devise-jwt 0.7.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1a4a4e4cfd349ee9e76533374b8269516152d37ddafd77b04c55a1d6d53b49c7
4
- data.tar.gz: 06d6b7627bbbf01ce30796856236e8e854ad083bf35bfabb3972b1744f6fe8b8
3
+ metadata.gz: dbd6de3011149a0bca3be6b3658cd5a9556b0be78581f3cd22c3aec9cbfd4cf0
4
+ data.tar.gz: 6ce928fe9ccbf54f7b119a815ffe97eb72c02a321e618a7f60018c00fabe7e5c
5
5
  SHA512:
6
- metadata.gz: 2574faee8bb3ca9f7481335360534104e04308772c6c0a1e19b4d2c0fafeb3d075d2faae2e23f98aee7115d9e64f9105b1020cc30825d8e40a633da1404b29de
7
- data.tar.gz: bba859af422238968a66f01e13771db8efedf3626c5e21d67f16c192467c4ed1213d9844a6a0e615754c657155ea8b8dc972ac7bacd4c6b7984ce6c70e7c9f4b
6
+ metadata.gz: 7460b663f7639978e6021f52b1de8e0f4c20ebc9ca33375cc11d630e379fb82cd48d1e61a5ee7fc72335ec1088112a75e02b4bae60935f8439878d2f81b8bd5e
7
+ data.tar.gz: a572ab50a87f8254bce00685a248dea9ff16181bbdcc70f2f70e7b65a97cfc1d0c0a11dd8ef966a0e80bd7327e5fb5e4e0ed54aef227448960d22c5a5b2aec46
@@ -8,8 +8,6 @@ engines:
8
8
  enabled: true
9
9
  rubocop:
10
10
  enabled: true
11
- reek:
12
- enabled: true
13
11
  ratings:
14
12
  paths:
15
13
  - "**.rb"
@@ -18,3 +16,4 @@ exclude_paths:
18
16
  - Gemfile
19
17
  - bin/console
20
18
  - devise-jwt.gemspec
19
+ - vendor/
@@ -1,6 +1,11 @@
1
1
  require: rubocop-rspec
2
2
  AllCops:
3
- TargetRubyVersion: 2.3
3
+ TargetRubyVersion: 2.7
4
+ Exclude:
5
+ - Gemfile
6
+ - devise-jwt.gemspec
7
+ - spec/fixtures/rails_app/**/*
8
+ - vendor/**/*
4
9
  RSpec/NestedGroups:
5
10
  Max: 3
6
11
  RSpec/MessageExpectation:
@@ -14,3 +19,37 @@ Metrics/BlockLength:
14
19
  - "spec/**/*.rb"
15
20
  Style/SafeNavigation:
16
21
  Enabled: false
22
+ Layout/EmptyLinesAroundAttributeAccessor:
23
+ Enabled: true
24
+ Layout/SpaceAroundMethodCallOperator:
25
+ Enabled: true
26
+ Lint/DeprecatedOpenSSLConstant:
27
+ Enabled: true
28
+ Lint/MixedRegexpCaptureTypes:
29
+ Enabled: true
30
+ Lint/RaiseException:
31
+ Enabled: true
32
+ Lint/StructNewOverride:
33
+ Enabled: true
34
+ Style/AccessorGrouping:
35
+ Enabled: true
36
+ Style/BisectedAttrAccessor:
37
+ Enabled: true
38
+ Style/ExponentialNotation:
39
+ Enabled: true
40
+ Style/HashEachMethods:
41
+ Enabled: true
42
+ Style/HashTransformKeys:
43
+ Enabled: true
44
+ Style/HashTransformValues:
45
+ Enabled: true
46
+ Style/RedundantAssignment:
47
+ Enabled: true
48
+ Style/RedundantFetchBlock:
49
+ Enabled: true
50
+ Style/RedundantRegexpCharacterClass:
51
+ Enabled: true
52
+ Style/RedundantRegexpEscape:
53
+ Enabled: true
54
+ Style/SlicingWithRange:
55
+ Enabled: true
@@ -1,19 +1,20 @@
1
1
  language: ruby
2
+ cache: bundler
2
3
  rvm:
3
4
  - 2.5
4
5
  - 2.6
5
6
  - 2.7
7
+ - ruby-head
6
8
  before_install:
7
9
  - gem update --system --no-doc
8
- - bundle install --gemfile=.overcommit_gems.rb
9
- before_script:
10
- - git config --global user.email 'travis@travis.ci'
11
- - git config --global user.name 'Travis CI'
10
+ - gem install bundler
12
11
  script:
13
12
  - bundle exec rspec
13
+ - bundle exec rubocop
14
14
  - bundle exec codeclimate-test-reporter
15
- - overcommit --sign
16
- - overcommit --run
15
+ jobs:
16
+ allow_failures:
17
+ - rvm: ruby-head
17
18
  addons:
18
19
  code_climate:
19
20
  repo_token:
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
4
4
  The format is based on [Keep a Changelog](http://keepachangelog.com/)
5
5
  and this project adheres to [Semantic Versioning](http://semver.org/).
6
6
 
7
+ ## [0.8.0] - 2020-07-06
8
+ ### Fixed
9
+ - Fix compatibility with last version of dry-configurable
10
+
7
11
  ## [0.7.0] - 2020-06-03
8
12
  ### Fixed
9
13
  - Replace whitelist/blacklist terminology with allowlist/denylist
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2016 Marc Busqué
3
+ Copyright (c) 2016-2020 Marc Busqué
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -21,6 +21,28 @@ You can read about which security concerns this library takes into account and a
21
21
 
22
22
  `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
23
23
 
24
+ ## Upgrade notes
25
+
26
+ ### v0.7.0
27
+
28
+ Since version v0.7.0 `Blacklist` revocation strategy has been renamed to `Denylist` while `Whitelist` has been renamed to `Allowlist`.
29
+
30
+ For `Denylist`, you only need to update the `include` line you're using in your revocation strategy model:
31
+
32
+ ```ruby
33
+ # include Devise::JWT::RevocationStrategies::Blacklist # before
34
+ include Devise::JWT::RevocationStrategies::Denylist
35
+ ```
36
+
37
+ For `Whitelist`, you need to update the `include` line you're using in your user model:
38
+
39
+ ```ruby
40
+ # include Devise::JWT::RevocationStrategies::Whitelist # before
41
+ include Devise::JWT::RevocationStrategies::Allowlist
42
+ ```
43
+
44
+ You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
45
+
24
46
  ## Installation
25
47
 
26
48
  Add this line to your application's Gemfile:
@@ -499,14 +521,6 @@ An then, for example:
499
521
 
500
522
  `docker-compose exec app rspec`
501
523
 
502
- This gem uses [overcommit](https://github.com/brigade/overcommit) to execute some code review engines. If you submit a pull request, it will be executed in the CI process. In order to set it up, you need to do:
503
-
504
- ```ruby
505
- bundle install --gemfile=.overcommit_gems.rb
506
- overcommit --sign
507
- overcommit --run # To test if it works
508
- ```
509
-
510
524
  ## Contributing
511
525
 
512
526
  Bug reports and pull requests are welcome on GitHub at https://github.com/waiting-for-dev/devise-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
@@ -1,14 +1,15 @@
1
1
  #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
2
3
 
3
- require "bundler/setup"
4
- require "devise/jwt"
4
+ require 'bundler/setup'
5
+ require 'devise/jwt'
5
6
 
6
7
  # You can add fixtures and/or initialization code here to make experimenting
7
8
  # with your gem easier. You can also use a different console, if you like.
8
9
 
9
10
  # (If you use this, don't forget to add pry to your Gemfile!)
10
- # require "pry"
11
+ # require 'pry'
11
12
  # Pry.start
12
13
 
13
- require "irb"
14
+ require 'irb'
14
15
  IRB.start
@@ -22,16 +22,19 @@ Gem::Specification.new do |spec|
22
22
  spec.require_paths = ["lib"]
23
23
 
24
24
  spec.add_dependency 'devise', '~> 4.0'
25
- spec.add_dependency 'warden-jwt_auth', '~> 0.4'
25
+ spec.add_dependency 'warden-jwt_auth', '~> 0.5'
26
26
 
27
27
  spec.add_development_dependency "bundler", "> 1"
28
- spec.add_development_dependency "rake", "~> 12.3"
29
- spec.add_development_dependency "rspec", "~> 3.8"
28
+ spec.add_development_dependency "rake", "~> 13.0"
29
+ spec.add_development_dependency "rspec"
30
30
  spec.add_development_dependency "pry-byebug", "~> 3.7"
31
31
  # Needed to test the rails fixture application
32
- spec.add_development_dependency 'rails', '~> 5.0'
32
+ spec.add_development_dependency 'rails', '~> 6.0'
33
33
  spec.add_development_dependency 'sqlite3', '~> 1.3'
34
- spec.add_development_dependency 'rspec-rails', '~> 3.5'
34
+ spec.add_development_dependency 'rspec-rails', '~> 4.0'
35
+ # Cops
36
+ spec.add_development_dependency 'rubocop', '~> 0.87'
37
+ spec.add_development_dependency 'rubocop-rspec', '~> 1.42'
35
38
  # Test reporting
36
39
  spec.add_development_dependency 'simplecov', '0.17'
37
40
  spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
@@ -18,6 +18,7 @@ Provide following information. Please, format pasted output as code. Feel free t
18
18
 
19
19
  - Version of `devise-jwt` in use
20
20
  - Version of `rails` in use
21
+ - Version of `warden-jwt_auth` in use
21
22
  - Output of `Devise::JWT.config`
22
23
  - Output of `Warden::JWTAuth.config`
23
24
  - Output of `Devise.mappings`
@@ -17,7 +17,9 @@ module Devise
17
17
  #
18
18
  # @see Warden::JWTAuth
19
19
  def self.jwt
20
+ Warden::JWTAuth.config.to_h
20
21
  yield(Devise::JWT.config)
22
+ Devise::JWT.config.to_h
21
23
  end
22
24
 
23
25
  add_module(:jwt_authenticatable, strategy: :jwt)
@@ -26,23 +28,31 @@ module Devise
26
28
  module JWT
27
29
  extend Dry::Configurable
28
30
 
29
- setting(:secret) do |value|
31
+ def self.forward_to_warden(setting, value)
32
+ default = Warden::JWTAuth.config.send(setting)
33
+ Warden::JWTAuth.config.send("#{setting}=", value || default)
34
+ Warden::JWTAuth.config.send(setting)
35
+ end
36
+
37
+ setting(:secret, Warden::JWTAuth.config.secret) do |value|
30
38
  forward_to_warden(:secret, value)
31
39
  end
32
40
 
33
- setting(:expiration_time) do |value|
41
+ setting(:expiration_time, Warden::JWTAuth.config.expiration_time) do |value|
34
42
  forward_to_warden(:expiration_time, value)
35
43
  end
36
44
 
37
- setting(:dispatch_requests) do |value|
45
+ setting(:dispatch_requests,
46
+ Warden::JWTAuth.config.dispatch_requests) do |value|
38
47
  forward_to_warden(:dispatch_requests, value)
39
48
  end
40
49
 
41
- setting(:revocation_requests) do |value|
50
+ setting(:revocation_requests,
51
+ Warden::JWTAuth.config.revocation_requests) do |value|
42
52
  forward_to_warden(:revocation_requests, value)
43
53
  end
44
54
 
45
- setting(:aud_header) do |value|
55
+ setting(:aud_header, Warden::JWTAuth.config.aud_header) do |value|
46
56
  forward_to_warden(:aud_header, value)
47
57
  end
48
58
 
@@ -60,9 +70,5 @@ module Devise
60
70
  # admin_user: [nil, :xml]
61
71
  # }
62
72
  setting :request_formats, {}
63
-
64
- def self.forward_to_warden(setting, value)
65
- Warden::JWTAuth.config.send("#{setting}=", value)
66
- end
67
73
  end
68
74
  end
@@ -42,14 +42,12 @@ module Devise
42
42
  add_revocation_requests(inspector)
43
43
  end
44
44
 
45
- # :reek:FeatureEnvy
46
45
  def add_mapping(inspector)
47
46
  scope = inspector.scope
48
47
  model = inspector.model
49
48
  defaults[:mappings][scope] = model.name
50
49
  end
51
50
 
52
- # :reek:FeatureEnvy
53
51
  def add_revocation_strategy(inspector)
54
52
  scope = inspector.scope
55
53
  strategy = inspector.model.jwt_revocation_strategy
@@ -91,7 +89,6 @@ module Devise
91
89
  requests(inspector, :registration)
92
90
  end
93
91
 
94
- # :reek:FeatureEnvy
95
92
  def requests(inspector, name)
96
93
  path = inspector.path(name)
97
94
  methods = inspector.methods(name)
@@ -100,7 +97,6 @@ module Devise
100
97
  end
101
98
  end
102
99
 
103
- # :reek:UtilityFunction
104
100
  def requests_for_format(path, methods, format)
105
101
  path_regexp = format ? /^#{path}.#{format}$/ : /^#{path}$/
106
102
  methods.map do |method|
@@ -27,7 +27,6 @@ module Devise
27
27
  mapping.to
28
28
  end
29
29
 
30
- # :reek:FeatureEnvy
31
30
  def path(name)
32
31
  prefix, scope, request = path_parts(name)
33
32
  [prefix, scope, request].delete_if do |item|
@@ -35,7 +34,6 @@ module Devise
35
34
  end.join('/').prepend('/').gsub('//', '/')
36
35
  end
37
36
 
38
- # :reek:ControlParameter
39
37
  def methods(name)
40
38
  method = case name
41
39
  when :sign_in then 'POST'
@@ -38,7 +38,6 @@ module Devise
38
38
  end
39
39
 
40
40
  # Warden::JWTAuth::Interfaces::User#on_jwt_dispatch
41
- # :reek:FeatureEnvy
42
41
  def on_jwt_dispatch(_token, payload)
43
42
  allowlisted_jwts.create!(
44
43
  jti: payload['jti'],
@@ -20,18 +20,13 @@ module Devise
20
20
  # autodetected.
21
21
  # @param aud [String] The aud claim. If `nil` it will be autodetected from
22
22
  # the header name configured in `Devise::JWT.config.aud_header`.
23
- #
24
- # :reek:LongParameterList
25
- # :reek:ManualDispatch
26
23
  def self.auth_headers(headers, user, scope: nil, aud: nil)
27
24
  scope ||= Devise::Mapping.find_scope!(user)
28
25
  aud ||= headers[Warden::JWTAuth.config.aud_header]
29
26
  token, payload = Warden::JWTAuth::UserEncoder.new.call(
30
27
  user, scope, aud
31
28
  )
32
- if user.respond_to?(:on_jwt_dispatch)
33
- user.on_jwt_dispatch(token, payload)
34
- end
29
+ user.on_jwt_dispatch(token, payload) if user.respond_to?(:on_jwt_dispatch)
35
30
  Warden::JWTAuth::HeaderParser.to_headers(headers, token)
36
31
  end
37
32
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Devise
4
4
  module JWT
5
- VERSION = '0.7.0'
5
+ VERSION = '0.8.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marc Busqué
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-06-03 00:00:00.000000000 Z
11
+ date: 2020-07-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.4'
33
+ version: '0.5'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.4'
40
+ version: '0.5'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,28 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '12.3'
61
+ version: '13.0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '12.3'
68
+ version: '13.0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rspec
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - "~>"
73
+ - - ">="
74
74
  - !ruby/object:Gem::Version
75
- version: '3.8'
75
+ version: '0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - "~>"
80
+ - - ">="
81
81
  - !ruby/object:Gem::Version
82
- version: '3.8'
82
+ version: '0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: pry-byebug
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '5.0'
103
+ version: '6.0'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '5.0'
110
+ version: '6.0'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: sqlite3
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,42 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: '3.5'
131
+ version: '4.0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '4.0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '0.87'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: '0.87'
153
+ - !ruby/object:Gem::Dependency
154
+ name: rubocop-rspec
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '1.42'
132
160
  type: :development
133
161
  prerelease: false
134
162
  version_requirements: !ruby/object:Gem::Requirement
135
163
  requirements:
136
164
  - - "~>"
137
165
  - !ruby/object:Gem::Version
138
- version: '3.5'
166
+ version: '1.42'
139
167
  - !ruby/object:Gem::Dependency
140
168
  name: simplecov
141
169
  requirement: !ruby/object:Gem::Requirement
@@ -173,9 +201,6 @@ extra_rdoc_files: []
173
201
  files:
174
202
  - ".codeclimate.yml"
175
203
  - ".gitignore"
176
- - ".overcommit.yml"
177
- - ".overcommit_gems.rb"
178
- - ".reek"
179
204
  - ".rspec"
180
205
  - ".rubocop.yml"
181
206
  - ".travis.yml"
@@ -223,7 +248,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
223
248
  - !ruby/object:Gem::Version
224
249
  version: '0'
225
250
  requirements: []
226
- rubygems_version: 3.1.2
251
+ rubyforge_project:
252
+ rubygems_version: 2.7.8
227
253
  signing_key:
228
254
  specification_version: 4
229
255
  summary: JWT authentication for devise
@@ -1,56 +0,0 @@
1
- #
2
- # Select version of overcommit and the other tools from Gemfile
3
- #
4
- gemfile: .overcommit_gems.rb
5
-
6
- #
7
- # Hooks that are run against every commit message after a user has written it.
8
- #
9
- CommitMsg:
10
- ALL:
11
- required: true
12
- exclude: &default_excludes
13
- - Gemfile
14
- - devise-jwt.gemspec
15
- - spec/fixtures/rails_app/**/*
16
- - README.md
17
- - CHANGELOG.md
18
-
19
- HardTabs:
20
- enabled: true
21
-
22
- SingleLineSubject:
23
- enabled: true
24
-
25
- #
26
- # Hooks that are run after `git commit` is executed, before the commit message
27
- # editor is displayed.
28
- #
29
- PreCommit:
30
- ALL:
31
- required: true
32
- exclude: *default_excludes
33
-
34
- BundleAudit:
35
- enabled: true
36
-
37
- BundleCheck:
38
- enabled: true
39
-
40
- LocalPathsInGemfile:
41
- enabled: true
42
-
43
- ExecutePermissions:
44
- enabled: true
45
- exclude:
46
- - *default_excludes
47
- - bin/*
48
-
49
- Reek:
50
- enabled: true
51
-
52
- RuboCop:
53
- enabled: true
54
-
55
- TrailingWhitespace:
56
- enabled: true
@@ -1,15 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- source 'https://rubygems.org'
4
-
5
- gem 'overcommit', '~> 0.36'
6
-
7
- # Patch-level verification for Bundled apps
8
- gem 'bundler-audit', '~> 0.5'
9
-
10
- # Ruby code smell reporter
11
- gem 'reek', '~> 4.5'
12
-
13
- # Ruby code style checking
14
- gem 'rubocop', '~> 0.47'
15
- gem 'rubocop-rspec', '~> 1.10'
data/.reek DELETED
File without changes