devise-jwt 0.11.0 → 0.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2edd445c57c9d9cd2ed101bc9fd9e2678a4ef8dee9b671d168e5083a08edff2b
4
- data.tar.gz: 2e8c86be9239ac50fe91589ddacc9110c8df84887d7f2e72a5477afa325fc961
3
+ metadata.gz: 04ea0b0abaaaf9486d4bc19ca5dfed4c867e12071934e8bb963fccd9fbd4fd90
4
+ data.tar.gz: 36375dfe1a8be67b238b8bddb1d7ccffb5c207a36faa380230fd99968f746421
5
5
  SHA512:
6
- metadata.gz: 2d9658efde24910caf33abbfdc4ad050900a7904db121612c57023d74db89f5912cadc01c9b1cb69709ece57485b99743ce8c2c3b9f9a86fb6347ce54f270489
7
- data.tar.gz: d01552367f5d62ce7b454434d97f840f90c2bafe284c3d5c5ae83bb4fdf541056c895613b7dfb1556d2858fb8a521d824e87f7c08a96aec439ef4aa6d7f6c0c6
6
+ metadata.gz: f07dbe6fafbcd51f6c380866432db7b2c372c576005ec307a0eaaacd73f1dd10b9d9fae9783da5e6a5afca15ea021262ac4068738d4a3648cb87602e8acbd089
7
+ data.tar.gz: 345765410de35fe76e5603ba4a42ce0f0bba52eb3743a627418b84e283bbdeffdd4cb6b0ebe932d8e88de41ca112d358ebc6b3cde9a52bda9b128e2425c60fc5
@@ -7,10 +7,10 @@ jobs:
7
7
  runs-on: ubuntu-latest
8
8
  strategy:
9
9
  matrix:
10
- ruby-version: ['3.0', '3.1', '3.2', ruby-head]
10
+ ruby-version: ['3.0', '3.1', '3.2', '3.3', ruby-head]
11
11
 
12
12
  steps:
13
- - uses: actions/checkout@v3
13
+ - uses: actions/checkout@v4
14
14
  - name: Set up Ruby ${{ matrix.ruby-version }}
15
15
  uses: ruby/setup-ruby@v1
16
16
  with:
@@ -6,7 +6,7 @@ jobs:
6
6
  lint:
7
7
  runs-on: ubuntu-latest
8
8
  steps:
9
- - uses: actions/checkout@v3
9
+ - uses: actions/checkout@v4
10
10
  - name: Set up Ruby ${{ matrix.ruby-version }}
11
11
  uses: ruby/setup-ruby@v1
12
12
  with:
data/CHANGELOG.md CHANGED
@@ -1,9 +1,14 @@
1
- # Change Log
1
+ [#](#) Change Log
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
4
  The format is based on [Keep a Changelog](http://keepachangelog.com/)
5
5
  and this project adheres to [Semantic Versioning](http://semver.org/).
6
6
 
7
+ ## [0.12.0] - 2024-07-10
8
+ ### Added
9
+ - Add support for `token_header` config
10
+ - Add support for `issuer` config
11
+
7
12
  ## [0.11.0] - 2023-05-10
8
13
  ### Added
9
14
  - Add support for rotation_secret
data/README.md CHANGED
@@ -101,7 +101,7 @@ Devise.setup do |config|
101
101
  end
102
102
  ```
103
103
 
104
- > **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
104
+ > **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `rails secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
105
105
 
106
106
  Currently, HS256 algorithm is the one in use. You may configure a matching secret and algorithm name to use a different one (see [ruby-jwt](https://github.com/jwt/ruby-jwt#algorithms-and-usage) to see which are supported):
107
107
 
@@ -202,10 +202,11 @@ This is so because of the following default Devise workflow:
202
202
  in the session without requiring a strategy (`:jwt_authenticatable`
203
203
  in our case).
204
204
 
205
- So, if you want to avoid this caveat you have three options:
205
+ So, if you want to avoid this caveat you have five options:
206
206
 
207
207
  - Disable the session. If you are developing an API, you probably don't need
208
208
  it. In order to disable it, change `config/initializers/session_store.rb` to:
209
+
209
210
  ```ruby
210
211
  Rails.application.config.session_store :disabled
211
212
  ```
@@ -213,18 +214,41 @@ So, if you want to avoid this caveat you have three options:
213
214
  have the session disabled.
214
215
  - If you still need the session for any other purpose, disable
215
216
  `:database_authenticatable` user storage. In `config/initializers/devise.rb`:
217
+
216
218
  ```ruby
217
219
  config.skip_session_storage = [:http_auth, :params_auth]
218
220
  ```
219
221
  - If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
220
222
  to disable session storage for Devise entirely, you can disable it on a
221
223
  per-model basis:
224
+
222
225
  ```ruby
223
226
  class User < ApplicationRecord
224
227
  devise :database_authenticatable #, your other enabled modules...
225
228
  self.skip_session_storage = [:http_auth, :params_auth]
226
229
  end
227
230
  ```
231
+ - If you need the session for some of the controllers, you are able to disable it at
232
+ the controller level for those controllers which don't need it:
233
+
234
+ ```ruby
235
+ class AdminsController < ApplicationController
236
+ before_action :drop_session_cookie
237
+
238
+ private
239
+
240
+ def drop_session_cookie
241
+ request.session_options[:skip] = true
242
+ end
243
+ ```
244
+ - As the last option you can tell Devise to not store the user in the Warden session
245
+ if you override default Devise `SessionsController` with your own one, and pass
246
+ `store: false` attribute to the `sign_in`, `sign_in_and_redirect`, `bypass_sign_in`
247
+ methods:
248
+
249
+ ```ruby
250
+ sign_in user, store: false
251
+ ```
228
252
 
229
253
  ### Revocation strategies
230
254
 
@@ -563,6 +587,25 @@ like an OAuth workflow with client id and client secret.
563
587
 
564
588
  Defaults to `JWT_AUD`.
565
589
 
590
+ #### token_header
591
+
592
+ Request header containing the token in the format of `Bearer #{token}`.
593
+
594
+ Defaults to `Authorization`.
595
+
596
+ #### issuer
597
+
598
+ The [issuer claim in the token](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1).
599
+
600
+ If present, it will be checked against the incoming token issuer claim and
601
+ authorization will be skipped if they don't match.
602
+
603
+ Defaults to `nil`.
604
+
605
+ ```ruby
606
+ jwt.issuer = 'http://myapp.com'
607
+ ```
608
+
566
609
  ## Development
567
610
 
568
611
  There are docker and docker-compose files configured to create a development environment for this gem. So, if you use Docker you only need to run:
data/devise-jwt.gemspec CHANGED
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
22
22
  spec.require_paths = ["lib"]
23
23
 
24
24
  spec.add_dependency 'devise', '~> 4.0'
25
- spec.add_dependency 'warden-jwt_auth', '~> 0.8'
25
+ spec.add_dependency 'warden-jwt_auth', '~> 0.10'
26
26
 
27
27
  spec.add_development_dependency "bundler", "> 1"
28
28
  spec.add_development_dependency "rake", "~> 13.0"
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Devise
4
4
  module JWT
5
- VERSION = '0.11.0'
5
+ VERSION = '0.12.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 0.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marc Busqué
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-05-10 00:00:00.000000000 Z
11
+ date: 2024-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.8'
33
+ version: '0.10'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.8'
40
+ version: '0.10'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -222,7 +222,7 @@ homepage: https://github.com/waiting-for-dev/devise-jwt
222
222
  licenses:
223
223
  - MIT
224
224
  metadata: {}
225
- post_install_message:
225
+ post_install_message:
226
226
  rdoc_options: []
227
227
  require_paths:
228
228
  - lib
@@ -237,8 +237,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
237
237
  - !ruby/object:Gem::Version
238
238
  version: '0'
239
239
  requirements: []
240
- rubygems_version: 3.3.7
241
- signing_key:
240
+ rubygems_version: 3.5.9
241
+ signing_key:
242
242
  specification_version: 4
243
243
  summary: JWT authentication for devise
244
244
  test_files: []