devise-jwt 0.8.1 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8fe413aae5cfcb2c703195cf5e4316f84efeecbf8f05ccca617dad9cce617009
4
- data.tar.gz: aed9bfe1e2852eea2dc04885a4e6afc1375cc2aa6a41d273894d4611042d7cf6
3
+ metadata.gz: 5e40b6ccd72ec79899cc680dcbcafbfa0e2375ef5a079d21fd2bbd41863a0dd1
4
+ data.tar.gz: a2e8404f365a91acd324d5d62a6276943d08f0fd012b33f8e1a54098531d9327
5
5
  SHA512:
6
- metadata.gz: 5856bab014b5ef50d4c2412618f74307b8261dc117a4335f0597e3cc1fd67b1d74c568bc15b12a0961fdcd0d8edf0e07ef67280eb24d8eb43177152b3760d70a
7
- data.tar.gz: 0c3fd2d91daaefc8b261341498a6a359aa8092ca56d1f95ad934cf0e746761140de117f3ff9f08b8da48240cf8eaaeea62b8d473a7aeabe3bc693889dbd77c35
6
+ metadata.gz: 1d39b950c6f645a487274958c644f637a61c4bcade854703027c04202f594fe4b7409861b8275b13f02d231ea2a292135b3ec94a06e3c04cc593529129ce7f68
7
+ data.tar.gz: a804da86acdc39451f169fef0e8b04ca7bd8874600a6259ae494a02ca85b727e3bd9e08590cfa0ca8c615af11ebec58df5032948a1ae76a57e3fd1f2cc52e11e
data/CHANGELOG.md CHANGED
@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
4
4
  The format is based on [Keep a Changelog](http://keepachangelog.com/)
5
5
  and this project adheres to [Semantic Versioning](http://semver.org/).
6
6
 
7
- ## [0.8.1] - 2020-02-14
7
+ ## [0.9.0] - 2021-09-21
8
+ ### Fixed
9
+ - Fix compatibility with dry-configurable 0.13
10
+
11
+ ## [0.8.1] - 2021-02-14
8
12
  ### Fixed
9
13
  - Fix behaviour on code reload
10
14
  - Support ruby 3.0 and deprecate ruby 2.5
data/README.md CHANGED
@@ -14,10 +14,10 @@ solution using refresh tokens, like some implementation of OAuth2.
14
14
 
15
15
  You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
16
16
 
17
- - [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
18
- - [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
19
- - [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
20
- - [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails/)
17
+ - [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation)
18
+ - [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies)
19
+ - [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage)
20
+ - [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails)
21
21
 
22
22
  `devise-jwt` is just a thin layer on top of [`warden-jwt_auth`](https://github.com/waiting-for-dev/warden-jwt_auth) that configures it to be used out of the box with devise and Rails.
23
23
 
@@ -34,21 +34,21 @@ For `Denylist`, you only need to update the `include` line you're using in your
34
34
  include Devise::JWT::RevocationStrategies::Denylist
35
35
  ```
36
36
 
37
- For `Whitelist`, you need to update the `include` line you're using in your user model:
37
+ For `Allowlist`, you need to update the `include` line you're using in your user model:
38
38
 
39
39
  ```ruby
40
40
  # include Devise::JWT::RevocationStrategies::Whitelist # before
41
41
  include Devise::JWT::RevocationStrategies::Allowlist
42
42
  ```
43
43
 
44
- You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
44
+ You also have to rename your `WhitelistedJwt` model to `AllowlistedJwt`, rename `model/whitelisted_jwt.rb` to `model/allowlisted_jwt.rb` and change the underlying database table to `allowlisted_jwts` (or configure the model to keep using the old name).
45
45
 
46
46
  ## Installation
47
47
 
48
48
  Add this line to your application's Gemfile:
49
49
 
50
50
  ```ruby
51
- gem 'devise-jwt', '~> 0.7.0'
51
+ gem 'devise-jwt'
52
52
  ```
53
53
 
54
54
  And then execute:
@@ -91,7 +91,7 @@ You have to tell which user models you want to be able to authenticate with JWT
91
91
 
92
92
  See [request_formats](#request_formats) configuration option if you are using paths with a format segment (like `.json`) in order to use it properly.
93
93
 
94
- As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/).
94
+ As you see, unlike other JWT authentication libraries, it is expected that tokens will be revoked by the server. I wrote about [why I think JWT revocation is needed and useful](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation).
95
95
 
96
96
  An example configuration:
97
97
 
@@ -180,7 +180,7 @@ So, if you want to avoid this caveat you have three options:
180
180
 
181
181
  ### Revocation strategies
182
182
 
183
- `devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/), where I also talk about their pros and cons.
183
+ `devise-jwt` comes with three revocation strategies out of the box. Some of them are implementations of what is discussed in the blog post [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies), where I also talk about their pros and cons.
184
184
 
185
185
  #### JTIMatcher
186
186
 
data/devise-jwt.gemspec CHANGED
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
22
22
  spec.require_paths = ["lib"]
23
23
 
24
24
  spec.add_dependency 'devise', '~> 4.0'
25
- spec.add_dependency 'warden-jwt_auth', '~> 0.5'
25
+ spec.add_dependency 'warden-jwt_auth', '~> 0.6'
26
26
 
27
27
  spec.add_development_dependency "bundler", "> 1"
28
28
  spec.add_development_dependency "rake", "~> 13.0"
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Devise
4
4
  module JWT
5
- VERSION = '0.8.1'
5
+ VERSION = '0.9.0'
6
6
  end
7
7
  end
data/lib/devise/jwt.rb CHANGED
@@ -34,27 +34,25 @@ module Devise
34
34
  Warden::JWTAuth.config.send(setting)
35
35
  end
36
36
 
37
- setting(:secret, Warden::JWTAuth.config.secret) do |value|
38
- forward_to_warden(:secret, value)
39
- end
37
+ setting(:secret,
38
+ default: Warden::JWTAuth.config.secret,
39
+ constructor: ->(value) { forward_to_warden(:secret, value) })
40
40
 
41
- setting(:expiration_time, Warden::JWTAuth.config.expiration_time) do |value|
42
- forward_to_warden(:expiration_time, value)
43
- end
41
+ setting(:expiration_time,
42
+ default: Warden::JWTAuth.config.expiration_time,
43
+ constructor: ->(value) { forward_to_warden(:expiration_time, value) })
44
44
 
45
45
  setting(:dispatch_requests,
46
- Warden::JWTAuth.config.dispatch_requests) do |value|
47
- forward_to_warden(:dispatch_requests, value)
48
- end
46
+ default: Warden::JWTAuth.config.dispatch_requests,
47
+ constructor: ->(value) { forward_to_warden(:dispatch_requests, value) })
49
48
 
50
49
  setting(:revocation_requests,
51
- Warden::JWTAuth.config.revocation_requests) do |value|
52
- forward_to_warden(:revocation_requests, value)
53
- end
50
+ default: Warden::JWTAuth.config.revocation_requests,
51
+ constructor: ->(value) { forward_to_warden(:revocation_requests, value) })
54
52
 
55
- setting(:aud_header, Warden::JWTAuth.config.aud_header) do |value|
56
- forward_to_warden(:aud_header, value)
57
- end
53
+ setting(:aud_header,
54
+ default: Warden::JWTAuth.config.aud_header,
55
+ constructor: ->(value) { forward_to_warden(:aud_header, value) })
58
56
 
59
57
  # A hash of warden scopes as keys and an array of request formats that will
60
58
  # be processed as values. When a scope is not present or if it has a nil
@@ -69,6 +67,6 @@ module Devise
69
67
  # user: [:json],
70
68
  # admin_user: [nil, :xml]
71
69
  # }
72
- setting :request_formats, {}
70
+ setting :request_formats, default: {}
73
71
  end
74
72
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.1
4
+ version: 0.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marc Busqué
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-02-14 00:00:00.000000000 Z
11
+ date: 2021-09-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0.5'
33
+ version: '0.6'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0.5'
40
+ version: '0.6'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -248,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
248
248
  - !ruby/object:Gem::Version
249
249
  version: '0'
250
250
  requirements: []
251
- rubygems_version: 3.2.3
251
+ rubygems_version: 3.1.2
252
252
  signing_key:
253
253
  specification_version: 4
254
254
  summary: JWT authentication for devise