devise-jwt 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5059317e23ed849c9d62cea8954a293b30ee4d76
+  data.tar.gz: 56dad0b86b27e5ded58b046e45e3cbed7bc236ee
+SHA512:
+  metadata.gz: 5c339448845a43f83a50e70e3737c923c7d202abdcf94c37a37fb12cbdd5ad1477624b200340dfbcf8c9febc6deb5f91ca9aeae23b3970740377e0d538666453
+  data.tar.gz: 1eb58364cad0088955fcc2582c79778afc7b9d397b6c1c0366eb84a666f49fa9b1276ac49fe8dc1fd785d170fe2c1ec42b702caa1b32e76376696a717bd1c16a

data/.codeclimate.yml

@@ -0,0 +1,17 @@
+engines:
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+  fixme:
+    enabled: true
+  rubocop:
+    enabled: true
+  reek:
+    enabled: true
+ratings:
+  paths:
+  - "**.rb"
+exclude_paths:
+  - spec/

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.overcommit_gems.rb.lock
+*.log
+*sqlite3-journal

data/.overcommit.yml

@@ -0,0 +1,55 @@
+#
+# Select version of overcommit and the other tools from Gemfile
+#
+gemfile: .overcommit_gems.rb
+
+#
+# Hooks that are run against every commit message after a user has written it.
+#
+CommitMsg:
+  ALL:
+    required: true
+    exclude: &default_excludes
+      - Gemfile
+      - devise-jwt.gemspec
+      - spec/fixtures/rails_app/**/*
+      - README.md
+
+  HardTabs:
+    enabled: true
+
+  SingleLineSubject:
+    enabled: true
+
+#
+# Hooks that are run after `git commit` is executed, before the commit message
+# editor is displayed.
+#
+PreCommit:
+  ALL:
+    required: true
+    exclude: *default_excludes
+
+  BundleAudit:
+    enabled: true
+
+  BundleCheck:
+    enabled: true
+
+  LocalPathsInGemfile:
+    enabled: true
+
+  ExecutePermissions:
+    enabled: true
+    exclude:
+      - *default_excludes
+      - bin/*
+
+  Reek:
+    enabled: true
+
+  RuboCop:
+    enabled: true
+
+  TrailingWhitespace:
+    enabled: true

data/.overcommit_gems.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gem 'overcommit', '~> 0.36'
+
+# Patch-level verification for Bundled apps
+gem 'bundler-audit', '~> 0.5'
+
+# Ruby code smell reporter
+gem 'reek', '~> 4.5'
+
+# Ruby code style checking
+gem 'rubocop', '~> 0.47'
+gem 'rubocop-rspec', '~> 1.10'

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,10 @@
+require: rubocop-rspec
+AllCops:
+  TargetRubyVersion: 2.3
+RSpec/NestedGroups:
+  Max: 3
+RSpec/MessageExpectation:
+  EnforcedStyle: 'expect'
+Metrics/BlockLength:
+  Exclude:
+    - "spec/**/*.rb"

data/.travis.yml

@@ -0,0 +1,21 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.6
+  - 2.3.3
+  - 2.4.0
+before_install:
+  - gem update --system --no-doc
+  - bundle install --gemfile=.overcommit_gems.rb
+before_script:
+  - git config --global user.email 'travis@travis.ci'
+  - git config --global user.name 'Travis CI'
+script:
+  - bundle exec rspec
+  - bundle exec codeclimate-test-reporter
+  - overcommit --sign
+  - overcommit --run
+addons:
+  code_climate:
+    repo_token:
+      secure: OWVschEUE+pVEQFR9dgtCUVmf2GJF3e7RTvX9M3CS7fhLyWqDlHdkCxmxCGJQDBVXR59ReCni2sbbRgkfqekkggLEG3gvHl2uof9+PVVRXTbDDDydwDGHLvcT8ZVJOHVgqgX899j6eBSsqdtSB7rMEdMOYBYDw35/yd844LkaW+sOWUbx0SJSo0V0QtJe3DC7vTAo/EEGTQs7WRGcXa6Pg9RlWiK7ThVoEbXQ4GDdjS5mWsQer4QcdnOfiuBL8mC3XAX+wJyBIqAVetAmhFKtwH+pKYMqRbcI/iBSaHslGowLr+tQW/tLO9XZsz95C6037XUse6BUJ5U9mYsgcnebslVJnuQ4dyXTXwQ2e1Fzy4iYr9Iz2Yhr3EjchXOvXh0D2BDPLCZMF98W/hsPZ4hPq/FhfjdfJXHcuqU6k7Ozr6UTwMmuNMvR7af2hXGaralTPOH8SVh/RtxpWsAocNA4n1b7dhdpMLKDNZ7GxdunDo5zJ03HUH4d0SDexnx3xSpfR/q+FJDHNxfD7KVAsgQYnrNjde/DnYszV2E3EAUVWF71ZaNQIvDyS1gyBjjvkSGRGL5tY7z+sdaRfE68toidgl2eR08vt/eYo3DIIzwPvI5N/BTv/Xm8vQ+jfwxCF6Ezr1TJTZW4auoMBAVqrr4HoO6T7VHTOeUD0Bukp7KBfQ=

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at marc@lamarciana.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Dockerfile

@@ -0,0 +1,9 @@
+FROM ruby:2.3.1
+ENV APP_HOME /app/
+ENV LIB_DIR lib/devise/jwt/
+RUN apt-get update -qq && apt-get install -y build-essential libpq-dev libxml2-dev libxslt1-dev nodejs
+RUN mkdir -p $APP_HOME/$LIB_DIR
+WORKDIR $APP_HOME
+COPY Gemfile *gemspec $APP_HOME
+COPY $LIB_DIR/version.rb $APP_HOME/$LIB_DIR
+RUN bundle install

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise-jwt.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Marc Busqué
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,283 @@
+# Devise::JWT
+
+[![Build Status](https://travis-ci.org/waiting-for-dev/devise-jwt.svg?branch=master)](https://travis-ci.org/waiting-for-dev/devise-jwt)
+[![Code Climate](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/gpa.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt)
+[![Test Coverage](https://codeclimate.com/github/waiting-for-dev/devise-jwt/badges/coverage.svg)](https://codeclimate.com/github/waiting-for-dev/devise-jwt/coverage)
+
+`devise-jwt` is a [devise](https://github.com/plataformatec/devise) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
+
+You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
+
+- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
+- [JWT Recovation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
+- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
+- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_for_rack_and_rails)
+
+`devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'devise-jwt', '~> 0.1.0'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install devise-jwt
+
+## Usage
+
+### Secret key configuration
+
+First of all, you have to configure the secret key that will be used to sign generated tokens. You can do it in the devise initializer:
+
+```ruby
+Devise.setup do |config|
+  # ...
+  config.jwt do |jwt|
+    jwt.secret = ENV['DEVISE_JWT_SECRET_KEY']
+  end
+end
+```
+
+**Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
+
+Currently, HS256 algorithm is the one in use.
+
+### Model configuration
+
+You have to tell which user models you want to be able to authenticate with JWT tokens. For them, the authentication process will be like this:
+
+- A user authenticates trough devise create session request (for example, using the standard `:database_authenticatable` module).
+- If the authentication succeeds, a JWT token is dispatched to the client in the `Authorization` response header, with format `Bearer #{token}`
+- The client can use this token to authenticate following requests for the same user, providing it in the `Authorization` request header, also with format `Bearer #{token}`
+- When the client visits devise destroy session request, the token is revoked.
+
+As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/).
+
+An example configuration:
+
+```ruby
+class User < ApplicationRecord
+  devise :database_authenticatable,
+         :jwt_authenticatable, jwt_revocation_strategy: Blacklist
+end
+```
+
+If you need to add something to the JWT payload, you can do it defining a `jwt_payload` method in the user model. It must return a `Hash`. For instance:
+
+```ruby
+def jwt_payload
+  { 'foo' => 'bar' }
+end
+```
+
+### Revocation strategies
+
+`devise-jwt` comes with two revocation strategies out of the box. They are implementations of what is discussed in the blog post [JWT Recovation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/), where I also talk about their pros and cons.
+
+#### JTIMatcher
+
+Here, the model class acts itself as the revocation strategy. It needs a new string column with name `jti` to be added to the user. `jti` stands for JWT ID, and it is a standard claim meant to uniquely identify a token.
+
+It works like the following:
+
+- At the same time that a token is dispatched for a user, the `jti` claim is persisted to the `jti` column.
+- At every authenticated action, the incoming token `jti` claim is matched against the `jti` column for that user. The authentication only succeeds if they are the same.
+- When the user requests to sign out its `jti` column changes, so that provided token won't be valid anymore.
+
+In order to use it, you need to add the `jti` column to the user model. So, you have to set something like the following in a migration:
+
+```ruby
+def change
+  add_column :users, :jti, :string, null: false
+  add_index :users, :jti, unique: true
+  # If you already have user records, you will need to initialize its `jti` column before setting it to not nullable. Your migration will look this way:
+  # add_column :users, :jti, :string
+  # User.all.each { |user| user.update_column(:jti, SecureRandom.uuid) }
+  # change_column_null :users, :jti, false
+  # add_index :users, :jti, unique: true
+end
+```
+
+**Important:** You are encouraged to set a unique index in the `jti` column. This way we can be sure at the database level that there aren't two valid tokens with same `jti` at the same time.
+
+Then, you have to add the strategy to the model class and configure it accordingly:
+
+```ruby
+class User < ApplicationRecord
+  include Devise::JWT::RevocationStrategies::JTIMatcher
+  
+  devise :database_authenticatable,
+         jwt_revocation_strategy: self
+end
+```
+
+Be aware that this strategy makes uses of `jwt_payload` method in the user model, so if you need to use it don't forget to call `super`:
+
+```ruby
+def jwt_payload
+  super.merge('foo' => 'bar')
+end
+```
+
+#### Blacklist
+
+In this strategy, a database table is used as a blacklist of revoked JWT tokens. The `jti` claim, which uniquely identifies a token, is persisted.
+
+In order to use it, you need to create the blacklist table in a migration:
+
+```ruby
+def change
+  create_table :jwt_blacklist do |t|
+    t.string :jti, null: false
+  end
+  add_index :jwt_blacklist, :jti
+end
+```
+
+For performance reasons, it is better if the `jti` column is an index.
+
+Then, you need to create the corresponding model and include the strategy:
+
+```ruby
+class JWTBlacklist < ApplicationRecord
+  include Devise::JWT::RevocationStrategies::Blacklist
+
+  self.table_name = 'jwt_blacklist'
+end
+```
+
+Last, configure the user model to use it:
+
+```ruby
+class User < ApplicationRecord
+  devise :database_authenticatable,
+         jwt_revocation_strategy: JWTBlacklist
+end
+```
+
+#### Null strategy
+
+A [null object pattern](https://en.wikipedia.org/wiki/Null_Object_pattern) strategy, which does not revoke tokens, is provided out of the box just in case you are absolutely sure you don't need token revocation. It is recommended **not to use it**.
+
+```ruby
+class User < ApplicationRecord
+  devise :database_authenticatable,
+         :jwt_authenticatable, jwt_revocation_strategy: Devise::JWT::RevocationStrategies::Null
+end
+```
+
+#### Custom strategies
+
+You can also implement your own strategies. They just need to implement two methods: `jwt_revoked?` and `revoke_jwt`, both of them accepting as parameters the JWT payload and the user record, in this order.
+
+For instance:
+
+```ruby
+module MyCustomStrategy
+  def self.jwt_revoked?(payload, user)
+    # Does something to check whether the JWT token is revoked for given user
+  end
+  
+  def self.revoke_jwt(payload, user)
+    # Does something to revoke the JWT token for given user
+  end
+end
+
+class User < ApplicationRecord
+  devise :database_authenticatable,
+         :jwt_authenticatable, jwt_revocation_strategy: MyCustomStrategy
+end
+```
+
+### Configuration reference
+
+This library can be configured calling `jwt` on devise config object:
+
+```ruby
+Devise.setup do |config|
+  config.jwt do |jwt|
+    # ...
+  end
+end
+```
+#### secret
+
+Secret key used to sign generated JWT tokens. You must set it.
+
+#### expiration_time
+
+Number of seconds while a JWT is valid after its generation. After that, it won't be valid anymore, even if it hasn't been revoked.
+
+Defaults to 3600 (1 hour).
+
+#### dispatch_requests
+
+Besides the create session one, additional requests where JWT tokens should be dispatched.
+
+It must be a bidimensional array, each item being an array of two elements: the request method and a regular expression that must match the request path.
+
+For example:
+
+```ruby
+jwt.dispatch_requests = [
+                          ['POST', %r{^/dispatch_path_1$}],
+                          ['GET', %r{^/dispatch_path_2$}],
+                        ]
+```
+
+**Important**: You are encouraged to delimit your regular expression with `^` and `$` to avoid unintentional matches.
+
+#### revocation_requests 
+
+Besides the destroy session one, additional requests where JWT tokens should be revoked.
+
+It must be a bidimensional array, each item being an array of two elements: the request method and a regular expression that must match the request path.
+
+For example:
+
+```ruby
+jwt.revocation_requests = [
+                            ['DELETE', %r{^/revocation_path_1$}],
+                            ['GET', %r{^/revocation_path_2$}],
+                          ]
+```
+
+**Important**: You are encouraged to delimit your regular expression with `^` and `$` to avoid unintentional matches.
+
+## Development
+
+There are docker and docker-compose files configured to create a development environment for this gem. So, if you use Docker you only need to run:
+
+`docker-compose up -d`
+
+An then, for example:
+
+`docker-compose exec app rspec`
+
+This gem uses [overcommit](https://github.com/brigade/overcommit) to execute some code review engines. If you submit a pull request, it will be executed in the CI process. In order to set it up, you need to do:
+
+```ruby
+bundle install --gemfile=.overcommit_gems.rb
+overcommit --sign
+overcommit --run # To test if it works
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/waiting-for-dev/devise-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## Release Policy
+
+`devise-jwt` follows the principles of [semantic versioning](http://semver.org/).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "devise/jwt"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/devise-jwt.gemspec

@@ -0,0 +1,38 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'devise/jwt/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "devise-jwt"
+  spec.version       = Devise::JWT::VERSION
+  spec.authors       = ["Marc Busqué"]
+  spec.email         = ["marc@lamarciana.com"]
+
+  spec.summary       = %q{JWT authentication for devise}
+  spec.description   = %q{JWT authentication for devise with configurable token revocation strategies}
+  spec.homepage      = "https://github.com/waiting-for-dev/devise-jwt"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'devise', '~> 4.0'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.1.0'
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "pry-byebug", "~> 3.4"
+  # Needed to test the rails fixture application
+  spec.add_development_dependency 'rails', '~> 5.0'
+  spec.add_development_dependency 'sqlite3', '~> 1.3'
+  spec.add_development_dependency 'rspec-rails', '~> 3.5'
+  # Test reporting
+  spec.add_development_dependency 'simplecov', '~> 0.13'
+  spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
+end

data/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+  app:
+    build: .
+    command: tail -f Gemfile
+    volumes:
+      - .:/app

data/lib/devise/jwt.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'devise'
+require 'active_support/core_ext/module/attribute_accessors'
+require 'warden/jwt_auth'
+require 'devise/jwt/version'
+require 'devise/jwt/defaults_generator'
+require 'devise/jwt/railtie'
+require 'devise/jwt/models'
+require 'devise/jwt/revocation_strategies'
+
+# Authentication library
+module Devise
+  # Yields to Warden::JWTAuth.config
+  #
+  # @see Warden::JWTAuth
+  def self.jwt
+    yield(Warden::JWTAuth.config)
+  end
+
+  add_module(:jwt_authenticatable, strategy: :jwt)
+
+  # JWT extension for devise
+  module JWT
+  end
+end

data/lib/devise/jwt/defaults_generator.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Devise
+  module JWT
+    # Generate defaults to be used in the configuration for the Devise
+    # installation in a Rails app
+    #
+    # @see Warden::JWTAuth
+    class DefaultsGenerator
+      attr_reader :routes, :devise_mappings
+
+      def initialize
+        @routes = Rails.application.routes
+        @devise_mappings = Devise.mappings
+      end
+
+      def mappings
+        @mappings ||= devise_mappings.each_with_object({}) do |tuple, hash|
+          scope, mapping = tuple
+          modules = mapping.modules
+          next unless modules.include?(:jwt_authenticatable)
+          hash[scope] = mapping.to
+        end
+      end
+
+      def dispatch_requests
+        scopes.each_with_object([]) do |scope, array|
+          named_route = "#{scope}_session"
+          array << request_for(named_route)
+        end
+      end
+
+      def revocation_requests
+        scopes.each_with_object([]) do |scope, array|
+          named_route = "destroy_#{scope}_session"
+          array << request_for(named_route)
+        end
+      end
+
+      def revocation_strategies
+        mappings.each_with_object({}) do |tuple, hash|
+          scope, model = tuple
+          hash[scope] = model.jwt_revocation_strategy
+        end
+      end
+
+      private
+
+      def scopes
+        mappings.keys
+      end
+
+      def request_for(named_route)
+        named_path = "#{named_route}_path"
+        route = routes.named_routes[named_route]
+        method = route.verb
+        path = /^#{routes.url_helpers.send(named_path)}$/
+        [method, path]
+      end
+    end
+  end
+end

data/lib/devise/jwt/models.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'devise/jwt/models/jwt_authenticatable'
+
+module Devise
+  # Devise models
+  #
+  # @see Devise::Models
+  module Models
+  end
+end

data/lib/devise/jwt/models/jwt_authenticatable.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+
+module Devise
+  module Models
+    # Model that will be authenticatable with the JWT strategy
+    #
+    # @see [Warden::JWTAuth::Interfaces::UserRepository]
+    # @see [Warden::JWTAuth::Interfaces::User]
+    module JwtAuthenticatable
+      extend ActiveSupport::Concern
+
+      class_methods do
+        Devise::Models.config(self, :jwt_revocation_strategy)
+      end
+
+      included do
+        def self.find_for_jwt_authentication(sub)
+          find(sub)
+        end
+      end
+
+      def jwt_subject
+        id
+      end
+    end
+  end
+end

data/lib/devise/jwt/railtie.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'rails/railtie'
+
+module Devise
+  module JWT
+    # Pluck to rails
+    class Railtie < Rails::Railtie
+      initializer 'devise-jwt-middleware' do |app|
+        app.middleware.use Warden::JWTAuth::Middleware
+
+        config.after_initialize do
+          Rails.application.reload_routes!
+
+          Warden::JWTAuth.configure do |config|
+            defaults = DefaultsGenerator.new
+
+            config.mappings = defaults.mappings
+            config.dispatch_requests.push(*defaults.dispatch_requests)
+            config.revocation_requests.push(*defaults.revocation_requests)
+            config.revocation_strategies = defaults.revocation_strategies
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise/jwt/revocation_strategies.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'devise/jwt/revocation_strategies/jti_matcher'
+require 'devise/jwt/revocation_strategies/blacklist'
+require 'devise/jwt/revocation_strategies/null'
+
+module Devise
+  module JWT
+    # Pre-build revocation strategies
+    #
+    # @see Warden::JWTAuth::Interfaces::RevocationStrategy
+    module RevocationStrategies
+    end
+  end
+end

data/lib/devise/jwt/revocation_strategies/blacklist.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+
+module Devise
+  module JWT
+    module RevocationStrategies
+      # This strategy must be included in an ActiveRecord model, and requires
+      # that it has a `jti` column.
+      #
+      # In order to tell whether a token is revoked, it just checks whether
+      # `jti` is in the table. On revocation, creates a new record with it.
+      module Blacklist
+        extend ActiveSupport::Concern
+
+        included do
+          # @see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
+          def self.jwt_revoked?(payload, _user)
+            exists?(jti: payload['jti'])
+          end
+
+          # @see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
+          def self.revoke_jwt(payload, _user)
+            create(jti: payload['jti'])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise/jwt/revocation_strategies/jti_matcher.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+require 'securerandom'
+
+module Devise
+  module JWT
+    module RevocationStrategies
+      # This strategy must be included in the user model, and requires that it
+      # has a `jti` column. It adds the value of the `jti` column as the `jti`
+      # claim in dispatched tokens.
+      #
+      # In order to tell whether a token is revoked, it just compares both `jti`
+      # values. On revocation, it changes column value so that the token is no
+      # longer valid.
+      module JTIMatcher
+        extend ActiveSupport::Concern
+
+        included do
+          before_create :initialize_jti
+
+          # @see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
+          def self.jwt_revoked?(payload, user)
+            payload['jti'] != user.jti
+          end
+
+          # @see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
+          def self.revoke_jwt(_payload, user)
+            user.update_column(:jti, generate_jti)
+          end
+
+          # Generates a random and unique string to be used as jti
+          def self.generate_jti
+            SecureRandom.uuid
+          end
+        end
+
+        # Warden::JWTAuth::Interfaces::User#jwt_payload
+        def jwt_payload
+          { 'jti' => jti }
+        end
+
+        private
+
+        def initialize_jti
+          self.jti = self.class.generate_jti
+        end
+      end
+    end
+  end
+end

data/lib/devise/jwt/revocation_strategies/null.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+
+module Devise
+  module JWT
+    module RevocationStrategies
+      # This strategy is just a null object pattern strategy, so it does not
+      # revoke anything
+      module Null
+        # @see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
+        def self.jwt_revoked?(_payload, _user)
+          false
+        end
+
+        # @see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
+        def self.revoke_jwt(_payload, _user); end
+      end
+    end
+  end
+end

data/lib/devise/jwt/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Devise
+  module JWT
+    VERSION = '0.1.0'
+  end
+end

metadata

@@ -0,0 +1,226 @@
+--- !ruby/object:Gem::Specification
+name: devise-jwt
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Marc Busqué
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-01-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: warden-jwt_auth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: JWT authentication for devise with configurable token revocation strategies
+email:
+- marc@lamarciana.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".codeclimate.yml"
+- ".gitignore"
+- ".overcommit.yml"
+- ".overcommit_gems.rb"
+- ".reek"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Dockerfile
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- devise-jwt.gemspec
+- docker-compose.yml
+- lib/devise/jwt.rb
+- lib/devise/jwt/defaults_generator.rb
+- lib/devise/jwt/models.rb
+- lib/devise/jwt/models/jwt_authenticatable.rb
+- lib/devise/jwt/railtie.rb
+- lib/devise/jwt/revocation_strategies.rb
+- lib/devise/jwt/revocation_strategies/blacklist.rb
+- lib/devise/jwt/revocation_strategies/jti_matcher.rb
+- lib/devise/jwt/revocation_strategies/null.rb
+- lib/devise/jwt/version.rb
+homepage: https://github.com/waiting-for-dev/devise-jwt
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.6
+signing_key: 
+specification_version: 4
+summary: JWT authentication for devise
+test_files: []