devise-jwt 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a4a4e4cfd349ee9e76533374b8269516152d37ddafd77b04c55a1d6d53b49c7
-  data.tar.gz: 06d6b7627bbbf01ce30796856236e8e854ad083bf35bfabb3972b1744f6fe8b8
+  metadata.gz: dbd6de3011149a0bca3be6b3658cd5a9556b0be78581f3cd22c3aec9cbfd4cf0
+  data.tar.gz: 6ce928fe9ccbf54f7b119a815ffe97eb72c02a321e618a7f60018c00fabe7e5c
 SHA512:
-  metadata.gz: 2574faee8bb3ca9f7481335360534104e04308772c6c0a1e19b4d2c0fafeb3d075d2faae2e23f98aee7115d9e64f9105b1020cc30825d8e40a633da1404b29de
-  data.tar.gz: bba859af422238968a66f01e13771db8efedf3626c5e21d67f16c192467c4ed1213d9844a6a0e615754c657155ea8b8dc972ac7bacd4c6b7984ce6c70e7c9f4b
+  metadata.gz: 7460b663f7639978e6021f52b1de8e0f4c20ebc9ca33375cc11d630e379fb82cd48d1e61a5ee7fc72335ec1088112a75e02b4bae60935f8439878d2f81b8bd5e
+  data.tar.gz: a572ab50a87f8254bce00685a248dea9ff16181bbdcc70f2f70e7b65a97cfc1d0c0a11dd8ef966a0e80bd7327e5fb5e4e0ed54aef227448960d22c5a5b2aec46

data/.codeclimate.yml

@@ -8,8 +8,6 @@ engines:
     enabled: true
   rubocop:
     enabled: true
-  reek:
-    enabled: true
 ratings:
   paths:
   - "**.rb"
@@ -18,3 +16,4 @@ exclude_paths:
   - Gemfile
   - bin/console
   - devise-jwt.gemspec
+  - vendor/

data/.rubocop.yml

@@ -1,6 +1,11 @@
 require: rubocop-rspec
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
+  Exclude:
+    - Gemfile
+    - devise-jwt.gemspec
+    - spec/fixtures/rails_app/**/*
+    - vendor/**/*
 RSpec/NestedGroups:
   Max: 3
 RSpec/MessageExpectation:
@@ -14,3 +19,37 @@ Metrics/BlockLength:
     - "spec/**/*.rb"
 Style/SafeNavigation:
   Enabled: false
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+Style/AccessorGrouping:
+  Enabled: true
+Style/BisectedAttrAccessor:
+  Enabled: true
+Style/ExponentialNotation:
+  Enabled: true
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
+Style/RedundantAssignment:
+  Enabled: true
+Style/RedundantFetchBlock:
+  Enabled: true
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+Style/RedundantRegexpEscape:
+  Enabled: true
+Style/SlicingWithRange:
+  Enabled: true

data/.travis.yml

@@ -1,19 +1,20 @@
 language: ruby
+cache: bundler
 rvm:
   - 2.5
   - 2.6
   - 2.7
+  - ruby-head
 before_install:
   - gem update --system --no-doc
-  - bundle install --gemfile=.overcommit_gems.rb
-before_script:
-  - git config --global user.email 'travis@travis.ci'
-  - git config --global user.name 'Travis CI'
+  - gem install bundler
 script:
   - bundle exec rspec
+  - bundle exec rubocop
   - bundle exec codeclimate-test-reporter
-  - overcommit --sign
-  - overcommit --run
+jobs:
+  allow_failures:
+    - rvm: ruby-head
 addons:
   code_climate:
     repo_token:

data/CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.8.0] - 2020-07-06
+### Fixed
+- Fix compatibility with last version of dry-configurable
+
 ## [0.7.0] - 2020-06-03
 ### Fixed
 - Replace whitelist/blacklist terminology with allowlist/denylist

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 Marc Busqué
+Copyright (c) 2016-2020 Marc Busqué
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -21,6 +21,28 @@ You can read about which security concerns this library takes into account and a
 
 `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
 
+## Upgrade notes
+
+### v0.7.0
+
+Since version v0.7.0 `Blacklist` revocation strategy has been renamed to `Denylist` while `Whitelist` has been renamed to `Allowlist`.
+
+For `Denylist`, you only need to update the `include` line you're using in your revocation strategy model:
+
+```ruby
+# include Devise::JWT::RevocationStrategies::Blacklist # before
+include Devise::JWT::RevocationStrategies::Denylist 
+```
+
+For `Whitelist`, you need to update the `include` line you're using in your user model:
+
+```ruby
+# include Devise::JWT::RevocationStrategies::Whitelist # before
+include Devise::JWT::RevocationStrategies::Allowlist
+```
+
+You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -499,14 +521,6 @@ An then, for example:
 
 `docker-compose exec app rspec`
 
-This gem uses [overcommit](https://github.com/brigade/overcommit) to execute some code review engines. If you submit a pull request, it will be executed in the CI process. In order to set it up, you need to do:
-
-```ruby
-bundle install --gemfile=.overcommit_gems.rb
-overcommit --sign
-overcommit --run # To test if it works
-```
-
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/waiting-for-dev/devise-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/bin/console

@@ -1,14 +1,15 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "devise/jwt"
+require 'bundler/setup'
+require 'devise/jwt'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
 # (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
+# require 'pry'
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/devise-jwt.gemspec

@@ -22,16 +22,19 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.4'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.5'
 
   spec.add_development_dependency "bundler", "> 1"
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.8"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec"
   spec.add_development_dependency "pry-byebug", "~> 3.7"
   # Needed to test the rails fixture application
-  spec.add_development_dependency 'rails', '~> 5.0'
+  spec.add_development_dependency 'rails', '~> 6.0'
   spec.add_development_dependency 'sqlite3', '~> 1.3'
-  spec.add_development_dependency 'rspec-rails', '~> 3.5'
+  spec.add_development_dependency 'rspec-rails', '~> 4.0'
+  # Cops
+  spec.add_development_dependency 'rubocop', '~> 0.87'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.42'
   # Test reporting
   spec.add_development_dependency 'simplecov', '0.17'
   spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'

data/issue_template.md

@@ -18,6 +18,7 @@ Provide following information. Please, format pasted output as code. Feel free t
 
 - Version of `devise-jwt` in use
 - Version of `rails` in use
+- Version of `warden-jwt_auth` in use
 - Output of `Devise::JWT.config`
 - Output of `Warden::JWTAuth.config`
 - Output of `Devise.mappings`

data/lib/devise/jwt.rb

@@ -17,7 +17,9 @@ module Devise
   #
   # @see Warden::JWTAuth
   def self.jwt
+    Warden::JWTAuth.config.to_h
     yield(Devise::JWT.config)
+    Devise::JWT.config.to_h
   end
 
   add_module(:jwt_authenticatable, strategy: :jwt)
@@ -26,23 +28,31 @@ module Devise
   module JWT
     extend Dry::Configurable
 
-    setting(:secret) do |value|
+    def self.forward_to_warden(setting, value)
+      default = Warden::JWTAuth.config.send(setting)
+      Warden::JWTAuth.config.send("#{setting}=", value || default)
+      Warden::JWTAuth.config.send(setting)
+    end
+
+    setting(:secret, Warden::JWTAuth.config.secret) do |value|
       forward_to_warden(:secret, value)
     end
 
-    setting(:expiration_time) do |value|
+    setting(:expiration_time, Warden::JWTAuth.config.expiration_time) do |value|
       forward_to_warden(:expiration_time, value)
     end
 
-    setting(:dispatch_requests) do |value|
+    setting(:dispatch_requests,
+            Warden::JWTAuth.config.dispatch_requests) do |value|
       forward_to_warden(:dispatch_requests, value)
     end
 
-    setting(:revocation_requests) do |value|
+    setting(:revocation_requests,
+            Warden::JWTAuth.config.revocation_requests) do |value|
       forward_to_warden(:revocation_requests, value)
     end
 
-    setting(:aud_header) do |value|
+    setting(:aud_header, Warden::JWTAuth.config.aud_header) do |value|
       forward_to_warden(:aud_header, value)
     end
 
@@ -60,9 +70,5 @@ module Devise
     #   admin_user: [nil, :xml]
     # }
     setting :request_formats, {}
-
-    def self.forward_to_warden(setting, value)
-      Warden::JWTAuth.config.send("#{setting}=", value)
-    end
   end
 end

data/lib/devise/jwt/defaults_generator.rb

@@ -42,14 +42,12 @@ module Devise
         add_revocation_requests(inspector)
       end
 
-      # :reek:FeatureEnvy
       def add_mapping(inspector)
         scope = inspector.scope
         model = inspector.model
         defaults[:mappings][scope] = model.name
       end
 
-      # :reek:FeatureEnvy
       def add_revocation_strategy(inspector)
         scope = inspector.scope
         strategy = inspector.model.jwt_revocation_strategy
@@ -91,7 +89,6 @@ module Devise
         requests(inspector, :registration)
       end
 
-      # :reek:FeatureEnvy
       def requests(inspector, name)
         path = inspector.path(name)
         methods = inspector.methods(name)
@@ -100,7 +97,6 @@ module Devise
         end
       end
 
-      # :reek:UtilityFunction
       def requests_for_format(path, methods, format)
         path_regexp = format ? /^#{path}.#{format}$/ : /^#{path}$/
         methods.map do |method|

data/lib/devise/jwt/mapping_inspector.rb

@@ -27,7 +27,6 @@ module Devise
         mapping.to
       end
 
-      # :reek:FeatureEnvy
       def path(name)
         prefix, scope, request = path_parts(name)
         [prefix, scope, request].delete_if do |item|
@@ -35,7 +34,6 @@ module Devise
         end.join('/').prepend('/').gsub('//', '/')
       end
 
-      # :reek:ControlParameter
       def methods(name)
         method = case name
                  when :sign_in      then 'POST'

data/lib/devise/jwt/revocation_strategies/allowlist.rb

@@ -38,7 +38,6 @@ module Devise
         end
 
         # Warden::JWTAuth::Interfaces::User#on_jwt_dispatch
-        # :reek:FeatureEnvy
         def on_jwt_dispatch(_token, payload)
           allowlisted_jwts.create!(
             jti: payload['jti'],

data/lib/devise/jwt/test_helpers.rb

@@ -20,18 +20,13 @@ module Devise
       # autodetected.
       # @param aud [String] The aud claim. If `nil` it will be autodetected from
       # the header name configured in `Devise::JWT.config.aud_header`.
-      #
-      # :reek:LongParameterList
-      # :reek:ManualDispatch
       def self.auth_headers(headers, user, scope: nil, aud: nil)
         scope ||= Devise::Mapping.find_scope!(user)
         aud ||= headers[Warden::JWTAuth.config.aud_header]
         token, payload = Warden::JWTAuth::UserEncoder.new.call(
           user, scope, aud
         )
-        if user.respond_to?(:on_jwt_dispatch)
-          user.on_jwt_dispatch(token, payload)
-        end
+        user.on_jwt_dispatch(token, payload) if user.respond_to?(:on_jwt_dispatch)
         Warden::JWTAuth::HeaderParser.to_headers(headers, token)
       end
     end

data/lib/devise/jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Devise
   module JWT
-    VERSION = '0.7.0'
+    VERSION = '0.8.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Marc Busqué
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-06-03 00:00:00.000000000 Z
+date: 2020-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.87'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.87'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.42'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '1.42'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -173,9 +201,6 @@ extra_rdoc_files: []
 files:
 - ".codeclimate.yml"
 - ".gitignore"
-- ".overcommit.yml"
-- ".overcommit_gems.rb"
-- ".reek"
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
@@ -223,7 +248,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubyforge_project: 
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: JWT authentication for devise

data/.overcommit.yml

@@ -1,56 +0,0 @@
-#
-# Select version of overcommit and the other tools from Gemfile
-#
-gemfile: .overcommit_gems.rb
-
-#
-# Hooks that are run against every commit message after a user has written it.
-#
-CommitMsg:
-  ALL:
-    required: true
-    exclude: &default_excludes
-      - Gemfile
-      - devise-jwt.gemspec
-      - spec/fixtures/rails_app/**/*
-      - README.md
-      - CHANGELOG.md
-
-  HardTabs:
-    enabled: true
-
-  SingleLineSubject:
-    enabled: true
-
-#
-# Hooks that are run after `git commit` is executed, before the commit message
-# editor is displayed.
-#
-PreCommit:
-  ALL:
-    required: true
-    exclude: *default_excludes
-
-  BundleAudit:
-    enabled: true
-
-  BundleCheck:
-    enabled: true
-
-  LocalPathsInGemfile:
-    enabled: true
-
-  ExecutePermissions:
-    enabled: true
-    exclude:
-      - *default_excludes
-      - bin/*
-
-  Reek:
-    enabled: true
-
-  RuboCop:
-    enabled: true
-
-  TrailingWhitespace:
-    enabled: true

data/.overcommit_gems.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'overcommit', '~> 0.36'
-
-# Patch-level verification for Bundled apps
-gem 'bundler-audit', '~> 0.5'
-
-# Ruby code smell reporter
-gem 'reek', '~> 4.5'
-
-# Ruby code style checking
-gem 'rubocop', '~> 0.47'
-gem 'rubocop-rspec', '~> 1.10'