zaikio-oauth_client 0.0.0 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -67
- data/app/controllers/zaikio/oauth_client/connections_controller.rb +1 -1
- data/app/models/zaikio/access_token.rb +3 -7
- data/config/routes.rb +5 -10
- data/lib/zaikio/oauth_client/authenticatable.rb +1 -1
- data/lib/zaikio/oauth_client/configuration.rb +6 -17
- data/lib/zaikio/oauth_client/version.rb +1 -1
- data/lib/zaikio/oauth_client.rb +2 -15
- metadata +13 -20
- data/app/jobs/zaikio/cleanup_access_tokens_job.rb +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 331698c5601daa90812282be1d71a0009a7814892725edfadf4c2c74e587fd01
|
|
4
|
+
data.tar.gz: ea380a6d82e708c877016d76fdef4b37f1c5eacaff1794f699ee58c333a8ffed
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d3d5325374e9eab95c6f71fe4685a2b78ea02bfbf397fd924d426e72916a1dc164b36d0e2fd3deff867cff82940d4a85edb59d4942c496b5e7e037d438536c07
|
|
7
|
+
data.tar.gz: 3953445f638417b51d1a46f25e85e98fbe706bc5adf221c4aa84e6976290cde61f465c9d9a37d2fe4b6bcbde27c786786352a4ec32ecb858d425bfd18116e4cf
|
data/README.md
CHANGED
|
@@ -5,13 +5,27 @@ This Gem enables you to easily connect to the Zaikio Directory and use the OAuth
|
|
|
5
5
|
|
|
6
6
|
## Installation
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
This gem is a **Ruby Gem** and is hosted privately in the **GitHub Package Registry**.
|
|
9
|
+
|
|
10
|
+
To fetch it from the GitHub Package Registry follow these steps:
|
|
11
|
+
|
|
12
|
+
1. You must use a personal access token with the `read:packages` and `write:packages` scopes to publish and delete public packages in the GitHub Package Registry with RubyGems. Your personal access token must also have the `repo` scope when the repository is private. For more information, see "[Creating a personal access token for the command line](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line)."
|
|
13
|
+
|
|
14
|
+
2. Set an ENV variable that will be used for both gem and npm. *This will also work on Heroku or your CI App if you set the ENV variable there.*
|
|
15
|
+
```bash
|
|
16
|
+
export BUNDLE_RUBYGEMS__PKG__GITHUB__COM=#Your-Token-Here#
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
3. Add the following in your Gemfile
|
|
9
20
|
|
|
10
21
|
```ruby
|
|
11
|
-
|
|
22
|
+
source "https://rubygems.pkg.github.com/crispymtn" do
|
|
23
|
+
gem "zaikio-oauth_client"
|
|
24
|
+
end
|
|
12
25
|
```
|
|
13
26
|
Then run `bundle install`.
|
|
14
27
|
|
|
28
|
+
|
|
15
29
|
## Setup & Configuration
|
|
16
30
|
|
|
17
31
|
### 1. Copy & run Migrations
|
|
@@ -26,8 +40,6 @@ This will create the tables:
|
|
|
26
40
|
|
|
27
41
|
### 2. Mount routes
|
|
28
42
|
|
|
29
|
-
Add this to `config/routes.rb`:
|
|
30
|
-
|
|
31
43
|
```rb
|
|
32
44
|
mount Zaikio::OAuthClient::Engine => "/zaikio"
|
|
33
45
|
```
|
|
@@ -37,7 +49,7 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
|
|
|
37
49
|
```rb
|
|
38
50
|
# config/initializers/zaikio_oauth_client.rb
|
|
39
51
|
Zaikio::OAuthClient.configure do |config|
|
|
40
|
-
config.environment = :
|
|
52
|
+
config.environment = :test
|
|
41
53
|
|
|
42
54
|
config.register_client :warehouse do |warehouse|
|
|
43
55
|
warehouse.client_id = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
|
|
@@ -67,28 +79,6 @@ Zaikio::OAuthClient.configure do |config|
|
|
|
67
79
|
end
|
|
68
80
|
```
|
|
69
81
|
|
|
70
|
-
|
|
71
|
-
### 4. Clean up outdated access tokens (recommended)
|
|
72
|
-
|
|
73
|
-
To avoid keeping all expired oath and refresh tokens in your database, we recommend to implement their scheduled deletion. We recommend therefore to use a schedule gems such as [sidekiq](https://github.com/mperham/sidekiq) and [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler).
|
|
74
|
-
|
|
75
|
-
Simply add the following to your Gemfile:
|
|
76
|
-
|
|
77
|
-
```rb
|
|
78
|
-
gem "sidekiq"
|
|
79
|
-
gem "sidekiq-scheduler"
|
|
80
|
-
```
|
|
81
|
-
Then run `bundle install`.
|
|
82
|
-
|
|
83
|
-
Configure sidekiq scheduler in `config/sidekiq.yml`:
|
|
84
|
-
```yaml
|
|
85
|
-
:schedule:
|
|
86
|
-
cleanup_acces_tokens_job:
|
|
87
|
-
cron: '0 3 * * *' # This will delete all expired tokens every day at 3am.
|
|
88
|
-
class: 'Zaikio::CleanupAccessTokensJob'
|
|
89
|
-
```
|
|
90
|
-
|
|
91
|
-
|
|
92
82
|
## Usage
|
|
93
83
|
|
|
94
84
|
### OAuth Flow
|
|
@@ -119,24 +109,6 @@ You can then use `Current.user` anywhere.
|
|
|
119
109
|
|
|
120
110
|
For **logout** use: `zaikio_oauth_client.session_path, method: :delete` or build your own controller for deleting the cookie.
|
|
121
111
|
|
|
122
|
-
#### Multiple clients
|
|
123
|
-
|
|
124
|
-
When performing requests against directory APIs, it is important to always provide the correct client in order to use the client credentials flow correctly. Otherwise always the first client will be used. It is recommended to specify an `around_action`:
|
|
125
|
-
|
|
126
|
-
```rb
|
|
127
|
-
class ApplicationController < ActionController::Base
|
|
128
|
-
around_action :with_client
|
|
129
|
-
|
|
130
|
-
private
|
|
131
|
-
|
|
132
|
-
def with_client
|
|
133
|
-
Zaikio::OAuthClient.with_client Current.client_name do
|
|
134
|
-
yield
|
|
135
|
-
end
|
|
136
|
-
end
|
|
137
|
-
end
|
|
138
|
-
```
|
|
139
|
-
|
|
140
112
|
#### Redirecting
|
|
141
113
|
|
|
142
114
|
The `zaikio_oauth_client.new_session_path` which was used for the first initiation of the OAuth flow, accepts an optional parameter `origin` which will then be used to redirect the user at the end of a completed & successful OAuth flow.
|
|
@@ -164,27 +136,6 @@ class ApplicationController < ActionController::Base
|
|
|
164
136
|
end
|
|
165
137
|
```
|
|
166
138
|
|
|
167
|
-
#### Custom behavior
|
|
168
|
-
|
|
169
|
-
Since the built in `SessionsController` and `ConnectionsController` are inheriting from the main app's `ApplicationController` all behaviour will be added there, too. In some cases you might want to explicitly skip a `before_action` or add custom `before_action` callbacks.
|
|
170
|
-
|
|
171
|
-
You can achieve this by adding a custom controller name to your configuration:
|
|
172
|
-
|
|
173
|
-
```rb
|
|
174
|
-
# app/controllers/sessions_controller.rb
|
|
175
|
-
class SessionsController < Zaikio::OAuthClient::SessionsController
|
|
176
|
-
skip_before_action :redirect_unless_authenticated
|
|
177
|
-
end
|
|
178
|
-
|
|
179
|
-
# config/initializers/zaikio_oauth_client.rb
|
|
180
|
-
Zaikio::OAuthClient.configure do |config|
|
|
181
|
-
# ...
|
|
182
|
-
config.sessions_controller_name = "sessions"
|
|
183
|
-
# config.connections_controller_name = "connections"
|
|
184
|
-
# ...
|
|
185
|
-
end
|
|
186
|
-
```
|
|
187
|
-
|
|
188
139
|
#### Testing
|
|
189
140
|
|
|
190
141
|
You can use our test helper to login different users:
|
|
@@ -234,7 +185,7 @@ If you use the provided OAuth credentials from above and test this against the S
|
|
|
234
185
|
|
|
235
186
|
**Make sure you have the dummy app running locally to validate your changes.**
|
|
236
187
|
|
|
237
|
-
Make your changes and adjust `version.rb`.
|
|
188
|
+
Make your changes and adjust `version.rb`.
|
|
238
189
|
|
|
239
190
|
**To push a new release:**
|
|
240
191
|
|
|
@@ -26,24 +26,20 @@ module Zaikio
|
|
|
26
26
|
# Scopes
|
|
27
27
|
scope :valid, lambda {
|
|
28
28
|
where("expires_at > :now", now: Time.current)
|
|
29
|
-
.where.not(id: Zaikio::JWTAuth.
|
|
30
|
-
}
|
|
31
|
-
scope :with_invalid_refresh_token, lambda {
|
|
32
|
-
where("created_at <= ?", Time.current - Zaikio::AccessToken.refresh_token_valid_for)
|
|
29
|
+
.where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
|
|
33
30
|
}
|
|
34
31
|
scope :valid_refresh, lambda {
|
|
35
32
|
where("expires_at <= :now AND created_at > :created_at_max",
|
|
36
33
|
now: Time.current,
|
|
37
34
|
created_at_max: Time.current - refresh_token_valid_for)
|
|
38
|
-
.where(
|
|
39
|
-
.where.not(id: Zaikio::JWTAuth.revoked_token_ids)
|
|
35
|
+
.where.not(id: Zaikio::JWTAuth.blacklisted_token_ids)
|
|
40
36
|
}
|
|
41
37
|
scope :by_bearer, lambda { |bearer_type: "Person", bearer_id:, scopes: []|
|
|
42
38
|
where(bearer_type: bearer_type, bearer_id: bearer_id)
|
|
43
39
|
.where("scopes @> ARRAY[?]::varchar[]", scopes)
|
|
44
40
|
}
|
|
45
41
|
scope :usable, lambda { |options|
|
|
46
|
-
by_bearer(
|
|
42
|
+
by_bearer(options).valid.or(by_bearer(options).valid_refresh)
|
|
47
43
|
.order(expires_at: :desc)
|
|
48
44
|
}
|
|
49
45
|
|
data/config/routes.rb
CHANGED
|
@@ -1,15 +1,10 @@
|
|
|
1
1
|
Zaikio::OAuthClient::Engine.routes.draw do
|
|
2
|
-
sessions_controller = Zaikio::OAuthClient.configuration.sessions_controller_name
|
|
3
|
-
connections_controller = Zaikio::OAuthClient.configuration.connections_controller_name
|
|
4
|
-
|
|
5
2
|
# People
|
|
6
|
-
get "(/:client_name)/sessions/new",
|
|
7
|
-
get "(/:client_name)/sessions/approve",
|
|
8
|
-
delete "(/:client_name)/session",
|
|
3
|
+
get "(/:client_name)/sessions/new", to: "sessions#new", as: :new_session
|
|
4
|
+
get "(/:client_name)/sessions/approve", to: "sessions#approve", as: :approve_session
|
|
5
|
+
delete "(/:client_name)/session", to: "sessions#destroy", as: :session
|
|
9
6
|
|
|
10
7
|
# Organizations
|
|
11
|
-
get "(/:client_name)/connections/new",
|
|
12
|
-
|
|
13
|
-
get "(/:client_name)/connections/approve", action: :approve,
|
|
14
|
-
controller: connections_controller, as: :approve_connection
|
|
8
|
+
get "(/:client_name)/connections/new", to: "connections#new", as: :new_connection
|
|
9
|
+
get "(/:client_name)/connections/approve", to: "connections#approve", as: :approve_connection
|
|
15
10
|
end
|
|
@@ -5,23 +5,20 @@ module Zaikio
|
|
|
5
5
|
module OAuthClient
|
|
6
6
|
class Configuration
|
|
7
7
|
HOSTS = {
|
|
8
|
-
development: "http://
|
|
9
|
-
test: "http://
|
|
10
|
-
staging: "https://
|
|
11
|
-
sandbox: "https://
|
|
12
|
-
production: "https://
|
|
8
|
+
development: "http://directory.zaikio.test",
|
|
9
|
+
test: "http://directory.zaikio.test",
|
|
10
|
+
staging: "https://directory.staging.zaikio.com",
|
|
11
|
+
sandbox: "https://directory.sandbox.zaikio.com",
|
|
12
|
+
production: "https://directory.zaikio.com"
|
|
13
13
|
}.freeze
|
|
14
14
|
|
|
15
15
|
attr_accessor :host
|
|
16
16
|
attr_writer :logger
|
|
17
|
-
attr_reader :client_configurations, :environment, :around_auth_block
|
|
18
|
-
:sessions_controller_name, :connections_controller_name
|
|
17
|
+
attr_reader :client_configurations, :environment, :around_auth_block
|
|
19
18
|
|
|
20
19
|
def initialize
|
|
21
20
|
@client_configurations = {}
|
|
22
21
|
@around_auth_block = nil
|
|
23
|
-
@sessions_controller_name = "sessions"
|
|
24
|
-
@connections_controller_name = "connections"
|
|
25
22
|
end
|
|
26
23
|
|
|
27
24
|
def logger
|
|
@@ -50,14 +47,6 @@ module Zaikio
|
|
|
50
47
|
@around_auth_block = block
|
|
51
48
|
end
|
|
52
49
|
|
|
53
|
-
def sessions_controller_name=(name)
|
|
54
|
-
@sessions_controller_name = "/#{name}"
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
def connections_controller_name=(name)
|
|
58
|
-
@connections_controller_name = "/#{name}"
|
|
59
|
-
end
|
|
60
|
-
|
|
61
50
|
private
|
|
62
51
|
|
|
63
52
|
def host_for(environment)
|
data/lib/zaikio/oauth_client.rb
CHANGED
|
@@ -7,17 +7,13 @@ require "zaikio/oauth_client/authenticatable"
|
|
|
7
7
|
module Zaikio
|
|
8
8
|
module OAuthClient
|
|
9
9
|
class << self
|
|
10
|
-
|
|
10
|
+
attr_accessor :configuration
|
|
11
11
|
|
|
12
12
|
def configure
|
|
13
|
-
|
|
13
|
+
self.configuration ||= Configuration.new
|
|
14
14
|
yield(configuration)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def configuration
|
|
18
|
-
@configuration ||= Configuration.new
|
|
19
|
-
end
|
|
20
|
-
|
|
21
17
|
def for(client_name = nil)
|
|
22
18
|
client_config_for(client_name).oauth_client
|
|
23
19
|
end
|
|
@@ -33,14 +29,6 @@ module Zaikio
|
|
|
33
29
|
@oauth_scheme = :request_body
|
|
34
30
|
end
|
|
35
31
|
|
|
36
|
-
def with_client(client_name)
|
|
37
|
-
original_client_name = @client_name || nil
|
|
38
|
-
@client_name = client_name
|
|
39
|
-
yield
|
|
40
|
-
ensure
|
|
41
|
-
@client_name = original_client_name
|
|
42
|
-
end
|
|
43
|
-
|
|
44
32
|
def with_auth(options_or_access_token, &block)
|
|
45
33
|
access_token = if options_or_access_token.is_a?(Zaikio::AccessToken)
|
|
46
34
|
options_or_access_token
|
|
@@ -58,7 +46,6 @@ module Zaikio
|
|
|
58
46
|
end
|
|
59
47
|
|
|
60
48
|
def get_access_token(client_name: nil, bearer_type: "Person", bearer_id: nil, scopes: nil) # rubocop:disable Metrics/MethodLength
|
|
61
|
-
client_name ||= self.client_name
|
|
62
49
|
client_config = client_config_for(client_name)
|
|
63
50
|
scopes ||= client_config.default_scopes_for(bearer_type)
|
|
64
51
|
|
metadata
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-oauth_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- Steffen Boller
|
|
8
|
+
- Christian Weyer
|
|
9
|
+
- Matthias Prinz
|
|
8
10
|
autorequire:
|
|
9
11
|
bindir: bin
|
|
10
12
|
cert_chain: []
|
|
11
|
-
date:
|
|
13
|
+
date: 2020-04-28 00:00:00.000000000 Z
|
|
12
14
|
dependencies:
|
|
13
15
|
- !ruby/object:Gem::Dependency
|
|
14
16
|
name: rails
|
|
@@ -42,22 +44,16 @@ dependencies:
|
|
|
42
44
|
name: zaikio-jwt_auth
|
|
43
45
|
requirement: !ruby/object:Gem::Requirement
|
|
44
46
|
requirements:
|
|
45
|
-
- - "
|
|
47
|
+
- - "~>"
|
|
46
48
|
- !ruby/object:Gem::Version
|
|
47
49
|
version: 0.2.1
|
|
48
|
-
- - "<"
|
|
49
|
-
- !ruby/object:Gem::Version
|
|
50
|
-
version: 0.5.0
|
|
51
50
|
type: :runtime
|
|
52
51
|
prerelease: false
|
|
53
52
|
version_requirements: !ruby/object:Gem::Requirement
|
|
54
53
|
requirements:
|
|
55
|
-
- - "
|
|
54
|
+
- - "~>"
|
|
56
55
|
- !ruby/object:Gem::Version
|
|
57
56
|
version: 0.2.1
|
|
58
|
-
- - "<"
|
|
59
|
-
- !ruby/object:Gem::Version
|
|
60
|
-
version: 0.5.0
|
|
61
57
|
- !ruby/object:Gem::Dependency
|
|
62
58
|
name: pg
|
|
63
59
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -89,10 +85,9 @@ dependencies:
|
|
|
89
85
|
description: This gem provides a mountable Rails engine that provides single sign
|
|
90
86
|
on, directory access and further Zaikio platform connectivity.
|
|
91
87
|
email:
|
|
92
|
-
- sb@
|
|
93
|
-
- cw@
|
|
94
|
-
- mp@
|
|
95
|
-
- js@zaikio.com
|
|
88
|
+
- sb@crispymtn.com
|
|
89
|
+
- cw@crispymtn.com
|
|
90
|
+
- mp@crispymtn.com
|
|
96
91
|
executables: []
|
|
97
92
|
extensions: []
|
|
98
93
|
extra_rdoc_files: []
|
|
@@ -104,7 +99,6 @@ files:
|
|
|
104
99
|
- app/controllers/zaikio/oauth_client/sessions_controller.rb
|
|
105
100
|
- app/helpers/zaikio/application_helper.rb
|
|
106
101
|
- app/jobs/zaikio/application_job.rb
|
|
107
|
-
- app/jobs/zaikio/cleanup_access_tokens_job.rb
|
|
108
102
|
- app/models/zaikio/access_token.rb
|
|
109
103
|
- config/initializers/inflections.rb
|
|
110
104
|
- config/locales/en.yml
|
|
@@ -119,11 +113,10 @@ files:
|
|
|
119
113
|
- lib/zaikio/oauth_client/engine.rb
|
|
120
114
|
- lib/zaikio/oauth_client/test_helper.rb
|
|
121
115
|
- lib/zaikio/oauth_client/version.rb
|
|
122
|
-
homepage: https://
|
|
116
|
+
homepage: https://crispymtn.com
|
|
123
117
|
licenses:
|
|
124
118
|
- MIT
|
|
125
|
-
metadata:
|
|
126
|
-
changelog_uri: https://github.com/zaikio/zaikio-oauth_client/blob/master/CHANGELOG.md
|
|
119
|
+
metadata: {}
|
|
127
120
|
post_install_message:
|
|
128
121
|
rdoc_options: []
|
|
129
122
|
require_paths:
|
|
@@ -139,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
139
132
|
- !ruby/object:Gem::Version
|
|
140
133
|
version: '0'
|
|
141
134
|
requirements: []
|
|
142
|
-
rubygems_version: 3.2
|
|
135
|
+
rubygems_version: 3.1.2
|
|
143
136
|
signing_key:
|
|
144
137
|
specification_version: 4
|
|
145
138
|
summary: Zaikio Platform Connectivity
|