auth_jwt 0.0.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 228962c8c3dd2f87adb2bb74fefa87b21f843bda
+  data.tar.gz: d052cadebba0f0dfc24cf3276389c5ef36b3970d
+SHA512:
+  metadata.gz: 9353ec971ba24d9536b4230bae62e6fbd051e2495a179d39a4ed55511163550ed7a0d0c8d31b964fcd3859f4901a9e45265eea8cb2a34b8dd71a7162f0832d50
+  data.tar.gz: 80da236829814acd95d703d7e2c0b4be78ab569710a1a317ad8ffcfafe0a9a89f706395f444cd343e834baa23228938581afd89d4b43bdd854624151d10f47f9

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Aurelien GASTON
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,23 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AuthJwt'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+Bundler::GemHelper.install_tasks
+

data/lib/auth_jwt.rb

@@ -0,0 +1,20 @@
+module AuthJwt
+  require 'json/jwt'
+  require 'auth_jwt/exception/unauthorized'
+  require 'auth_jwt/controller_additions'
+  require 'auth_jwt/user_model_additions'
+  require 'auth_jwt/configuration'
+  require 'auth_jwt/engine'
+
+  class << self
+    attr_writer :configuration
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+end

data/lib/auth_jwt/configuration.rb

@@ -0,0 +1,24 @@
+module AuthJwt
+  # Hold custom configurations
+  class Configuration
+    attr_accessor :user_class, :login_field, :password_field, :salt, :jwt_sign_key, :public_key, :private_key, :iss, :aud, :exp
+
+    # Set the default settings
+    def initialize
+      @user_class = 'User'
+      @login_field = 'login'
+      @password_field = 'password'
+      @salt = SecureRandom.hex(16)
+    end
+
+    # Load public_key file
+    def public_key=(value)
+      @public_key = OpenSSL::PKey::RSA.new(File.new(value))
+    end
+
+    # Load private_key file
+    def private_key=(value)
+      @private_key = OpenSSL::PKey::RSA.new(File.new(value))
+    end
+  end
+end

data/lib/auth_jwt/controller_additions.rb

@@ -0,0 +1,69 @@
+module AuthJwt
+  # Include #login_user and #require_auth and @current_user to all Controllers.
+  module ControllerAdditions
+    # Add InstanceMethods
+    def self.included(klass)
+      klass.class_eval do
+        include InstanceMethods
+      end
+    end
+
+    # InstanceMethods to be included
+    module InstanceMethods
+      # The current user or nil if not authenticated
+      attr_reader :current_user
+
+      # Sets up a method to check a user credentials
+      #
+      # return the authenticated user or raise AuthJwt::Unauthorized
+      #
+      #
+      # ```ruby
+      #   class AnyController < ApplicationController
+      #     def login
+      #       login_user(credentials)
+      #     end
+      #   end
+      # ```
+      def login_user(credentials)
+        user_class = AuthJwt.configuration.user_class.constantize
+        login_field = AuthJwt.configuration.login_field.to_sym
+        password_field = AuthJwt.configuration.password_field.to_sym
+
+        user = user_class.find_by(login_field => credentials[login_field])
+        if user
+          fail AuthJwt::Unauthorized, 'Invalid credentials' unless user.authenticate(credentials[password_field])
+          @current_user = user
+        else
+          fail AuthJwt::Unauthorized, 'Invalid user'
+        end
+      end
+
+      # Sets up a method to check if the user is authenticated
+      #
+      # * if the user is authenticated setup current_user
+      # * if the user is not authenticated, raise AuthJwt::Unauthorized
+      #
+      # ```ruby
+      #   class AnyController < ApplicationController
+      #     before_filter :require_auth
+      #   end
+      # ```
+      def require_auth
+        fail 'not in a controller scope' if request.nil?
+        fail AuthJwt::Unauthorized, 'No Auth' if request.authorization.nil?
+        user_class = AuthJwt.configuration.user_class.constantize
+        begin
+          user = user_class.from_jwe request.authorization
+          if user
+            @current_user = user
+          else
+            fail 'Not Found'
+          end
+        rescue
+          raise AuthJwt::Unauthorized, 'Invalid token'
+        end
+      end
+    end
+  end
+end

data/lib/auth_jwt/engine.rb

@@ -0,0 +1,9 @@
+module AuthJwt
+  # Add the AuthJwt ControllerAdditions to the ActionController
+  class Engine < Rails::Engine
+    initializer 'extend Controllers and UserModel with AuthJwt' do
+      ActionController::Base.send(:include, AuthJwt::ControllerAdditions)
+      AuthJwt.configuration.user_class.constantize.send(:include, AuthJwt::UserModelAdditions)
+    end
+  end
+end

data/lib/auth_jwt/exception/unauthorized.rb

@@ -0,0 +1,5 @@
+module AuthJwt
+  # Exception raised when the auth is invalid or missing
+  class Unauthorized < Exception
+  end
+end

data/lib/auth_jwt/user_model_additions.rb

@@ -0,0 +1,49 @@
+module AuthJwt
+  module UserModelAdditions
+    # Add InstanceMethods
+    def self.included(klass)
+      klass.class_eval do
+        extend ClassMethods
+        include InstanceMethods
+      end
+    end
+
+    module InstanceMethods
+      def jwe(expire_time=AuthJwt.configuration.exp)
+        claim = {
+          iss: AuthJwt.configuration.iss,
+          aud: AuthJwt.configuration.aud,
+          iat: Time.now,
+          nbf: Time.now,
+          exp: expire_time,
+          payload: { user_id: id }
+        }
+        jwt = JSON::JWT.new(claim)
+        jws = jwt.sign(AuthJwt.configuration.jwt_sign_key)
+        jwe = jws.encrypt(AuthJwt.configuration.public_key)
+        jwe.to_s
+      end
+    end
+
+    module ClassMethods
+      def from_jwe(jwe_string)
+        jwe = JSON::JWE.new jwe_string
+        jwe.alg, jwe.enc = :RSA1_5, :'A128CBC-HS256'
+        jws = jwe.decrypt!(AuthJwt.configuration.private_key).to_s
+        jwt = JSON::JWT.decode(jws, AuthJwt.configuration.jwt_sign_key)
+        verify_jwt_integrity! jwt
+        AuthJwt.configuration.user_class.constantize.find jwt['payload']['user_id']
+      end
+
+      private
+
+      def verify_jwt_integrity!(jwt)
+        fail AuthJwt::Unauthorized, 'Unknown Issuer' if jwt['iss'].nil? || jwt['iss'] != AuthJwt.configuration.iss
+        fail AuthJwt::Unauthorized, 'Unknown Audience' if jwt['aud'].nil? || jwt['aud'] != AuthJwt.configuration.aud
+        fail AuthJwt::Unauthorized, 'Not Yet Valid' if jwt['nbf'].nil? || Time.new(jwt['nbf']) < Time.now
+        fail AuthJwt::Unauthorized, 'Expired' if jwt['exp'].nil? || Time.new(jwt['exp']) < Time.now
+        fail AuthJwt::Unauthorized, 'Missing Payload' if jwt['payload'].nil? || jwt['payload']['user_id'].nil?
+      end
+    end
+  end
+end

data/lib/auth_jwt/version.rb

@@ -0,0 +1,3 @@
+module AuthJwt
+  VERSION = '0.0.8'
+end

data/lib/generators/auth_jwt/install_generator.rb

@@ -0,0 +1,23 @@
+module AuthJwt
+  # Generate the initializer
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path('../templates', __FILE__)
+
+    # generate a random number
+    def  gen_secret
+      SecureRandom.hex(16)
+    end
+
+    desc 'This generator creates an initializer file for AuthJwt at config/initializers/auth_jwt.rb'
+    def create_initializer_file
+      template 'initializer.rb', 'config/initializers/auth_jwt.rb'
+    end
+
+    desc 'This generator creates public/private keys at config/keys/jwt_public_key.pem and config/keys/jwt_private_key.pem'
+    def create_keys_files
+      rsa_private = OpenSSL::PKey::RSA.generate(2048)
+      create_file 'config/keys/jwt_private_key.pem', rsa_private.to_pem
+      create_file 'config/keys/jwt_public_key.pem', rsa_private.public_key.to_pem
+    end
+  end
+end

data/lib/generators/auth_jwt/templates/initializer.rb

@@ -0,0 +1,30 @@
+# Here you can configure AuthJwt features.
+AuthJwt.configure do |config|
+  # Set the user class model
+  # config.user_class = 'User'
+
+  # Set the login field
+  # config.login_field = 'login'
+
+  # Set the password field
+  # config.password_field = 'password'
+
+  # Salt used to store password with
+  config.salt = '<%= gen_secret %>'
+
+  # Secret key to sign jwt with
+  config.jwt_sign_key = '<%= gen_secret %>'
+
+  # Public/Private keys path
+  config.public_key = Rails.root.join('config', 'keys', 'jwt_public_key.pem')
+  config.private_key = Rails.root.join('config', 'keys', 'jwt_private_key.pem')
+
+  # issuer of the jwt (random string or URI)
+  config.iss = '<%= gen_secret %>'
+
+  # audience of the jwt (random string or URI)
+  config.aud = '<%= gen_secret %>'
+
+  # lifetime of the token
+  config.exp = 3.hours.from_now
+end

data/lib/tasks/auth_jwt_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :auth_jwt do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,196 @@
+--- !ruby/object:Gem::Specification
+name: auth_jwt
+version: !ruby/object:Gem::Version
+  version: 0.0.8
+platform: ruby
+authors:
+- Aurelien GASTON
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Authentication via JWT (with encryption)
+email:
+- aurelien.gaston@krondor.fr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- Rakefile
+- lib/auth_jwt.rb
+- lib/auth_jwt/configuration.rb
+- lib/auth_jwt/controller_additions.rb
+- lib/auth_jwt/engine.rb
+- lib/auth_jwt/exception/unauthorized.rb
+- lib/auth_jwt/user_model_additions.rb
+- lib/auth_jwt/version.rb
+- lib/generators/auth_jwt/install_generator.rb
+- lib/generators/auth_jwt/templates/initializer.rb
+- lib/tasks/auth_jwt_tasks.rake
+homepage: https://amos.krondor.fr/rails/auth_jwt
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Authentication via JWT (with encryption)
+test_files: []