diff options
author | Martin <mschanzenbach@posteo.de> | 2019-08-21 11:26:16 +0000 |
---|---|---|
committer | Martin <mschanzenbach@posteo.de> | 2019-08-21 11:26:16 +0000 |
commit | c3a02192335518cf36fda1c8fe96871f02efac6e (patch) | |
tree | 86db1d07917864244b8290fc3c72dfe1a115fcf1 | |
parent | 6d8c83ae2811bf3970aa92338100e870bea5d7ab (diff) | |
parent | 517b8bb6108cbdfdb14e117f36e4ec57d04bf838 (diff) | |
download | reclaim-oidc-c3a02192335518cf36fda1c8fe96871f02efac6e.tar.gz reclaim-oidc-c3a02192335518cf36fda1c8fe96871f02efac6e.zip |
Merge branch 'master' into 'master'
added command for changing the jwt secret
See merge request reclaimid/reclaim-oidc!1
-rw-r--r-- | README.md | 6 | ||||
-rwxr-xr-x | bin/reclaim-oidc | 17 | ||||
-rw-r--r-- | lib/reclaim_oidc.rb | 11 |
3 files changed, 28 insertions, 6 deletions
@@ -28,3 +28,9 @@ Delete a client: | |||
28 | ``` | 28 | ``` |
29 | $ reclaim-oidc --delete --client-name myclient | 29 | $ reclaim-oidc --delete --client-name myclient |
30 | ``` | 30 | ``` |
31 | |||
32 | ## Change the JSON-Web-Token secret | ||
33 | To change the JWT secret key: | ||
34 | ``` | ||
35 | $ reclaim-oidc --jwt-secret new_jwt_secret | ||
36 | ``` | ||
diff --git a/bin/reclaim-oidc b/bin/reclaim-oidc index b279b31..749c7e9 100755 --- a/bin/reclaim-oidc +++ b/bin/reclaim-oidc | |||
@@ -5,13 +5,14 @@ require 'reclaim_oidc' | |||
5 | class OptParser | 5 | class OptParser |
6 | class ScriptOptions | 6 | class ScriptOptions |
7 | attr_accessor :name, :add, :delete, :list, :description, :redirect_uri, | 7 | attr_accessor :name, :add, :delete, :list, :description, :redirect_uri, |
8 | :verbose | 8 | :verbose, :jwt_secret |
9 | 9 | ||
10 | def initialize | 10 | def initialize |
11 | self.delete = false | 11 | self.delete = false |
12 | self.add = false | 12 | self.add = false |
13 | self.list = false | 13 | self.list = false |
14 | self.verbose = false | 14 | self.verbose = false |
15 | self.jwt_secret = false | ||
15 | end | 16 | end |
16 | 17 | ||
17 | def define_options(parser) | 18 | def define_options(parser) |
@@ -27,6 +28,7 @@ class OptParser | |||
27 | client_redirect_option(parser) | 28 | client_redirect_option(parser) |
28 | client_description_option(parser) | 29 | client_description_option(parser) |
29 | boolean_verbose_option(parser) | 30 | boolean_verbose_option(parser) |
31 | jwt_secret_option(parser) | ||
30 | 32 | ||
31 | parser.separator "" | 33 | parser.separator "" |
32 | parser.separator "Common options:" | 34 | parser.separator "Common options:" |
@@ -87,7 +89,13 @@ class OptParser | |||
87 | self.verbose = v | 89 | self.verbose = v |
88 | end | 90 | end |
89 | end | 91 | end |
90 | end | 92 | |
93 | def jwt_secret_option(parser) | ||
94 | parser.on("-j", "--jwt-secret [JWT-SECRET]", "Set JWT secret") do |v| | ||
95 | self.jwt_secret = v | ||
96 | end | ||
97 | end | ||
98 | end | ||
91 | 99 | ||
92 | # | 100 | # |
93 | # Return a structure describing the options. | 101 | # Return a structure describing the options. |
@@ -152,4 +160,7 @@ if (options.delete) | |||
152 | roidc.delete_client(options.name) | 160 | roidc.delete_client(options.name) |
153 | puts "OK" | 161 | puts "OK" |
154 | end | 162 | end |
155 | 163 | if (options.jwt_secret) | |
164 | roidc.set_jwt_secret(options.jwt_secret) | ||
165 | puts "JWT secret has been changed" | ||
166 | end | ||
diff --git a/lib/reclaim_oidc.rb b/lib/reclaim_oidc.rb index c7ccaaf..fa91c05 100644 --- a/lib/reclaim_oidc.rb +++ b/lib/reclaim_oidc.rb | |||
@@ -85,9 +85,14 @@ class ReclaimOidc | |||
85 | op['token_endpoint'] = host + '/openid/token' | 85 | op['token_endpoint'] = host + '/openid/token' |
86 | op['userinfo_endpoint'] = host + '/openid/userinfo' | 86 | op['userinfo_endpoint'] = host + '/openid/userinfo' |
87 | op | 87 | op |
88 | end | 88 | end |
89 | def set_jwt_secret | 89 | def set_jwt_secret(jwt_secret) |
90 | raise | 90 | uri = URI(@url + '/config/reclaim-rest-plugin') |
91 | request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') | ||
92 | request.body = {"JWT_SECRET": jwt_secret}.to_json | ||
93 | resp = Net::HTTP.start(uri.host, uri.port) do |http| | ||
94 | http.request request | ||
95 | end | ||
91 | end | 96 | end |
92 | 97 | ||
93 | class Client | 98 | class Client |