fixed jwt validation

datacite · Jun 7, 2021 · 68a9ae3 · 68a9ae3
1 parent 35f0462
commit 68a9ae3
Show file tree

Hide file tree

Showing 15 changed files with 7,277 additions and 73 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -161,7 +161,7 @@ GEM
     colorize (0.8.1)
     commonmarker (0.21.2)
       ruby-enum (~> 0.5)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.1.9)
     config (2.2.3)
       deep_merge (~> 1.2, >= 1.2.1)
       dry-validation (~> 1.0, >= 1.0.0)
@@ -206,7 +206,7 @@ GEM
     dry-configurable (0.12.1)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.5, >= 0.5.0)
-    dry-container (0.7.2)
+    dry-container (0.8.0)
       concurrent-ruby (~> 1.0)
       dry-configurable (~> 0.1, >= 0.1.3)
     dry-core (0.6.0)
@@ -331,7 +331,7 @@ GEM
     hashie (4.1.0)
     htmlentities (4.3.4)
     http-accept (1.7.0)
-    http-cookie (1.0.3)
+    http-cookie (1.0.4)
       domain_name (~> 0.5)
     i18n (1.8.10)
       concurrent-ruby (~> 1.0)
@@ -384,15 +384,15 @@ GEM
     logstash-event (1.2.02)
     logstash-logger (0.26.1)
       logstash-event (~> 1.2)
-    loofah (2.9.1)
+    loofah (2.10.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     mailgun-ruby (1.2.4)
       rest-client (>= 2.0.2)
     marcel (1.0.1)
-    maremma (4.7.4)
+    maremma (4.9.2)
       activesupport (>= 4.2.5)
       addressable (>= 2.3.6)
       builder (~> 3.2, >= 3.2.2)

diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -72,7 +72,6 @@ def github
   end
 
   def globus
-    puts request.env["omniauth.auth"]
     auth = request.env["omniauth.auth"]
 
     if current_user.present?

diff --git a/app/models/claim.rb b/app/models/claim.rb
@@ -238,7 +238,7 @@ def process_data(options = {})
 
   def collect_data(options = {})
     # already claimed
-    return OpenStruct.new(body: { "skip" => true, "reason" => "already claimed." }) if to_be_created? && put_code.present?
+    # return OpenStruct.new(body: { "skip" => true, "reason" => "already claimed." }) if to_be_created? && put_code.present?
 
     # user has not signed up yet or orcid_token is missing
     if user.blank? || orcid_token.blank?
@@ -258,16 +258,16 @@ def collect_data(options = {})
     return OpenStruct.new(body: { "skip" => true, "reason" => "Too many claims. Only 10,000 claims allowed." }) if user.claims.total_count > 10000
 
     # missing data raise errors
-    return OpenStruct.new(body: { "errors" => [{ "title" => "Missing data" }] }) if work.data.nil?
+    # return OpenStruct.new(body: { "errors" => [{ "title" => "Missing data" }] }) if work.data.nil?
 
     # validate data
     return OpenStruct.new(body: { "errors" => work.validation_errors.map { |error| { "title" => error } } }) if work.validation_errors.present?
 
     options[:sandbox] = (ENV["ORCID_URL"] == "https://sandbox.orcid.org")
 
-    # create or delete entry in ORCID record
+    # create or delete entry in ORCID record. If put_code exists, update entry
     if to_be_created?
-      work.create_work(options)
+      put_code.present? ? work.update_work(options) : work.create_work(options)
     elsif to_be_deleted?
       work.delete_work(options)
     end

diff --git a/app/models/concerns/authenticable.rb b/app/models/concerns/authenticable.rb
@@ -17,7 +17,7 @@ def decode_token(token)
       payload = (JWT.decode token, public_key, true, algorithm: "RS256").first
 
       # check whether token has expired
-      return {} unless Time.now.to_i < payload["exp"]
+      return {} unless Time.now.to_i < payload["exp"].to_i
 
       payload
     rescue JWT::DecodeError => e

diff --git a/spec/fixtures/vcr_cassettes/Claim/collect_data/already_exists.yml b/spec/fixtures/vcr_cassettes/Claim/collect_data/already_exists.yml