diff --git a/Gemfile.lock b/Gemfile.lock index e3afbdf..61b12dd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -141,6 +141,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) mini_mime (1.1.2) + mini_portile2 (2.8.5) minitest (5.15.0) multi_json (1.15.0) multipart-post (2.1.1) @@ -148,6 +149,9 @@ GEM connection_pool (~> 2.2) netrc (0.11.0) nio4r (2.5.8) + nokogiri (1.13.7) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) nokogiri (1.13.7-x86_64-linux) racc (~> 1.4) pg (1.4.1) diff --git a/app/models/space.rb b/app/models/space.rb index e3f0146..b4887c5 100644 --- a/app/models/space.rb +++ b/app/models/space.rb @@ -227,6 +227,7 @@ def take_screenshots Net::HTTP.get URI.parse(get_screenshot_url(false, true)) end + # Unused - we don't use prerender.io anymore, token is not configured def recache_html uri = URI.parse('http://api.prerender.io') http = Net::HTTP.new(uri.host, uri.port) diff --git a/config/initializers/knock.rb b/config/initializers/knock.rb index 01e0b55..c466b4e 100644 --- a/config/initializers/knock.rb +++ b/config/initializers/knock.rb @@ -20,7 +20,6 @@ ## Default: # config.token_audience = nil - ## If using Auth0, uncomment the line below # config.token_audience = -> { Rails.application.secrets.auth0_client_id } ## Signature algorithm @@ -49,7 +48,6 @@ ## ## Default: # config.token_public_key = nil - config.token_audience = -> { Rails.application.secrets.auth0_client_id } ## Exception Class ## --------------- @@ -58,5 +56,16 @@ ## ## Default: # config.not_found_exception_class_name = 'ActiveRecord::RecordNotFound' - config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret } + + if Rails.application.secrets.auth0_rsa_domain + config.token_signature_algorithm = 'RS256' + jwks_raw = Net::HTTP.get URI(Rails.application.secrets.auth0_rsa_domain) + jwks_keys = Array(JSON.parse(jwks_raw)['keys']) + config.token_public_key = OpenSSL::X509::Certificate.new(Base64.decode64(jwks_keys[0]['x5c'].first)).public_key + else + config.token_signature_algorithm = 'HS256' + config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret } + end + + config.token_audience = -> { Rails.application.secrets.auth0_audience } end diff --git a/config/secrets.yml b/config/secrets.yml index 8e766dc..6d4f9fc 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -13,9 +13,9 @@ #I use a development account on auth0. development: secret_key_base: 18451581609752ad653f43e9214e87978cf06fdc04daebad9faa2daf9023f4a892efe61a1448b559c55ae343841b5aa873c36478e325c44d9ef0a2c61682e50d - auth0_client_id: X0m2PZEyAOqhtLY1Qz9mdetHzQcDsG8U - auth0_client_secret: B9cx35Lqlejy2ORT2wR-qKVcXCaJEv41enflXTMxUUl383WpEFbwT18IdguGIuw7 + auth0_audience: http://localhost:4000 auth0_api_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJUWnBQRXp5eWpQbTN2VmdSdU9yQjJTakRTVnhFdnJiSCIsInNjb3BlcyI6eyJ1c2VycyI6eyJhY3Rpb25zIjpbImNyZWF0ZSIsInJlYWQiXX0sInVzZXJfdGlja2V0cyI6eyJhY3Rpb25zIjpbImNyZWF0ZSJdfX0sImlhdCI6MTQ2NDMxNTQ1OSwianRpIjoiODlkZjExNzE5ODc2Zjk0MjI0NzkyMzBmYjcwMzJhMTMifQ.lXofGmhVsIbjuhp0cst_DO6JhUWhJJWfj9FiP4uip1c + auth0_rsa_domain: https://guesstimate-development.auth0.com/.well-known/jwks.json auth0_api_domain: guesstimate-development.auth0.com auth0_connection: Username-Password-Authentication algolia_application_id: M629R9UGSG @@ -44,6 +44,7 @@ test: # instead read values from the environment. production: secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> + auth0_audience: <%= ENV["AUTH0_AUDIENCE"] %> auth0_client_id: <%= ENV["AUTH0_CLIENT_ID"] %> auth0_client_secret: <%= ENV["AUTH0_CLIENT_SECRET"] %> auth0_api_token: <%= ENV["AUTH0_API_TOKEN"] %>