zaikio-oauth_client 0.4.3 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +5 -5
  3. data/app/models/zaikio/access_token.rb +14 -9
  4. data/db/migrate/20210222135920_enhance_access_token_index.rb +7 -0
  5. data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb +6 -0
  6. data/lib/zaikio/oauth_client.rb +8 -3
  7. data/lib/zaikio/oauth_client/authenticatable.rb +4 -4
  8. data/lib/zaikio/oauth_client/configuration.rb +1 -1
  9. data/lib/zaikio/oauth_client/version.rb +1 -1
  10. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4acce9f2a5a527a4f5e6d407f2a345149215e906ca155488f5bc65fc8a0a3a62
4
- data.tar.gz: a8d208cb534f3fa52c41bd959efbd20956e1f5fc8302d9e807b1af60da02c8f7
3
+ metadata.gz: f73993c6e346ad227b9591f3978d5e8df70f3cbe02a123da0880581c90877090
4
+ data.tar.gz: 78a28c37466e1c1f572c4691c43b86dd0dcc583089ea04ea53adf546727529fd
5
5
  SHA512:
6
- metadata.gz: f2cbeff0fd6c94ea3566c7e970f2872741c240f5241a987cc838be5923fcb2a7fdf3e53d639aedcfb8b830d07de3acea1208230479896fb5f501a821cb352a53
7
- data.tar.gz: 07ec99742b7fd32aa9c9874257092f7e361cadd3c5dfd95eeb45bbeb09a711bb2b01955e9700b9568dfca82ee696d23293c081977df07861c243edfbb288c39f
6
+ metadata.gz: 4ead8b3e3d2576cefd9067633f02b814362cb2d8f8b912ffeb25e5d6165a9e980ccb76614c1373e8bf4a4954b6f087632982bd5eaace58d8bc6f3f726206ea1f
7
+ data.tar.gz: 1979f2d0c8da9a6fdb813dbb02c48b229dd308b742aedf93c63f28545e5d1d11dbcf658f2c35c9e20b2cee5369348ae48cf346f24ba4d3fe5732aff9ba17153d
data/README.md CHANGED
@@ -60,7 +60,7 @@ Zaikio::OAuthClient.configure do |config|
60
60
  end
61
61
 
62
62
  config.around_auth do |access_token, block|
63
- Zaikio::Directory.with_token(access_token.token) do
63
+ Zaikio::Hub.with_token(access_token.token) do
64
64
  block.call(access_token)
65
65
  end
66
66
  end
@@ -93,7 +93,7 @@ Configure sidekiq scheduler in `config/sidekiq.yml`:
93
93
 
94
94
  ### OAuth Flow
95
95
 
96
- From any point in your application you can start using the Zaikio Directory OAuth2 flow with
96
+ From any point in your application you can start using the Zaikio Hub OAuth2 flow with
97
97
 
98
98
  ```rb
99
99
  redirect_to zaikio_oauth_client.new_session_path
@@ -109,10 +109,10 @@ This will redirect the user to the OAuth Authorize endpoint of the Zaikio Direct
109
109
 
110
110
  The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
111
111
 
112
- If you are using for example `Zaikio::Directory::Models`, you can use this snippet to set the current user:
112
+ If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
113
113
 
114
114
  ```ruby
115
- Current.user ||= Zaikio::Directory::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
115
+ Current.user ||= Zaikio::Hub::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
116
116
  ````
117
117
 
118
118
  You can then use `Current.user` anywhere.
@@ -149,7 +149,7 @@ class ApplicationController < ActionController::Base
149
149
  cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
150
150
 
151
151
  # Sync data on login
152
- Zaikio::Directory.with_token(access_token.token) do
152
+ Zaikio::Hub.with_token(access_token.token) do
153
153
  access_token.bearer_klass.find_and_reload!(access_token.bearer_id, includes: :all)
154
154
  end
155
155
 
data/app/models/zaikio/access_token.rb CHANGED
@@ -5,8 +5,9 @@ module Zaikio
5
5
  class AccessToken < ApplicationRecord
6
6
  self.table_name = "zaikio_access_tokens"
7
7
 
8
- def self.build_from_access_token(access_token) # rubocop:disable Metrics/AbcSize
8
+ def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
9
9
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
10
+ scopes = access_token.params["scope"].split(",")
10
11
  new(
11
12
  id: payload["jti"],
12
13
  bearer_type: access_token.params["bearer"]["type"],
@@ -15,7 +16,8 @@ module Zaikio
15
16
  token: access_token.token,
16
17
  refresh_token: access_token.refresh_token,
17
18
  expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
18
- scopes: access_token.params["scope"].split(",")
19
+ scopes: scopes,
20
+ requested_scopes: requested_scopes || scopes
19
21
  )
20
22
  end
21
23
 
@@ -38,13 +40,13 @@ module Zaikio
38
40
  .where("refresh_token IS NOT NULL")
39
41
  .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
40
42
  }
41
- scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|
43
+ scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|
42
44
  where(bearer_type: bearer_type, bearer_id: bearer_id)
43
- .where("scopes @> ARRAY[?]::varchar[]", scopes)
45
+ .where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
44
46
  }
45
47
  scope :usable, lambda { |options|
46
48
  by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
47
- .order(expires_at: :desc)
49
+ .order(expires_at: :desc)
48
50
  }
49
51
 
50
52
  def expired?
@@ -60,10 +62,10 @@ module Zaikio
60
62
  end
61
63
 
62
64
  def bearer_klass
63
- return unless Zaikio.const_defined?("Directory::Models")
65
+ return unless Zaikio.const_defined?("Hub::Models")
64
66
 
65
- if Zaikio::Directory::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
66
- Zaikio::Directory::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
67
+ if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
68
+ Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
67
69
  else
68
70
  "Zaikio::#{bearer_type}".constantize
69
71
  end
@@ -76,7 +78,10 @@ module Zaikio
76
78
  attributes.slice("token", "refresh_token")
77
79
  ).refresh!
78
80
 
79
- access_token = self.class.build_from_access_token(refreshed_token)
81
+ access_token = self.class.build_from_access_token(
82
+ refreshed_token,
83
+ requested_scopes: requested_scopes
84
+ )
80
85
 
81
86
  transaction { destroy if access_token.save! }
82
87
 
data/db/migrate/20210222135920_enhance_access_token_index.rb ADDED
@@ -0,0 +1,7 @@
1
+ class EnhanceAccessTokenIndex < ActiveRecord::Migration[6.1]
2
+ def change
3
+ remove_index :zaikio_access_tokens, %i[bearer_type bearer_id]
4
+ add_index :zaikio_access_tokens, %i[audience bearer_type bearer_id],
5
+ name: :zaikio_access_tokens_lookup_index
6
+ end
7
+ end
data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb ADDED
@@ -0,0 +1,6 @@
1
+ class AddRequestedScopesToZaikioAccessTokens < ActiveRecord::Migration[6.1]
2
+ def change
3
+ add_column :zaikio_access_tokens, :requested_scopes, :string, array: true, default: [], null: false
4
+ Zaikio::AccessToken.update_all("requested_scopes = scopes, updated_at = now()")
5
+ end
6
+ end
data/lib/zaikio/oauth_client.rb CHANGED
@@ -45,7 +45,7 @@ module Zaikio
45
45
  access_token = if options_or_access_token.is_a?(Zaikio::AccessToken)
46
46
  options_or_access_token
47
47
  else
48
- get_access_token(options_or_access_token)
48
+ get_access_token(**options_or_access_token)
49
49
  end
50
50
 
51
51
  return unless block_given?
@@ -63,7 +63,11 @@ module Zaikio
63
63
  scopes ||= client_config.default_scopes_for(bearer_type)
64
64
 
65
65
  access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
66
- .usable(bearer_type: bearer_type, bearer_id: bearer_id, scopes: scopes)
66
+ .usable(
67
+ bearer_type: bearer_type,
68
+ bearer_id: bearer_id,
69
+ requested_scopes: scopes
70
+ )
67
71
  .first
68
72
 
69
73
  if access_token.blank?
@@ -72,7 +76,8 @@ module Zaikio
72
76
  bearer_type: bearer_type,
73
77
  bearer_id: bearer_id,
74
78
  scopes: scopes
75
- )
79
+ ),
80
+ requested_scopes: scopes
76
81
  )
77
82
  access_token.save!
78
83
  elsif access_token&.expired?
data/lib/zaikio/oauth_client/authenticatable.rb CHANGED
@@ -49,10 +49,10 @@ module Zaikio
49
49
  def create_access_token
50
50
  access_token_response = oauth_client.auth_code.get_token(params[:code])
51
51
 
52
- access_token = Zaikio::AccessToken.build_from_access_token(access_token_response)
53
- access_token.save!
54
-
55
- access_token
52
+ Zaikio::AccessToken.build_from_access_token(
53
+ access_token_response,
54
+ requested_scopes: client_config.default_scopes
55
+ ).tap(&:save!)
56
56
  end
57
57
 
58
58
  def client_name
data/lib/zaikio/oauth_client/configuration.rb CHANGED
@@ -25,7 +25,7 @@ module Zaikio
25
25
  end
26
26
 
27
27
  def logger
28
- @logger ||= Logger.new(STDOUT)
28
+ @logger ||= Logger.new($stdout)
29
29
  end
30
30
 
31
31
  def register_client(name)
data/lib/zaikio/oauth_client/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.4.3".freeze
3
+ VERSION = "0.6.1".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-15 00:00:00.000000000 Z
11
+ date: 2021-02-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -111,6 +111,8 @@ files:
111
111
  - config/routes.rb
112
112
  - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
113
113
  - db/migrate/20191017132048_create_zaikio_access_tokens.rb
114
+ - db/migrate/20210222135920_enhance_access_token_index.rb
115
+ - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
114
116
  - lib/tasks/zaikio_tasks.rake
115
117
  - lib/zaikio/oauth_client.rb
116
118
  - lib/zaikio/oauth_client/authenticatable.rb