devise-jwt 0.5.6 → 0.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -3
- data/CHANGELOG.md +4 -0
- data/README.md +11 -11
- data/issue_template.md +28 -0
- data/lib/devise/jwt/models/jwt_authenticatable.rb +1 -1
- data/lib/devise/jwt/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ce25f0119df28a2ff0682ec57b228e7cd3d0d24a
|
|
4
|
+
data.tar.gz: f86dd338edbeb3e38992d1a3407888405e566a3d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d92f20f3d3a4dff6b9eacb4bc2f00633be267e2d0835ed3b50beb22c0c0a720cc9200ca16d9399877927d3249efb43d1644543e9f57496f5107c6351a309dfee
|
|
7
|
+
data.tar.gz: 0431acb342abb8d861c9750fa5fa3b121a7b0c05b01ac15bfa407564c0442107f3f93c72ab800da6b86aac7290f377f80a421072b159042fb563664a19cac18e
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.5.7] - 2018-06-22
|
|
8
|
+
### Added
|
|
9
|
+
- Use `primary_key` instead of `id` to fetch resource.
|
|
10
|
+
|
|
7
11
|
## [0.5.6] - 2018-02-22
|
|
8
12
|
### Fixed
|
|
9
13
|
- Work with more than one `sign_out_via` configured
|
data/README.md
CHANGED
|
@@ -26,7 +26,7 @@ You can read about which security concerns this library takes into account and a
|
|
|
26
26
|
Add this line to your application's Gemfile:
|
|
27
27
|
|
|
28
28
|
```ruby
|
|
29
|
-
gem 'devise-jwt', '~> 0.5.
|
|
29
|
+
gem 'devise-jwt', '~> 0.5.7'
|
|
30
30
|
```
|
|
31
31
|
|
|
32
32
|
And then execute:
|
|
@@ -182,7 +182,7 @@ Then, you have to add the strategy to the model class and configure it according
|
|
|
182
182
|
```ruby
|
|
183
183
|
class User < ApplicationRecord
|
|
184
184
|
include Devise::JWT::RevocationStrategies::JTIMatcher
|
|
185
|
-
|
|
185
|
+
|
|
186
186
|
devise :database_authenticatable,
|
|
187
187
|
:jwt_authenticatable, jwt_revocation_strategy: self
|
|
188
188
|
end
|
|
@@ -276,13 +276,13 @@ def change
|
|
|
276
276
|
# If you want to leverage the `aud` claim, add to it a `NOT NULL` constraint:
|
|
277
277
|
# t.string :aud, null: false
|
|
278
278
|
t.datetime :exp, null: false
|
|
279
|
-
t.references :your_user_table, foreign_key:
|
|
279
|
+
t.references :your_user_table, foreign_key: { on_delete: :cascade }, null: false
|
|
280
280
|
end
|
|
281
|
-
|
|
281
|
+
|
|
282
282
|
add_index :whitelisted_jwts, :jti, unique: true
|
|
283
283
|
end
|
|
284
284
|
```
|
|
285
|
-
Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time.
|
|
285
|
+
Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time. Definining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
|
|
286
286
|
|
|
287
287
|
And then, the model:
|
|
288
288
|
|
|
@@ -291,12 +291,12 @@ class WhitelistedJwt < ApplicationRecord
|
|
|
291
291
|
end
|
|
292
292
|
```
|
|
293
293
|
|
|
294
|
-
Finally, include
|
|
294
|
+
Finally, include the strategy in the model and configure it:
|
|
295
295
|
|
|
296
296
|
```ruby
|
|
297
297
|
class User < ApplicationRecord
|
|
298
298
|
include Devise::JWT::RevocationStrategies::Whitelist
|
|
299
|
-
|
|
299
|
+
|
|
300
300
|
devise :database_authenticatable,
|
|
301
301
|
:jwt_authenticatable, jwt_revocation_strategy: self
|
|
302
302
|
end
|
|
@@ -333,7 +333,7 @@ module MyCustomStrategy
|
|
|
333
333
|
def self.jwt_revoked?(payload, user)
|
|
334
334
|
# Does something to check whether the JWT token is revoked for given user
|
|
335
335
|
end
|
|
336
|
-
|
|
336
|
+
|
|
337
337
|
def self.revoke_jwt(payload, user)
|
|
338
338
|
# Does something to revoke the JWT token for given user
|
|
339
339
|
end
|
|
@@ -378,9 +378,9 @@ require 'devise/jwt/test_helpers'
|
|
|
378
378
|
headers = { 'Accept' => 'application/json', 'Content-Type' => 'application/json' }
|
|
379
379
|
# This will add a valid token for `user` in the `Authorization` header
|
|
380
380
|
auth_headers = Devise::JWT::TestHelpers.auth_headers(headers, user)
|
|
381
|
-
|
|
381
|
+
|
|
382
382
|
get '/my/end_point', headers: auth_headers
|
|
383
|
-
|
|
383
|
+
|
|
384
384
|
expect_something()
|
|
385
385
|
end
|
|
386
386
|
```
|
|
@@ -425,7 +425,7 @@ jwt.dispatch_requests = [
|
|
|
425
425
|
|
|
426
426
|
**Important**: You are encouraged to delimit your regular expression with `^` and `$` to avoid unintentional matches.
|
|
427
427
|
|
|
428
|
-
#### revocation_requests
|
|
428
|
+
#### revocation_requests
|
|
429
429
|
|
|
430
430
|
Besides the destroy session one, additional requests where JWT tokens should be revoked.
|
|
431
431
|
|
data/issue_template.md
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
Please, for a bug report fill in the following template. Before that, make sure to read the whole [README](https://github.com/waiting-for-dev/devise-jwt/blob/master/README.md) and check if your issue is not related with [CORS](https://github.com/waiting-for-dev/devise-jwt#model-configuration).
|
|
2
|
+
|
|
3
|
+
Feature requests and questions about `devise-jwt` are also accepted. It isn't the place for generic questions about using `devise` with an API. For that, read our [wiki page](https://github.com/waiting-for-dev/devise-jwt/wiki/Configuring-devise-for-APIs) or ask somewhere else like [stackoverflow](https://stackoverflow.com/)
|
|
4
|
+
|
|
5
|
+
## Expected behavior
|
|
6
|
+
|
|
7
|
+
## Actual behavior
|
|
8
|
+
|
|
9
|
+
## Steps to Reproduce the Problem
|
|
10
|
+
|
|
11
|
+
1.
|
|
12
|
+
2.
|
|
13
|
+
3.
|
|
14
|
+
|
|
15
|
+
## Debugging information
|
|
16
|
+
|
|
17
|
+
Provide following information. Please, format pasted output as code. Feel free to remove the secret key value.
|
|
18
|
+
|
|
19
|
+
- Version of `devise-jwt` in use
|
|
20
|
+
- Version of `rails` in use
|
|
21
|
+
- Output of `Devise::JWT.config`
|
|
22
|
+
- Output of `Warden::JWTAuth.config`
|
|
23
|
+
- Output of `Devise.mappings`
|
|
24
|
+
- If your issue is related with not getting a JWT from the server:
|
|
25
|
+
- Involved request path, method and request headers
|
|
26
|
+
- Response headers for that request
|
|
27
|
+
- If your issue is related with not being able to revoke a JWT:
|
|
28
|
+
- Involved request path, method and request headers
|
data/lib/devise/jwt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|
|
@@ -190,6 +190,7 @@ files:
|
|
|
190
190
|
- bin/setup
|
|
191
191
|
- devise-jwt.gemspec
|
|
192
192
|
- docker-compose.yml
|
|
193
|
+
- issue_template.md
|
|
193
194
|
- lib/devise/jwt.rb
|
|
194
195
|
- lib/devise/jwt/defaults_generator.rb
|
|
195
196
|
- lib/devise/jwt/mapping_inspector.rb
|