devise-jwt 0.8.1 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/README.md +9 -9
- data/devise-jwt.gemspec +1 -1
- data/lib/devise/jwt/version.rb +1 -1
- data/lib/devise/jwt.rb +14 -16
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5e40b6ccd72ec79899cc680dcbcafbfa0e2375ef5a079d21fd2bbd41863a0dd1
|
|
4
|
+
data.tar.gz: a2e8404f365a91acd324d5d62a6276943d08f0fd012b33f8e1a54098531d9327
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d39b950c6f645a487274958c644f637a61c4bcade854703027c04202f594fe4b7409861b8275b13f02d231ea2a292135b3ec94a06e3c04cc593529129ce7f68
|
|
7
|
+
data.tar.gz: a804da86acdc39451f169fef0e8b04ca7bd8874600a6259ae494a02ca85b727e3bd9e08590cfa0ca8c615af11ebec58df5032948a1ae76a57e3fd1f2cc52e11e
|
data/CHANGELOG.md
CHANGED
|
@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
-
## [0.
|
|
7
|
+
## [0.9.0] - 2021-09-21
|
|
8
|
+
### Fixed
|
|
9
|
+
- Fix compatibility with dry-configurable 0.13
|
|
10
|
+
|
|
11
|
+
## [0.8.1] - 2021-02-14
|
|
8
12
|
### Fixed
|
|
9
13
|
- Fix behaviour on code reload
|
|
10
14
|
- Support ruby 3.0 and deprecate ruby 2.5
|
data/README.md
CHANGED
|
@@ -14,10 +14,10 @@ solution using refresh tokens, like some implementation of OAuth2.
|
|
|
14
14
|
|
|
15
15
|
You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
|
|
16
16
|
|
|
17
|
-
- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation
|
|
18
|
-
- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies
|
|
19
|
-
- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage
|
|
20
|
-
- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails
|
|
17
|
+
- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation)
|
|
18
|
+
- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies)
|
|
19
|
+
- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage)
|
|
20
|
+
- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails)
|
|
21
21
|
|
|
22
22
|
`devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
|
|
23
23
|
|
|
@@ -34,21 +34,21 @@ For `Denylist`, you only need to update the `include` line you're using in your
|
|
|
34
34
|
include Devise::JWT::RevocationStrategies::Denylist
|
|
35
35
|
```
|
|
36
36
|
|
|
37
|
-
For `
|
|
37
|
+
For `Allowlist`, you need to update the `include` line you're using in your user model:
|
|
38
38
|
|
|
39
39
|
```ruby
|
|
40
40
|
# include Devise::JWT::RevocationStrategies::Whitelist # before
|
|
41
41
|
include Devise::JWT::RevocationStrategies::Allowlist
|
|
42
42
|
```
|
|
43
43
|
|
|
44
|
-
You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
|
|
44
|
+
You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt`, rename `model/whitelisted_jwt.rb` to `model/allowlisted_jwt.rb` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
|
|
45
45
|
|
|
46
46
|
## Installation
|
|
47
47
|
|
|
48
48
|
Add this line to your application's Gemfile:
|
|
49
49
|
|
|
50
50
|
```ruby
|
|
51
|
-
gem 'devise-jwt'
|
|
51
|
+
gem 'devise-jwt'
|
|
52
52
|
```
|
|
53
53
|
|
|
54
54
|
And then execute:
|
|
@@ -91,7 +91,7 @@ You have to tell which user models you want to be able to authenticate with JWT
|
|
|
91
91
|
|
|
92
92
|
See [request_formats](#request_formats) configuration option if you are using paths with a format segment (like `.json`) in order to use it properly.
|
|
93
93
|
|
|
94
|
-
As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation
|
|
94
|
+
As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation).
|
|
95
95
|
|
|
96
96
|
An example configuration:
|
|
97
97
|
|
|
@@ -180,7 +180,7 @@ So, if you want to avoid this caveat you have three options:
|
|
|
180
180
|
|
|
181
181
|
### Revocation strategies
|
|
182
182
|
|
|
183
|
-
`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies
|
|
183
|
+
`devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies), where I also talk about their pros and cons.
|
|
184
184
|
|
|
185
185
|
#### JTIMatcher
|
|
186
186
|
|
data/devise-jwt.gemspec
CHANGED
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
24
|
spec.add_dependency 'devise', '~> 4.0'
|
|
25
|
-
spec.add_dependency 'warden-jwt_auth', '~> 0.
|
|
25
|
+
spec.add_dependency 'warden-jwt_auth', '~> 0.6'
|
|
26
26
|
|
|
27
27
|
spec.add_development_dependency "bundler", "> 1"
|
|
28
28
|
spec.add_development_dependency "rake", "~> 13.0"
|
data/lib/devise/jwt/version.rb
CHANGED
data/lib/devise/jwt.rb
CHANGED
|
@@ -34,27 +34,25 @@ module Devise
|
|
|
34
34
|
Warden::JWTAuth.config.send(setting)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
setting(:secret,
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
setting(:secret,
|
|
38
|
+
default: Warden::JWTAuth.config.secret,
|
|
39
|
+
constructor: ->(value) { forward_to_warden(:secret, value) })
|
|
40
40
|
|
|
41
|
-
setting(:expiration_time,
|
|
42
|
-
|
|
43
|
-
|
|
41
|
+
setting(:expiration_time,
|
|
42
|
+
default: Warden::JWTAuth.config.expiration_time,
|
|
43
|
+
constructor: ->(value) { forward_to_warden(:expiration_time, value) })
|
|
44
44
|
|
|
45
45
|
setting(:dispatch_requests,
|
|
46
|
-
Warden::JWTAuth.config.dispatch_requests
|
|
47
|
-
|
|
48
|
-
end
|
|
46
|
+
default: Warden::JWTAuth.config.dispatch_requests,
|
|
47
|
+
constructor: ->(value) { forward_to_warden(:dispatch_requests, value) })
|
|
49
48
|
|
|
50
49
|
setting(:revocation_requests,
|
|
51
|
-
Warden::JWTAuth.config.revocation_requests
|
|
52
|
-
|
|
53
|
-
end
|
|
50
|
+
default: Warden::JWTAuth.config.revocation_requests,
|
|
51
|
+
constructor: ->(value) { forward_to_warden(:revocation_requests, value) })
|
|
54
52
|
|
|
55
|
-
setting(:aud_header,
|
|
56
|
-
|
|
57
|
-
|
|
53
|
+
setting(:aud_header,
|
|
54
|
+
default: Warden::JWTAuth.config.aud_header,
|
|
55
|
+
constructor: ->(value) { forward_to_warden(:aud_header, value) })
|
|
58
56
|
|
|
59
57
|
# A hash of warden scopes as keys and an array of request formats that will
|
|
60
58
|
# be processed as values. When a scope is not present or if it has a nil
|
|
@@ -69,6 +67,6 @@ module Devise
|
|
|
69
67
|
# user: [:json],
|
|
70
68
|
# admin_user: [nil, :xml]
|
|
71
69
|
# }
|
|
72
|
-
setting :request_formats, {}
|
|
70
|
+
setting :request_formats, default: {}
|
|
73
71
|
end
|
|
74
72
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0.
|
|
33
|
+
version: '0.6'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0.
|
|
40
|
+
version: '0.6'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -248,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
248
248
|
- !ruby/object:Gem::Version
|
|
249
249
|
version: '0'
|
|
250
250
|
requirements: []
|
|
251
|
-
rubygems_version: 3.2
|
|
251
|
+
rubygems_version: 3.1.2
|
|
252
252
|
signing_key:
|
|
253
253
|
specification_version: 4
|
|
254
254
|
summary: JWT authentication for devise
|