devise-jwt-cookie 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/lib/devise/jwt/cookie/cookie_helper.rb +29 -3
- data/lib/devise/jwt/cookie/middleware.rb +19 -1
- data/lib/devise/jwt/cookie/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4ca1a25c926bf8fca7e684ded8c47026ee168171ba24806d1f620363e241add5
|
|
4
|
+
data.tar.gz: 9961f8133c48c29940fe974c40c2d2ec2e3c5006a7bf67bcaddde6221a81bd3a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 634cbfa8f6b97d1c0b67b27d562436870dd084f8809414e7e32e3471fefbb8362812f53090516c28568547a8f550637819e09b842b921d68af505484e6276ccc
|
|
7
|
+
data.tar.gz: 8ccdb1f626c644cb96896c869bab967191dd9613efb76ce3a450c5cf8beb9bfa9cc7986877fb8f7c78b17ecd065a2a8d7e47d4de6fb458b62e151b8d50c04059
|
data/README.md
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
Add this line to your application's Gemfile:
|
|
8
8
|
|
|
9
9
|
```ruby
|
|
10
|
-
gem 'devise-jwt', '~> 0.
|
|
10
|
+
gem 'devise-jwt-cookie', '~> 0.2.0'
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
And then execute:
|
|
@@ -41,6 +41,7 @@ Devise.setup do |config|
|
|
|
41
41
|
end
|
|
42
42
|
config.jwt_cookie do |jwt_cookie|
|
|
43
43
|
# ...
|
|
44
|
+
jwt_cookie.secure = false if Rails.env.development?
|
|
44
45
|
end
|
|
45
46
|
end
|
|
46
47
|
```
|
|
@@ -5,19 +5,45 @@ module Devise
|
|
|
5
5
|
include Cookie::Import['name', 'domain', 'secure']
|
|
6
6
|
|
|
7
7
|
def build(token)
|
|
8
|
+
if token.nil?
|
|
9
|
+
remove_cookie
|
|
10
|
+
else
|
|
11
|
+
create_cookie(token)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def read_from(cookies)
|
|
16
|
+
cookies[name]
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def create_cookie(token)
|
|
22
|
+
jwt = Warden::JWTAuth::TokenDecoder.new.call(token)
|
|
8
23
|
res = {
|
|
9
24
|
value: token,
|
|
10
25
|
path: '/',
|
|
11
26
|
httponly: true,
|
|
12
|
-
secure: secure
|
|
27
|
+
secure: secure,
|
|
28
|
+
expires: Time.at(jwt['exp'].to_i)
|
|
13
29
|
}
|
|
14
30
|
res[:domain] = domain if domain.present?
|
|
15
31
|
[name, res]
|
|
16
32
|
end
|
|
17
33
|
|
|
18
|
-
def
|
|
19
|
-
|
|
34
|
+
def remove_cookie
|
|
35
|
+
res = {
|
|
36
|
+
value: nil,
|
|
37
|
+
path: '/',
|
|
38
|
+
httponly: true,
|
|
39
|
+
secure: secure,
|
|
40
|
+
max_age: '0',
|
|
41
|
+
expires: Time.at(0)
|
|
42
|
+
}
|
|
43
|
+
res[:domain] = domain if domain.present?
|
|
44
|
+
[name, res]
|
|
20
45
|
end
|
|
46
|
+
|
|
21
47
|
end
|
|
22
48
|
end
|
|
23
49
|
end
|
|
@@ -4,18 +4,36 @@ module Devise
|
|
|
4
4
|
class Middleware
|
|
5
5
|
ENV_KEY = 'warden-jwt_auth.token'
|
|
6
6
|
|
|
7
|
+
attr_reader :app, :config
|
|
8
|
+
|
|
7
9
|
def initialize(app)
|
|
8
10
|
@app = app
|
|
11
|
+
@config = Warden::JWTAuth.config
|
|
9
12
|
end
|
|
10
13
|
|
|
11
14
|
def call(env)
|
|
12
|
-
status, headers, response =
|
|
15
|
+
status, headers, response = app.call(env)
|
|
13
16
|
if headers['Authorization'] && env[ENV_KEY]
|
|
14
17
|
name, cookie = CookieHelper.new.build(env[ENV_KEY])
|
|
15
18
|
Rack::Utils.set_cookie_header!(headers, name, cookie)
|
|
19
|
+
elsif token_should_be_revoked?(env)
|
|
20
|
+
name, cookie = CookieHelper.new.build(nil)
|
|
21
|
+
Rack::Utils.set_cookie_header!(headers, name, cookie)
|
|
16
22
|
end
|
|
17
23
|
[status, headers, response]
|
|
18
24
|
end
|
|
25
|
+
|
|
26
|
+
def token_should_be_revoked?(env)
|
|
27
|
+
path_info = env['PATH_INFO'] || ''
|
|
28
|
+
method = env['REQUEST_METHOD']
|
|
29
|
+
revocation_requests = config.revocation_requests
|
|
30
|
+
revocation_requests.each do |tuple|
|
|
31
|
+
revocation_method, revocation_path = tuple
|
|
32
|
+
return true if path_info.match(revocation_path) &&
|
|
33
|
+
method == revocation_method
|
|
34
|
+
end
|
|
35
|
+
false
|
|
36
|
+
end
|
|
19
37
|
end
|
|
20
38
|
end
|
|
21
39
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-jwt-cookie
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Niels van der Zanden
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-04-
|
|
11
|
+
date: 2020-04-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise-jwt
|