api_guard 0.1.3 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d220d5bf204e5a090dc71fc977101de4f3d431f4
|
|
4
|
+
data.tar.gz: bac634e2197010b0de248d247382d38679de8f16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5a45df067c41509e759f0cd0ca200c6948192cf0f7a69fe7872ba6636c0cfd48e37ce0fa023579a4a2512fa36f6377b196cc4a5f854d3feb5392271bc46e6089
|
|
7
|
+
data.tar.gz: 81ad551d87c7fd35a3ab80c3b8f20f9f6b7e51056a865a436767703c93f4767361349a8cabe5c2c9a6820cdcab9dc4a3d0b73dda47186c76984d80284ef91134
|
data/README.md
CHANGED
|
@@ -362,6 +362,10 @@ ApiGuard.setup do |config|
|
|
|
362
362
|
# Invalidate old tokens on changing the password
|
|
363
363
|
# Default: false
|
|
364
364
|
config.invalidate_old_tokens_on_password_change = false
|
|
365
|
+
|
|
366
|
+
# Blacklist JWT access token after refreshing
|
|
367
|
+
# Default: false
|
|
368
|
+
config.blacklist_token_after_refreshing = false
|
|
365
369
|
end
|
|
366
370
|
```
|
|
367
371
|
|
|
@@ -473,6 +477,15 @@ And, as this creates rows in `blacklisted_tokens` table you need to have a mecha
|
|
|
473
477
|
tokens to prevent this table from growing. One option is to have a CRON job to run a task daily that deletes the
|
|
474
478
|
blacklisted tokens that are expired i.e. `expire_at < DateTime.now`.
|
|
475
479
|
|
|
480
|
+
**Blacklisting after refreshing token**
|
|
481
|
+
|
|
482
|
+
By default, the JWT access token will not be blacklisted on refreshing the JWT access token. To enable this, you can
|
|
483
|
+
configure it in API Guard initializer as below,
|
|
484
|
+
|
|
485
|
+
```ruby
|
|
486
|
+
config.blacklist_token_after_refreshing = true
|
|
487
|
+
```
|
|
488
|
+
|
|
476
489
|
## Overriding defaults
|
|
477
490
|
|
|
478
491
|
### Controllers
|
|
@@ -6,8 +6,11 @@ module ApiGuard
|
|
|
6
6
|
before_action :find_refresh_token, only: [:create]
|
|
7
7
|
|
|
8
8
|
def create
|
|
9
|
-
@refresh_token.destroy
|
|
10
9
|
create_token_and_set_header(current_resource, resource_name)
|
|
10
|
+
|
|
11
|
+
@refresh_token.destroy
|
|
12
|
+
blacklist_token if ApiGuard.blacklist_token_after_refreshing
|
|
13
|
+
|
|
11
14
|
render_success(message: 'Token refreshed successfully')
|
|
12
15
|
end
|
|
13
16
|
|
data/lib/api_guard.rb
CHANGED
|
@@ -16,6 +16,9 @@ module ApiGuard
|
|
|
16
16
|
mattr_accessor :invalidate_old_tokens_on_password_change
|
|
17
17
|
self.invalidate_old_tokens_on_password_change = false
|
|
18
18
|
|
|
19
|
+
mattr_accessor :blacklist_token_after_refreshing
|
|
20
|
+
self.blacklist_token_after_refreshing = false
|
|
21
|
+
|
|
19
22
|
mattr_accessor :api_guard_associations
|
|
20
23
|
self.api_guard_associations = {}
|
|
21
24
|
|
data/lib/api_guard/version.rb
CHANGED
|
@@ -10,4 +10,8 @@ ApiGuard.setup do |config|
|
|
|
10
10
|
# Invalidate old tokens on changing the password
|
|
11
11
|
# Default: false
|
|
12
12
|
config.invalidate_old_tokens_on_password_change = false
|
|
13
|
+
|
|
14
|
+
# Blacklist JWT access token after refreshing
|
|
15
|
+
# Default: false
|
|
16
|
+
config.blacklist_token_after_refreshing = false
|
|
13
17
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: api_guard
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gokul Murali
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-04-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|