devise-jwt 0.5.1 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 40863b765f36af4c045c694d74e8b8a40c81f202
-  data.tar.gz: 3c96394c50b8e6a393c9ebee373be62bfde8157e
+  metadata.gz: 6ae27be60b14e728a0f86baaef42c0dc4bf04813
+  data.tar.gz: b671e8223fcc31bfbae9e020ef3c363b600e63e0
 SHA512:
-  metadata.gz: 52f0104471824acecb959fe8335165b1187606e1727e9ad5423db51225a6bbaf1264b109346042018a122978cc3ff75a2a64910a05aa37b1d294a2361657cb68
-  data.tar.gz: f36d8acd62aa6f70c4a661d6df51bb6486aefa600246f69e8781ca6358b86395318faa984da70375528ea632919666b1347e8fc5987d97bd3e48b4551eb2e82d
+  metadata.gz: b78d89e4b8ef89e96a07b7ea49417b52aa04672ae585056c335d74a1fbb9c0f4e8ee7f7442df44753f20de04ebe7607af48250395451fd944595bfcf99229b23
+  data.tar.gz: 232d88e6253117a24b34909c253fb4cd9ae81f147a2bd4e85b79e48c9d18d04cacc42c6d4f881b5ff6be805bf0903262fcedb357a3228e9b1854fb44daae9666

data/CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.5.2] - 2017-12-23
+### Added
+- Added a test helper to authenticate request headers
+
 ## [0.5.1] - 2017-12-11
 ### Added
 - Update `warden-jwt_auth` dependency to ensure JWT scopes are not fetched from

data/README.md

@@ -26,7 +26,7 @@ You can read about which security concerns this library takes into account and a
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'devise-jwt', '~> 0.5.1'
+gem 'devise-jwt', '~> 0.5.2'
 ```
 
 And then execute:
@@ -309,6 +309,48 @@ class User < ApplicationRecord
 end
 ```
 
+### Testing
+
+Models configured with `:jwt_authenticatable` can't be retrieved from the
+session. For this reason, `sign_in` devise testing helper methods won't work as
+expected.
+
+What you need to do in order to authenticate test environment requests is the
+same that you will do in production: to provide a valid token in the
+`Authorization` header (in the form of `Bearer #{token}`) at every request.
+
+There are two ways you can get a valid token:
+
+- Inspecting the `Authorization` response header after a valid sign in request.
+- Manually creating it.
+
+The first option tests the real workflow of your application, but it can slow
+things if you perform it at every test.
+
+For the second option, a test helper is provided in order to add the
+`Authorization` name/value pair to given request headers. You can use it as in
+the following example:
+
+```ruby
+# First, require the helper module
+require 'devise/jwt/test_helpers'
+
+# ...
+
+  it 'tests something' do
+    user = fetch_my_user()
+    headers = { 'Accept' => 'application/json', 'Content-Type' => 'application/json' }
+    # This will add a valid token for `user` in the `Authorization` header
+    auth_headers = Devise::JWT::TestHelpers.auth_headers(headers, user)
+    
+    get '/my/end_point', headers: auth_headers
+    
+    expect_something()
+  end
+```
+
+Usually you will wrap this in your own test helper.
+
 ### Configuration reference
 
 This library can be configured calling `jwt` on devise config object:

data/devise-jwt.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'devise', '~> 4.0'
-  spec.add_dependency 'warden-jwt_auth', '~> 0.3.1'
+  spec.add_dependency 'warden-jwt_auth', '~> 0.3.2'
 
   spec.add_development_dependency "bundler", "~> 1.12"
   spec.add_development_dependency "rake", "~> 10.0"

data/lib/devise/jwt/test_helpers.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Devise
+  module JWT
+    # Helpers to make testing authorization through JWT easier
+    module TestHelpers
+      # Returns headers with a valid token in the `Authorization` header
+      # added.
+      #
+      # Be aware that a fresh copy of `headers` is returned with the new
+      # key/value pair added, instead of modifying given argument.
+      #
+      # @param headers [Hash] Headers to which add the `Authorization` item.
+      # @param user [ActiveRecord::Base] The user to authenticate.
+      # @param scope [Symbol] The warden scope. If `nil` it will be
+      # autodetected.
+      # @param aud [String] The aud claim. If `nil` it will be autodetected from
+      # the header name configured in `Devise::JWT.config.aud_header`.
+      #
+      # :reek:LongParemeterList
+      def self.auth_headers(headers, user, scope: nil, aud: nil)
+        scope ||= Devise::Mapping.find_scope!(user)
+        aud ||= headers[Warden::JWTAuth.config.aud_header]
+        token, _payload = Warden::JWTAuth::UserEncoder.new.call(
+          user, scope, aud
+        )
+        Warden::JWTAuth::HeaderParser.to_headers(headers, token)
+      end
+    end
+  end
+end

data/lib/devise/jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Devise
   module JWT
-    VERSION = '0.5.1'
+    VERSION = '0.5.2'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-jwt
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.2
 platform: ruby
 authors:
 - Marc Busqué
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-11 00:00:00.000000000 Z
+date: 2017-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.1
+        version: 0.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.1
+        version: 0.3.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -201,6 +201,7 @@ files:
 - lib/devise/jwt/revocation_strategies/jti_matcher.rb
 - lib/devise/jwt/revocation_strategies/null.rb
 - lib/devise/jwt/revocation_strategies/whitelist.rb
+- lib/devise/jwt/test_helpers.rb
 - lib/devise/jwt/version.rb
 homepage: https://github.com/waiting-for-dev/devise-jwt
 licenses: