zaikio-oauth_client 0.4.4 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +19 -6
  3. data/app/models/zaikio/access_token.rb +13 -8
  4. data/db/migrate/20210222135920_enhance_access_token_index.rb +7 -0
  5. data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb +6 -0
  6. data/lib/zaikio/oauth_client.rb +7 -2
  7. data/lib/zaikio/oauth_client/authenticatable.rb +9 -7
  8. data/lib/zaikio/oauth_client/version.rb +1 -1
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d9eee4422926a02561d3e2301d775dc01d5db305df1c81133e5f39458394fa2
4
- data.tar.gz: b08b5e225a9e23c2a48c6533e5686df48b689a6953b7ee21459e8e2a884bda92
3
+ metadata.gz: bf62363ad03a5a1e7c6ee7e6be3100efcb32b1d45ecabe5858da1b2f558b3dcf
4
+ data.tar.gz: a5f650f66dd13fa05d9d63999fc2d5327d65ecea99c8f895821819f8a6181f60
5
5
  SHA512:
6
- metadata.gz: 4ac1c2f055825d2bd7b454aae2fbf2d6b89de39ce7a3dc396b798cfc3d03a515222098c354bbdaff4cf7c235542c3596a363a5efdaa064b6617f6ae8892b9a8c
7
- data.tar.gz: a233c429b205316024f52944ff25e48bf97e5d504f1a457a0f448d2563341f3cb9e5a6bf27cef6bed9214849d5eaf171f5ec575ea7a7a173e01c205a4e3b7c3d
6
+ metadata.gz: 58ebc73778fba84f9eae327d8b4250fee238311594340bec36ef04e90c14859fb2ac912df9f2dae37152646075221ac2a07adba3a254ad238bdae9a1089a667f
7
+ data.tar.gz: a8e4820c7b981f6e9249f667e4c99dccd7f4c2f96d2c42192b87a73409f2fb67decba6e01e36fd3586ae749e819c9869e7a5a9711f5843df7d5d97acd6344ce0
data/README.md CHANGED
@@ -60,7 +60,7 @@ Zaikio::OAuthClient.configure do |config|
60
60
  end
61
61
 
62
62
  config.around_auth do |access_token, block|
63
- Zaikio::Directory.with_token(access_token.token) do
63
+ Zaikio::Hub.with_token(access_token.token) do
64
64
  block.call(access_token)
65
65
  end
66
66
  end
@@ -93,7 +93,7 @@ Configure sidekiq scheduler in `config/sidekiq.yml`:
93
93
 
94
94
  ### OAuth Flow
95
95
 
96
- From any point in your application you can start using the Zaikio Directory OAuth2 flow with
96
+ From any point in your application you can start using the Zaikio Hub OAuth2 flow with
97
97
 
98
98
  ```rb
99
99
  redirect_to zaikio_oauth_client.new_session_path
@@ -103,16 +103,29 @@ redirect_to zaikio_oauth_client.new_session_path(client_name: 'my_other_client')
103
103
  redirect_to zaikio_oauth_client.new_connection_path(client_name: 'my_other_client')
104
104
  ```
105
105
 
106
- This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory `.../oauth/authorize` and include all necessary parameters like your client_id.
106
+ This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory
107
+ `.../oauth/authorize` and include all necessary parameters like your client_id. You may
108
+ also pass `show_signup`, `force_login` and `state` parameters through, like so:
109
+
110
+ ```ruby
111
+ # Take the user directly to the signup page
112
+ redirect_to zaikio_oauth_client.new_session_path(show_signup: true)
113
+
114
+ # Force the user to re-authenticate even if they have an existing session
115
+ redirect_to zaikio_oauth_client.new_session_path(force_login: true)
116
+
117
+ # Pass a custom Oauth 2.0 state parameter
118
+ redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
119
+ ```
107
120
 
108
121
  #### Session handling
109
122
 
110
123
  The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
111
124
 
112
- If you are using for example `Zaikio::Directory::Models`, you can use this snippet to set the current user:
125
+ If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
113
126
 
114
127
  ```ruby
115
- Current.user ||= Zaikio::Directory::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
128
+ Current.user ||= Zaikio::Hub::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
116
129
  ````
117
130
 
118
131
  You can then use `Current.user` anywhere.
@@ -149,7 +162,7 @@ class ApplicationController < ActionController::Base
149
162
  cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
150
163
 
151
164
  # Sync data on login
152
- Zaikio::Directory.with_token(access_token.token) do
165
+ Zaikio::Hub.with_token(access_token.token) do
153
166
  access_token.bearer_klass.find_and_reload!(access_token.bearer_id, includes: :all)
154
167
  end
155
168
 
data/app/models/zaikio/access_token.rb CHANGED
@@ -5,8 +5,9 @@ module Zaikio
5
5
  class AccessToken < ApplicationRecord
6
6
  self.table_name = "zaikio_access_tokens"
7
7
 
8
- def self.build_from_access_token(access_token) # rubocop:disable Metrics/AbcSize
8
+ def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
9
9
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
10
+ scopes = access_token.params["scope"].split(",")
10
11
  new(
11
12
  id: payload["jti"],
12
13
  bearer_type: access_token.params["bearer"]["type"],
@@ -15,7 +16,8 @@ module Zaikio
15
16
  token: access_token.token,
16
17
  refresh_token: access_token.refresh_token,
17
18
  expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
18
- scopes: access_token.params["scope"].split(",")
19
+ scopes: scopes,
20
+ requested_scopes: requested_scopes || scopes
19
21
  )
20
22
  end
21
23
 
@@ -38,9 +40,9 @@ module Zaikio
38
40
  .where("refresh_token IS NOT NULL")
39
41
  .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
40
42
  }
41
- scope :by_bearer, lambda { |bearer_id:, scopes: [], bearer_type: "Person"|
43
+ scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|
42
44
  where(bearer_type: bearer_type, bearer_id: bearer_id)
43
- .where("scopes @> ARRAY[?]::varchar[]", scopes)
45
+ .where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
44
46
  }
45
47
  scope :usable, lambda { |options|
46
48
  by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
@@ -60,10 +62,10 @@ module Zaikio
60
62
  end
61
63
 
62
64
  def bearer_klass
63
- return unless Zaikio.const_defined?("Directory::Models")
65
+ return unless Zaikio.const_defined?("Hub::Models")
64
66
 
65
- if Zaikio::Directory::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
66
- Zaikio::Directory::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
67
+ if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
68
+ Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
67
69
  else
68
70
  "Zaikio::#{bearer_type}".constantize
69
71
  end
@@ -76,7 +78,10 @@ module Zaikio
76
78
  attributes.slice("token", "refresh_token")
77
79
  ).refresh!
78
80
 
79
- access_token = self.class.build_from_access_token(refreshed_token)
81
+ access_token = self.class.build_from_access_token(
82
+ refreshed_token,
83
+ requested_scopes: requested_scopes
84
+ )
80
85
 
81
86
  transaction { destroy if access_token.save! }
82
87
 
data/db/migrate/20210222135920_enhance_access_token_index.rb ADDED
@@ -0,0 +1,7 @@
1
+ class EnhanceAccessTokenIndex < ActiveRecord::Migration[6.1]
2
+ def change
3
+ remove_index :zaikio_access_tokens, %i[bearer_type bearer_id]
4
+ add_index :zaikio_access_tokens, %i[audience bearer_type bearer_id],
5
+ name: :zaikio_access_tokens_lookup_index
6
+ end
7
+ end
data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb ADDED
@@ -0,0 +1,6 @@
1
+ class AddRequestedScopesToZaikioAccessTokens < ActiveRecord::Migration[6.1]
2
+ def change
3
+ add_column :zaikio_access_tokens, :requested_scopes, :string, array: true, default: [], null: false
4
+ Zaikio::AccessToken.update_all("requested_scopes = scopes, updated_at = now()")
5
+ end
6
+ end
data/lib/zaikio/oauth_client.rb CHANGED
@@ -63,7 +63,11 @@ module Zaikio
63
63
  scopes ||= client_config.default_scopes_for(bearer_type)
64
64
 
65
65
  access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
66
- .usable(bearer_type: bearer_type, bearer_id: bearer_id, scopes: scopes)
66
+ .usable(
67
+ bearer_type: bearer_type,
68
+ bearer_id: bearer_id,
69
+ requested_scopes: scopes
70
+ )
67
71
  .first
68
72
 
69
73
  if access_token.blank?
@@ -72,7 +76,8 @@ module Zaikio
72
76
  bearer_type: bearer_type,
73
77
  bearer_id: bearer_id,
74
78
  scopes: scopes
75
- )
79
+ ),
80
+ requested_scopes: scopes
76
81
  )
77
82
  access_token.save!
78
83
  elsif access_token&.expired?
data/lib/zaikio/oauth_client/authenticatable.rb CHANGED
@@ -4,11 +4,13 @@ module Zaikio
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  def new
7
- cookies.encrypted[:origin] = params[:origin]
7
+ opts = params.permit(:client_name, :show_signup, :force_login, :state)
8
+ client_name = opts.delete(:client_name)
8
9
 
9
10
  redirect_to oauth_client.auth_code.authorize_url(
10
- redirect_uri: approve_url(params[:client_name]),
11
- scope: oauth_scope
11
+ redirect_uri: approve_url(client_name),
12
+ scope: oauth_scope,
13
+ **opts
12
14
  )
13
15
  end
14
16
 
@@ -49,10 +51,10 @@ module Zaikio
49
51
  def create_access_token
50
52
  access_token_response = oauth_client.auth_code.get_token(params[:code])
51
53
 
52
- access_token = Zaikio::AccessToken.build_from_access_token(access_token_response)
53
- access_token.save!
54
-
55
- access_token
54
+ Zaikio::AccessToken.build_from_access_token(
55
+ access_token_response,
56
+ requested_scopes: client_config.default_scopes
57
+ ).tap(&:save!)
56
58
  end
57
59
 
58
60
  def client_name
data/lib/zaikio/oauth_client/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.4.4".freeze
3
+ VERSION = "0.7.0".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.4
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-20 00:00:00.000000000 Z
11
+ date: 2021-03-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -111,6 +111,8 @@ files:
111
111
  - config/routes.rb
112
112
  - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
113
113
  - db/migrate/20191017132048_create_zaikio_access_tokens.rb
114
+ - db/migrate/20210222135920_enhance_access_token_index.rb
115
+ - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
114
116
  - lib/tasks/zaikio_tasks.rake
115
117
  - lib/zaikio/oauth_client.rb
116
118
  - lib/zaikio/oauth_client/authenticatable.rb