devise-jwt 0.6.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7424fb9a5d880c89e3fe1d8c7b9e9c7eb4cff7cc9fb746a69581fc0f92ef05eb
-  data.tar.gz: fb0aa453fb4f73acfe0d423651680062e5329ff1fa4e28bd827eff6781231e2c
+  metadata.gz: 5e40b6ccd72ec79899cc680dcbcafbfa0e2375ef5a079d21fd2bbd41863a0dd1
+  data.tar.gz: a2e8404f365a91acd324d5d62a6276943d08f0fd012b33f8e1a54098531d9327
 SHA512:
-  metadata.gz: 1f872a48f5e83e686745ebcc0d64368f4a6b450cbf01fea430c034a2660865ebacbbd5bcf3bbc3e10ebfbd201a04d249c82c34e2d5d2db1f91d7b3934e945508
-  data.tar.gz: 75e60907d0a5bb6fca5a180c935665ae854d8a772ec9fcf9e7965275416352e23c75dfe3be625280e9600cab92137eb3bf601350919234b3d13eeaf8793e9d2d
+  metadata.gz: 1d39b950c6f645a487274958c644f637a61c4bcade854703027c04202f594fe4b7409861b8275b13f02d231ea2a292135b3ec94a06e3c04cc593529129ce7f68
+  data.tar.gz: a804da86acdc39451f169fef0e8b04ca7bd8874600a6259ae494a02ca85b727e3bd9e08590cfa0ca8c615af11ebec58df5032948a1ae76a57e3fd1f2cc52e11e

data/.codeclimate.yml

@@ -8,8 +8,6 @@ engines:
     enabled: true
   rubocop:
     enabled: true
-  reek:
-    enabled: true
 ratings:
   paths:
   - "**.rb"
@@ -18,3 +16,4 @@ exclude_paths:
   - Gemfile
   - bin/console
   - devise-jwt.gemspec
+  - vendor/

data/.rubocop.yml

@@ -1,6 +1,11 @@
 require: rubocop-rspec
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
+  Exclude:
+    - Gemfile
+    - devise-jwt.gemspec
+    - spec/fixtures/rails_app/**/*
+    - vendor/**/*
 RSpec/NestedGroups:
   Max: 3
 RSpec/MessageExpectation:
@@ -14,3 +19,37 @@ Metrics/BlockLength:
     - "spec/**/*.rb"
 Style/SafeNavigation:
   Enabled: false
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+Style/AccessorGrouping:
+  Enabled: true
+Style/BisectedAttrAccessor:
+  Enabled: true
+Style/ExponentialNotation:
+  Enabled: true
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
+Style/RedundantAssignment:
+  Enabled: true
+Style/RedundantFetchBlock:
+  Enabled: true
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+Style/RedundantRegexpEscape:
+  Enabled: true
+Style/SlicingWithRange:
+  Enabled: true

data/.travis.yml

@@ -1,20 +1,20 @@
-sudo: false
 language: ruby
+cache: bundler
 rvm:
-  - 2.3
-  - 2.4
-  - 2.5
+  - 2.6
+  - 2.7
+  - 3.0
+  - ruby-head
 before_install:
   - gem update --system --no-doc
-  - bundle install --gemfile=.overcommit_gems.rb
-before_script:
-  - git config --global user.email 'travis@travis.ci'
-  - git config --global user.name 'Travis CI'
+  - gem install bundler
 script:
   - bundle exec rspec
+  - bundle exec rubocop
   - bundle exec codeclimate-test-reporter
-  - overcommit --sign
-  - overcommit --run
+jobs:
+  allow_failures:
+    - rvm: ruby-head
 addons:
   code_climate:
     repo_token:

data/CHANGELOG.md

@@ -4,7 +4,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## [0.6.0] - 2019-01-08
+## [0.9.0] - 2021-09-21
+### Fixed
+- Fix compatibility with dry-configurable 0.13
+
+## [0.8.1] - 2021-02-14
+### Fixed
+- Fix behaviour on code reload
+- Support ruby 3.0 and deprecate ruby 2.5
+
+## [0.8.0] - 2020-07-06
+### Fixed
+- Fix compatibility with last version of dry-configurable
+
+## [0.7.0] - 2020-06-03
+### Fixed
+- Replace whitelist/blacklist terminology with allowlist/denylist
+
+## [0.6.0] - 2019-08-01
 ### Fixed
 - Update warden-jwt_auth dependency to v0.4.0 so that now it is possible to configure algorithm.
 

data/Dockerfile

@@ -1,9 +1,7 @@
-FROM ruby:2.3.1
-ENV APP_HOME /app/
-ENV LIB_DIR lib/devise/jwt/
-RUN apt-get update -qq && apt-get install -y build-essential libpq-dev libxml2-dev libxslt1-dev nodejs
-RUN mkdir -p $APP_HOME/$LIB_DIR
-WORKDIR $APP_HOME
-COPY Gemfile *gemspec $APP_HOME
-COPY $LIB_DIR/version.rb $APP_HOME/$LIB_DIR
-RUN bundle install
+FROM ruby:3.0.0
+ENV APP_USER devise_jwt_user
+RUN apt-get update -qq && \
+    apt-get install -y build-essential sqlite3 libsqlite3-dev
+RUN useradd -ms /bin/bash $APP_USER
+USER $APP_USER
+WORKDIR /home/$APP_USER/app

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 Marc Busqué
+Copyright (c) 2016-2020 Marc Busqué
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -14,19 +14,41 @@ solution using refresh tokens, like some implementation of OAuth2.
 
 You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
 
-- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
-- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
-- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
-- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails/)
+- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation)
+- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies)
+- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage)
+- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails)
 
 `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
 
+## Upgrade notes
+
+### v0.7.0
+
+Since version v0.7.0 `Blacklist` revocation strategy has been renamed to `Denylist` while `Whitelist` has been renamed to `Allowlist`.
+
+For `Denylist`, you only need to update the `include` line you're using in your revocation strategy model:
+
+```ruby
+# include Devise::JWT::RevocationStrategies::Blacklist # before
+include Devise::JWT::RevocationStrategies::Denylist 
+```
+
+For `Allowlist`, you need to update the `include` line you're using in your user model:
+
+```ruby
+# include Devise::JWT::RevocationStrategies::Whitelist # before
+include Devise::JWT::RevocationStrategies::Allowlist
+```
+
+You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt`, rename `model/whitelisted_jwt.rb` to `model/allowlisted_jwt.rb` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
+
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'devise-jwt', '~> 0.5.9'
+gem 'devise-jwt'
 ```
 
 And then execute:
@@ -69,14 +91,14 @@ You have to tell which user models you want to be able to authenticate with JWT
 
 See [request_formats](#request_formats) configuration option if you are using paths with a format segment (like `.json`) in order to use it properly.
 
-As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/).
+As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation).
 
 An example configuration:
 
 ```ruby
 class User < ApplicationRecord
   devise :database_authenticatable,
-         :jwt_authenticatable, jwt_revocation_strategy: Blacklist
+         :jwt_authenticatable, jwt_revocation_strategy: Denylist
 end
 ```
 
@@ -132,7 +154,7 @@ This is so because of the following default devise workflow:
   in the session without even reaching to any strategy (`:jwt_authenticatable`
   in our case).
 
-So, if you want to avoid this caveat you have two options:
+So, if you want to avoid this caveat you have three options:
 
 - Disable the session. If you are developing an API, probably you don't need
   it. In order to disable it, change `config/initializers/session_store.rb` to:
@@ -146,10 +168,19 @@ So, if you want to avoid this caveat you have two options:
   ```ruby
   config.skip_session_storage = [:http_auth, :params_auth]
   ```
+- If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
+  to disable session storage for devise entirely, you can disable it on a
+  per-model basis:
+  ```ruby
+  class User < ApplicationRecord
+    devise :database_authenticatable #, your other enabled modules...
+    self.skip_session_storage = [:http_auth, :params_auth]
+  end
+  ```
 
 ### Revocation strategies
 
-`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/), where I also talk about their pros and cons.
+`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies), where I also talk about their pros and cons.
 
 #### JTIMatcher
 
@@ -157,7 +188,7 @@ Here, the model class acts itself as the revocation strategy. It needs a new str
 
 It works like the following:
 
-- At the same time that a token is dispatched for a user, the `jti` claim is persisted to the `jti` column.
+- When a token is dispatched for a user, the `jti` claim is taken from the `jti` column in the model (which has been initialized when the record has been created).
 - At every authenticated action, the incoming token `jti` claim is matched against the `jti` column for that user. The authentication only succeeds if they are the same.
 - When the user requests to sign out its `jti` column changes, so that provided token won't be valid anymore.
 
@@ -196,29 +227,29 @@ def jwt_payload
 end
 ```
 
-#### Blacklist
+#### Denylist
 
-In this strategy, a database table is used as a blacklist of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of staled tokens.
+In this strategy, a database table is used as a list of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of staled tokens.
 
-In order to use it, you need to create the blacklist table in a migration:
+In order to use it, you need to create the denylist table in a migration:
 
 ```ruby
 def change
-  create_table :jwt_blacklist do |t|
+  create_table :jwt_denylist do |t|
     t.string :jti, null: false
     t.datetime :exp, null: false
   end
-  add_index :jwt_blacklist, :jti
+  add_index :jwt_denylist, :jti
 end
 ```
 For performance reasons, it is better if the `jti` column is an index.
 
-Note: if you used the blacklist strategy before vesion 0.4.0 you may not have the field *exp.* If not, run the following migration:
+Note: if you used the denylist strategy before vesion 0.4.0 you may not have the field *exp.* If not, run the following migration:
 
 ```ruby
-class AddExpirationTimeToJWTBlacklist < ActiveRecord::Migration
+class AddExpirationTimeToJWTDenylist < ActiveRecord::Migration
   def change
-    add_column :jwt_blacklist, :exp, :datetime, null: false
+    add_column :jwt_denylist, :exp, :datetime, null: false
   end
 end
 
@@ -227,10 +258,10 @@ end
 Then, you need to create the corresponding model and include the strategy:
 
 ```ruby
-class JWTBlacklist < ApplicationRecord
-  include Devise::JWT::RevocationStrategies::Blacklist
+class JwtDenylist < ApplicationRecord
+  include Devise::JWT::RevocationStrategies::Denylist
 
-  self.table_name = 'jwt_blacklist'
+  self.table_name = 'jwt_denylist'
 end
 ```
 
@@ -239,11 +270,11 @@ Last, configure the user model to use it:
 ```ruby
 class User < ApplicationRecord
   devise :database_authenticatable,
-         :jwt_authenticatable, jwt_revocation_strategy: JWTBlacklist
+         :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
 end
 ```
 
-#### Whitelist
+#### Allowlist
 
 Here, the model itself acts also as a revocation strategy, but it needs to have
 a one-to-many association with another table which stores the tokens (in fact
@@ -266,11 +297,11 @@ devices for the same user.
 The `exp` claim is also stored to allow the clean-up of staled tokens.
 
 In order to use it, you have to create yourself the associated table and model.
-The association table must be called `whitelisted_jwts`:
+The association table must be called `allowlisted_jwts`:
 
 ```ruby
 def change
-  create_table :whitelisted_jwts do |t|
+  create_table :allowlisted_jwts do |t|
     t.string :jti, null: false
     t.string :aud
     # If you want to leverage the `aud` claim, add to it a `NOT NULL` constraint:
@@ -279,7 +310,7 @@ def change
     t.references :your_user_table, foreign_key: { on_delete: :cascade }, null: false
   end
 
-  add_index :whitelisted_jwts, :jti, unique: true
+  add_index :allowlisted_jwts, :jti, unique: true
 end
 ```
 Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time. Definining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
@@ -287,7 +318,7 @@ Important: You are encouraged to set a unique index in the jti column. This way
 And then, the model:
 
 ```ruby
-class WhitelistedJwt < ApplicationRecord
+class AllowlistedJwt < ApplicationRecord
 end
 ```
 
@@ -295,7 +326,7 @@ Finally, include the strategy in the model and configure it:
 
 ```ruby
 class User < ApplicationRecord
-  include Devise::JWT::RevocationStrategies::Whitelist
+  include Devise::JWT::RevocationStrategies::Allowlist
 
   devise :database_authenticatable,
          :jwt_authenticatable, jwt_revocation_strategy: self
@@ -490,14 +521,6 @@ An then, for example:
 
 `docker-compose exec app rspec`
 
-This gem uses [overcommit](https://github.com/brigade/overcommit) to execute some code review engines. If you submit a pull request, it will be executed in the CI process. In order to set it up, you need to do:
-
-```ruby
-bundle install --gemfile=.overcommit_gems.rb
-overcommit --sign
-overcommit --run # To test if it works
-```
-
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/waiting-for-dev/devise-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/bin/console

@@ -1,14 +1,15 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "devise/jwt"
+require 'bundler/setup'
+require 'devise/jwt'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
 # (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
+# require 'pry'
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/devise-jwt.gemspec

@@ -22,17 +22,20 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.4'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.6'
 
   spec.add_development_dependency "bundler", "> 1"
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.8"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec"
   spec.add_development_dependency "pry-byebug", "~> 3.7"
   # Needed to test the rails fixture application
-  spec.add_development_dependency 'rails', '~> 5.0'
+  spec.add_development_dependency 'rails', '~> 6.0'
   spec.add_development_dependency 'sqlite3', '~> 1.3'
-  spec.add_development_dependency 'rspec-rails', '~> 3.5'
+  spec.add_development_dependency 'rspec-rails', '~> 4.0'
+  # Cops
+  spec.add_development_dependency 'rubocop', '~> 0.87'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.42'
   # Test reporting
-  spec.add_development_dependency 'simplecov', '~> 0.16'
+  spec.add_development_dependency 'simplecov', '0.17'
   spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
 end

data/docker-compose.yml

@@ -2,6 +2,11 @@ version: '2'
 services:
   app:
     build: .
-    command: tail -f Gemfile
+    image: devise_jwt
+    command: bash -c "bundle && tail -f Gemfile"
     volumes:
-      - .:/app
+      - .:/home/devise_jwt_user/app
+    tty: true
+    stdin_open: true
+    tmpfs:
+      - /tmp

data/issue_template.md

@@ -18,6 +18,7 @@ Provide following information. Please, format pasted output as code. Feel free t
 
 - Version of `devise-jwt` in use
 - Version of `rails` in use
+- Version of `warden-jwt_auth` in use
 - Output of `Devise::JWT.config`
 - Output of `Warden::JWTAuth.config`
 - Output of `Devise.mappings`

data/lib/devise/jwt/defaults_generator.rb

@@ -42,14 +42,12 @@ module Devise
         add_revocation_requests(inspector)
       end
 
-      # :reek:FeatureEnvy
       def add_mapping(inspector)
         scope = inspector.scope
         model = inspector.model
         defaults[:mappings][scope] = model.name
       end
 
-      # :reek:FeatureEnvy
       def add_revocation_strategy(inspector)
         scope = inspector.scope
         strategy = inspector.model.jwt_revocation_strategy
@@ -91,7 +89,6 @@ module Devise
         requests(inspector, :registration)
       end
 
-      # :reek:FeatureEnvy
       def requests(inspector, name)
         path = inspector.path(name)
         methods = inspector.methods(name)
@@ -100,7 +97,6 @@ module Devise
         end
       end
 
-      # :reek:UtilityFunction
       def requests_for_format(path, methods, format)
         path_regexp = format ? /^#{path}.#{format}$/ : /^#{path}$/
         methods.map do |method|

data/lib/devise/jwt/mapping_inspector.rb

@@ -27,7 +27,6 @@ module Devise
         mapping.to
       end
 
-      # :reek:FeatureEnvy
       def path(name)
         prefix, scope, request = path_parts(name)
         [prefix, scope, request].delete_if do |item|
@@ -35,7 +34,6 @@ module Devise
         end.join('/').prepend('/').gsub('//', '/')
       end
 
-      # :reek:ControlParameter
       def methods(name)
         method = case name
                  when :sign_in      then 'POST'

data/lib/devise/jwt/railtie.rb

@@ -21,6 +21,15 @@ module Devise
             config.revocation_strategies = defaults[:revocation_strategies]
           end
         end
+
+        ActiveSupport::Reloader.to_prepare do
+          Warden::JWTAuth.configure do |config|
+            defaults = DefaultsGenerator.call
+
+            config.mappings = defaults[:mappings]
+            config.revocation_strategies = defaults[:revocation_strategies]
+          end
+        end
       end
     end
   end

data/lib/devise/jwt/revocation_strategies/{whitelist.rb → allowlist.rb}

@@ -7,40 +7,39 @@ module Devise
     module RevocationStrategies
       # This strategy must be included in the user model.
       #
-      # The JwtWhitelist table must include `jti`, `aud`, `exp` and `user_id`
+      # The JwtAllowlist table must include `jti`, `aud`, `exp` and `user_id`
       # columns
       #
       # In order to tell whether a token is revoked, it just tries to find the
-      # `jti` and `aud` values from the token on the `whitelisted_jwts`
+      # `jti` and `aud` values from the token on the `allowlisted_jwts`
       # table for the respective user.
       #
       # If the values don't exist means the token was revoked.
       # On revocation, it deletes the matching record from the
-      # `whitelisted_jwts` table.
+      # `allowlisted_jwts` table.
       #
       # On sign in, it creates a new record with the `jti` and `aud` values.
-      module Whitelist
+      module Allowlist
         extend ActiveSupport::Concern
 
         included do
-          has_many :whitelisted_jwts, dependent: :destroy
+          has_many :allowlisted_jwts, dependent: :destroy
 
           # @see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
           def self.jwt_revoked?(payload, user)
-            !user.whitelisted_jwts.exists?(payload.slice('jti', 'aud'))
+            !user.allowlisted_jwts.exists?(payload.slice('jti', 'aud'))
           end
 
           # @see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
           def self.revoke_jwt(payload, user)
-            jwt = user.whitelisted_jwts.find_by(payload.slice('jti', 'aud'))
+            jwt = user.allowlisted_jwts.find_by(payload.slice('jti', 'aud'))
             jwt.destroy! if jwt
           end
         end
 
         # Warden::JWTAuth::Interfaces::User#on_jwt_dispatch
-        # :reek:FeatureEnvy
         def on_jwt_dispatch(_token, payload)
-          whitelisted_jwts.create!(
+          allowlisted_jwts.create!(
             jti: payload['jti'],
             aud: payload['aud'],
             exp: Time.at(payload['exp'].to_i)

data/lib/devise/jwt/revocation_strategies/{blacklist.rb → denylist.rb}

@@ -10,7 +10,7 @@ module Devise
       #
       # In order to tell whether a token is revoked, it just checks whether
       # `jti` is in the table. On revocation, creates a new record with it.
-      module Blacklist
+      module Denylist
         extend ActiveSupport::Concern
 
         included do

data/lib/devise/jwt/revocation_strategies.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 require 'devise/jwt/revocation_strategies/jti_matcher'
-require 'devise/jwt/revocation_strategies/blacklist'
-require 'devise/jwt/revocation_strategies/whitelist'
+require 'devise/jwt/revocation_strategies/denylist'
+require 'devise/jwt/revocation_strategies/allowlist'
 require 'devise/jwt/revocation_strategies/null'
 
 module Devise

data/lib/devise/jwt/test_helpers.rb

@@ -9,7 +9,7 @@ module Devise
       #
       # Side effects could happen if you have implemented
       # `on_jwt_dispatch` method on the user model (as it happens in
-      # the whitelist revocation strategy).
+      # the allowlist revocation strategy).
       #
       # Be aware that a fresh copy of `headers` is returned with the new
       # key/value pair added, instead of modifying given argument.
@@ -20,18 +20,13 @@ module Devise
       # autodetected.
       # @param aud [String] The aud claim. If `nil` it will be autodetected from
       # the header name configured in `Devise::JWT.config.aud_header`.
-      #
-      # :reek:LongParameterList
-      # :reek:ManualDispatch
       def self.auth_headers(headers, user, scope: nil, aud: nil)
         scope ||= Devise::Mapping.find_scope!(user)
         aud ||= headers[Warden::JWTAuth.config.aud_header]
         token, payload = Warden::JWTAuth::UserEncoder.new.call(
           user, scope, aud
         )
-        if user.respond_to?(:on_jwt_dispatch)
-          user.on_jwt_dispatch(token, payload)
-        end
+        user.on_jwt_dispatch(token, payload) if user.respond_to?(:on_jwt_dispatch)
         Warden::JWTAuth::HeaderParser.to_headers(headers, token)
       end
     end

data/lib/devise/jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Devise
   module JWT
-    VERSION = '0.6.0'
+    VERSION = '0.9.0'
   end
 end

data/lib/devise/jwt.rb

@@ -17,7 +17,9 @@ module Devise
   #
   # @see Warden::JWTAuth
   def self.jwt
+    Warden::JWTAuth.config.to_h
     yield(Devise::JWT.config)
+    Devise::JWT.config.to_h
   end
 
   add_module(:jwt_authenticatable, strategy: :jwt)
@@ -26,25 +28,31 @@ module Devise
   module JWT
     extend Dry::Configurable
 
-    setting(:secret) do |value|
-      forward_to_warden(:secret, value)
+    def self.forward_to_warden(setting, value)
+      default = Warden::JWTAuth.config.send(setting)
+      Warden::JWTAuth.config.send("#{setting}=", value || default)
+      Warden::JWTAuth.config.send(setting)
     end
 
-    setting(:expiration_time) do |value|
-      forward_to_warden(:expiration_time, value)
-    end
+    setting(:secret,
+            default: Warden::JWTAuth.config.secret,
+            constructor: ->(value) { forward_to_warden(:secret, value) })
 
-    setting(:dispatch_requests) do |value|
-      forward_to_warden(:dispatch_requests, value)
-    end
+    setting(:expiration_time,
+            default: Warden::JWTAuth.config.expiration_time,
+            constructor: ->(value) { forward_to_warden(:expiration_time, value) })
 
-    setting(:revocation_requests) do |value|
-      forward_to_warden(:revocation_requests, value)
-    end
+    setting(:dispatch_requests,
+            default: Warden::JWTAuth.config.dispatch_requests,
+            constructor: ->(value) { forward_to_warden(:dispatch_requests, value) })
 
-    setting(:aud_header) do |value|
-      forward_to_warden(:aud_header, value)
-    end
+    setting(:revocation_requests,
+            default: Warden::JWTAuth.config.revocation_requests,
+            constructor: ->(value) { forward_to_warden(:revocation_requests, value) })
+
+    setting(:aud_header,
+            default: Warden::JWTAuth.config.aud_header,
+            constructor: ->(value) { forward_to_warden(:aud_header, value) })
 
     # A hash of warden scopes as keys and an array of request formats that will
     # be processed as values. When a scope is not present or if it has a nil
@@ -59,10 +67,6 @@ module Devise
     #   user: [:json],
     #   admin_user: [nil, :xml]
     # }
-    setting :request_formats, {}
-
-    def self.forward_to_warden(setting, value)
-      Warden::JWTAuth.config.send("#{setting}=", value)
-    end
+    setting :request_formats, default: {}
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Marc Busqué
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-08-01 00:00:00.000000000 Z
+date: 2021-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.6'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -128,28 +128,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.87'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.87'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '1.42'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '1.42'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '0.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '0.17'
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
@@ -173,9 +201,6 @@ extra_rdoc_files: []
 files:
 - ".codeclimate.yml"
 - ".gitignore"
-- ".overcommit.yml"
-- ".overcommit_gems.rb"
-- ".reek"
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
@@ -198,10 +223,10 @@ files:
 - lib/devise/jwt/models/jwt_authenticatable.rb
 - lib/devise/jwt/railtie.rb
 - lib/devise/jwt/revocation_strategies.rb
-- lib/devise/jwt/revocation_strategies/blacklist.rb
+- lib/devise/jwt/revocation_strategies/allowlist.rb
+- lib/devise/jwt/revocation_strategies/denylist.rb
 - lib/devise/jwt/revocation_strategies/jti_matcher.rb
 - lib/devise/jwt/revocation_strategies/null.rb
-- lib/devise/jwt/revocation_strategies/whitelist.rb
 - lib/devise/jwt/test_helpers.rb
 - lib/devise/jwt/version.rb
 homepage: https://github.com/waiting-for-dev/devise-jwt
@@ -223,8 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: JWT authentication for devise

data/.overcommit.yml

@@ -1,56 +0,0 @@
-#
-# Select version of overcommit and the other tools from Gemfile
-#
-gemfile: .overcommit_gems.rb
-
-#
-# Hooks that are run against every commit message after a user has written it.
-#
-CommitMsg:
-  ALL:
-    required: true
-    exclude: &default_excludes
-      - Gemfile
-      - devise-jwt.gemspec
-      - spec/fixtures/rails_app/**/*
-      - README.md
-      - CHANGELOG.md
-
-  HardTabs:
-    enabled: true
-
-  SingleLineSubject:
-    enabled: true
-
-#
-# Hooks that are run after `git commit` is executed, before the commit message
-# editor is displayed.
-#
-PreCommit:
-  ALL:
-    required: true
-    exclude: *default_excludes
-
-  BundleAudit:
-    enabled: true
-
-  BundleCheck:
-    enabled: true
-
-  LocalPathsInGemfile:
-    enabled: true
-
-  ExecutePermissions:
-    enabled: true
-    exclude:
-      - *default_excludes
-      - bin/*
-
-  Reek:
-    enabled: true
-
-  RuboCop:
-    enabled: true
-
-  TrailingWhitespace:
-    enabled: true

data/.overcommit_gems.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'overcommit', '~> 0.36'
-
-# Patch-level verification for Bundled apps
-gem 'bundler-audit', '~> 0.5'
-
-# Ruby code smell reporter
-gem 'reek', '~> 4.5'
-
-# Ruby code style checking
-gem 'rubocop', '~> 0.47'
-gem 'rubocop-rspec', '~> 1.10'