devise-jwt 0.5.6 → 0.5.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +4 -3
- data/CHANGELOG.md +4 -0
- data/README.md +11 -11
- data/issue_template.md +28 -0
- data/lib/devise/jwt/models/jwt_authenticatable.rb +1 -1
- data/lib/devise/jwt/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ce25f0119df28a2ff0682ec57b228e7cd3d0d24a
|
|
4
|
+
data.tar.gz: f86dd338edbeb3e38992d1a3407888405e566a3d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d92f20f3d3a4dff6b9eacb4bc2f00633be267e2d0835ed3b50beb22c0c0a720cc9200ca16d9399877927d3249efb43d1644543e9f57496f5107c6351a309dfee
|
|
7
|
+
data.tar.gz: 0431acb342abb8d861c9750fa5fa3b121a7b0c05b01ac15bfa407564c0442107f3f93c72ab800da6b86aac7290f377f80a421072b159042fb563664a19cac18e
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.5.7] - 2018-06-22
|
|
8
|
+
### Added
|
|
9
|
+
- Use `primary_key` instead of `id` to fetch resource.
|
|
10
|
+
|
|
7
11
|
## [0.5.6] - 2018-02-22
|
|
8
12
|
### Fixed
|
|
9
13
|
- Work with more than one `sign_out_via` configured
|
data/README.md
CHANGED
|
@@ -26,7 +26,7 @@ You can read about which security concerns this library takes into account and a
|
|
|
26
26
|
Add this line to your application's Gemfile:
|
|
27
27
|
|
|
28
28
|
```ruby
|
|
29
|
-
gem 'devise-jwt', '~> 0.5.
|
|
29
|
+
gem 'devise-jwt', '~> 0.5.7'
|
|
30
30
|
```
|
|
31
31
|
|
|
32
32
|
And then execute:
|
|
@@ -182,7 +182,7 @@ Then, you have to add the strategy to the model class and configure it according
|
|
|
182
182
|
```ruby
|
|
183
183
|
class User < ApplicationRecord
|
|
184
184
|
include Devise::JWT::RevocationStrategies::JTIMatcher
|
|
185
|
-
|
|
185
|
+
|
|
186
186
|
devise :database_authenticatable,
|
|
187
187
|
:jwt_authenticatable, jwt_revocation_strategy: self
|
|
188
188
|
end
|
|
@@ -276,13 +276,13 @@ def change
|
|
|
276
276
|
# If you want to leverage the `aud` claim, add to it a `NOT NULL` constraint:
|
|
277
277
|
# t.string :aud, null: false
|
|
278
278
|
t.datetime :exp, null: false
|
|
279
|
-
t.references :your_user_table, foreign_key:
|
|
279
|
+
t.references :your_user_table, foreign_key: { on_delete: :cascade }, null: false
|
|
280
280
|
end
|
|
281
|
-
|
|
281
|
+
|
|
282
282
|
add_index :whitelisted_jwts, :jti, unique: true
|
|
283
283
|
end
|
|
284
284
|
```
|
|
285
|
-
Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time.
|
|
285
|
+
Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time. Definining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
|
|
286
286
|
|
|
287
287
|
And then, the model:
|
|
288
288
|
|
|
@@ -291,12 +291,12 @@ class WhitelistedJwt < ApplicationRecord
|
|
|
291
291
|
end
|
|
292
292
|
```
|
|
293
293
|
|
|
294
|
-
Finally, include
|
|
294
|
+
Finally, include the strategy in the model and configure it:
|
|
295
295
|
|
|
296
296
|
```ruby
|
|
297
297
|
class User < ApplicationRecord
|
|
298
298
|
include Devise::JWT::RevocationStrategies::Whitelist
|
|
299
|
-
|
|
299
|
+
|
|
300
300
|
devise :database_authenticatable,
|
|
301
301
|
:jwt_authenticatable, jwt_revocation_strategy: self
|
|
302
302
|
end
|
|
@@ -333,7 +333,7 @@ module MyCustomStrategy
|
|
|
333
333
|
def self.jwt_revoked?(payload, user)
|
|
334
334
|
# Does something to check whether the JWT token is revoked for given user
|
|
335
335
|
end
|
|
336
|
-
|
|
336
|
+
|
|
337
337
|
def self.revoke_jwt(payload, user)
|
|
338
338
|
# Does something to revoke the JWT token for given user
|
|
339
339
|
end
|
|
@@ -378,9 +378,9 @@ require 'devise/jwt/test_helpers'
|
|
|
378
378
|
headers = { 'Accept' => 'application/json', 'Content-Type' => 'application/json' }
|
|
379
379
|
# This will add a valid token for `user` in the `Authorization` header
|
|
380
380
|
auth_headers = Devise::JWT::TestHelpers.auth_headers(headers, user)
|
|
381
|
-
|
|
381
|
+
|
|
382
382
|
get '/my/end_point', headers: auth_headers
|
|
383
|
-
|
|
383
|
+
|
|
384
384
|
expect_something()
|
|
385
385
|
end
|
|
386
386
|
```
|
|
@@ -425,7 +425,7 @@ jwt.dispatch_requests = [
|
|
|
425
425
|
|
|
426
426
|
**Important**: You are encouraged to delimit your regular expression with `^` and `$` to avoid unintentional matches.
|
|
427
427
|
|
|
428
|
-
#### revocation_requests
|
|
428
|
+
#### revocation_requests
|
|
429
429
|
|
|
430
430
|
Besides the destroy session one, additional requests where JWT tokens should be revoked.
|
|
431
431
|
|
data/issue_template.md
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
Please, for a bug report fill in the following template. Before that, make sure to read the whole [README](https://github.com/waiting-for-dev/devise-jwt/blob/master/README.md) and check if your issue is not related with [CORS](https://github.com/waiting-for-dev/devise-jwt#model-configuration).
|
|
2
|
+
|
|
3
|
+
Feature requests and questions about `devise-jwt` are also accepted. It isn't the place for generic questions about using `devise` with an API. For that, read our [wiki page](https://github.com/waiting-for-dev/devise-jwt/wiki/Configuring-devise-for-APIs) or ask somewhere else like [stackoverflow](https://stackoverflow.com/)
|
|
4
|
+
|
|
5
|
+
## Expected behavior
|
|
6
|
+
|
|
7
|
+
## Actual behavior
|
|
8
|
+
|
|
9
|
+
## Steps to Reproduce the Problem
|
|
10
|
+
|
|
11
|
+
1.
|
|
12
|
+
2.
|
|
13
|
+
3.
|
|
14
|
+
|
|
15
|
+
## Debugging information
|
|
16
|
+
|
|
17
|
+
Provide following information. Please, format pasted output as code. Feel free to remove the secret key value.
|
|
18
|
+
|
|
19
|
+
- Version of `devise-jwt` in use
|
|
20
|
+
- Version of `rails` in use
|
|
21
|
+
- Output of `Devise::JWT.config`
|
|
22
|
+
- Output of `Warden::JWTAuth.config`
|
|
23
|
+
- Output of `Devise.mappings`
|
|
24
|
+
- If your issue is related with not getting a JWT from the server:
|
|
25
|
+
- Involved request path, method and request headers
|
|
26
|
+
- Response headers for that request
|
|
27
|
+
- If your issue is related with not being able to revoke a JWT:
|
|
28
|
+
- Involved request path, method and request headers
|
data/lib/devise/jwt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|
|
@@ -190,6 +190,7 @@ files:
|
|
|
190
190
|
- bin/setup
|
|
191
191
|
- devise-jwt.gemspec
|
|
192
192
|
- docker-compose.yml
|
|
193
|
+
- issue_template.md
|
|
193
194
|
- lib/devise/jwt.rb
|
|
194
195
|
- lib/devise/jwt/defaults_generator.rb
|
|
195
196
|
- lib/devise/jwt/mapping_inspector.rb
|