devise-jwt 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2ecbf7273869cd4de429e93d195909ba9da9d104
-  data.tar.gz: 063fd47a63596b94658f9a51ff2dd7bd42f82a8d
+  metadata.gz: abe51a448ee1c23ead964f1d3fd53ef1a0f1443d
+  data.tar.gz: 7731662d778cc78da4265f7850d071f8632d7d99
 SHA512:
-  metadata.gz: 6bc1230d565cf6be101e35461a020980fd65cca899b77f6630f177b6b890c7adfa98f8e2808fd224b1cfdf0c3679965eb8316a5f0962c32b6a75e75f3cfc9994
-  data.tar.gz: 145836767694dceeb3190bfb98d87c4caaf5fdcf3147567206c92dcba347b14a6246c40ef48804189d0bbdcacbd1af3d54d324be57acd43db5255556e7a2ca07
+  metadata.gz: 174b7dc71c02263dc0be659bac3c4cc980b37e80cc735c980845c0a7f9a2732eebfd0956b0b473bc3da0e9e7b14c85365a4465ac243fa75367435bdf7fc8f03a
+  data.tar.gz: 6df5de828db92a655a6ecdef225f7bfb3680479c9bcb8ef6769323430f7420371135d7a675992f301b7eb32ee7619ce9f1fc878e9da7454641273cc11e77a098

data/CHANGELOG.md

@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.2.0] - 2017-02-28
+### Added
+- Dispatch token on sign up
+- Speed up initialization
+### Fixed
+- Do not depend on assumed helpers to build default paths
+- Use `sign_out_via` devise option to set revocation request methods
+- Take routes with scopes into account
+
 ## [0.1.1] - 2017-01-26
 ### Fixed
 - Request method configuration for Rails < 5

data/README.md

@@ -1,5 +1,6 @@
 # Devise::JWT
 
+[![Gem Version](https://badge.fury.io/rb/devise-jwt.svg)](https://badge.fury.io/rb/devise-jwt)
 [![Build Status](https://travis-ci.org/waiting-for-dev/devise-jwt.svg?branch=master)](https://travis-ci.org/waiting-for-dev/devise-jwt)
 [![Code Climate](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/gpa.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt)
 [![Test Coverage](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/coverage.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt/coverage)
@@ -11,7 +12,7 @@ You can read about which security concerns this library takes into account and a
 - [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
 - [JWT Recovation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
 - [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
-- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_for_rack_and_rails)
+- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails/)
 
 `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
 
@@ -55,7 +56,7 @@ Currently, HS256 algorithm is the one in use.
 You have to tell which user models you want to be able to authenticate with JWT tokens. For them, the authentication process will be like this:
 
 - A user authenticates trough devise create session request (for example, using the standard `:database_authenticatable` module).
-- If the authentication succeeds, a JWT token is dispatched to the client in the `Authorization` response header, with format `Bearer #{token}`
+- If the authentication succeeds, a JWT token is dispatched to the client in the `Authorization` response header, with format `Bearer #{token}` (tokens are also dispatched on a successful sign up).
 - The client can use this token to authenticate following requests for the same user, providing it in the `Authorization` request header, also with format `Bearer #{token}`
 - When the client visits devise destroy session request, the token is revoked.
 

data/lib/devise/jwt.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
+require 'forwardable'
 require 'devise'
 require 'active_support/core_ext/module/attribute_accessors'
 require 'warden/jwt_auth'
 require 'devise/jwt/version'
+require 'devise/jwt/mapping_inspector'
 require 'devise/jwt/defaults_generator'
 require 'devise/jwt/railtie'
 require 'devise/jwt/models'
@@ -15,12 +17,33 @@ module Devise
   #
   # @see Warden::JWTAuth
   def self.jwt
-    yield(Warden::JWTAuth.config)
+    yield(Devise::JWT.config)
   end
 
   add_module(:jwt_authenticatable, strategy: :jwt)
 
   # JWT extension for devise
   module JWT
+    extend Dry::Configurable
+
+    setting(:secret) do |value|
+      forward_to_warden(:secret, value)
+    end
+
+    setting(:expiration_time) do |value|
+      forward_to_warden(:expiration_time, value)
+    end
+
+    setting(:dispatch_requests) do |value|
+      forward_to_warden(:dispatch_requests, value)
+    end
+
+    setting(:revocation_requests) do |value|
+      forward_to_warden(:revocation_requests, value)
+    end
+
+    def self.forward_to_warden(setting, value)
+      Warden::JWTAuth.config.send("#{setting}=", value)
+    end
   end
 end

data/lib/devise/jwt/defaults_generator.rb

@@ -7,66 +7,91 @@ module Devise
     #
     # @see Warden::JWTAuth
     class DefaultsGenerator
-      attr_reader :routes, :devise_mappings
+      attr_reader :devise_mappings, :defaults
+
+      def self.call
+        new.call
+      end
 
       def initialize
-        @routes = Rails.application.routes
         @devise_mappings = Devise.mappings
+        @defaults = {
+          mappings: {},
+          revocation_strategies: {},
+          dispatch_requests: [],
+          revocation_requests: []
+        }
       end
 
-      def mappings
-        @mappings ||= devise_mappings.each_with_object({}) do |tuple, hash|
-          scope, mapping = tuple
-          modules = mapping.modules
-          next unless modules.include?(:jwt_authenticatable)
-          hash[scope] = mapping.to
+      def call
+        devise_mappings.each_key do |scope|
+          inspector = MappingInspector.new(scope)
+          next unless inspector.jwt?
+          add_defaults(inspector)
         end
+        defaults
       end
 
-      def dispatch_requests
-        scopes.each_with_object([]) do |scope, array|
-          named_route = "#{scope}_session"
-          array << request_for(named_route)
-        end
+      private
+
+      def add_defaults(inspector)
+        add_mapping(inspector)
+        add_revocation_strategy(inspector)
+        add_dispatch_requests(inspector)
+        add_revocation_requests(inspector)
       end
 
-      def revocation_requests
-        scopes.each_with_object([]) do |scope, array|
-          named_route = "destroy_#{scope}_session"
-          array << request_for(named_route)
-        end
+      # :reek:FeatureEnvy
+      def add_mapping(inspector)
+        scope = inspector.scope
+        model = inspector.model
+        defaults[:mappings][scope] = model
       end
 
-      def revocation_strategies
-        mappings.each_with_object({}) do |tuple, hash|
-          scope, model = tuple
-          hash[scope] = model.jwt_revocation_strategy
-        end
+      # :reek:FeatureEnvy
+      def add_revocation_strategy(inspector)
+        scope = inspector.scope
+        model = inspector.model
+        defaults[:revocation_strategies][scope] = model.jwt_revocation_strategy
       end
 
-      private
+      def add_dispatch_requests(inspector)
+        add_sign_in_request(inspector)
+        add_registration_request(inspector)
+      end
 
-      def scopes
-        mappings.keys
+      def add_sign_in_request(inspector)
+        return unless inspector.session?
+        defaults[:dispatch_requests] << sign_in_request(inspector)
       end
 
-      def request_for(named_route)
-        named_path = "#{named_route}_path"
-        route = routes.named_routes[named_route]
-        method = method_for_route(route)
-        path = /^#{routes.url_helpers.send(named_path)}$/
-        [method, path]
+      def add_registration_request(inspector)
+        return unless inspector.registration?
+        defaults[:dispatch_requests] << registration_request(inspector)
+      end
+
+      def add_revocation_requests(inspector)
+        return unless inspector.session?
+        defaults[:revocation_requests] << sign_out_request(inspector)
+      end
+
+      def sign_in_request(inspector)
+        request(inspector, :sign_in)
+      end
+
+      def sign_out_request(inspector)
+        request(inspector, :sign_out)
+      end
+
+      def registration_request(inspector)
+        request(inspector, :registration)
       end
 
       # :reek:UtilityFunction
-      # @see https://github.com/rails/rails/pull/21849
-      def method_for_route(route)
-        verb = route.verb
-        if Rails.version.to_i < 5
-          verb.source.match(/\w+/)[0]
-        else
-          verb
-        end
+      def request(inspector, name)
+        path = inspector.path(name)
+        method = inspector.method(name)
+        [method, /^#{path}$/]
       end
     end
   end

data/lib/devise/jwt/mapping_inspector.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Devise
+  module JWT
+    # Inspect and extract information from a Devise mapping
+    class MappingInspector
+      attr_reader :scope, :mapping
+
+      def initialize(scope)
+        @scope = scope
+        @mapping = Devise.mappings[scope]
+      end
+
+      def jwt?
+        mapping.modules.member?(:jwt_authenticatable)
+      end
+
+      def session?
+        routes?(:session)
+      end
+
+      def registration?
+        routes?(:registration)
+      end
+
+      def model
+        mapping.to
+      end
+
+      def path(name)
+        prefix, scope, request = path_parts(name)
+        [prefix, scope, request].compact.join('/').prepend('/')
+      end
+
+      # :reek:ControlParameter
+      def method(name)
+        case name
+        when :sign_in
+          'POST'
+        when :sign_out
+          sign_out_via.to_s.upcase
+        when :registration
+          'POST'
+        end
+      end
+
+      private
+
+      def path_parts(name)
+        prefix = mapping.instance_variable_get(:@path_prefix)
+        path = mapping.path
+        path_name = mapping.path_names[name]
+        [
+          prefix && prefix.gsub(%r{^/}, ''),
+          path,
+          path_name && !path_name.empty? ? path_name : nil
+        ]
+      end
+
+      def routes?(name)
+        mapping.routes.member?(name)
+      end
+
+      def sign_out_via
+        mapping.sign_out_via.to_s.upcase
+      end
+    end
+  end
+end

data/lib/devise/jwt/railtie.rb

@@ -13,12 +13,12 @@ module Devise
           Rails.application.reload_routes!
 
           Warden::JWTAuth.configure do |config|
-            defaults = DefaultsGenerator.new
+            defaults = DefaultsGenerator.call
 
-            config.mappings = defaults.mappings
-            config.dispatch_requests.push(*defaults.dispatch_requests)
-            config.revocation_requests.push(*defaults.revocation_requests)
-            config.revocation_strategies = defaults.revocation_strategies
+            config.mappings = defaults[:mappings]
+            config.dispatch_requests.push(*defaults[:dispatch_requests])
+            config.revocation_requests.push(*defaults[:revocation_requests])
+            config.revocation_strategies = defaults[:revocation_strategies]
           end
         end
       end

data/lib/devise/jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Devise
   module JWT
-    VERSION = '0.1.1'
+    VERSION = '0.2.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Marc Busqué
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-01-26 00:00:00.000000000 Z
+date: 2017-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -192,6 +192,7 @@ files:
 - docker-compose.yml
 - lib/devise/jwt.rb
 - lib/devise/jwt/defaults_generator.rb
+- lib/devise/jwt/mapping_inspector.rb
 - lib/devise/jwt/models.rb
 - lib/devise/jwt/models/jwt_authenticatable.rb
 - lib/devise/jwt/railtie.rb
@@ -220,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.6
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: JWT authentication for devise