RubyGems - devise-jwt - Versions diffs - 0.8.1 → 0.10.0 - Mend

devise-jwt 0.8.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8fe413aae5cfcb2c703195cf5e4316f84efeecbf8f05ccca617dad9cce617009
-  data.tar.gz: aed9bfe1e2852eea2dc04885a4e6afc1375cc2aa6a41d273894d4611042d7cf6
+  metadata.gz: 2b5a307382874853dba1abc67c451c9dd01e81a1b2dd84c94db6a10af7f4cc44
+  data.tar.gz: b3f6ec7a63b8f481038f2aeb72cb872d451dfc679537aa29b1d85aaa66c6aaab
 SHA512:
-  metadata.gz: 5856bab014b5ef50d4c2412618f74307b8261dc117a4335f0597e3cc1fd67b1d74c568bc15b12a0961fdcd0d8edf0e07ef67280eb24d8eb43177152b3760d70a
-  data.tar.gz: 0c3fd2d91daaefc8b261341498a6a359aa8092ca56d1f95ad934cf0e746761140de117f3ff9f08b8da48240cf8eaaeea62b8d473a7aeabe3bc693889dbd77c35
+  metadata.gz: e95511b4462ce942934858d578589ba618117e8bfc6e3f617f7082f82627b293e706d130a242afde25ce3e8ff5da8e8d4d058c54d51ac2dfd785f5e59747e87d
+  data.tar.gz: 713c71400296bae1493096d2f55b19bedff85cb7884502cd09a954872c72624a109887ef405cbee04ad56520ee255aab190f6b3c5032a952ecaa978223c9e06a

data/.github/FUNDING.yml ADDED Viewed

	@@ -0,0 +1 @@
1	+ github: waiting-for-dev

data/.github/dependabot.yml ADDED Viewed

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

data/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,21 @@
+name: CI
+on: [push, pull_request]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.7', '3.0', '3.1', ruby-head]
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # 'bundle install' and cache
+    - name: Run specs
+      run: |
+        bundle exec rspec

data/.github/workflows/lint.yml ADDED Viewed

@@ -0,0 +1,17 @@
+name: Lint
+on: [push, pull_request]
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+        bundler-cache: true # 'bundle install' and cache
+    - name: Run specs
+      run: |
+        bundle exec rubocop

data/CHANGELOG.md CHANGED Viewed

@@ -4,7 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
-## [0.8.1] - 2020-02-14
+## [0.10.0] - 2022-09-16
+### Added
+- Enable support for asymmetric algorithms
+### Fixed
+- FIX: "No verification key available" on token decode
+## [0.9.0] - 2021-09-21
+### Fixed
+- Fix compatibility with dry-configurable 0.13
+## [0.8.1] - 2021-02-14
 ### Fixed
 - Fix behaviour on code reload
 - Support ruby 3.0 and deprecate ruby 2.5

data/README.md CHANGED Viewed

@@ -5,21 +5,21 @@
 [![Code Climate](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/gpa.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt)
 [![Test Coverage](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/coverage.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt/coverage)
-`devise-jwt` is a [devise](https://github.com/plataformatec/devise) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
+`devise-jwt` is a [Devise](https://github.com/plataformatec/devise) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
-This gem is just a replacement for cookies when these can't be used. As
-cookies, a token expired with `devise-jwt` will mandatorily have an expiration
+This gem is just a replacement for cookies when these can't be used. As with
+cookies, a `devise-jwt` token will mandatorily have an expiration
 time. If you need that your users never sign out, you will be better off with a
 solution using refresh tokens, like some implementation of OAuth2.
 You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
-- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
-- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
-- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
-- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails/)
+- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation)
+- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies)
+- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage)
+- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails)
-`devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
+`devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with Devise and Rails.
 ## Upgrade notes
@@ -31,24 +31,24 @@ For `Denylist`, you only need to update the `include` line you're using in your
 ```ruby
 # include Devise::JWT::RevocationStrategies::Blacklist # before
-include Devise::JWT::RevocationStrategies::Denylist
+include Devise::JWT::RevocationStrategies::Denylist
 ```
-For `Whitelist`, you need to update the `include` line you're using in your user model:
+For `Allowlist`, you need to update the `include` line you're using in your user model:
 ```ruby
 # include Devise::JWT::RevocationStrategies::Whitelist # before
 include Devise::JWT::RevocationStrategies::Allowlist
 ```
-You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
+You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt`, rename `model/whitelisted_jwt.rb` to `model/allowlisted_jwt.rb` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
 ## Installation
 Add this line to your application's Gemfile:
 ```ruby
-gem 'devise-jwt', '~> 0.7.0'
+gem 'devise-jwt'
 ```
 And then execute:
@@ -61,11 +61,11 @@ Or install it yourself as:
 ## Usage
-First you need to configure devise to work in an API application. You can follow the instructions in this project wiki page [Configuring devise for APIs](https://github.com/waiting-for-dev/devise-jwt/wiki/Configuring-devise-for-APIs) (you are more than welcome to improve them).
+First, you need to configure Devise to work in an API application. You can follow the instructions in this project wiki page [Configuring Devise for APIs](https://github.com/waiting-for-dev/devise-jwt/wiki/Configuring-devise-for-APIs) (you are more than welcome to improve them).
 ### Secret key configuration
-First of all, you have to configure the secret key that will be used to sign generated tokens. You can do it in the devise initializer:
+You have to configure the secret key that will be used to sign generated tokens. You can do it in the Devise initializer:
 ```ruby
 Devise.setup do |config|
@@ -76,22 +76,70 @@ Devise.setup do |config|
 end
 ```
-**Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
+If you are using Encrypted Credentials (Rails 5.2+), you can store the secret key in `config/credentials.yml.enc`.
-Currently, HS256 algorithm is the one in use.
+Open your credentials editor using `bin/rails credentials:edit` and add `devise_jwt_secret_key`.
+> **Note** you may need to set `$EDITOR` depending on your specific environment.
+```yml
+# Other secrets...
+# Used as the base secret for Devise JWT
+devise_jwt_secret_key: abc...xyz
+```
+Add the following to the Devise initializer.
+```ruby
+Devise.setup do |config|
+  # ...
+  config.jwt do |jwt|
+    jwt.secret = Rails.application.credentials.devise_jwt_secret_key!
+  end
+end
+```
+> **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
+Currently, HS256 algorithm is the one in use. You may configure a matching secret and algorithm name to use a different one (see [ruby-jwt](https://github.com/jwt/ruby-jwt#algorithms-and-usage) to see which are supported):
+```ruby
+Devise.setup do |config|
+  # ...
+  config.jwt do |jwt|
+    jwt.secret = OpenSSL::PKey::RSA.new(Rails.application.credentials.devise_jwt_secret_key!)
+    jwt.algorithm = Rails.application.credentials.devise_jwt_algorithm!
+  end
+end
+```
+If the algorithm is asymmetric (e.g. RS256) which necessitates a different decoding secret, configure the `decoding_secret` setting as well:
+```ruby
+Devise.setup do |config|
+  # ...
+  config.jwt do |jwt|
+    jwt.secret = OpenSSL::PKey::RSA.new(Rails.application.credentials.devise_jwt_private_key!)
+    jwt.decoding_secret = OpenSSL::PKey::RSA.new(Rails.application.credentials.devise_jwt_public_key!)
+    jwt.algorithm = 'RS256' # or some other asymmetric algorithm
+  end
+end
+```
 ### Model configuration
 You have to tell which user models you want to be able to authenticate with JWT tokens. For them, the authentication process will be like this:
-- A user authenticates through devise create session request (for example, using the standard `:database_authenticatable` module).
+- A user authenticates through Devise create session request (for example, using the standard `:database_authenticatable` module).
 - If the authentication succeeds, a JWT token is dispatched to the client in the `Authorization` response header, with format `Bearer #{token}` (tokens are also dispatched on a successful sign up).
 - The client can use this token to authenticate following requests for the same user, providing it in the `Authorization` request header, also with format `Bearer #{token}`
-- When the client visits devise destroy session request, the token is revoked.
+- When the client visits Devise destroy session request, the token is revoked.
 See [request_formats](#request_formats) configuration option if you are using paths with a format segment (like `.json`) in order to use it properly.
-As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/).
+As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation).
 An example configuration:
@@ -102,7 +150,7 @@ class User < ApplicationRecord
 end
 ```
-If you need to add something to the JWT payload, you can do it defining a `jwt_payload` method in the user model. It must return a `Hash`. For instance:
+If you need to add something to the JWT payload, you can do it by defining a `jwt_payload` method in the user model. It must return a `Hash`. For instance:
 ```ruby
 def jwt_payload
@@ -136,11 +184,11 @@ end
 #### Session storage caveat
 If you are working with a Rails application that has session storage enabled
-and a default devise setup, chances are that same origin requests will be
+and a default Devise setup, chances are the same origin requests will be
 authenticated from the session regardless of a token being present in the
 headers or not.
-This is so because of the following default devise workflow:
+This is so because of the following default Devise workflow:
 - When a user signs in with `:database_authenticatable` strategy, the user is
   stored in the session unless one of the following conditions is met:
@@ -150,13 +198,13 @@ This is so because of the following default devise workflow:
     protection](http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html)
     handles an unverified request (but this is usually deactivated for API
     requests).
-- Warden (the engine below devise), authenticates any request that has the user
-  in the session without even reaching to any strategy (`:jwt_authenticatable`
+- Warden (the engine below Devise), authenticates any request that the user has
+  in the session without requiring a strategy (`:jwt_authenticatable`
   in our case).
 So, if you want to avoid this caveat you have three options:
-- Disable the session. If you are developing an API, probably you don't need
+- Disable the session. If you are developing an API, you probably don't need
   it. In order to disable it, change `config/initializers/session_store.rb` to:
   ```ruby
   Rails.application.config.session_store :disabled
@@ -169,7 +217,7 @@ So, if you want to avoid this caveat you have three options:
   config.skip_session_storage = [:http_auth, :params_auth]
   ```
 - If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
-  to disable session storage for devise entirely, you can disable it on a
+  to disable session storage for Devise entirely, you can disable it on a
   per-model basis:
   ```ruby
   class User < ApplicationRecord
@@ -180,11 +228,11 @@ So, if you want to avoid this caveat you have three options:
 ### Revocation strategies
-`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/), where I also talk about their pros and cons.
+`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies), where I also talk about their pros and cons.
 #### JTIMatcher
-Here, the model class acts itself as the revocation strategy. It needs a new string column with name `jti` to be added to the user. `jti` stands for JWT ID, and it is a standard claim meant to uniquely identify a token.
+Here, the model class acts as the revocation strategy. It needs a new string column named `jti` to be added to the user. `jti` stands for JWT ID, and it is a standard claim meant to uniquely identify a token.
 It works like the following:
@@ -229,7 +277,7 @@ end
 #### Denylist
-In this strategy, a database table is used as a list of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of staled tokens.
+In this strategy, a database table is used as a list of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of stale tokens.
 In order to use it, you need to create the denylist table in a migration:
@@ -244,7 +292,7 @@ end
 ```
 For performance reasons, it is better if the `jti` column is an index.
-Note: if you used the denylist strategy before vesion 0.4.0 you may not have the field *exp.* If not, run the following migration:
+Note: if you used the denylist strategy before version 0.4.0 you may not have the field *exp.* If not, run the following migration:
 ```ruby
 class AddExpirationTimeToJWTDenylist < ActiveRecord::Migration
@@ -276,9 +324,9 @@ end
 #### Allowlist
-Here, the model itself acts also as a revocation strategy, but it needs to have
+Here, the model itself also acts as a revocation strategy, but it needs to have
 a one-to-many association with another table which stores the tokens (in fact
-their `jti` claim, which uniquely identifies them) valids for each user record.
+their `jti` claim, which uniquely identifies them) that are valid for each user record.
 The workflow is as the following:
@@ -296,7 +344,7 @@ devices for the same user.
 The `exp` claim is also stored to allow the clean-up of staled tokens.
-In order to use it, you have to create yourself the associated table and model.
+In order to use it, you have to create the associated table and model.
 The association table must be called `allowlisted_jwts`:
 ```ruby
@@ -313,7 +361,7 @@ def change
   add_index :allowlisted_jwts, :jti, unique: true
 end
 ```
-Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time. Definining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
+Important: You are encouraged to set a unique index in the `jti` column. This way we can be sure at the database level that there aren't two valid tokens with the same `jti` at the same time. Defining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
 And then, the model:
@@ -355,7 +403,7 @@ end
 #### Custom strategies
-You can also implement your own strategies. They just need to implement two methods: `jwt_revoked?` and `revoke_jwt`, both of them accepting as parameters the JWT payload and the user record, in this order.
+You can also implement your own strategies. They just need to implement two methods: `jwt_revoked?` and `revoke_jwt`, both of them accept the JWT payload and the user record as parameters, in this order.
 For instance:
@@ -379,10 +427,10 @@ end
 ### Testing
 Models configured with `:jwt_authenticatable` usually won't be retrieved from
-the session. For this reason, `sign_in` devise testing helper methods won't
+the session. For this reason, `sign_in` Devise testing helper methods won't
 work as expected.
-What you need to do in order to authenticate test environment requests is the
+What you need to do to authenticate test environment requests is the
 same that you will do in production: to provide a valid token in the
 `Authorization` header (in the form of `Bearer #{token}`) at every request.
@@ -420,7 +468,7 @@ Usually you will wrap this in your own test helper.
 ### Configuration reference
-This library can be configured calling `jwt` on devise config object:
+This library can be configured calling `jwt` on Devise config object:
 ```ruby
 Devise.setup do |config|
@@ -431,17 +479,17 @@ end
 ```
 #### secret
-Secret key used to sign generated JWT tokens. You must set it.
+Secret key is used to sign generated JWT tokens. You must set it.
 #### expiration_time
 Number of seconds while a JWT is valid after its generation. After that, it won't be valid anymore, even if it hasn't been revoked.
-Defaults to 3600 (1 hour).
+Defaults to 3600 seconds (1 hour).
 #### dispatch_requests
-Besides the create session one, additional requests where JWT tokens should be dispatched.
+Besides the create session one, there are additional requests where JWT tokens should be dispatched.
 It must be a bidimensional array, each item being an array of two elements: the request method and a regular expression that must match the request path.
@@ -458,7 +506,7 @@ jwt.dispatch_requests = [
 #### revocation_requests
-Besides the destroy session one, additional requests where JWT tokens should be revoked.
+Besides the destroy session one, there are additional requests where JWT tokens should be revoked.
 It must be a bidimensional array, each item being an array of two elements: the request method and a regular expression that must match the request path.
@@ -477,7 +525,7 @@ jwt.revocation_requests = [
 Request formats that must be processed (in order to dispatch or revoke tokens).
-It must be a hash of devise scopes as keys and an array of request formats as
+It must be a hash of Devise scopes as keys and an array of request formats as
 values. When a scope is not present or if it has a nil item, requests without
 format will be taken into account.

data/devise-jwt.gemspec CHANGED Viewed

@@ -22,12 +22,11 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.5'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.6'
   spec.add_development_dependency "bundler", "> 1"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec"
-  spec.add_development_dependency "pry-byebug", "~> 3.7"
   # Needed to test the rails fixture application
   spec.add_development_dependency 'rails', '~> 6.0'
   spec.add_development_dependency 'sqlite3', '~> 1.3'

data/lib/devise/jwt/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Devise
   module JWT
-    VERSION = '0.8.1'
+    VERSION = '0.10.0'
   end
 end

data/lib/devise/jwt.rb CHANGED Viewed

@@ -17,9 +17,7 @@ module Devise
   #
   # @see Warden::JWTAuth
   def self.jwt
-    Warden::JWTAuth.config.to_h
     yield(Devise::JWT.config)
-    Devise::JWT.config.to_h
   end
   add_module(:jwt_authenticatable, strategy: :jwt)
@@ -34,27 +32,31 @@ module Devise
       Warden::JWTAuth.config.send(setting)
     end
-    setting(:secret, Warden::JWTAuth.config.secret) do |value|
-      forward_to_warden(:secret, value)
-    end
+    setting(:secret,
+            default: Warden::JWTAuth.config.secret,
+            constructor: ->(value) { forward_to_warden(:secret, value) })
-    setting(:expiration_time, Warden::JWTAuth.config.expiration_time) do |value|
-      forward_to_warden(:expiration_time, value)
-    end
+    setting(:decoding_secret,
+            constructor: ->(value) { forward_to_warden(:decoding_secret, value) })
+    setting(:algorithm,
+            constructor: ->(value) { forward_to_warden(:algorithm, value) })
+    setting(:expiration_time,
+            default: Warden::JWTAuth.config.expiration_time,
+            constructor: ->(value) { forward_to_warden(:expiration_time, value) })
     setting(:dispatch_requests,
-            Warden::JWTAuth.config.dispatch_requests) do |value|
-      forward_to_warden(:dispatch_requests, value)
-    end
+            default: Warden::JWTAuth.config.dispatch_requests,
+            constructor: ->(value) { forward_to_warden(:dispatch_requests, value) })
     setting(:revocation_requests,
-            Warden::JWTAuth.config.revocation_requests) do |value|
-      forward_to_warden(:revocation_requests, value)
-    end
+            default: Warden::JWTAuth.config.revocation_requests,
+            constructor: ->(value) { forward_to_warden(:revocation_requests, value) })
-    setting(:aud_header, Warden::JWTAuth.config.aud_header) do |value|
-      forward_to_warden(:aud_header, value)
-    end
+    setting(:aud_header,
+            default: Warden::JWTAuth.config.aud_header,
+            constructor: ->(value) { forward_to_warden(:aud_header, value) })
     # A hash of warden scopes as keys and an array of request formats that will
     # be processed as values. When a scope is not present or if it has a nil
@@ -69,6 +71,6 @@ module Devise
     #   user: [:json],
     #   admin_user: [nil, :xml]
     # }
-    setting :request_formats, {}
+    setting :request_formats, default: {}
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.10.0
 platform: ruby
 authors:
 - Marc Busqué
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-02-14 00:00:00.000000000 Z
+date: 2022-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.6'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -80,20 +80,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: pry-byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.7'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -200,10 +186,13 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".codeclimate.yml"
+- ".github/FUNDING.yml"
+- ".github/dependabot.yml"
+- ".github/workflows/ci.yml"
+- ".github/workflows/lint.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Dockerfile
@@ -248,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.0.3.1
 signing_key:
 specification_version: 4
 summary: JWT authentication for devise

data/.travis.yml DELETED Viewed

@@ -1,21 +0,0 @@
-language: ruby
-cache: bundler
-rvm:
-  - 2.6
-  - 2.7
-  - 3.0
-  - ruby-head
-before_install:
-  - gem update --system --no-doc
-  - gem install bundler
-script:
-  - bundle exec rspec
-  - bundle exec rubocop
-  - bundle exec codeclimate-test-reporter
-jobs:
-  allow_failures:
-    - rvm: ruby-head
-addons:
-  code_climate:
-    repo_token:
-      secure: OWVschEUE+pVEQFR9dgtCUVmf2GJF3e7RTvX9M3CS7fhLyWqDlHdkCxmxCGJQDBVXR59ReCni2sbbRgkfqekkggLEG3gvHl2uof9+PVVRXTbDDDydwDGHLvcT8ZVJOHVgqgX899j6eBSsqdtSB7rMEdMOYBYDw35/yd844LkaW+sOWUbx0SJSo0V0QtJe3DC7vTAo/EEGTQs7WRGcXa6Pg9RlWiK7ThVoEbXQ4GDdjS5mWsQer4QcdnOfiuBL8mC3XAX+wJyBIqAVetAmhFKtwH+pKYMqRbcI/iBSaHslGowLr+tQW/tLO9XZsz95C6037XUse6BUJ5U9mYsgcnebslVJnuQ4dyXTXwQ2e1Fzy4iYr9Iz2Yhr3EjchXOvXh0D2BDPLCZMF98W/hsPZ4hPq/FhfjdfJXHcuqU6k7Ozr6UTwMmuNMvR7af2hXGaralTPOH8SVh/RtxpWsAocNA4n1b7dhdpMLKDNZ7GxdunDo5zJ03HUH4d0SDexnx3xSpfR/q+FJDHNxfD7KVAsgQYnrNjde/DnYszV2E3EAUVWF71ZaNQIvDyS1gyBjjvkSGRGL5tY7z+sdaRfE68toidgl2eR08vt/eYo3DIIzwPvI5N/BTv/Xm8vQ+jfwxCF6Ezr1TJTZW4auoMBAVqrr4HoO6T7VHTOeUD0Bukp7KBfQ=