devise_auth0_jwt_strategy 0.0.5 → 0.0.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +5 -5
  2. data/lib/devise_auth0_jwt_strategy/strategy.rb +25 -1
  3. metadata +25 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 718e713c50b91362afb7686c8a97a9bf70d773ec
4
- data.tar.gz: 63c2cb7237345b8e493f407666e2d352a87858cf
2
+ SHA256:
3
+ metadata.gz: c7694f3d7300f7e070b2227fd331dab4ac7788fd0eab8b8652e3f2b7b91e7b65
4
+ data.tar.gz: c2a1bf64fe4cedc46bf122ff86a179085b27cd522fdfacc00acba3639d359b35
5
5
  SHA512:
6
- metadata.gz: 41f8d4c2b3f8d7c6181b69bc907f4dd614822347c2a86e21eb1e8c2c97e963968078a8a4059b20e76d001721a9de8a6ad9d08ce80b6e37825fdc1d70692d0bea
7
- data.tar.gz: efd748d7620c058d1eb659f10e8db742912d76317461609f8fb858544efa9e726fced429a69b81863558b3d4f6a423e720495a178b3b21702ce9387e46b09c38
6
+ metadata.gz: af86ed691ddda937c8cea8291c1e1626a0e08dd94aa70d520b372ae8b9cce13a1c4945e3ae77eb91c078e873e3d346ab7626961cdda3b81328f9f0e693175e8e
7
+ data.tar.gz: 1daf2df9a7759a679f8aeeb726639245ca938b6bd8970919936a7af2bf8c26bfb31bd638bbcdff90fd5063a2b8e93a13849ef077e2c93eb25c806b02aff5f97a
data/lib/devise_auth0_jwt_strategy/strategy.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  require 'jwt'
2
2
  require 'devise'
3
+ require "request_store"
3
4
 
4
5
  module Devise
5
6
  module Strategies
@@ -42,10 +43,29 @@ module Devise
42
43
  @jwt_token ||= ( params['jwt'] || jwt_from_auth_header )
43
44
  end
44
45
 
46
+ # This login should be required on each request and not setup a session
47
+ def store?
48
+ false
49
+ end
50
+
45
51
  def valid?
46
52
  ( auth0_client_secret? and auth0_client_id? and !!jwt_token )
47
53
  end
48
54
 
55
+ def to_boolean(value)
56
+ # Most calls to this will pass in nil so have this guard clause first
57
+ # as a performance optimization
58
+ return false if value.nil?
59
+
60
+ # We interpret a boolean true or the lowercase normalize strings 'true', and 't'
61
+ # as a true value
62
+ return value if value == !!value
63
+ return !!(['true', 't'].index(value.downcase)) if value.kind_of?(::String)
64
+
65
+ # All others are always false
66
+ return false
67
+ end
68
+
49
69
  def authenticate!
50
70
 
51
71
  if ENV['DEBUG_AUTH0_JWT']
@@ -64,13 +84,17 @@ module Devise
64
84
  raise ClaimInvalid.new('JWT has the wrong client id') unless payload['aud'] == auth0_client_id
65
85
  raise ClaimInvalid.new('JWT has expired') unless payload['exp'].to_i > Time.now.to_i
66
86
 
67
- u = ::User.find_by_email(payload['email'])
87
+ u = ::User.find_for_devise_auth0_jwt_strategy(payload['email'])
68
88
 
69
89
  if u.nil?
70
90
  fail!("Could not log in")
71
91
 
72
92
  else
73
93
  u.ignore_timedout = true if u.respond_to?(:ignore_timedout=)
94
+ u.ignore_active = to_boolean(payload['ignore_active']) if u.respond_to?(:ignore_active=)
95
+
96
+ ::RequestStore.store[:jwt_scopes] = payload['scopes']
97
+
74
98
  success!(u)
75
99
 
76
100
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_auth0_jwt_strategy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Patrick McGraw
@@ -16,58 +16,72 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '1.5'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '1.5'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: devise
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: '3.4'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '3.4'
41
+ - !ruby/object:Gem::Dependency
42
+ name: request_store
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.3'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.3'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rails
43
57
  requirement: !ruby/object:Gem::Requirement
44
58
  requirements:
45
59
  - - ">="
46
60
  - !ruby/object:Gem::Version
47
- version: 4.0.0
61
+ version: 5.0.0
48
62
  type: :development
49
63
  prerelease: false
50
64
  version_requirements: !ruby/object:Gem::Requirement
51
65
  requirements:
52
66
  - - ">="
53
67
  - !ruby/object:Gem::Version
54
- version: 4.0.0
68
+ version: 5.0.0
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: rspec-rails
57
71
  requirement: !ruby/object:Gem::Requirement
58
72
  requirements:
59
73
  - - "~>"
60
74
  - !ruby/object:Gem::Version
61
- version: '3.0'
75
+ version: '3.7'
62
76
  type: :development
63
77
  prerelease: false
64
78
  version_requirements: !ruby/object:Gem::Requirement
65
79
  requirements:
66
80
  - - "~>"
67
81
  - !ruby/object:Gem::Version
68
- version: '3.0'
82
+ version: '3.7'
69
83
  description: Authenticate requests using an Auth0 JWT passed by HTTP header
70
- email: patrick@mcgraw-tech.com
84
+ email: pat@bloodhub.com
71
85
  executables: []
72
86
  extensions: []
73
87
  extra_rdoc_files: []
@@ -94,8 +108,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
94
108
  - !ruby/object:Gem::Version
95
109
  version: '0'
96
110
  requirements: []
97
- rubyforge_project:
98
- rubygems_version: 2.4.5
111
+ rubygems_version: 3.1.2
99
112
  signing_key:
100
113
  specification_version: 4
101
114
  summary: Authenticate requests using an Auth0 JWT passed by HTTP header