RubyGems - devise-jwt - Versions diffs - 0.11.0 → 0.12.1 - Mend

devise-jwt 0.11.0 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2edd445c57c9d9cd2ed101bc9fd9e2678a4ef8dee9b671d168e5083a08edff2b
-  data.tar.gz: 2e8c86be9239ac50fe91589ddacc9110c8df84887d7f2e72a5477afa325fc961
+  metadata.gz: a98fec2d0b17caa885ee365a32465e0343bc297d5abff540e24a92ce9500b2f6
+  data.tar.gz: 696838ef6812514d0db046f710d3ee027f09d521b6cc7e8da8b902167adf644f
 SHA512:
-  metadata.gz: 2d9658efde24910caf33abbfdc4ad050900a7904db121612c57023d74db89f5912cadc01c9b1cb69709ece57485b99743ce8c2c3b9f9a86fb6347ce54f270489
-  data.tar.gz: d01552367f5d62ce7b454434d97f840f90c2bafe284c3d5c5ae83bb4fdf541056c895613b7dfb1556d2858fb8a521d824e87f7c08a96aec439ef4aa6d7f6c0c6
+  metadata.gz: 7c4c4f38cb9657c4887e1e494f671430e85c067afd0e48ef4304ea3e86c2c3026c4c1a7debb90581fb08bca4eb638767d9d3dc93270cc2622d32acebf2843c8f
+  data.tar.gz: cc33344c9c81402304a948eb040f5993b45c00acea9efaa4a645186fa1ffd32cccec3d2c2eaa42fae4b7c76edaf707099c47cc6883160fdd0a8db1b1b5be0591

data/.github/workflows/ci.yml CHANGED Viewed

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['3.0', '3.1', '3.2', ruby-head]
+        ruby-version: ['3.0', '3.1', '3.2', '3.3', ruby-head]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:

data/.github/workflows/lint.yml CHANGED Viewed

@@ -6,7 +6,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:

data/CHANGELOG.md CHANGED Viewed

@@ -1,9 +1,17 @@
-# Change Log
+[#](#) Change Log
 All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
+## [0.12.1] - 2024-07-12
+- Fix properly support for `token_header` & `issuer` config options
+## [0.12.0] - 2024-07-10
+### Added
+- Add support for `token_header` config
+- Add support for `issuer` config
 ## [0.11.0] - 2023-05-10
 ### Added
 - Add support for rotation_secret

data/README.md CHANGED Viewed

@@ -101,7 +101,7 @@ Devise.setup do |config|
 end
 ```
-> **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
+> **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `rails secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
 Currently, HS256 algorithm is the one in use. You may configure a matching secret and algorithm name to use a different one (see [ruby-jwt](https://github.com/jwt/ruby-jwt#algorithms-and-usage) to see which are supported):
@@ -202,10 +202,11 @@ This is so because of the following default Devise workflow:
   in the session without requiring a strategy (`:jwt_authenticatable`
   in our case).
-So, if you want to avoid this caveat you have three options:
+So, if you want to avoid this caveat you have five options:
 - Disable the session. If you are developing an API, you probably don't need
   it. In order to disable it, change `config/initializers/session_store.rb` to:
   ```ruby
   Rails.application.config.session_store :disabled
   ```
@@ -213,18 +214,41 @@ So, if you want to avoid this caveat you have three options:
   have the session disabled.
 - If you still need the session for any other purpose, disable
   `:database_authenticatable` user storage. In `config/initializers/devise.rb`:
   ```ruby
   config.skip_session_storage = [:http_auth, :params_auth]
   ```
 - If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
   to disable session storage for Devise entirely, you can disable it on a
   per-model basis:
   ```ruby
   class User < ApplicationRecord
     devise :database_authenticatable #, your other enabled modules...
     self.skip_session_storage = [:http_auth, :params_auth]
   end
   ```
+- If you need the session for some of the controllers, you are able to disable it at
+  the controller level for those controllers which don't need it:
+  ```ruby
+  class AdminsController < ApplicationController
+    before_action :drop_session_cookie
+    private
+    def drop_session_cookie
+      request.session_options[:skip] = true
+    end
+  ```
+- As the last option you can tell Devise to not store the user in the Warden session
+  if you override default Devise `SessionsController` with your own one, and pass
+  `store: false` attribute to the `sign_in`, `sign_in_and_redirect`, `bypass_sign_in`
+  methods:
+  ```ruby
+  sign_in user, store: false
+  ```
 ### Revocation strategies
@@ -547,6 +571,19 @@ jwt.request_formats = {
 By default, only requests without format are processed.
+#### token_header
+Request/response header which will transmit the JWT token.
+Defaults to 'Authorization'
+#### issuer
+Expected issuer claim. If present, it will be checked against the incoming
+token issuer claim and authorization will be skipped if they don't match.
+Defaults to nil.
 #### aud_header
 Request header which content will be stored to the `aud` claim in the payload.
@@ -563,6 +600,25 @@ like an OAuth workflow with client id and client secret.
 Defaults to `JWT_AUD`.
+#### token_header
+Request header containing the token in the format of `Bearer #{token}`.
+Defaults to `Authorization`.
+#### issuer
+The [issuer claim in the token](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1).
+If present, it will be checked against the incoming token issuer claim and
+authorization will be skipped if they don't match.
+Defaults to `nil`.
+```ruby
+jwt.issuer = 'http://myapp.com'
+```
 ## Development
 There are docker and docker-compose files configured to create a development environment for this gem. So, if you use Docker you only need to run:

data/devise-jwt.gemspec CHANGED Viewed

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.8'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.10'
   spec.add_development_dependency "bundler", "> 1"
   spec.add_development_dependency "rake", "~> 13.0"

data/lib/devise/jwt/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Devise
   module JWT
-    VERSION = '0.11.0'
+    VERSION = '0.12.1'
   end
 end

data/lib/devise/jwt.rb CHANGED Viewed

@@ -58,6 +58,14 @@ module Devise
             default: Warden::JWTAuth.config.revocation_requests,
             constructor: ->(value) { forward_to_warden(:revocation_requests, value) })
+    setting(:token_header,
+            default: Warden::JWTAuth.config.token_header,
+            constructor: ->(value) { forward_to_warden(:token_header, value) })
+    setting(:issuer,
+            default: Warden::JWTAuth.config.issuer,
+            constructor: ->(value) { forward_to_warden(:issuer, value) })
     setting(:aud_header,
             default: Warden::JWTAuth.config.aud_header,
             constructor: ->(value) { forward_to_warden(:aud_header, value) })

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.1
 platform: ruby
 authors:
 - Marc Busqué
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-05-10 00:00:00.000000000 Z
+date: 2024-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -222,7 +222,7 @@ homepage: https://github.com/waiting-for-dev/devise-jwt
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -237,8 +237,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key:
+rubygems_version: 3.5.9
+signing_key:
 specification_version: 4
 summary: JWT authentication for devise
 test_files: []