zaikio-oauth_client 0.7.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +14 -1
- data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb +20 -0
- data/app/models/zaikio/access_token.rb +10 -6
- data/config/routes.rb +13 -11
- data/lib/zaikio/oauth_client.rb +40 -24
- data/lib/zaikio/oauth_client/configuration.rb +6 -1
- data/lib/zaikio/oauth_client/version.rb +1 -1
- metadata +46 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e956bf122053d559c2dd918f4b90a23c10559bc5578442bc26dbe1530a3396b
|
|
4
|
+
data.tar.gz: 0d594a45ddf589b03d9e43817885377d963934345fa6cb936b367fe64761e08a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 38355e0660ea6b2fd2c1b13a23a75626b5d4ae4efd3e64eb21396893e4a2ffc39c34824f373e994f596e4064455a8ad596b63b5e595c16afa844ffcddc90e56a
|
|
7
|
+
data.tar.gz: 1cb76ea316682fc4a4394d27ad252cc67496e95fa9034ba7054ad6e9b472a211f78cb1c839c9f4c745b143804c04aef5c85616c4f6f344f378e19bf12420db53
|
data/README.md
CHANGED
|
@@ -118,6 +118,19 @@ redirect_to zaikio_oauth_client.new_session_path(force_login: true)
|
|
|
118
118
|
redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
|
|
119
119
|
```
|
|
120
120
|
|
|
121
|
+
You can also send them to the [Subscription Redirect
|
|
122
|
+
flow](https://docs.zaikio.com/api/directory/guides/subscriptions/redirect-flow/), which
|
|
123
|
+
behaves & redirects back like a regular Organization flow except it additionally sets up a
|
|
124
|
+
subscription for the organization:
|
|
125
|
+
|
|
126
|
+
```ruby
|
|
127
|
+
# Require them to select a plan themselves...
|
|
128
|
+
redirect_to zaikio_oauth_client.new_subscription_path
|
|
129
|
+
|
|
130
|
+
# Or preselect a plan for them
|
|
131
|
+
redirect_to zaikio_oauth_client.new_subscription_path(plan: "free")
|
|
132
|
+
```
|
|
133
|
+
|
|
121
134
|
#### Session handling
|
|
122
135
|
|
|
123
136
|
The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
|
|
@@ -254,7 +267,7 @@ To release a new version of the gem:
|
|
|
254
267
|
- Update the version in `lib/zaikio/oauth_client/version.rb`
|
|
255
268
|
- Update `CHANGELOG.md` to include the new version and its release date
|
|
256
269
|
- Commit and push your changes
|
|
257
|
-
- Create a [new release on GitHub](https://github.com/zaikio/zaikio-
|
|
270
|
+
- Create a [new release on GitHub](https://github.com/zaikio/zaikio-oauth_client/releases/new)
|
|
258
271
|
- CircleCI will build the Gem package and push it Rubygems for you
|
|
259
272
|
|
|
260
273
|
## License
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
module Zaikio
|
|
2
|
+
module OAuthClient
|
|
3
|
+
class SubscriptionsController < ConnectionsController
|
|
4
|
+
def new
|
|
5
|
+
opts = params.permit(:client_name, :state, :plan)
|
|
6
|
+
client_name = opts.delete(:client_name)
|
|
7
|
+
plan = opts.delete(:plan)
|
|
8
|
+
|
|
9
|
+
subscription_scope = "Org.subscription_create"
|
|
10
|
+
subscription_scope << ".#{plan}" if plan.present?
|
|
11
|
+
|
|
12
|
+
redirect_to oauth_client.auth_code.authorize_url(
|
|
13
|
+
redirect_uri: approve_url(client_name),
|
|
14
|
+
scope: subscription_scope,
|
|
15
|
+
**opts
|
|
16
|
+
)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -62,7 +62,7 @@ module Zaikio
|
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
def bearer_klass
|
|
65
|
-
return unless Zaikio.const_defined?("Hub::Models")
|
|
65
|
+
return unless Zaikio.const_defined?("Hub::Models", false)
|
|
66
66
|
|
|
67
67
|
if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
|
|
68
68
|
Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
|
|
@@ -78,15 +78,19 @@ module Zaikio
|
|
|
78
78
|
attributes.slice("token", "refresh_token")
|
|
79
79
|
).refresh!
|
|
80
80
|
|
|
81
|
-
|
|
81
|
+
destroy
|
|
82
|
+
|
|
83
|
+
self.class.build_from_access_token(
|
|
82
84
|
refreshed_token,
|
|
83
85
|
requested_scopes: requested_scopes
|
|
84
|
-
)
|
|
86
|
+
).tap(&:save!)
|
|
87
|
+
end
|
|
88
|
+
rescue OAuth2::Error => e
|
|
89
|
+
raise unless e.code == "invalid_grant"
|
|
85
90
|
|
|
86
|
-
|
|
91
|
+
destroy
|
|
87
92
|
|
|
88
|
-
|
|
89
|
-
end
|
|
93
|
+
nil
|
|
90
94
|
end
|
|
91
95
|
end
|
|
92
96
|
end
|
data/config/routes.rb
CHANGED
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
Zaikio::OAuthClient::Engine.routes.draw do
|
|
2
|
-
|
|
3
|
-
connections_controller = Zaikio::OAuthClient.configuration.connections_controller_name
|
|
2
|
+
config = Zaikio::OAuthClient.configuration
|
|
4
3
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
4
|
+
scope path: "(/:client_name)" do
|
|
5
|
+
# People
|
|
6
|
+
get "/sessions/new", action: :new, controller: config.sessions_controller_name, as: :new_session
|
|
7
|
+
get "/sessions/approve", action: :approve, controller: config.sessions_controller_name, as: :approve_session
|
|
8
|
+
delete "/session", action: :destroy, controller: config.sessions_controller_name, as: :session
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
10
|
+
# Organizations
|
|
11
|
+
get "/connections/new", action: :new, controller: config.connections_controller_name, as: :new_connection
|
|
12
|
+
get "/connections/approve", action: :approve, controller: config.connections_controller_name, as: :approve_connection
|
|
13
|
+
|
|
14
|
+
# Subscriptions
|
|
15
|
+
get "/subscriptions/new", action: :new, controller: config.subscriptions_controller_name, as: :new_subscription
|
|
16
|
+
end
|
|
15
17
|
end
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -57,34 +57,50 @@ module Zaikio
|
|
|
57
57
|
end
|
|
58
58
|
end
|
|
59
59
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
60
|
+
# Finds the best possible access token, using the DB or an API call
|
|
61
|
+
# * If the token has expired, it will be refreshed using the refresh_token flow
|
|
62
|
+
# (if this fails, we fallback to getting a new token using client_credentials)
|
|
63
|
+
# * If the token does not exist, we'll get a new one using the client_credentials flow
|
|
64
|
+
def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil)
|
|
65
|
+
client_config = client_config_for(client_name || self.client_name)
|
|
63
66
|
scopes ||= client_config.default_scopes_for(bearer_type)
|
|
64
67
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
68
|
+
token = find_usable_access_token(client_name: client_config.client_name,
|
|
69
|
+
bearer_type: bearer_type,
|
|
70
|
+
bearer_id: bearer_id,
|
|
71
|
+
requested_scopes: scopes)
|
|
72
|
+
|
|
73
|
+
token = token.refresh! if token&.expired?
|
|
74
|
+
|
|
75
|
+
token ||= fetch_new_token(client_config: client_config,
|
|
76
|
+
bearer_type: bearer_type,
|
|
77
|
+
bearer_id: bearer_id,
|
|
78
|
+
scopes: scopes)
|
|
79
|
+
token
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
# Finds the best usable access token. Note that this token may have expired and
|
|
83
|
+
# would require refreshing.
|
|
84
|
+
def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
|
|
85
|
+
Zaikio::AccessToken
|
|
86
|
+
.where(audience: client_name)
|
|
87
|
+
.usable(
|
|
88
|
+
bearer_type: bearer_type,
|
|
89
|
+
bearer_id: bearer_id,
|
|
90
|
+
requested_scopes: requested_scopes
|
|
81
91
|
)
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
access_token = access_token.refresh!
|
|
85
|
-
end
|
|
92
|
+
.first
|
|
93
|
+
end
|
|
86
94
|
|
|
87
|
-
|
|
95
|
+
def fetch_new_token(client_config:, bearer_type:, bearer_id:, scopes:)
|
|
96
|
+
Zaikio::AccessToken.build_from_access_token(
|
|
97
|
+
client_config.token_by_client_credentials(
|
|
98
|
+
bearer_type: bearer_type,
|
|
99
|
+
bearer_id: bearer_id,
|
|
100
|
+
scopes: scopes
|
|
101
|
+
),
|
|
102
|
+
requested_scopes: scopes
|
|
103
|
+
).tap(&:save!)
|
|
88
104
|
end
|
|
89
105
|
|
|
90
106
|
def get_plain_scopes(scopes)
|
|
@@ -15,13 +15,14 @@ module Zaikio
|
|
|
15
15
|
attr_accessor :host
|
|
16
16
|
attr_writer :logger
|
|
17
17
|
attr_reader :client_configurations, :environment, :around_auth_block,
|
|
18
|
-
:sessions_controller_name, :connections_controller_name
|
|
18
|
+
:sessions_controller_name, :connections_controller_name, :subscriptions_controller_name
|
|
19
19
|
|
|
20
20
|
def initialize
|
|
21
21
|
@client_configurations = {}
|
|
22
22
|
@around_auth_block = nil
|
|
23
23
|
@sessions_controller_name = "sessions"
|
|
24
24
|
@connections_controller_name = "connections"
|
|
25
|
+
@subscriptions_controller_name = "subscriptions"
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
def logger
|
|
@@ -58,6 +59,10 @@ module Zaikio
|
|
|
58
59
|
@connections_controller_name = "/#{name}"
|
|
59
60
|
end
|
|
60
61
|
|
|
62
|
+
def subscriptions_controller_name=(name)
|
|
63
|
+
@subscriptions_controller_name = "/#{name}"
|
|
64
|
+
end
|
|
65
|
+
|
|
61
66
|
private
|
|
62
67
|
|
|
63
68
|
def host_for(environment)
|
metadata
CHANGED
|
@@ -1,17 +1,59 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zaikio GmbH
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: actionpack
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 5.0.0
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 5.0.0
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: activerecord
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 5.0.0
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 5.0.0
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: activesupport
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 5.0.0
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 5.0.0
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: railties
|
|
15
57
|
requirement: !ruby/object:Gem::Requirement
|
|
16
58
|
requirements:
|
|
17
59
|
- - ">="
|
|
@@ -102,6 +144,7 @@ files:
|
|
|
102
144
|
- Rakefile
|
|
103
145
|
- app/controllers/zaikio/oauth_client/connections_controller.rb
|
|
104
146
|
- app/controllers/zaikio/oauth_client/sessions_controller.rb
|
|
147
|
+
- app/controllers/zaikio/oauth_client/subscriptions_controller.rb
|
|
105
148
|
- app/helpers/zaikio/application_helper.rb
|
|
106
149
|
- app/jobs/zaikio/application_job.rb
|
|
107
150
|
- app/jobs/zaikio/cleanup_access_tokens_job.rb
|