checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 2b12e20bcfd16dc8c7a615a7afab48102145d010
4
+ data.tar.gz: 58243c8ba5aa45206188924f29ace72c66303848
5
+ SHA512:
6
+ metadata.gz: d75bac711ae068b6d0677cd2e1ac774e59ceddb69bcbbc75684431d4d10ba359ba67148a0419f515214065701fabab50b7a9bc6719a235804c64ad845fd21130
7
+ data.tar.gz: ebd161332ba932fe52393e35935a7eb048559098037f70fa7b1f163d0748afae72cdca50c275e5770cd3e933533c782c5eb7ba0b2d36cb9ef2a858121ef6091d
data/.circleci/config.yml ADDED
@@ -0,0 +1,53 @@
1
+ version: 2
2
+
3
+ jobs:
4
+ build:
5
+ docker:
6
+ - image: circleci/ruby:2.5.1
7
+
8
+ working_directory: ~/repo
9
+
10
+ steps:
11
+ - checkout
12
+ # Download and cache dependencies
13
+ - restore_cache:
14
+ keys:
15
+ - v1-dependencies-{{ checksum "Gemfile.lock" }}
16
+
17
+ - run:
18
+ name: install dependencies
19
+ command: |
20
+ bundle install --jobs=4 --retry=3 --path vendor/bundle
21
+
22
+ - run:
23
+ name: Setup Code Climate test-reporter
24
+ command: |
25
+ curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
26
+ chmod +x ./cc-test-reporter
27
+ - save_cache:
28
+ paths:
29
+ - ./vendor/bundle
30
+ key: v1-dependencies-{{ checksum "Gemfile.lock" }}
31
+
32
+ # run tests
33
+ - run:
34
+ name: run tests
35
+ command: |
36
+ ./cc-test-reporter before-build
37
+ mkdir /tmp/test-results
38
+ TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)"
39
+
40
+ bundle exec rspec --format progress \
41
+ --format RspecJunitFormatter \
42
+ --out /tmp/test-results/rspec.xml \
43
+ --format progress \
44
+ -- \
45
+ $TEST_FILES
46
+ ./cc-test-reporter after-build --coverage-input-type simplecov --exit-code $?
47
+
48
+ # collect reports
49
+ - store_test_results:
50
+ path: /tmp/test-results
51
+ - store_artifacts:
52
+ path: /tmp/test-results
53
+ destination: test-results
data/.gitignore ADDED
@@ -0,0 +1,13 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
12
+ coverage
13
+ .DS_Store
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.rubocop.yml ADDED
@@ -0,0 +1,51 @@
1
+ inherit_from: .rubocop_todo.yml
2
+
3
+ Rails:
4
+ Enabled: true
5
+ AllCops:
6
+ TargetRubyVersion: 2.5.1
7
+ Exclude:
8
+ - "vendor/**/*"
9
+ - "db/schema.rb"
10
+ - "node_modules/**/*"
11
+ - bin/*
12
+ Layout/DotPosition:
13
+ Description: Checks the position of the dot in multi-line method calls.
14
+ StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-multi-line-chains
15
+ Enabled: true
16
+ EnforcedStyle: leading
17
+ SupportedStyles:
18
+ - leading
19
+ - trailing
20
+ Metrics/BlockLength:
21
+ Enabled: false
22
+ Style/AndOr:
23
+ Description: Use &&/|| instead of and/or.
24
+ StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-and-or-or
25
+ Enabled: true
26
+ EnforcedStyle: conditionals
27
+ SupportedStyles:
28
+ - always
29
+ - conditionals
30
+ Style/ClassAndModuleChildren:
31
+ Enabled: true
32
+ EnforcedStyle: nested
33
+ SupportedStyles:
34
+ - compact
35
+ - nested
36
+ Style/MultilineIfModifier:
37
+ Enabled: false
38
+ Style/StringLiterals:
39
+ Description: Checks if uses of quotes match the configured preference.
40
+ StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-string-literals
41
+ Enabled: true
42
+ EnforcedStyle: single_quotes
43
+ SupportedStyles:
44
+ - single_quotes
45
+ - double_quotes
46
+ Rails/DynamicFindBy:
47
+ Exclude:
48
+ - "spec/features/**/*"
49
+ Style/Documentation:
50
+ Description: Document classes and non-namespace modules.
51
+ Enabled: false
data/.rubocop_todo.yml ADDED
@@ -0,0 +1,12 @@
1
+ # This configuration was generated by
2
+ # `rubocop --auto-gen-config`
3
+ # on 2018-07-11 16:20:36 -0400 using RuboCop version 0.54.0.
4
+ # The point is for the user to remove these configuration records
5
+ # one by one as the offenses are removed from the code base.
6
+ # Note that changes in the inspected code, or installation of new
7
+ # versions of RuboCop, may require this file to be generated again.
8
+
9
+ # Offense count: 1
10
+ Style/Documentation:
11
+ Exclude:
12
+ - 'spec/**/*'
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.5.1
5
+ before_install: gem install bundler -v 1.16.2
data/CODE_OF_CONDUCT.md ADDED
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at jfernandez@westernmilling.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+
5
+ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
6
+
7
+ # Specify your gem's dependencies in wm_okta_helper.gemspec
8
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,105 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ wm_okta_helper (0.2.4)
5
+ json-jwt
6
+ jwt
7
+
8
+ GEM
9
+ remote: https://rubygems.org/
10
+ specs:
11
+ activesupport (5.2.3)
12
+ concurrent-ruby (~> 1.0, >= 1.0.2)
13
+ i18n (>= 0.7, < 2)
14
+ minitest (~> 5.1)
15
+ tzinfo (~> 1.1)
16
+ addressable (2.5.2)
17
+ public_suffix (>= 2.0.2, < 4.0)
18
+ aes_key_wrap (1.0.1)
19
+ ast (2.4.0)
20
+ bindata (2.4.4)
21
+ byebug (10.0.2)
22
+ coderay (1.1.2)
23
+ concurrent-ruby (1.1.5)
24
+ crack (0.4.3)
25
+ safe_yaml (~> 1.0.0)
26
+ diff-lcs (1.3)
27
+ docile (1.3.1)
28
+ hashdiff (0.3.7)
29
+ i18n (1.6.0)
30
+ concurrent-ruby (~> 1.0)
31
+ json (2.1.0)
32
+ json-jwt (1.10.2)
33
+ activesupport (>= 4.2)
34
+ aes_key_wrap
35
+ bindata
36
+ jwt (2.2.1)
37
+ method_source (0.9.0)
38
+ minitest (5.11.3)
39
+ parallel (1.12.1)
40
+ parser (2.5.1.2)
41
+ ast (~> 2.4.0)
42
+ powerpack (0.1.2)
43
+ pry (0.11.3)
44
+ coderay (~> 1.1.0)
45
+ method_source (~> 0.9.0)
46
+ pry-byebug (3.6.0)
47
+ byebug (~> 10.0)
48
+ pry (~> 0.10)
49
+ public_suffix (3.0.2)
50
+ rainbow (3.0.0)
51
+ rake (10.5.0)
52
+ rspec (3.7.0)
53
+ rspec-core (~> 3.7.0)
54
+ rspec-expectations (~> 3.7.0)
55
+ rspec-mocks (~> 3.7.0)
56
+ rspec-core (3.7.1)
57
+ rspec-support (~> 3.7.0)
58
+ rspec-expectations (3.7.0)
59
+ diff-lcs (>= 1.2.0, < 2.0)
60
+ rspec-support (~> 3.7.0)
61
+ rspec-mocks (3.7.0)
62
+ diff-lcs (>= 1.2.0, < 2.0)
63
+ rspec-support (~> 3.7.0)
64
+ rspec-support (3.7.1)
65
+ rspec_junit_formatter (0.4.1)
66
+ rspec-core (>= 2, < 4, != 2.12.0)
67
+ rubocop (0.54.0)
68
+ parallel (~> 1.10)
69
+ parser (>= 2.5)
70
+ powerpack (~> 0.1)
71
+ rainbow (>= 2.2.2, < 4.0)
72
+ ruby-progressbar (~> 1.7)
73
+ unicode-display_width (~> 1.0, >= 1.0.1)
74
+ ruby-progressbar (1.9.0)
75
+ safe_yaml (1.0.4)
76
+ simplecov (0.16.1)
77
+ docile (~> 1.1)
78
+ json (>= 1.8, < 3)
79
+ simplecov-html (~> 0.10.0)
80
+ simplecov-html (0.10.2)
81
+ thread_safe (0.3.6)
82
+ tzinfo (1.2.5)
83
+ thread_safe (~> 0.1)
84
+ unicode-display_width (1.4.0)
85
+ webmock (3.4.2)
86
+ addressable (>= 2.3.6)
87
+ crack (>= 0.3.2)
88
+ hashdiff
89
+
90
+ PLATFORMS
91
+ ruby
92
+
93
+ DEPENDENCIES
94
+ bundler (~> 1.16)
95
+ pry-byebug
96
+ rake (~> 10.0)
97
+ rspec (~> 3.0)
98
+ rspec_junit_formatter
99
+ rubocop (~> 0.54.0)
100
+ simplecov
101
+ webmock
102
+ wm_okta_helper!
103
+
104
+ BUNDLED WITH
105
+ 1.16.6
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2018 Jose C Fernandez
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,71 @@
1
+ # wm_okta_helper
2
+
3
+
4
+ Workflow:
5
+ - User using an App authenticates through front end using his own Okta credentials.
6
+ - User calls App API sending id token
7
+ - App uses gem to validate id token
8
+
9
+ **If the wrapper is needed**
10
+ - App uses gem to get session token
11
+ - App calls Wm-mssql-wrapper passing session token
12
+ - Wm-mssql-wrapper uses gem to validate session token.
13
+
14
+ The only App knowledge about Okta is the Figaro parameters.
15
+
16
+
17
+ ## Installation
18
+
19
+ Add this line to your application's Gemfile:
20
+
21
+ ```ruby
22
+ gem 'wm_okta_helper'
23
+ ```
24
+
25
+ And then execute:
26
+
27
+ $ bundle
28
+
29
+ Or install it yourself as:
30
+
31
+ $ gem install wm_okta_helper
32
+
33
+ ## Usage
34
+
35
+ How to use:
36
+
37
+ ```ruby
38
+ token = WmOktaHelper::AuthenticateApiRequest.new(
39
+ request: request,
40
+ okta_org: Figaro.env.OKTA_ORG,
41
+ okta_domain: Figaro.env.OKTA_DOMAIN,
42
+ okta_client_id: Figaro.env.OKTA_CLIENT_ID
43
+ ).call
44
+ ```
45
+
46
+ Where request is Rails ActionDispatch::Request to request a token.
47
+
48
+ The response is a signed [JSON Web Signature](https://github.com/nov/json-jwt/wiki/JWS).
49
+
50
+ ## Development
51
+
52
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
53
+
54
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
55
+
56
+ ## Contributing
57
+
58
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/wm_okta_helper. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
59
+
60
+ ## License
61
+
62
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
63
+
64
+ ## Code of Conduct
65
+
66
+ Everyone interacting in the wm_okta_helper project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/wm_okta_helper/blob/master/CODE_OF_CONDUCT.md).
67
+
68
+
69
+
70
+
71
+
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+ require 'rubocop/rake_task'
6
+
7
+ RSpec::Core::RakeTask.new(:spec)
8
+ RuboCop::RakeTask.new
9
+
10
+ task default: %w[spec rubocop]
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "wm_okta_helper"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=#x27;\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/lib/wm_okta_helper.rb ADDED
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'wm_okta_helper/version'
4
+
5
+ module WmOktaHelper
6
+ autoload :AuthenticateApiRequest,
7
+ 'wm_okta_helper/authenticate_api_request.rb'
8
+ autoload :CreateSession,
9
+ 'wm_okta_helper/create_session.rb'
10
+ autoload :GetUserGroups,
11
+ 'wm_okta_helper/get_user_groups.rb'
12
+ autoload :PostRequest,
13
+ 'wm_okta_helper/post_request.rb'
14
+ autoload :ValidateSession,
15
+ 'wm_okta_helper/validate_session.rb'
16
+ end
data/lib/wm_okta_helper/authenticate_api_request.rb ADDED
@@ -0,0 +1,86 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json/jwt'
4
+ require 'jwt'
5
+ require 'net/http'
6
+
7
+ module WmOktaHelper
8
+ class AuthenticateApiRequest
9
+ def initialize(options)
10
+ @request = options[:request]
11
+ @token = nil
12
+ @okta_org = options[:okta_org]
13
+ @okta_domain = options[:okta_domain]
14
+ @okta_client_id = options[:okta_client_id]
15
+ end
16
+
17
+ def call
18
+ authenticate_request
19
+ end
20
+
21
+ attr_accessor :request, :okta_org, :okta_domain, :okta_client_id
22
+
23
+ private
24
+
25
+ def cache_key
26
+ 'OKTA_PUBLIC_KEYS'
27
+ end
28
+
29
+ def site
30
+ "https://#{okta_org}.#{okta_domain}.com"
31
+ end
32
+
33
+ def authenticate_request
34
+ @token if token_valid?
35
+ end
36
+
37
+ def client_id
38
+ okta_client_id
39
+ end
40
+
41
+ def dirty_kid
42
+ dirty_token.last['kid']
43
+ end
44
+
45
+ def dirty_token
46
+ JWT.decode(request_token, nil, false)
47
+ end
48
+
49
+ def okta_keys
50
+ Rails.cache.fetch(cache_key, expires_in: 1.month) do
51
+ okta_keys = {}
52
+ uri = URI("#{site}/oauth2/v1/keys")
53
+ data = Net::HTTP.get(uri)
54
+ keys = JSON.parse(data)
55
+ keys['keys'].each { |k| okta_keys[k['kid']] = k.except('alg') }
56
+ okta_keys
57
+ end
58
+ end
59
+
60
+ def parse_token
61
+ JSON::JWT.decode request_token, public_key
62
+ rescue StandardError
63
+ JSON::JWT.decode request_token, public_key(true)
64
+ end
65
+
66
+ def public_key(clear_cache = false)
67
+ Rails.cache.delete(cache_key) if clear_cache
68
+ JSON::JWK.new(okta_keys[dirty_kid])
69
+ end
70
+
71
+ def request_token
72
+ @request.headers['Authorization']
73
+ end
74
+
75
+ def token_valid?
76
+ @token = parse_token
77
+ if @token['iss'] != site ||
78
+ @token['aud'] != client_id ||
79
+ Time.strptime(@token['exp'].to_s, '%s') < Time.now.utc
80
+ return false
81
+ else
82
+ return true
83
+ end
84
+ end
85
+ end
86
+ end
data/lib/wm_okta_helper/create_session.rb ADDED
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WmOktaHelper
4
+ class CreateSession
5
+ def initialize(options)
6
+ @options = options
7
+ end
8
+
9
+ def call
10
+ check_options
11
+ raise 'Not authorized' if response['sessionToken'].blank?
12
+ response
13
+ end
14
+
15
+ attr_accessor :username, :password, :okta_org, :okta_domain
16
+
17
+ private
18
+
19
+ def available_options
20
+ %i[username password okta_org okta_domain]
21
+ end
22
+
23
+ def check_options
24
+ missing_options = available_options.select { |o| @options[o].blank? }
25
+ if missing_options.present?
26
+ raise "Missing configuration variable: #{missing_options}"
27
+ end
28
+ available_options.each do |o|
29
+ instance_variable_set("@#{o}", @options[o])
30
+ end
31
+ end
32
+
33
+ def url
34
+ "https://#{@okta_org}.#{@okta_domain}.com/api/v1/authn"
35
+ end
36
+
37
+ def request_body
38
+ {
39
+ username: username,
40
+ password: password,
41
+ options: {
42
+ multiOptionalFactorEnroll: true,
43
+ warnBeforePasswordExpired: true
44
+ }
45
+ }
46
+ end
47
+
48
+ def response
49
+ @response ||= PostRequest.new(
50
+ url: url,
51
+ request_body: request_body
52
+ ).call
53
+ end
54
+ end
55
+ end
data/lib/wm_okta_helper/get_user_groups.rb ADDED
@@ -0,0 +1,61 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+
5
+ module WmOktaHelper
6
+ class GetUserGroups
7
+ def initialize(options)
8
+ @user = options[:user]
9
+ @okta_org = options[:okta_org]
10
+ @okta_domain = options[:okta_domain]
11
+ @api_key = options[:api_key]
12
+ end
13
+
14
+ def call
15
+ okta_groups
16
+ end
17
+
18
+ private
19
+
20
+ def site
21
+ "https://#{@okta_org}.#{@okta_domain}.com"
22
+ end
23
+
24
+ def endpoint
25
+ "api/v1/users/#{@user}/groups"
26
+ end
27
+
28
+ def request_url
29
+ URI("#{site}/#{endpoint}")
30
+ end
31
+
32
+ def cache_key
33
+ "user-groups-#{@user}"
34
+ end
35
+
36
+ def okta_groups
37
+ Rails.cache.fetch(cache_key, expires_in: 1.hour) do
38
+ groups = []
39
+ fetch_data.each do |g|
40
+ group_name = g.dig('profile', 'name')
41
+ groups << group_name if group_name.includes('otto_')
42
+ end
43
+ end
44
+ end
45
+
46
+ def fetch_data
47
+ uri = URI.parse(site)
48
+ request = Net::HTTP::Get.new(request_url)
49
+ request.content_type = 'application/json'
50
+ request['Accept'] = 'application/json'
51
+ request['Authorization'] = "SSWS #{@api_key}"
52
+
53
+ req_options = { use_ssl: uri.scheme == 'https' }
54
+
55
+ response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
56
+ http.request(request)
57
+ end
58
+ response.body.present? ? JSON.parse(response.body) : []
59
+ end
60
+ end
61
+ end
data/lib/wm_okta_helper/post_request.rb ADDED
@@ -0,0 +1,36 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'uri'
5
+
6
+ module WmOktaHelper
7
+ class PostRequest
8
+ def initialize(options)
9
+ @request_body = options[:request_body]
10
+ @url = options[:url]
11
+ end
12
+
13
+ def call
14
+ http = Net::HTTP.new(uri.host, uri.port)
15
+ http.use_ssl = true
16
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
17
+
18
+ request = Net::HTTP::Post.new(uri)
19
+ request['Accept'] = 'application/json'
20
+ request['Content-Type'] = 'application/json'
21
+ request['Cache-Control'] = 'no-cache'
22
+ request.body = request_body.to_json
23
+
24
+ response = http.request(request)
25
+ JSON.parse(response.read_body)
26
+ end
27
+
28
+ attr_accessor :request_body, :url
29
+
30
+ private
31
+
32
+ def uri
33
+ URI(url)
34
+ end
35
+ end
36
+ end
data/lib/wm_okta_helper/validate_session.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WmOktaHelper
4
+ class ValidateSession
5
+ def initialize(options)
6
+ @request_object = options[:request]
7
+ @okta_org = options[:okta_org]
8
+ @okta_domain = options[:okta_domain]
9
+ end
10
+
11
+ def call
12
+ token = PostRequest.new(
13
+ url: url,
14
+ request_body: request_body
15
+ ).call
16
+
17
+ return {
18
+ user_id: token['userId'],
19
+ name: token['_links']['user']['name']
20
+ } if token['userId'].present?
21
+ end
22
+
23
+ attr_accessor :request_object, :okta_org, :okta_domain
24
+
25
+ private
26
+
27
+ def url
28
+ "https://#{okta_org}.#{okta_domain}.com/api/v1/sessions"
29
+ end
30
+
31
+ def request_body
32
+ { sessionToken: request_object.headers['Authorization'] }
33
+ end
34
+ end
35
+ end
data/lib/wm_okta_helper/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WmOktaHelper
4
+ VERSION = '0.2.4'
5
+ end
data/wm_okta_helper.gemspec ADDED
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+
6
+ require 'wm_okta_helper/version'
7
+
8
+ Gem::Specification.new do |spec|
9
+ spec.name = 'wm_okta_helper'
10
+ spec.version = WmOktaHelper::VERSION
11
+
12
+ spec.authors = ['Jose C Fernandez']
13
+ spec.email = ['jfernandez@westernmilling.com']
14
+
15
+ spec.summary = 'Helper library for validating Okta jwt token.'
16
+ spec.description = 'Helper library for validating Okta jwt token.'
17
+ spec.homepage = 'https://github.com/westernmilling/okta-jwt-validation'
18
+ spec.license = 'MIT'
19
+
20
+ if spec.respond_to?(:metadata)
21
+ spec.metadata['allowed_push_host'] = 'https://rubygems.org/'
22
+ else
23
+ raise 'RubyGems 2.0 or newer is required to protect against ' \
24
+ 'public gem pushes.'
25
+ end
26
+
27
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
28
+ `git ls-files -z`.split("\x0").reject do |f|
29
+ f.match(%r{^(test|spec|features)/})
30
+ end
31
+ end
32
+ spec.bindir = 'exe'
33
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
34
+ spec.require_paths = ['lib']
35
+
36
+ spec.add_dependency 'json-jwt'
37
+ spec.add_dependency 'jwt'
38
+
39
+ spec.add_development_dependency 'bundler', '~> 1.16'
40
+ spec.add_development_dependency 'pry-byebug'
41
+ spec.add_development_dependency 'rake', '~> 10.0'
42
+ spec.add_development_dependency 'rspec', '~> 3.0'
43
+ spec.add_development_dependency 'rspec_junit_formatter'
44
+ spec.add_development_dependency 'rubocop', '~> 0.54.0'
45
+ spec.add_development_dependency 'simplecov'
46
+ spec.add_development_dependency 'webmock'
47
+ end
metadata ADDED
@@ -0,0 +1,207 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: wm_okta_helper
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.2.4
5
+ platform: ruby
6
+ authors:
7
+ - Jose C Fernandez
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-09-11 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: json-jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: jwt
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.16'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.16'
55
+ - !ruby/object:Gem::Dependency
56
+ name: pry-byebug
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '10.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '10.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec_junit_formatter
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rubocop
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: 0.54.0
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: 0.54.0
125
+ - !ruby/object:Gem::Dependency
126
+ name: simplecov
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: webmock
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - ">="
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
153
+ description: Helper library for validating Okta jwt token.
154
+ email:
155
+ - jfernandez@westernmilling.com
156
+ executables: []
157
+ extensions: []
158
+ extra_rdoc_files: []
159
+ files:
160
+ - ".circleci/config.yml"
161
+ - ".gitignore"
162
+ - ".rspec"
163
+ - ".rubocop.yml"
164
+ - ".rubocop_todo.yml"
165
+ - ".travis.yml"
166
+ - CODE_OF_CONDUCT.md
167
+ - Gemfile
168
+ - Gemfile.lock
169
+ - LICENSE.txt
170
+ - README.md
171
+ - Rakefile
172
+ - bin/console
173
+ - bin/setup
174
+ - lib/wm_okta_helper.rb
175
+ - lib/wm_okta_helper/authenticate_api_request.rb
176
+ - lib/wm_okta_helper/create_session.rb
177
+ - lib/wm_okta_helper/get_user_groups.rb
178
+ - lib/wm_okta_helper/post_request.rb
179
+ - lib/wm_okta_helper/validate_session.rb
180
+ - lib/wm_okta_helper/version.rb
181
+ - wm_okta_helper.gemspec
182
+ homepage: https://github.com/westernmilling/okta-jwt-validation
183
+ licenses:
184
+ - MIT
185
+ metadata:
186
+ allowed_push_host: https://rubygems.org/
187
+ post_install_message:
188
+ rdoc_options: []
189
+ require_paths:
190
+ - lib
191
+ required_ruby_version: !ruby/object:Gem::Requirement
192
+ requirements:
193
+ - - ">="
194
+ - !ruby/object:Gem::Version
195
+ version: '0'
196
+ required_rubygems_version: !ruby/object:Gem::Requirement
197
+ requirements:
198
+ - - ">="
199
+ - !ruby/object:Gem::Version
200
+ version: '0'
201
+ requirements: []
202
+ rubyforge_project:
203
+ rubygems_version: 2.6.14.1
204
+ signing_key:
205
+ specification_version: 4
206
+ summary: Helper library for validating Okta jwt token.
207
+ test_files: []