zaikio-oauth_client 0.4.3 → 0.6.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +5 -5
  3. data/app/models/zaikio/access_token.rb +14 -9
  4. data/db/migrate/20210222135920_enhance_access_token_index.rb +7 -0
  5. data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb +6 -0
  6. data/lib/zaikio/oauth_client.rb +8 -3
  7. data/lib/zaikio/oauth_client/authenticatable.rb +4 -4
  8. data/lib/zaikio/oauth_client/configuration.rb +1 -1
  9. data/lib/zaikio/oauth_client/version.rb +1 -1
  10. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4acce9f2a5a527a4f5e6d407f2a345149215e906ca155488f5bc65fc8a0a3a62
4
- data.tar.gz: a8d208cb534f3fa52c41bd959efbd20956e1f5fc8302d9e807b1af60da02c8f7
3
+ metadata.gz: f73993c6e346ad227b9591f3978d5e8df70f3cbe02a123da0880581c90877090
4
+ data.tar.gz: 78a28c37466e1c1f572c4691c43b86dd0dcc583089ea04ea53adf546727529fd
5
5
  SHA512:
6
- metadata.gz: f2cbeff0fd6c94ea3566c7e970f2872741c240f5241a987cc838be5923fcb2a7fdf3e53d639aedcfb8b830d07de3acea1208230479896fb5f501a821cb352a53
7
- data.tar.gz: 07ec99742b7fd32aa9c9874257092f7e361cadd3c5dfd95eeb45bbeb09a711bb2b01955e9700b9568dfca82ee696d23293c081977df07861c243edfbb288c39f
6
+ metadata.gz: 4ead8b3e3d2576cefd9067633f02b814362cb2d8f8b912ffeb25e5d6165a9e980ccb76614c1373e8bf4a4954b6f087632982bd5eaace58d8bc6f3f726206ea1f
7
+ data.tar.gz: 1979f2d0c8da9a6fdb813dbb02c48b229dd308b742aedf93c63f28545e5d1d11dbcf658f2c35c9e20b2cee5369348ae48cf346f24ba4d3fe5732aff9ba17153d
data/README.md CHANGED
@@ -60,7 +60,7 @@ Zaikio::OAuthClient.configure do |config|
60
60
  end
61
61
 
62
62
  config.around_auth do |access_token, block|
63
- Zaikio::Directory.with_token(access_token.token) do
63
+ Zaikio::Hub.with_token(access_token.token) do
64
64
  block.call(access_token)
65
65
  end
66
66
  end
@@ -93,7 +93,7 @@ Configure sidekiq scheduler in `config/sidekiq.yml`:
93
93
 
94
94
  ### OAuth Flow
95
95
 
96
- From any point in your application you can start using the Zaikio Directory OAuth2 flow with
96
+ From any point in your application you can start using the Zaikio Hub OAuth2 flow with
97
97
 
98
98
  ```rb
99
99
  redirect_to zaikio_oauth_client.new_session_path
@@ -109,10 +109,10 @@ This will redirect the user to the OAuth Authorize endpoint of the Zaikio Direct
109
109
 
110
110
  The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
111
111
 
112
- If you are using for example `Zaikio::Directory::Models`, you can use this snippet to set the current user:
112
+ If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
113
113
 
114
114
  ```ruby
115
- Current.user ||= Zaikio::Directory::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
115
+ Current.user ||= Zaikio::Hub::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
116
116
  ````
117
117
 
118
118
  You can then use `Current.user` anywhere.
@@ -149,7 +149,7 @@ class ApplicationController < ActionController::Base
149
149
  cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
150
150
 
151
151
  # Sync data on login
152
- Zaikio::Directory.with_token(access_token.token) do
152
+ Zaikio::Hub.with_token(access_token.token) do
153
153
  access_token.bearer_klass.find_and_reload!(access_token.bearer_id, includes: :all)
154
154
  end
155
155
 
data/app/models/zaikio/access_token.rb CHANGED
@@ -5,8 +5,9 @@ module Zaikio
5
5
  class AccessToken < ApplicationRecord
6
6
  self.table_name = "zaikio_access_tokens"
7
7
 
8
- def self.build_from_access_token(access_token) # rubocop:disable Metrics/AbcSize
8
+ def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
9
9
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
10
+ scopes = access_token.params["scope"].split(",")
10
11
  new(
11
12
  id: payload["jti"],
12
13
  bearer_type: access_token.params["bearer"]["type"],
@@ -15,7 +16,8 @@ module Zaikio
15
16
  token: access_token.token,
16
17
  refresh_token: access_token.refresh_token,
17
18
  expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
18
- scopes: access_token.params["scope"].split(",")
19
+ scopes: scopes,
20
+ requested_scopes: requested_scopes || scopes
19
21
  )
20
22
  end
21
23
 
@@ -38,13 +40,13 @@ module Zaikio
38
40
  .where("refresh_token IS NOT NULL")
39
41
  .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
40
42
  }
41
- scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|
43
+ scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|
42
44
  where(bearer_type: bearer_type, bearer_id: bearer_id)
43
- .where("scopes @> ARRAY[?]::varchar[]", scopes)
45
+ .where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
44
46
  }
45
47
  scope :usable, lambda { |options|
46
48
  by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
47
- .order(expires_at: :desc)
49
+ .order(expires_at: :desc)
48
50
  }
49
51
 
50
52
  def expired?
@@ -60,10 +62,10 @@ module Zaikio
60
62
  end
61
63
 
62
64
  def bearer_klass
63
- return unless Zaikio.const_defined?("Directory::Models")
65
+ return unless Zaikio.const_defined?("Hub::Models")
64
66
 
65
- if Zaikio::Directory::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
66
- Zaikio::Directory::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
67
+ if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
68
+ Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
67
69
  else
68
70
  "Zaikio::#{bearer_type}".constantize
69
71
  end
@@ -76,7 +78,10 @@ module Zaikio
76
78
  attributes.slice("token", "refresh_token")
77
79
  ).refresh!
78
80
 
79
- access_token = self.class.build_from_access_token(refreshed_token)
81
+ access_token = self.class.build_from_access_token(
82
+ refreshed_token,
83
+ requested_scopes: requested_scopes
84
+ )
80
85
 
81
86
  transaction { destroy if access_token.save! }
82
87
 
data/db/migrate/20210222135920_enhance_access_token_index.rb ADDED
@@ -0,0 +1,7 @@
1
+ class EnhanceAccessTokenIndex < ActiveRecord::Migration[6.1]
2
+ def change
3
+ remove_index :zaikio_access_tokens, %i[bearer_type bearer_id]
4
+ add_index :zaikio_access_tokens, %i[audience bearer_type bearer_id],
5
+ name: :zaikio_access_tokens_lookup_index
6
+ end
7
+ end
data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb ADDED
@@ -0,0 +1,6 @@
1
+ class AddRequestedScopesToZaikioAccessTokens < ActiveRecord::Migration[6.1]
2
+ def change
3
+ add_column :zaikio_access_tokens, :requested_scopes, :string, array: true, default: [], null: false
4
+ Zaikio::AccessToken.update_all("requested_scopes = scopes, updated_at = now()")
5
+ end
6
+ end
data/lib/zaikio/oauth_client.rb CHANGED
@@ -45,7 +45,7 @@ module Zaikio
45
45
  access_token = if options_or_access_token.is_a?(Zaikio::AccessToken)
46
46
  options_or_access_token
47
47
  else
48
- get_access_token(options_or_access_token)
48
+ get_access_token(**options_or_access_token)
49
49
  end
50
50
 
51
51
  return unless block_given?
@@ -63,7 +63,11 @@ module Zaikio
63
63
  scopes ||= client_config.default_scopes_for(bearer_type)
64
64
 
65
65
  access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
66
- .usable(bearer_type: bearer_type, bearer_id: bearer_id, scopes: scopes)
66
+ .usable(
67
+ bearer_type: bearer_type,
68
+ bearer_id: bearer_id,
69
+ requested_scopes: scopes
70
+ )
67
71
  .first
68
72
 
69
73
  if access_token.blank?
@@ -72,7 +76,8 @@ module Zaikio
72
76
  bearer_type: bearer_type,
73
77
  bearer_id: bearer_id,
74
78
  scopes: scopes
75
- )
79
+ ),
80
+ requested_scopes: scopes
76
81
  )
77
82
  access_token.save!
78
83
  elsif access_token&.expired?
data/lib/zaikio/oauth_client/authenticatable.rb CHANGED
@@ -49,10 +49,10 @@ module Zaikio
49
49
  def create_access_token
50
50
  access_token_response = oauth_client.auth_code.get_token(params[:code])
51
51
 
52
- access_token = Zaikio::AccessToken.build_from_access_token(access_token_response)
53
- access_token.save!
54
-
55
- access_token
52
+ Zaikio::AccessToken.build_from_access_token(
53
+ access_token_response,
54
+ requested_scopes: client_config.default_scopes
55
+ ).tap(&:save!)
56
56
  end
57
57
 
58
58
  def client_name
data/lib/zaikio/oauth_client/configuration.rb CHANGED
@@ -25,7 +25,7 @@ module Zaikio
25
25
  end
26
26
 
27
27
  def logger
28
- @logger ||= Logger.new(STDOUT)
28
+ @logger ||= Logger.new($stdout)
29
29
  end
30
30
 
31
31
  def register_client(name)
data/lib/zaikio/oauth_client/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.4.3".freeze
3
+ VERSION = "0.6.1".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-15 00:00:00.000000000 Z
11
+ date: 2021-02-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -111,6 +111,8 @@ files:
111
111
  - config/routes.rb
112
112
  - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
113
113
  - db/migrate/20191017132048_create_zaikio_access_tokens.rb
114
+ - db/migrate/20210222135920_enhance_access_token_index.rb
115
+ - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
114
116
  - lib/tasks/zaikio_tasks.rake
115
117
  - lib/zaikio/oauth_client.rb
116
118
  - lib/zaikio/oauth_client/authenticatable.rb