devise-jwt 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2edd445c57c9d9cd2ed101bc9fd9e2678a4ef8dee9b671d168e5083a08edff2b
-  data.tar.gz: 2e8c86be9239ac50fe91589ddacc9110c8df84887d7f2e72a5477afa325fc961
+  metadata.gz: 04ea0b0abaaaf9486d4bc19ca5dfed4c867e12071934e8bb963fccd9fbd4fd90
+  data.tar.gz: 36375dfe1a8be67b238b8bddb1d7ccffb5c207a36faa380230fd99968f746421
 SHA512:
-  metadata.gz: 2d9658efde24910caf33abbfdc4ad050900a7904db121612c57023d74db89f5912cadc01c9b1cb69709ece57485b99743ce8c2c3b9f9a86fb6347ce54f270489
-  data.tar.gz: d01552367f5d62ce7b454434d97f840f90c2bafe284c3d5c5ae83bb4fdf541056c895613b7dfb1556d2858fb8a521d824e87f7c08a96aec439ef4aa6d7f6c0c6
+  metadata.gz: f07dbe6fafbcd51f6c380866432db7b2c372c576005ec307a0eaaacd73f1dd10b9d9fae9783da5e6a5afca15ea021262ac4068738d4a3648cb87602e8acbd089
+  data.tar.gz: 345765410de35fe76e5603ba4a42ce0f0bba52eb3743a627418b84e283bbdeffdd4cb6b0ebe932d8e88de41ca112d358ebc6b3cde9a52bda9b128e2425c60fc5

data/.github/workflows/ci.yml

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['3.0', '3.1', '3.2', ruby-head]
+        ruby-version: ['3.0', '3.1', '3.2', '3.3', ruby-head]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:

data/.github/workflows/lint.yml

@@ -6,7 +6,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:

data/CHANGELOG.md

@@ -1,9 +1,14 @@
-# Change Log
+[#](#) Change Log
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.12.0] - 2024-07-10
+### Added
+- Add support for `token_header` config
+- Add support for `issuer` config
+
 ## [0.11.0] - 2023-05-10
 ### Added
 - Add support for rotation_secret

data/README.md

@@ -101,7 +101,7 @@ Devise.setup do |config|
 end
 ```
 
-> **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `bundle exec rake secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
+> **Important:** You are encouraged to use a secret different than your application `secret_key_base`. It is quite possible that some other component of your system is already using it. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. In rails, generating new secrets is as easy as `rails secret`. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
 
 Currently, HS256 algorithm is the one in use. You may configure a matching secret and algorithm name to use a different one (see [ruby-jwt](https://github.com/jwt/ruby-jwt#algorithms-and-usage) to see which are supported):
 
@@ -202,10 +202,11 @@ This is so because of the following default Devise workflow:
   in the session without requiring a strategy (`:jwt_authenticatable`
   in our case).
 
-So, if you want to avoid this caveat you have three options:
+So, if you want to avoid this caveat you have five options:
 
 - Disable the session. If you are developing an API, you probably don't need
   it. In order to disable it, change `config/initializers/session_store.rb` to:
+  
   ```ruby
   Rails.application.config.session_store :disabled
   ```
@@ -213,18 +214,41 @@ So, if you want to avoid this caveat you have three options:
   have the session disabled.
 - If you still need the session for any other purpose, disable
   `:database_authenticatable` user storage. In `config/initializers/devise.rb`:
+  
   ```ruby
   config.skip_session_storage = [:http_auth, :params_auth]
   ```
 - If you are using Devise for another model (e.g. `AdminUser`) and doesn't want
   to disable session storage for Devise entirely, you can disable it on a
   per-model basis:
+  
   ```ruby
   class User < ApplicationRecord
     devise :database_authenticatable #, your other enabled modules...
     self.skip_session_storage = [:http_auth, :params_auth]
   end
   ```
+- If you need the session for some of the controllers, you are able to disable it at
+  the controller level for those controllers which don't need it:
+  
+  ```ruby
+  class AdminsController < ApplicationController
+    before_action :drop_session_cookie
+
+    private
+
+    def drop_session_cookie
+      request.session_options[:skip] = true
+    end
+  ```
+- As the last option you can tell Devise to not store the user in the Warden session
+  if you override default Devise `SessionsController` with your own one, and pass
+  `store: false` attribute to the `sign_in`, `sign_in_and_redirect`, `bypass_sign_in`
+  methods:
+  
+  ```ruby
+  sign_in user, store: false
+  ```
 
 ### Revocation strategies
 
@@ -563,6 +587,25 @@ like an OAuth workflow with client id and client secret.
 
 Defaults to `JWT_AUD`.
 
+#### token_header
+
+Request header containing the token in the format of `Bearer #{token}`.
+
+Defaults to `Authorization`.
+
+#### issuer
+
+The [issuer claim in the token](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1).
+
+If present, it will be checked against the incoming token issuer claim and
+authorization will be skipped if they don't match.
+
+Defaults to `nil`.
+
+```ruby
+jwt.issuer = 'http://myapp.com'
+```
+
 ## Development
 
 There are docker and docker-compose files configured to create a development environment for this gem. So, if you use Docker you only need to run:

data/devise-jwt.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.8'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.10'
 
   spec.add_development_dependency "bundler", "> 1"
   spec.add_development_dependency "rake", "~> 13.0"

data/lib/devise/jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Devise
   module JWT
-    VERSION = '0.11.0'
+    VERSION = '0.12.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Marc Busqué
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-05-10 00:00:00.000000000 Z
+date: 2024-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -222,7 +222,7 @@ homepage: https://github.com/waiting-for-dev/devise-jwt
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -237,8 +237,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key: 
+rubygems_version: 3.5.9
+signing_key:
 specification_version: 4
 summary: JWT authentication for devise
 test_files: []