zaikio-oauth_client 0.5.1 → 0.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +14 -1
  3. data/app/models/zaikio/access_token.rb +11 -6
  4. data/db/migrate/20210222135920_enhance_access_token_index.rb +7 -0
  5. data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb +6 -0
  6. data/lib/zaikio/oauth_client.rb +7 -2
  7. data/lib/zaikio/oauth_client/authenticatable.rb +9 -7
  8. data/lib/zaikio/oauth_client/version.rb +1 -1
  9. metadata +47 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e5cfd64269f31591bd1ee84ff353faeb5d4a14664a1082f4ce7cec90dc743c7d
4
- data.tar.gz: bbe382d142e53ed1f7f2193ab58506b460496cc04fcff3c1b7c9630d848192de
3
+ metadata.gz: 32f871e3c1b27ab91ce3bbaa35d4ac460cc12d93401c1b73d4dd618cd83d1f00
4
+ data.tar.gz: 1ce0459fdb769c4f5c7e31287cccc16d6fce74a819557dfa1c5c6cd3120991ee
5
5
  SHA512:
6
- metadata.gz: 42735a555e9ce9356756ca979849f7e42dd0e779d33f1ebaed26c8c8df42588dc7674ef6b24a18f023e23a64e21743db7c9e5f108a2ac2004f1f140c17083ff2
7
- data.tar.gz: 574a6706443d8e9cfc0294d61cd79c3e3959daffd914593f0a45c7e120e420189cd629abf4d607ecd7b37379c98e8a3192b9f4446936e9f5c35ebcd28b4e89a2
6
+ metadata.gz: 567ac3217d0b63498fc6d18292c4b1fcdd6d8407c2341daae177388e2e68104bfd0aab00990606099b7e9f5d10dc13e7572586271eb0f76c8c6200520db81f81
7
+ data.tar.gz: b9366a697539fa31138e2ddc8b9f02f9dd6ed6cd11113bbc8ed3c1732301044395b19d033eda14d5b7bb7ad7c32f0836be6e89a000b2f7dd6270f05385846283
data/README.md CHANGED
@@ -103,7 +103,20 @@ redirect_to zaikio_oauth_client.new_session_path(client_name: 'my_other_client')
103
103
  redirect_to zaikio_oauth_client.new_connection_path(client_name: 'my_other_client')
104
104
  ```
105
105
 
106
- This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory `.../oauth/authorize` and include all necessary parameters like your client_id.
106
+ This will redirect the user to the OAuth Authorize endpoint of the Zaikio Directory
107
+ `.../oauth/authorize` and include all necessary parameters like your client_id. You may
108
+ also pass `show_signup`, `force_login` and `state` parameters through, like so:
109
+
110
+ ```ruby
111
+ # Take the user directly to the signup page
112
+ redirect_to zaikio_oauth_client.new_session_path(show_signup: true)
113
+
114
+ # Force the user to re-authenticate even if they have an existing session
115
+ redirect_to zaikio_oauth_client.new_session_path(force_login: true)
116
+
117
+ # Pass a custom Oauth 2.0 state parameter
118
+ redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
119
+ ```
107
120
 
108
121
  #### Session handling
109
122
 
data/app/models/zaikio/access_token.rb CHANGED
@@ -5,8 +5,9 @@ module Zaikio
5
5
  class AccessToken < ApplicationRecord
6
6
  self.table_name = "zaikio_access_tokens"
7
7
 
8
- def self.build_from_access_token(access_token) # rubocop:disable Metrics/AbcSize
8
+ def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
9
9
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
10
+ scopes = access_token.params["scope"].split(",")
10
11
  new(
11
12
  id: payload["jti"],
12
13
  bearer_type: access_token.params["bearer"]["type"],
@@ -15,7 +16,8 @@ module Zaikio
15
16
  token: access_token.token,
16
17
  refresh_token: access_token.refresh_token,
17
18
  expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
18
- scopes: access_token.params["scope"].split(",")
19
+ scopes: scopes,
20
+ requested_scopes: requested_scopes || scopes
19
21
  )
20
22
  end
21
23
 
@@ -38,9 +40,9 @@ module Zaikio
38
40
  .where("refresh_token IS NOT NULL")
39
41
  .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
40
42
  }
41
- scope :by_bearer, lambda { |bearer_id:, scopes: [], bearer_type: "Person"|
43
+ scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|
42
44
  where(bearer_type: bearer_type, bearer_id: bearer_id)
43
- .where("scopes @> ARRAY[?]::varchar[]", scopes)
45
+ .where("requested_scopes @> ARRAY[?]::varchar[]", requested_scopes)
44
46
  }
45
47
  scope :usable, lambda { |options|
46
48
  by_bearer(**options).valid.or(by_bearer(**options).valid_refresh)
@@ -60,7 +62,7 @@ module Zaikio
60
62
  end
61
63
 
62
64
  def bearer_klass
63
- return unless Zaikio.const_defined?("Hub::Models")
65
+ return unless Zaikio.const_defined?("Hub::Models", false)
64
66
 
65
67
  if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
66
68
  Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
@@ -76,7 +78,10 @@ module Zaikio
76
78
  attributes.slice("token", "refresh_token")
77
79
  ).refresh!
78
80
 
79
- access_token = self.class.build_from_access_token(refreshed_token)
81
+ access_token = self.class.build_from_access_token(
82
+ refreshed_token,
83
+ requested_scopes: requested_scopes
84
+ )
80
85
 
81
86
  transaction { destroy if access_token.save! }
82
87
 
data/db/migrate/20210222135920_enhance_access_token_index.rb ADDED
@@ -0,0 +1,7 @@
1
+ class EnhanceAccessTokenIndex < ActiveRecord::Migration[6.1]
2
+ def change
3
+ remove_index :zaikio_access_tokens, %i[bearer_type bearer_id]
4
+ add_index :zaikio_access_tokens, %i[audience bearer_type bearer_id],
5
+ name: :zaikio_access_tokens_lookup_index
6
+ end
7
+ end
data/db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb ADDED
@@ -0,0 +1,6 @@
1
+ class AddRequestedScopesToZaikioAccessTokens < ActiveRecord::Migration[6.1]
2
+ def change
3
+ add_column :zaikio_access_tokens, :requested_scopes, :string, array: true, default: [], null: false
4
+ Zaikio::AccessToken.update_all("requested_scopes = scopes, updated_at = now()")
5
+ end
6
+ end
data/lib/zaikio/oauth_client.rb CHANGED
@@ -63,7 +63,11 @@ module Zaikio
63
63
  scopes ||= client_config.default_scopes_for(bearer_type)
64
64
 
65
65
  access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
66
- .usable(bearer_type: bearer_type, bearer_id: bearer_id, scopes: scopes)
66
+ .usable(
67
+ bearer_type: bearer_type,
68
+ bearer_id: bearer_id,
69
+ requested_scopes: scopes
70
+ )
67
71
  .first
68
72
 
69
73
  if access_token.blank?
@@ -72,7 +76,8 @@ module Zaikio
72
76
  bearer_type: bearer_type,
73
77
  bearer_id: bearer_id,
74
78
  scopes: scopes
75
- )
79
+ ),
80
+ requested_scopes: scopes
76
81
  )
77
82
  access_token.save!
78
83
  elsif access_token&.expired?
data/lib/zaikio/oauth_client/authenticatable.rb CHANGED
@@ -4,11 +4,13 @@ module Zaikio
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  def new
7
- cookies.encrypted[:origin] = params[:origin]
7
+ opts = params.permit(:client_name, :show_signup, :force_login, :state)
8
+ client_name = opts.delete(:client_name)
8
9
 
9
10
  redirect_to oauth_client.auth_code.authorize_url(
10
- redirect_uri: approve_url(params[:client_name]),
11
- scope: oauth_scope
11
+ redirect_uri: approve_url(client_name),
12
+ scope: oauth_scope,
13
+ **opts
12
14
  )
13
15
  end
14
16
 
@@ -49,10 +51,10 @@ module Zaikio
49
51
  def create_access_token
50
52
  access_token_response = oauth_client.auth_code.get_token(params[:code])
51
53
 
52
- access_token = Zaikio::AccessToken.build_from_access_token(access_token_response)
53
- access_token.save!
54
-
55
- access_token
54
+ Zaikio::AccessToken.build_from_access_token(
55
+ access_token_response,
56
+ requested_scopes: client_config.default_scopes
57
+ ).tap(&:save!)
56
58
  end
57
59
 
58
60
  def client_name
data/lib/zaikio/oauth_client/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module OAuthClient
3
- VERSION = "0.5.1".freeze
3
+ VERSION = "0.7.2".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,17 +1,59 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-oauth_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.1
4
+ version: 0.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zaikio GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-12 00:00:00.000000000 Z
11
+ date: 2021-03-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rails
14
+ name: actionpack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 5.0.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 5.0.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: activerecord
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 5.0.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 5.0.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: activesupport
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: 5.0.0
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: 5.0.0
55
+ - !ruby/object:Gem::Dependency
56
+ name: railties
15
57
  requirement: !ruby/object:Gem::Requirement
16
58
  requirements:
17
59
  - - ">="
@@ -111,6 +153,8 @@ files:
111
153
  - config/routes.rb
112
154
  - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
113
155
  - db/migrate/20191017132048_create_zaikio_access_tokens.rb
156
+ - db/migrate/20210222135920_enhance_access_token_index.rb
157
+ - db/migrate/20210224154303_add_requested_scopes_to_zaikio_access_tokens.rb
114
158
  - lib/tasks/zaikio_tasks.rake
115
159
  - lib/zaikio/oauth_client.rb
116
160
  - lib/zaikio/oauth_client/authenticatable.rb