devise-jwt-cookie 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 81e6f3af0d1646f1720c8d748d5bb5a61c800256257c9483be4714a530c65501
4
- data.tar.gz: 6266de7bdd7e127ddee28d82e41189e39cdc8eefd1e2f87edd2678dcb40dd64a
3
+ metadata.gz: 4ca1a25c926bf8fca7e684ded8c47026ee168171ba24806d1f620363e241add5
4
+ data.tar.gz: 9961f8133c48c29940fe974c40c2d2ec2e3c5006a7bf67bcaddde6221a81bd3a
5
5
  SHA512:
6
- metadata.gz: beb8781ebbe675e9eabe22902fed8a1467b227bf5688e7592a2b612d8cddb19c9947072a37615b42a74c6a8ac21afa7e71023d2a94ce3dd700e8c73880fc193e
7
- data.tar.gz: b68f139960bfe9973da858f1dcd48360b4b26ac3fb6be0abfe45a43222211dea16005948400fbc00960563ebdf09237019fc8b12a072e7524586013124cc39d8
6
+ metadata.gz: 634cbfa8f6b97d1c0b67b27d562436870dd084f8809414e7e32e3471fefbb8362812f53090516c28568547a8f550637819e09b842b921d68af505484e6276ccc
7
+ data.tar.gz: 8ccdb1f626c644cb96896c869bab967191dd9613efb76ce3a450c5cf8beb9bfa9cc7986877fb8f7c78b17ecd065a2a8d7e47d4de6fb458b62e151b8d50c04059
data/README.md CHANGED
@@ -7,7 +7,7 @@
7
7
  Add this line to your application's Gemfile:
8
8
 
9
9
  ```ruby
10
- gem 'devise-jwt', '~> 0.5.9'
10
+ gem 'devise-jwt-cookie', '~> 0.2.0'
11
11
  ```
12
12
 
13
13
  And then execute:
@@ -41,6 +41,7 @@ Devise.setup do |config|
41
41
  end
42
42
  config.jwt_cookie do |jwt_cookie|
43
43
  # ...
44
+ jwt_cookie.secure = false if Rails.env.development?
44
45
  end
45
46
  end
46
47
  ```
@@ -5,19 +5,45 @@ module Devise
5
5
  include Cookie::Import['name', 'domain', 'secure']
6
6
 
7
7
  def build(token)
8
+ if token.nil?
9
+ remove_cookie
10
+ else
11
+ create_cookie(token)
12
+ end
13
+ end
14
+
15
+ def read_from(cookies)
16
+ cookies[name]
17
+ end
18
+
19
+ private
20
+
21
+ def create_cookie(token)
22
+ jwt = Warden::JWTAuth::TokenDecoder.new.call(token)
8
23
  res = {
9
24
  value: token,
10
25
  path: '/',
11
26
  httponly: true,
12
- secure: secure
27
+ secure: secure,
28
+ expires: Time.at(jwt['exp'].to_i)
13
29
  }
14
30
  res[:domain] = domain if domain.present?
15
31
  [name, res]
16
32
  end
17
33
 
18
- def read_from(cookies)
19
- cookies[name]
34
+ def remove_cookie
35
+ res = {
36
+ value: nil,
37
+ path: '/',
38
+ httponly: true,
39
+ secure: secure,
40
+ max_age: '0',
41
+ expires: Time.at(0)
42
+ }
43
+ res[:domain] = domain if domain.present?
44
+ [name, res]
20
45
  end
46
+
21
47
  end
22
48
  end
23
49
  end
@@ -4,18 +4,36 @@ module Devise
4
4
  class Middleware
5
5
  ENV_KEY = 'warden-jwt_auth.token'
6
6
 
7
+ attr_reader :app, :config
8
+
7
9
  def initialize(app)
8
10
  @app = app
11
+ @config = Warden::JWTAuth.config
9
12
  end
10
13
 
11
14
  def call(env)
12
- status, headers, response = @app.call(env)
15
+ status, headers, response = app.call(env)
13
16
  if headers['Authorization'] && env[ENV_KEY]
14
17
  name, cookie = CookieHelper.new.build(env[ENV_KEY])
15
18
  Rack::Utils.set_cookie_header!(headers, name, cookie)
19
+ elsif token_should_be_revoked?(env)
20
+ name, cookie = CookieHelper.new.build(nil)
21
+ Rack::Utils.set_cookie_header!(headers, name, cookie)
16
22
  end
17
23
  [status, headers, response]
18
24
  end
25
+
26
+ def token_should_be_revoked?(env)
27
+ path_info = env['PATH_INFO'] || ''
28
+ method = env['REQUEST_METHOD']
29
+ revocation_requests = config.revocation_requests
30
+ revocation_requests.each do |tuple|
31
+ revocation_method, revocation_path = tuple
32
+ return true if path_info.match(revocation_path) &&
33
+ method == revocation_method
34
+ end
35
+ false
36
+ end
19
37
  end
20
38
  end
21
39
  end
@@ -1,7 +1,7 @@
1
1
  module Devise
2
2
  module JWT
3
3
  module Cookie
4
- VERSION = '0.2.0'
4
+ VERSION = '0.3.0'
5
5
  end
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-jwt-cookie
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Niels van der Zanden
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-04-01 00:00:00.000000000 Z
11
+ date: 2020-04-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise-jwt