devise-jwt 0.9.0 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5e40b6ccd72ec79899cc680dcbcafbfa0e2375ef5a079d21fd2bbd41863a0dd1
4
- data.tar.gz: a2e8404f365a91acd324d5d62a6276943d08f0fd012b33f8e1a54098531d9327
3
+ metadata.gz: 2edd445c57c9d9cd2ed101bc9fd9e2678a4ef8dee9b671d168e5083a08edff2b
4
+ data.tar.gz: 2e8c86be9239ac50fe91589ddacc9110c8df84887d7f2e72a5477afa325fc961
5
5
  SHA512:
6
- metadata.gz: 1d39b950c6f645a487274958c644f637a61c4bcade854703027c04202f594fe4b7409861b8275b13f02d231ea2a292135b3ec94a06e3c04cc593529129ce7f68
7
- data.tar.gz: a804da86acdc39451f169fef0e8b04ca7bd8874600a6259ae494a02ca85b727e3bd9e08590cfa0ca8c615af11ebec58df5032948a1ae76a57e3fd1f2cc52e11e
6
+ metadata.gz: 2d9658efde24910caf33abbfdc4ad050900a7904db121612c57023d74db89f5912cadc01c9b1cb69709ece57485b99743ce8c2c3b9f9a86fb6347ce54f270489
7
+ data.tar.gz: d01552367f5d62ce7b454434d97f840f90c2bafe284c3d5c5ae83bb4fdf541056c895613b7dfb1556d2858fb8a521d824e87f7c08a96aec439ef4aa6d7f6c0c6
@@ -0,0 +1 @@
1
+ github: waiting-for-dev
@@ -0,0 +1,6 @@
1
+ version: 2
2
+ updates:
3
+ - package-ecosystem: "github-actions"
4
+ directory: "/"
5
+ schedule:
6
+ interval: "weekly"
@@ -0,0 +1,21 @@
1
+ name: CI
2
+
3
+ on: [push, pull_request]
4
+
5
+ jobs:
6
+ test:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ matrix:
10
+ ruby-version: ['3.0', '3.1', '3.2', ruby-head]
11
+
12
+ steps:
13
+ - uses: actions/checkout@v3
14
+ - name: Set up Ruby ${{ matrix.ruby-version }}
15
+ uses: ruby/setup-ruby@v1
16
+ with:
17
+ ruby-version: ${{ matrix.ruby-version }}
18
+ bundler-cache: true # 'bundle install' and cache
19
+ - name: Run specs
20
+ run: |
21
+ bundle exec rspec
@@ -0,0 +1,17 @@
1
+ name: Lint
2
+
3
+ on: [push, pull_request]
4
+
5
+ jobs:
6
+ lint:
7
+ runs-on: ubuntu-latest
8
+ steps:
9
+ - uses: actions/checkout@v3
10
+ - name: Set up Ruby ${{ matrix.ruby-version }}
11
+ uses: ruby/setup-ruby@v1
12
+ with:
13
+ ruby-version: 2.7
14
+ bundler-cache: true # 'bundle install' and cache
15
+ - name: Run specs
16
+ run: |
17
+ bundle exec rubocop
data/.rubocop.yml CHANGED
@@ -1,6 +1,6 @@
1
1
  require: rubocop-rspec
2
2
  AllCops:
3
- TargetRubyVersion: 2.7
3
+ TargetRubyVersion: 3.0
4
4
  Exclude:
5
5
  - Gemfile
6
6
  - devise-jwt.gemspec
data/CHANGELOG.md CHANGED
@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file.
4
4
  The format is based on [Keep a Changelog](http://keepachangelog.com/)
5
5
  and this project adheres to [Semantic Versioning](http://semver.org/).
6
6
 
7
+ ## [0.11.0] - 2023-05-10
8
+ ### Added
9
+ - Add support for rotation_secret
10
+
11
+ ## [0.10.0] - 2022-09-16
12
+ ### Added
13
+ - Enable support for asymmetric algorithms
14
+
15
+ ### Fixed
16
+ - FIX: "No verification key available" on token decode
17
+
7
18
  ## [0.9.0] - 2021-09-21
8
19
  ### Fixed
9
20
  - Fix compatibility with dry-configurable 0.13
data/README.md CHANGED
@@ -5,10 +5,10 @@
5
5
  [![Code Climate](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/gpa.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt)
6
6
  [![Test Coverage](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/coverage.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt/coverage)
7
7
 
8
- `devise-jwt` is a [devise](https://github.com/plataformatec/devise) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
8
+ `devise-jwt` is a [Devise](https://github.com/plataformatec/devise) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
9
9
 
10
- This gem is just a replacement for cookies when these can't be used. As
11
- cookies, a token expired with `devise-jwt` will mandatorily have an expiration
10
+ This gem is just a replacement for cookies when these can't be used. As with
11
+ cookies, a `devise-jwt` token will mandatorily have an expiration
12
12
  time. If you need that your users never sign out, you will be better off with a
13
13
  solution using refresh tokens, like some implementation of OAuth2.
14
14
 
@@ -19,7 +19,7 @@ You can read about which security concerns this library takes into account and a
19
19
  - [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage)
20
20
  - [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails)
21
21
 
22
- `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
22
+ `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with Devise and Rails.
23
23
 
24
24
  ## Upgrade notes
25
25
 
@@ -31,7 +31,7 @@ For `Denylist`, you only need to update the `include` line you're using in your
31
31
 
32
32
  ```ruby
33
33
  # include Devise::JWT::RevocationStrategies::Blacklist # before
34
- include Devise::JWT::RevocationStrategies::Denylist
34
+ include Devise::JWT::RevocationStrategies::Denylist
35
35
  ```
36
36
 
37
37
  For `Allowlist`, you need to update the `include` line you're using in your user model:
@@ -61,11 +61,11 @@ Or install it yourself as:
61
61
 
62
62
  ## Usage
63
63
 
64
- First you need to configure devise to work in an API application. You can follow the instructions in this project wiki page [Configuring devise for APIs](https://github.com/waiting-for-dev/devise-jwt/wiki/Configuring-devise-for-APIs) (you are more than welcome to improve them).
64
+ First, you need to configure Devise to work in an API application. You can follow the instructions in this project wiki page [Configuring Devise for APIs](https://github.com/waiting-for-dev/devise-jwt/wiki/Configuring-devise-for-APIs) (you are more than welcome to improve them).
65
65
 
66
66
  ### Secret key configuration
67
67
 
68
- First of all, you have to configure the secret key that will be used to sign generated tokens. You can do it in the devise initializer:
68
+ You have to configure the secret key that will be used to sign generated tokens. You can do it in the Devise initializer:
69
69
 
70
70
  ```ruby
71
71
  Devise.setup do |config|
@@ -76,18 +76,66 @@ Devise.setup do |config|
76
76
  end
77
77
  ```
78
78
 
79
- **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
79
+ If you are using Encrypted Credentials (Rails 5.2+), you can store the secret key in `config/credentials.yml.enc`.
80
80
 
81
- Currently, HS256 algorithm is the one in use.
81
+ Open your credentials editor using `bin/rails credentials:edit` and add `devise_jwt_secret_key`.
82
+
83
+ > **Note** you may need to set `$EDITOR` depending on your specific environment.
84
+
85
+ ```yml
86
+
87
+ # Other secrets...
88
+
89
+ # Used as the base secret for Devise JWT
90
+ devise_jwt_secret_key: abc...xyz
91
+ ```
92
+
93
+ Add the following to the Devise initializer.
94
+
95
+ ```ruby
96
+ Devise.setup do |config|
97
+ # ...
98
+ config.jwt do |jwt|
99
+ jwt.secret = Rails.application.credentials.devise_jwt_secret_key!
100
+ end
101
+ end
102
+ ```
103
+
104
+ > **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
105
+
106
+ Currently, HS256 algorithm is the one in use. You may configure a matching secret and algorithm name to use a different one (see [ruby-jwt](https://github.com/jwt/ruby-jwt#algorithms-and-usage) to see which are supported):
107
+
108
+ ```ruby
109
+ Devise.setup do |config|
110
+ # ...
111
+ config.jwt do |jwt|
112
+ jwt.secret = OpenSSL::PKey::RSA.new(Rails.application.credentials.devise_jwt_secret_key!)
113
+ jwt.algorithm = Rails.application.credentials.devise_jwt_algorithm!
114
+ end
115
+ end
116
+ ```
117
+
118
+ If the algorithm is asymmetric (e.g. RS256) which necessitates a different decoding secret, configure the `decoding_secret` setting as well:
119
+
120
+ ```ruby
121
+ Devise.setup do |config|
122
+ # ...
123
+ config.jwt do |jwt|
124
+ jwt.secret = OpenSSL::PKey::RSA.new(Rails.application.credentials.devise_jwt_private_key!)
125
+ jwt.decoding_secret = OpenSSL::PKey::RSA.new(Rails.application.credentials.devise_jwt_public_key!)
126
+ jwt.algorithm = 'RS256' # or some other asymmetric algorithm
127
+ end
128
+ end
129
+ ```
82
130
 
83
131
  ### Model configuration
84
132
 
85
133
  You have to tell which user models you want to be able to authenticate with JWT tokens. For them, the authentication process will be like this:
86
134
 
87
- - A user authenticates through devise create session request (for example, using the standard `:database_authenticatable` module).
135
+ - A user authenticates through Devise create session request (for example, using the standard `:database_authenticatable` module).
88
136
  - If the authentication succeeds, a JWT token is dispatched to the client in the `Authorization` response header, with format `Bearer #{token}` (tokens are also dispatched on a successful sign up).
89
137
  - The client can use this token to authenticate following requests for the same user, providing it in the `Authorization` request header, also with format `Bearer #{token}`
90
- - When the client visits devise destroy session request, the token is revoked.
138
+ - When the client visits Devise destroy session request, the token is revoked.
91
139
 
92
140
  See [request_formats](#request_formats) configuration option if you are using paths with a format segment (like `.json`) in order to use it properly.
93
141
 
@@ -102,7 +150,7 @@ class User < ApplicationRecord
102
150
  end
103
151
  ```
104
152
 
105
- If you need to add something to the JWT payload, you can do it defining a `jwt_payload` method in the user model. It must return a `Hash`. For instance:
153
+ If you need to add something to the JWT payload, you can do it by defining a `jwt_payload` method in the user model. It must return a `Hash`. For instance:
106
154
 
107
155
  ```ruby
108
156
  def jwt_payload
@@ -136,11 +184,11 @@ end
136
184
  #### Session storage caveat
137
185
 
138
186
  If you are working with a Rails application that has session storage enabled
139
- and a default devise setup, chances are that same origin requests will be
187
+ and a default Devise setup, chances are the same origin requests will be
140
188
  authenticated from the session regardless of a token being present in the
141
189
  headers or not.
142
190
 
143
- This is so because of the following default devise workflow:
191
+ This is so because of the following default Devise workflow:
144
192
 
145
193
  - When a user signs in with `:database_authenticatable` strategy, the user is
146
194
  stored in the session unless one of the following conditions is met:
@@ -150,13 +198,13 @@ This is so because of the following default devise workflow:
150
198
  protection](http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html)
151
199
  handles an unverified request (but this is usually deactivated for API
152
200
  requests).
153
- - Warden (the engine below devise), authenticates any request that has the user
154
- in the session without even reaching to any strategy (`:jwt_authenticatable`
201
+ - Warden (the engine below Devise), authenticates any request that the user has
202
+ in the session without requiring a strategy (`:jwt_authenticatable`
155
203
  in our case).
156
204
 
157
205
  So, if you want to avoid this caveat you have three options:
158
206
 
159
- - Disable the session. If you are developing an API, probably you don't need
207
+ - Disable the session. If you are developing an API, you probably don't need
160
208
  it. In order to disable it, change `config/initializers/session_store.rb` to:
161
209
  ```ruby
162
210
  Rails.application.config.session_store :disabled
@@ -169,7 +217,7 @@ So, if you want to avoid this caveat you have three options:
169
217
  config.skip_session_storage = [:http_auth, :params_auth]
170
218
  ```
171
219
  - If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
172
- to disable session storage for devise entirely, you can disable it on a
220
+ to disable session storage for Devise entirely, you can disable it on a
173
221
  per-model basis:
174
222
  ```ruby
175
223
  class User < ApplicationRecord
@@ -184,7 +232,7 @@ So, if you want to avoid this caveat you have three options:
184
232
 
185
233
  #### JTIMatcher
186
234
 
187
- Here, the model class acts itself as the revocation strategy. It needs a new string column with name `jti` to be added to the user. `jti` stands for JWT ID, and it is a standard claim meant to uniquely identify a token.
235
+ Here, the model class acts as the revocation strategy. It needs a new string column named `jti` to be added to the user. `jti` stands for JWT ID, and it is a standard claim meant to uniquely identify a token.
188
236
 
189
237
  It works like the following:
190
238
 
@@ -229,7 +277,7 @@ end
229
277
 
230
278
  #### Denylist
231
279
 
232
- In this strategy, a database table is used as a list of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of staled tokens.
280
+ In this strategy, a database table is used as a list of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted. The `exp` claim is also stored to allow the clean-up of stale tokens.
233
281
 
234
282
  In order to use it, you need to create the denylist table in a migration:
235
283
 
@@ -244,7 +292,7 @@ end
244
292
  ```
245
293
  For performance reasons, it is better if the `jti` column is an index.
246
294
 
247
- Note: if you used the denylist strategy before vesion 0.4.0 you may not have the field *exp.* If not, run the following migration:
295
+ Note: if you used the denylist strategy before version 0.4.0 you may not have the field *exp.* If not, run the following migration:
248
296
 
249
297
  ```ruby
250
298
  class AddExpirationTimeToJWTDenylist < ActiveRecord::Migration
@@ -276,9 +324,9 @@ end
276
324
 
277
325
  #### Allowlist
278
326
 
279
- Here, the model itself acts also as a revocation strategy, but it needs to have
327
+ Here, the model itself also acts as a revocation strategy, but it needs to have
280
328
  a one-to-many association with another table which stores the tokens (in fact
281
- their `jti` claim, which uniquely identifies them) valids for each user record.
329
+ their `jti` claim, which uniquely identifies them) that are valid for each user record.
282
330
 
283
331
  The workflow is as the following:
284
332
 
@@ -296,7 +344,7 @@ devices for the same user.
296
344
 
297
345
  The `exp` claim is also stored to allow the clean-up of staled tokens.
298
346
 
299
- In order to use it, you have to create yourself the associated table and model.
347
+ In order to use it, you have to create the associated table and model.
300
348
  The association table must be called `allowlisted_jwts`:
301
349
 
302
350
  ```ruby
@@ -313,7 +361,7 @@ def change
313
361
  add_index :allowlisted_jwts, :jti, unique: true
314
362
  end
315
363
  ```
316
- Important: You are encouraged to set a unique index in the jti column. This way we can be sure at the database level that there aren't two valid tokens with same jti at the same time. Definining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
364
+ Important: You are encouraged to set a unique index in the `jti` column. This way we can be sure at the database level that there aren't two valid tokens with the same `jti` at the same time. Defining `foreign_key: { on_delete: :cascade }, null: false` on `t.references :your_user_table` helps to keep referential integrity of your database.
317
365
 
318
366
  And then, the model:
319
367
 
@@ -355,7 +403,7 @@ end
355
403
 
356
404
  #### Custom strategies
357
405
 
358
- You can also implement your own strategies. They just need to implement two methods: `jwt_revoked?` and `revoke_jwt`, both of them accepting as parameters the JWT payload and the user record, in this order.
406
+ You can also implement your own strategies. They just need to implement two methods: `jwt_revoked?` and `revoke_jwt`, both of them accept the JWT payload and the user record as parameters, in this order.
359
407
 
360
408
  For instance:
361
409
 
@@ -379,10 +427,10 @@ end
379
427
  ### Testing
380
428
 
381
429
  Models configured with `:jwt_authenticatable` usually won't be retrieved from
382
- the session. For this reason, `sign_in` devise testing helper methods won't
430
+ the session. For this reason, `sign_in` Devise testing helper methods won't
383
431
  work as expected.
384
432
 
385
- What you need to do in order to authenticate test environment requests is the
433
+ What you need to do to authenticate test environment requests is the
386
434
  same that you will do in production: to provide a valid token in the
387
435
  `Authorization` header (in the form of `Bearer #{token}`) at every request.
388
436
 
@@ -420,7 +468,7 @@ Usually you will wrap this in your own test helper.
420
468
 
421
469
  ### Configuration reference
422
470
 
423
- This library can be configured calling `jwt` on devise config object:
471
+ This library can be configured calling `jwt` on Devise config object:
424
472
 
425
473
  ```ruby
426
474
  Devise.setup do |config|
@@ -431,17 +479,21 @@ end
431
479
  ```
432
480
  #### secret
433
481
 
434
- Secret key used to sign generated JWT tokens. You must set it.
482
+ Secret key is used to sign generated JWT tokens. You must set it.
483
+
484
+ #### rotation_secret
485
+
486
+ Allow rotating secrets. Set a new value to `secret` and copy the old secret to `rotation_secret`.
435
487
 
436
488
  #### expiration_time
437
489
 
438
490
  Number of seconds while a JWT is valid after its generation. After that, it won't be valid anymore, even if it hasn't been revoked.
439
491
 
440
- Defaults to 3600 (1 hour).
492
+ Defaults to 3600 seconds (1 hour).
441
493
 
442
494
  #### dispatch_requests
443
495
 
444
- Besides the create session one, additional requests where JWT tokens should be dispatched.
496
+ Besides the create session one, there are additional requests where JWT tokens should be dispatched.
445
497
 
446
498
  It must be a bidimensional array, each item being an array of two elements: the request method and a regular expression that must match the request path.
447
499
 
@@ -458,7 +510,7 @@ jwt.dispatch_requests = [
458
510
 
459
511
  #### revocation_requests
460
512
 
461
- Besides the destroy session one, additional requests where JWT tokens should be revoked.
513
+ Besides the destroy session one, there are additional requests where JWT tokens should be revoked.
462
514
 
463
515
  It must be a bidimensional array, each item being an array of two elements: the request method and a regular expression that must match the request path.
464
516
 
@@ -477,7 +529,7 @@ jwt.revocation_requests = [
477
529
 
478
530
  Request formats that must be processed (in order to dispatch or revoke tokens).
479
531
 
480
- It must be a hash of devise scopes as keys and an array of request formats as
532
+ It must be a hash of Devise scopes as keys and an array of request formats as
481
533
  values. When a scope is not present or if it has a nil item, requests without
482
534
  format will be taken into account.
483
535
 
data/devise-jwt.gemspec CHANGED
@@ -22,12 +22,11 @@ Gem::Specification.new do |spec|
22
22
  spec.require_paths = ["lib"]
23
23
 
24
24
  spec.add_dependency 'devise', '~> 4.0'
25
- spec.add_dependency 'warden-jwt_auth', '~> 0.6'
25
+ spec.add_dependency 'warden-jwt_auth', '~> 0.8'
26
26
 
27
27
  spec.add_development_dependency "bundler", "> 1"
28
28
  spec.add_development_dependency "rake", "~> 13.0"
29
29
  spec.add_development_dependency "rspec"
30
- spec.add_development_dependency "pry-byebug", "~> 3.7"
31
30
  # Needed to test the rails fixture application
32
31
  spec.add_development_dependency 'rails', '~> 6.0'
33
32
  spec.add_development_dependency 'sqlite3', '~> 1.3'
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Devise
4
4
  module JWT
5
- VERSION = '0.9.0'
5
+ VERSION = '0.11.0'
6
6
  end
7
7
  end
data/lib/devise/jwt.rb CHANGED
@@ -17,9 +17,7 @@ module Devise
17
17
  #
18
18
  # @see Warden::JWTAuth
19
19
  def self.jwt
20
- Warden::JWTAuth.config.to_h
21
20
  yield(Devise::JWT.config)
22
- Devise::JWT.config.to_h
23
21
  end
24
22
 
25
23
  add_module(:jwt_authenticatable, strategy: :jwt)
@@ -38,6 +36,16 @@ module Devise
38
36
  default: Warden::JWTAuth.config.secret,
39
37
  constructor: ->(value) { forward_to_warden(:secret, value) })
40
38
 
39
+ setting(:rotation_secret,
40
+ default: Warden::JWTAuth.config.rotation_secret,
41
+ constructor: ->(value) { forward_to_warden(:rotation_secret, value) })
42
+
43
+ setting(:decoding_secret,
44
+ constructor: ->(value) { forward_to_warden(:decoding_secret, value) })
45
+
46
+ setting(:algorithm,
47
+ constructor: ->(value) { forward_to_warden(:algorithm, value) })
48
+
41
49
  setting(:expiration_time,
42
50
  default: Warden::JWTAuth.config.expiration_time,
43
51
  constructor: ->(value) { forward_to_warden(:expiration_time, value) })
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.11.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marc Busqué
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-09-21 00:00:00.000000000 Z
11
+ date: 2023-05-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.6'
33
+ version: '0.8'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.6'
40
+ version: '0.8'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -80,20 +80,6 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
- - !ruby/object:Gem::Dependency
84
- name: pry-byebug
85
- requirement: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: '3.7'
90
- type: :development
91
- prerelease: false
92
- version_requirements: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - "~>"
95
- - !ruby/object:Gem::Version
96
- version: '3.7'
97
83
  - !ruby/object:Gem::Dependency
98
84
  name: rails
99
85
  requirement: !ruby/object:Gem::Requirement
@@ -200,10 +186,13 @@ extensions: []
200
186
  extra_rdoc_files: []
201
187
  files:
202
188
  - ".codeclimate.yml"
189
+ - ".github/FUNDING.yml"
190
+ - ".github/dependabot.yml"
191
+ - ".github/workflows/ci.yml"
192
+ - ".github/workflows/lint.yml"
203
193
  - ".gitignore"
204
194
  - ".rspec"
205
195
  - ".rubocop.yml"
206
- - ".travis.yml"
207
196
  - CHANGELOG.md
208
197
  - CODE_OF_CONDUCT.md
209
198
  - Dockerfile
@@ -248,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
248
237
  - !ruby/object:Gem::Version
249
238
  version: '0'
250
239
  requirements: []
251
- rubygems_version: 3.1.2
240
+ rubygems_version: 3.3.7
252
241
  signing_key:
253
242
  specification_version: 4
254
243
  summary: JWT authentication for devise
data/.travis.yml DELETED
@@ -1,21 +0,0 @@
1
- language: ruby
2
- cache: bundler
3
- rvm:
4
- - 2.6
5
- - 2.7
6
- - 3.0
7
- - ruby-head
8
- before_install:
9
- - gem update --system --no-doc
10
- - gem install bundler
11
- script:
12
- - bundle exec rspec
13
- - bundle exec rubocop
14
- - bundle exec codeclimate-test-reporter
15
- jobs:
16
- allow_failures:
17
- - rvm: ruby-head
18
- addons:
19
- code_climate:
20
- repo_token:
21
- secure: OWVschEUE+pVEQFR9dgtCUVmf2GJF3e7RTvX9M3CS7fhLyWqDlHdkCxmxCGJQDBVXR59ReCni2sbbRgkfqekkggLEG3gvHl2uof9+PVVRXTbDDDydwDGHLvcT8ZVJOHVgqgX899j6eBSsqdtSB7rMEdMOYBYDw35/yd844LkaW+sOWUbx0SJSo0V0QtJe3DC7vTAo/EEGTQs7WRGcXa6Pg9RlWiK7ThVoEbXQ4GDdjS5mWsQer4QcdnOfiuBL8mC3XAX+wJyBIqAVetAmhFKtwH+pKYMqRbcI/iBSaHslGowLr+tQW/tLO9XZsz95C6037XUse6BUJ5U9mYsgcnebslVJnuQ4dyXTXwQ2e1Fzy4iYr9Iz2Yhr3EjchXOvXh0D2BDPLCZMF98W/hsPZ4hPq/FhfjdfJXHcuqU6k7Ozr6UTwMmuNMvR7af2hXGaralTPOH8SVh/RtxpWsAocNA4n1b7dhdpMLKDNZ7GxdunDo5zJ03HUH4d0SDexnx3xSpfR/q+FJDHNxfD7KVAsgQYnrNjde/DnYszV2E3EAUVWF71ZaNQIvDyS1gyBjjvkSGRGL5tY7z+sdaRfE68toidgl2eR08vt/eYo3DIIzwPvI5N/BTv/Xm8vQ+jfwxCF6Ezr1TJTZW4auoMBAVqrr4HoO6T7VHTOeUD0Bukp7KBfQ=