Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: jwks caching with ActiveSupport #111

Merged
merged 47 commits into from
Dec 6, 2024
Merged

feat: jwks caching with ActiveSupport #111

Show file tree
Hide file tree
Changes from 43 commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
7399cd7
Configure prettier
vanessa-passage Nov 6, 2024
fac04f4
fix: auth and client formatting errors
vanessa-passage Nov 6, 2024
915ff72
Merge remote-tracking branch 'origin/main' into PSG-5198-milestone-7-…
vanessa-passage Nov 6, 2024
6a7d2b3
style: Fix rubocop linting
vanessa-passage Nov 6, 2024
7016f9c
style: autocorrected rubocop files
vanessa-passage Nov 6, 2024
973da06
style: change rubocop formatting rules
vanessa-passage Nov 11, 2024
2aad05e
style: fix formatting errors
vanessa-passage Nov 11, 2024
406f775
style: class vars
vanessa-passage Nov 11, 2024
47df706
style: remove trailing whitespace
vanessa-passage Nov 11, 2024
3d42c55
Fix auto formatting errors
vanessa-passage Nov 11, 2024
bc7046b
chore: deprecate validate_jwt. Move to auth class
vanessa-passage Nov 11, 2024
ad995e0
style: remove added rules
vanessa-passage Nov 14, 2024
f14afe8
feat: moves methods revoke_device and create_magic_link
vanessa-passage Nov 15, 2024
0a197b5
auth tests
vanessa-passage Nov 19, 2024
74b31d4
Merge main
vanessa-passage Nov 20, 2024
ccbbe38
Fix tests merge comflicts
vanessa-passage Nov 20, 2024
15bfe80
Update tests
vanessa-passage Nov 20, 2024
2b3545d
Fix linting error
vanessa-passage Nov 20, 2024
878f6cf
Fix linting errors
vanessa-passage Nov 20, 2024
adea5c1
Merge remote-tracking branch 'origin/main' into PSG-5153-milestone-7-…
vanessa-passage Nov 20, 2024
15ec209
Fix trailing error
vanessa-passage Nov 20, 2024
db8b809
fix: missing api key
vanessa-passage Nov 20, 2024
6621c05
style: remove generated docs linting
vanessa-passage Nov 20, 2024
9a571a7
style: remove formatting
vanessa-passage Nov 20, 2024
1b07e89
Apply suggestions from code review
vanessa-passage Nov 21, 2024
33b42e0
refactor: use Gem::Deprecate
vanessa-passage Nov 21, 2024
5e42018
fix: broken test
vanessa-passage Nov 22, 2024
272c6fa
refactor: remove create_magic_link warn
vanessa-passage Nov 22, 2024
2230557
fix: test cleanup
vanessa-passage Nov 22, 2024
3b24a74
Merge branch 'main' into PSG-5153-milestone-7-passage-ruby-add-new-cl…
vanessa-passage Nov 22, 2024
6e88dee
refactor: PassageError
Dec 3, 2024
3df4071
refactor: deprecate auth fetch_app, fetch_jwks, authenticate_token
Dec 3, 2024
7871844
feat: deprecate user.update and user.create parameters
Dec 3, 2024
4cd352d
refactor: PassageError messages
Dec 3, 2024
e7ad8e6
Fix tests
Dec 3, 2024
81dff81
Merge branch 'main' into PSG-5153-milestone-7-passage-ruby-add-new-cl…
vanessa-passage Dec 3, 2024
7de10e6
feat: Rails caching
Dec 4, 2024
fefbf8f
revert:
Dec 5, 2024
06b6907
Merge main
Dec 5, 2024
cf9d32a
feat: install ActiveSupport for jwks caching
Dec 5, 2024
d203a99
refactor: token function layout
Dec 5, 2024
347d212
Merge branch 'main' into PSG-5093-milestone-7-passage-ruby-remove-jwk…
vanessa-passage Dec 5, 2024
589e18b
lower activesupport version
Dec 5, 2024
7e7424a
feat: 1 hour exipration for jwks cache
Dec 6, 2024
305f403
feat: install activesupport gem
Dec 6, 2024
34c6131
feat: remove kid check
Dec 6, 2024
8c77f7e
Merge branch 'main' into PSG-5093-milestone-7-passage-ruby-remove-jwk…
vanessa-passage Dec 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,4 @@ You can check for the gem here:

```
gem list -r passage
```
```
1 change: 1 addition & 0 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ source 'https://rubygems.org'
gemspec

group :development do
gem 'activesupport', '~> 7.2'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The most recent version of this gem is 8.0. Ruby version needs to be increased to 3.2.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be moved to the gemspec instead since this section is only for dev dependencies

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

100% good catch.

gem 'dotenv', '~> 3.1'
gem 'prettier_print', '~> 1.2'
gem 'rack', '~> 3.1'
Expand Down
29 changes: 21 additions & 8 deletions lib/passageidentity/auth.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# frozen_string_literal: true

require 'active_support'
require 'openssl'
require 'base64'
require 'jwt'
Expand All @@ -14,7 +15,7 @@ class Auth

# rubocop:disable Metrics/AbcSize
def initialize(app_id, api_key, auth_strategy)
@app_cache = {}
@app_cache = ActiveSupport::Cache::MemoryStore.new
ctran88 marked this conversation as resolved.
Show resolved Hide resolved
@app_id = app_id
@api_key = api_key
@auth_strategy = auth_strategy
Expand Down Expand Up @@ -74,6 +75,16 @@ def validate_jwt(token)
exists = jwk_exists(token)
vanessa-passage marked this conversation as resolved.
Show resolved Hide resolved
fetch_jwks unless exists

unless get_cache(@app_id)
raise PassageError.new(
status_code: 401,
body: {
error: 'invalid authentication token',
code: 'invalid_jwks'
}
)
end

claims =
JWT.decode(
token,
Expand Down Expand Up @@ -178,13 +189,13 @@ def fetch_app

def fetch_jwks
app_cache = get_cache(@app_id)

if app_cache
@jwks, @auth_origin = app_cache
else
auth_gw_connection =
Faraday.new(url: 'https://auth.passage.id') do |f|
f.request :json
f.request :retry
f.response :raise_error
f.response :json
f.adapter :net_http
Expand All @@ -196,9 +207,11 @@ def fetch_jwks
@auth_origin = app.auth_origin
response =
auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
@jwks = response.body

!get_cache(@app_id) && set_cache(@app_id, [@jwks, @auth_origin])
if response.success?
@jwks = response.body
set_cache(key: @app_id, jwks: @jwks)
end
end
end

Expand All @@ -221,11 +234,11 @@ def user_exists?(user_id)
end

def get_cache(key)
@app_cache[key]
@app_cache.read(key)
end

def set_cache(key, value)
@app_cache[key] = value
def set_cache(key:, jwks:)
@app_cache.write(key, jwks)
end

def jwk_exists(token)
Expand All @@ -235,7 +248,7 @@ def jwk_exists(token)
# rubocop:enable Metrics/AbcSize

deprecate(:authenticate_request, :validate_jwt, 2025, 1)
deprecate(:authenticate_token, :none, 2025, 1)
deprecate(:authenticate_token, :validate_jwt, 2025, 1)
deprecate(:fetch_app, :none, 2025, 1)
deprecate(:fetch_jwks, :none, 2025, 1)
end
Expand Down
Loading