devise-jwt 0.5.7 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ce25f0119df28a2ff0682ec57b228e7cd3d0d24a
-  data.tar.gz: f86dd338edbeb3e38992d1a3407888405e566a3d
+SHA256:
+  metadata.gz: dbd6de3011149a0bca3be6b3658cd5a9556b0be78581f3cd22c3aec9cbfd4cf0
+  data.tar.gz: 6ce928fe9ccbf54f7b119a815ffe97eb72c02a321e618a7f60018c00fabe7e5c
 SHA512:
-  metadata.gz: d92f20f3d3a4dff6b9eacb4bc2f00633be267e2d0835ed3b50beb22c0c0a720cc9200ca16d9399877927d3249efb43d1644543e9f57496f5107c6351a309dfee
-  data.tar.gz: 0431acb342abb8d861c9750fa5fa3b121a7b0c05b01ac15bfa407564c0442107f3f93c72ab800da6b86aac7290f377f80a421072b159042fb563664a19cac18e
+  metadata.gz: 7460b663f7639978e6021f52b1de8e0f4c20ebc9ca33375cc11d630e379fb82cd48d1e61a5ee7fc72335ec1088112a75e02b4bae60935f8439878d2f81b8bd5e
+  data.tar.gz: a572ab50a87f8254bce00685a248dea9ff16181bbdcc70f2f70e7b65a97cfc1d0c0a11dd8ef966a0e80bd7327e5fb5e4e0ed54aef227448960d22c5a5b2aec46

data/.codeclimate.yml

@@ -8,8 +8,6 @@ engines:
     enabled: true
   rubocop:
     enabled: true
-  reek:
-    enabled: true
 ratings:
   paths:
   - "**.rb"
@@ -18,3 +16,4 @@ exclude_paths:
   - Gemfile
   - bin/console
   - devise-jwt.gemspec
+  - vendor/

data/.rubocop.yml

@@ -1,6 +1,11 @@
 require: rubocop-rspec
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
+  Exclude:
+    - Gemfile
+    - devise-jwt.gemspec
+    - spec/fixtures/rails_app/**/*
+    - vendor/**/*
 RSpec/NestedGroups:
   Max: 3
 RSpec/MessageExpectation:
@@ -14,3 +19,37 @@ Metrics/BlockLength:
     - "spec/**/*.rb"
 Style/SafeNavigation:
   Enabled: false
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+Style/AccessorGrouping:
+  Enabled: true
+Style/BisectedAttrAccessor:
+  Enabled: true
+Style/ExponentialNotation:
+  Enabled: true
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
+Style/RedundantAssignment:
+  Enabled: true
+Style/RedundantFetchBlock:
+  Enabled: true
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+Style/RedundantRegexpEscape:
+  Enabled: true
+Style/SlicingWithRange:
+  Enabled: true

data/.travis.yml

@@ -1,21 +1,20 @@
-sudo: false
 language: ruby
+cache: bundler
 rvm:
-  - 2.2.9
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
+  - 2.5
+  - 2.6
+  - 2.7
+  - ruby-head
 before_install:
   - gem update --system --no-doc
-  - bundle install --gemfile=.overcommit_gems.rb
-before_script:
-  - git config --global user.email 'travis@travis.ci'
-  - git config --global user.name 'Travis CI'
+  - gem install bundler
 script:
   - bundle exec rspec
+  - bundle exec rubocop
   - bundle exec codeclimate-test-reporter
-  - overcommit --sign
-  - overcommit --run
+jobs:
+  allow_failures:
+    - rvm: ruby-head
 addons:
   code_climate:
     repo_token:

data/CHANGELOG.md

@@ -4,6 +4,26 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.8.0] - 2020-07-06
+### Fixed
+- Fix compatibility with last version of dry-configurable
+
+## [0.7.0] - 2020-06-03
+### Fixed
+- Replace whitelist/blacklist terminology with allowlist/denylist
+
+## [0.6.0] - 2019-08-01
+### Fixed
+- Update warden-jwt_auth dependency to v0.4.0 so that now it is possible to configure algorithm.
+
+## [0.5.9] - 2019-03-29
+### Fixed
+- Update dependencies.
+
+## [0.5.8] - 2018-09-07
+### Fixed
+- Fix test helper to persist whitelisted tokens.
+
 ## [0.5.7] - 2018-06-22
 ### Added
 - Use `primary_key` instead of `id` to fetch resource.

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 Marc Busqué
+Copyright (c) 2016-2020 Marc Busqué
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -21,12 +21,34 @@ You can read about which security concerns this library takes into account and a
 
 `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
 
+## Upgrade notes
+
+### v0.7.0
+
+Since version v0.7.0 `Blacklist` revocation strategy has been renamed to `Denylist` while `Whitelist` has been renamed to `Allowlist`.
+
+For `Denylist`, you only need to update the `include` line you're using in your revocation strategy model:
+
+```ruby
+# include Devise::JWT::RevocationStrategies::Blacklist # before
+include Devise::JWT::RevocationStrategies::Denylist 
+```
+
+For `Whitelist`, you need to update the `include` line you're using in your user model:
+
+```ruby
+# include Devise::JWT::RevocationStrategies::Whitelist # before
+include Devise::JWT::RevocationStrategies::Allowlist
+```
+
+You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
+
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'devise-jwt', '~> 0.5.7'
+gem 'devise-jwt', '~> 0.6.0'
 ```
 
 And then execute:
@@ -76,7 +98,7 @@ An example configuration:
 ```ruby
 class User < ApplicationRecord
   devise :database_authenticatable,
-         :jwt_authenticatable, jwt_revocation_strategy: Blacklist
+         :jwt_authenticatable, jwt_revocation_strategy: Denylist
 end
 ```
 
@@ -132,7 +154,7 @@ This is so because of the following default devise workflow:
   in the session without even reaching to any strategy (`:jwt_authenticatable`
   in our case).
 
-So, if you want to avoid this caveat you have two options:
+So, if you want to avoid this caveat you have three options:
 
 - Disable the session. If you are developing an API, probably you don't need
   it. In order to disable it, change `config/initializers/session_store.rb` to:
@@ -146,6 +168,15 @@ So, if you want to avoid this caveat you have two options:
   ```ruby
   config.skip_session_storage = [:http_auth, :params_auth]
   ```
+- If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
+  to disable session storage for devise entirely, you can disable it on a
+  per-model basis:
+  ```ruby
+  class User < ApplicationRecord
+    devise :database_authenticatable #, your other enabled modules...
+    self.skip_session_storage = [:http_auth, :params_auth]
+  end
+  ```
 
 ### Revocation strategies
 
@@ -157,7 +188,7 @@ Here, the model class acts itself as the revocation strategy. It needs a new str
 
 It works like the following:
 
-- At the same time that a token is dispatched for a user, the `jti` claim is persisted to the `jti` column.
+- When a token is dispatched for a user, the `jti` claim is taken from the `jti` column in the model (which has been initialized when the record has been created).
 - At every authenticated action, the incoming token `jti` claim is matched against the `jti` column for that user. The authentication only succeeds if they are the same.
 - When the user requests to sign out its `jti` column changes, so that provided token won't be valid anymore.
 
@@ -196,29 +227,29 @@ def jwt_payload
 end
 ```
 
-#### Blacklist
+#### Denylist
 
-In this strategy, a database table is used as a blacklist of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of staled tokens.
+In this strategy, a database table is used as a list of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of staled tokens.
 
-In order to use it, you need to create the blacklist table in a migration:
+In order to use it, you need to create the denylist table in a migration:
 
 ```ruby
 def change
-  create_table :jwt_blacklist do |t|
+  create_table :jwt_denylist do |t|
     t.string :jti, null: false
     t.datetime :exp, null: false
   end
-  add_index :jwt_blacklist, :jti
+  add_index :jwt_denylist, :jti
 end
 ```
 For performance reasons, it is better if the `jti` column is an index.
 
-Note: if you used the blacklist strategy before vesion 0.4.0 you may not have the field *exp.* If not, run the following migration:
+Note: if you used the denylist strategy before vesion 0.4.0 you may not have the field *exp.* If not, run the following migration:
 
 ```ruby
-class AddExpirationTimeToJWTBlacklist < ActiveRecord::Migration
+class AddExpirationTimeToJWTDenylist < ActiveRecord::Migration
   def change
-    add_column :jwt_blacklist, :exp, :datetime, null: false
+    add_column :jwt_denylist, :exp, :datetime, null: false
   end
 end
 
@@ -227,10 +258,10 @@ end
 Then, you need to create the corresponding model and include the strategy:
 
 ```ruby
-class JWTBlacklist < ApplicationRecord
-  include Devise::JWT::RevocationStrategies::Blacklist
+class JwtDenylist < ApplicationRecord
+  include Devise::JWT::RevocationStrategies::Denylist
 
-  self.table_name = 'jwt_blacklist'
+  self.table_name = 'jwt_denylist'
 end
 ```
 
@@ -239,11 +270,11 @@ Last, configure the user model to use it:
 ```ruby
 class User < ApplicationRecord
   devise :database_authenticatable,
-         :jwt_authenticatable, jwt_revocation_strategy: JWTBlacklist
+         :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
 end
 ```
 
-#### Whitelist
+#### Allowlist
 
 Here, the model itself acts also as a revocation strategy, but it needs to have
 a one-to-many association with another table which stores the tokens (in fact
@@ -266,11 +297,11 @@ devices for the same user.
 The `exp` claim is also stored to allow the clean-up of staled tokens.
 
 In order to use it, you have to create yourself the associated table and model.
-The association table must be called `whitelisted_jwts`:
+The association table must be called `allowlisted_jwts`:
 
 ```ruby
 def change
-  create_table :whitelisted_jwts do |t|
+  create_table :allowlisted_jwts do |t|
     t.string :jti, null: false
     t.string :aud
     # If you want to leverage the `aud` claim, add to it a `NOT NULL` constraint:
@@ -279,7 +310,7 @@ def change
     t.references :your_user_table, foreign_key: { on_delete: :cascade }, null: false
   end
 
-  add_index :whitelisted_jwts, :jti, unique: true
+  add_index :allowlisted_jwts, :jti, unique: true
 end
 ```
 Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time. Definining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
@@ -287,7 +318,7 @@ Important: You are encouraged to set a unique index in the jti column. This way
 And then, the model:
 
 ```ruby
-class WhitelistedJwt < ApplicationRecord
+class AllowlistedJwt < ApplicationRecord
 end
 ```
 
@@ -295,7 +326,7 @@ Finally, include the strategy in the model and configure it:
 
 ```ruby
 class User < ApplicationRecord
-  include Devise::JWT::RevocationStrategies::Whitelist
+  include Devise::JWT::RevocationStrategies::Allowlist
 
   devise :database_authenticatable,
          :jwt_authenticatable, jwt_revocation_strategy: self
@@ -490,14 +521,6 @@ An then, for example:
 
 `docker-compose exec app rspec`
 
-This gem uses [overcommit](https://github.com/brigade/overcommit) to execute some code review engines. If you submit a pull request, it will be executed in the CI process. In order to set it up, you need to do:
-
-```ruby
-bundle install --gemfile=.overcommit_gems.rb
-overcommit --sign
-overcommit --run # To test if it works
-```
-
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/waiting-for-dev/devise-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/bin/console

@@ -1,14 +1,15 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "devise/jwt"
+require 'bundler/setup'
+require 'devise/jwt'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
 # (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
+# require 'pry'
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/devise-jwt.gemspec

@@ -22,17 +22,20 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.3.5'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.5'
 
-  spec.add_development_dependency "bundler", "~> 1.12"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "pry-byebug", "~> 3.4"
+  spec.add_development_dependency "bundler", "> 1"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "pry-byebug", "~> 3.7"
   # Needed to test the rails fixture application
-  spec.add_development_dependency 'rails', '~> 5.0'
+  spec.add_development_dependency 'rails', '~> 6.0'
   spec.add_development_dependency 'sqlite3', '~> 1.3'
-  spec.add_development_dependency 'rspec-rails', '~> 3.5'
+  spec.add_development_dependency 'rspec-rails', '~> 4.0'
+  # Cops
+  spec.add_development_dependency 'rubocop', '~> 0.87'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.42'
   # Test reporting
-  spec.add_development_dependency 'simplecov', '~> 0.13'
+  spec.add_development_dependency 'simplecov', '0.17'
   spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
 end

data/issue_template.md

@@ -18,6 +18,7 @@ Provide following information. Please, format pasted output as code. Feel free t
 
 - Version of `devise-jwt` in use
 - Version of `rails` in use
+- Version of `warden-jwt_auth` in use
 - Output of `Devise::JWT.config`
 - Output of `Warden::JWTAuth.config`
 - Output of `Devise.mappings`

data/lib/devise/jwt.rb

@@ -17,7 +17,9 @@ module Devise
   #
   # @see Warden::JWTAuth
   def self.jwt
+    Warden::JWTAuth.config.to_h
     yield(Devise::JWT.config)
+    Devise::JWT.config.to_h
   end
 
   add_module(:jwt_authenticatable, strategy: :jwt)
@@ -26,23 +28,31 @@ module Devise
   module JWT
     extend Dry::Configurable
 
-    setting(:secret) do |value|
+    def self.forward_to_warden(setting, value)
+      default = Warden::JWTAuth.config.send(setting)
+      Warden::JWTAuth.config.send("#{setting}=", value || default)
+      Warden::JWTAuth.config.send(setting)
+    end
+
+    setting(:secret, Warden::JWTAuth.config.secret) do |value|
       forward_to_warden(:secret, value)
     end
 
-    setting(:expiration_time) do |value|
+    setting(:expiration_time, Warden::JWTAuth.config.expiration_time) do |value|
       forward_to_warden(:expiration_time, value)
     end
 
-    setting(:dispatch_requests) do |value|
+    setting(:dispatch_requests,
+            Warden::JWTAuth.config.dispatch_requests) do |value|
       forward_to_warden(:dispatch_requests, value)
     end
 
-    setting(:revocation_requests) do |value|
+    setting(:revocation_requests,
+            Warden::JWTAuth.config.revocation_requests) do |value|
       forward_to_warden(:revocation_requests, value)
     end
 
-    setting(:aud_header) do |value|
+    setting(:aud_header, Warden::JWTAuth.config.aud_header) do |value|
       forward_to_warden(:aud_header, value)
     end
 
@@ -60,9 +70,5 @@ module Devise
     #   admin_user: [nil, :xml]
     # }
     setting :request_formats, {}
-
-    def self.forward_to_warden(setting, value)
-      Warden::JWTAuth.config.send("#{setting}=", value)
-    end
   end
 end

data/lib/devise/jwt/defaults_generator.rb

@@ -27,6 +27,7 @@ module Devise
         devise_mappings.each_key do |scope|
           inspector = MappingInspector.new(scope)
           next unless inspector.jwt?
+
           add_defaults(inspector)
         end
         defaults
@@ -41,14 +42,12 @@ module Devise
         add_revocation_requests(inspector)
       end
 
-      # :reek:FeatureEnvy
       def add_mapping(inspector)
         scope = inspector.scope
         model = inspector.model
         defaults[:mappings][scope] = model.name
       end
 
-      # :reek:FeatureEnvy
       def add_revocation_strategy(inspector)
         scope = inspector.scope
         strategy = inspector.model.jwt_revocation_strategy
@@ -62,16 +61,19 @@ module Devise
 
       def add_sign_in_request(inspector)
         return unless inspector.session?
+
         defaults[:dispatch_requests].push(*sign_in_requests(inspector))
       end
 
       def add_registration_request(inspector)
         return unless inspector.registration?
+
         defaults[:dispatch_requests].push(*registration_requests(inspector))
       end
 
       def add_revocation_requests(inspector)
         return unless inspector.session?
+
         defaults[:revocation_requests].push(*sign_out_requests(inspector))
       end
 
@@ -87,7 +89,6 @@ module Devise
         requests(inspector, :registration)
       end
 
-      # :reek:FeatureEnvy
       def requests(inspector, name)
         path = inspector.path(name)
         methods = inspector.methods(name)
@@ -96,7 +97,6 @@ module Devise
         end
       end
 
-      # :reek:UtilityFunction
       def requests_for_format(path, methods, format)
         path_regexp = format ? /^#{path}.#{format}$/ : /^#{path}$/
         methods.map do |method|

data/lib/devise/jwt/mapping_inspector.rb

@@ -27,7 +27,6 @@ module Devise
         mapping.to
       end
 
-      # :reek:FeatureEnvy
       def path(name)
         prefix, scope, request = path_parts(name)
         [prefix, scope, request].delete_if do |item|
@@ -35,7 +34,6 @@ module Devise
         end.join('/').prepend('/').gsub('//', '/')
       end
 
-      # :reek:ControlParameter
       def methods(name)
         method = case name
                  when :sign_in      then 'POST'

data/lib/devise/jwt/revocation_strategies.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 require 'devise/jwt/revocation_strategies/jti_matcher'
-require 'devise/jwt/revocation_strategies/blacklist'
-require 'devise/jwt/revocation_strategies/whitelist'
+require 'devise/jwt/revocation_strategies/denylist'
+require 'devise/jwt/revocation_strategies/allowlist'
 require 'devise/jwt/revocation_strategies/null'
 
 module Devise

data/lib/devise/jwt/revocation_strategies/{whitelist.rb → allowlist.rb}

@@ -7,40 +7,39 @@ module Devise
     module RevocationStrategies
       # This strategy must be included in the user model.
       #
-      # The JwtWhitelist table must include `jti`, `aud`, `exp` and `user_id`
+      # The JwtAllowlist table must include `jti`, `aud`, `exp` and `user_id`
       # columns
       #
       # In order to tell whether a token is revoked, it just tries to find the
-      # `jti` and `aud` values from the token on the `whitelisted_jwts`
+      # `jti` and `aud` values from the token on the `allowlisted_jwts`
       # table for the respective user.
       #
       # If the values don't exist means the token was revoked.
       # On revocation, it deletes the matching record from the
-      # `whitelisted_jwts` table.
+      # `allowlisted_jwts` table.
       #
       # On sign in, it creates a new record with the `jti` and `aud` values.
-      module Whitelist
+      module Allowlist
         extend ActiveSupport::Concern
 
         included do
-          has_many :whitelisted_jwts, dependent: :destroy
+          has_many :allowlisted_jwts, dependent: :destroy
 
           # @see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
           def self.jwt_revoked?(payload, user)
-            !user.whitelisted_jwts.exists?(payload.slice('jti', 'aud'))
+            !user.allowlisted_jwts.exists?(payload.slice('jti', 'aud'))
           end
 
           # @see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
           def self.revoke_jwt(payload, user)
-            jwt = user.whitelisted_jwts.find_by(payload.slice('jti', 'aud'))
+            jwt = user.allowlisted_jwts.find_by(payload.slice('jti', 'aud'))
             jwt.destroy! if jwt
           end
         end
 
         # Warden::JWTAuth::Interfaces::User#on_jwt_dispatch
-        # :reek:FeatureEnvy
         def on_jwt_dispatch(_token, payload)
-          whitelisted_jwts.create!(
+          allowlisted_jwts.create!(
             jti: payload['jti'],
             aud: payload['aud'],
             exp: Time.at(payload['exp'].to_i)

data/lib/devise/jwt/revocation_strategies/{blacklist.rb → denylist.rb}

@@ -10,7 +10,7 @@ module Devise
       #
       # In order to tell whether a token is revoked, it just checks whether
       # `jti` is in the table. On revocation, creates a new record with it.
-      module Blacklist
+      module Denylist
         extend ActiveSupport::Concern
 
         included do

data/lib/devise/jwt/test_helpers.rb

@@ -7,6 +7,10 @@ module Devise
       # Returns headers with a valid token in the `Authorization` header
       # added.
       #
+      # Side effects could happen if you have implemented
+      # `on_jwt_dispatch` method on the user model (as it happens in
+      # the allowlist revocation strategy).
+      #
       # Be aware that a fresh copy of `headers` is returned with the new
       # key/value pair added, instead of modifying given argument.
       #
@@ -16,14 +20,13 @@ module Devise
       # autodetected.
       # @param aud [String] The aud claim. If `nil` it will be autodetected from
       # the header name configured in `Devise::JWT.config.aud_header`.
-      #
-      # :reek:LongParameterList
       def self.auth_headers(headers, user, scope: nil, aud: nil)
         scope ||= Devise::Mapping.find_scope!(user)
         aud ||= headers[Warden::JWTAuth.config.aud_header]
-        token, _payload = Warden::JWTAuth::UserEncoder.new.call(
+        token, payload = Warden::JWTAuth::UserEncoder.new.call(
           user, scope, aud
         )
+        user.on_jwt_dispatch(token, payload) if user.respond_to?(:on_jwt_dispatch)
         Warden::JWTAuth::HeaderParser.to_headers(headers, token)
       end
     end

data/lib/devise/jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Devise
   module JWT
-    VERSION = '0.5.7'
+    VERSION = '0.8.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.5.7
+  version: 0.8.0
 platform: ruby
 authors:
 - Marc Busqué
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-06-22 00:00:00.000000000 Z
+date: 2020-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,84 +30,84 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.5
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.5
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -128,28 +128,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.87'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.87'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.42'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.42'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '0.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '0.17'
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
@@ -173,9 +201,6 @@ extra_rdoc_files: []
 files:
 - ".codeclimate.yml"
 - ".gitignore"
-- ".overcommit.yml"
-- ".overcommit_gems.rb"
-- ".reek"
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
@@ -198,10 +223,10 @@ files:
 - lib/devise/jwt/models/jwt_authenticatable.rb
 - lib/devise/jwt/railtie.rb
 - lib/devise/jwt/revocation_strategies.rb
-- lib/devise/jwt/revocation_strategies/blacklist.rb
+- lib/devise/jwt/revocation_strategies/allowlist.rb
+- lib/devise/jwt/revocation_strategies/denylist.rb
 - lib/devise/jwt/revocation_strategies/jti_matcher.rb
 - lib/devise/jwt/revocation_strategies/null.rb
-- lib/devise/jwt/revocation_strategies/whitelist.rb
 - lib/devise/jwt/test_helpers.rb
 - lib/devise/jwt/version.rb
 homepage: https://github.com/waiting-for-dev/devise-jwt
@@ -224,7 +249,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: JWT authentication for devise

data/.overcommit.yml

@@ -1,56 +0,0 @@
-#
-# Select version of overcommit and the other tools from Gemfile
-#
-gemfile: .overcommit_gems.rb
-
-#
-# Hooks that are run against every commit message after a user has written it.
-#
-CommitMsg:
-  ALL:
-    required: true
-    exclude: &default_excludes
-      - Gemfile
-      - devise-jwt.gemspec
-      - spec/fixtures/rails_app/**/*
-      - README.md
-      - CHANGELOG.md
-
-  HardTabs:
-    enabled: true
-
-  SingleLineSubject:
-    enabled: true
-
-#
-# Hooks that are run after `git commit` is executed, before the commit message
-# editor is displayed.
-#
-PreCommit:
-  ALL:
-    required: true
-    exclude: *default_excludes
-
-  BundleAudit:
-    enabled: true
-
-  BundleCheck:
-    enabled: true
-
-  LocalPathsInGemfile:
-    enabled: true
-
-  ExecutePermissions:
-    enabled: true
-    exclude:
-      - *default_excludes
-      - bin/*
-
-  Reek:
-    enabled: true
-
-  RuboCop:
-    enabled: true
-
-  TrailingWhitespace:
-    enabled: true

data/.overcommit_gems.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'overcommit', '~> 0.36'
-
-# Patch-level verification for Bundled apps
-gem 'bundler-audit', '~> 0.5'
-
-# Ruby code smell reporter
-gem 'reek', '~> 4.5'
-
-# Ruby code style checking
-gem 'rubocop', '~> 0.47'
-gem 'rubocop-rspec', '~> 1.10'