
|
85
89
|
description: This gem provides a mountable Rails engine that provides single sign
|
86
90
|
on, directory access and further Zaikio platform connectivity.
|
87
91
|
email:
|
88
|
-
- sb@
|
89
|
-
- cw@
|
90
|
-
- mp@
|
92
|
+
- sb@zaikio.com
|
93
|
+
- cw@zaikio.com
|
94
|
+
- mp@zaikio.com
|
95
|
+
- js@zaikio.com
|
91
96
|
executables: []
|
92
97
|
extensions: []
|
93
98
|
extra_rdoc_files: []
|
@@ -99,6 +104,7 @@ files:
|
|
99
104
|
- app/controllers/zaikio/oauth_client/sessions_controller.rb
|
100
105
|
- app/helpers/zaikio/application_helper.rb
|
101
106
|
- app/jobs/zaikio/application_job.rb
|
107
|
+
- app/jobs/zaikio/cleanup_access_tokens_job.rb
|
102
108
|
- app/models/zaikio/access_token.rb
|
103
109
|
- config/initializers/inflections.rb
|
104
110
|
- config/locales/en.yml
|