devise_auth0_jwt_strategy 0.0.7 → 0.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/devise_auth0_jwt_strategy/strategy.rb +35 -3
- metadata +28 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: addef3a62f8cab3e6bce4d6c204766c2376ca6b8039ca78a3a67c45168248f8e
|
|
4
|
+
data.tar.gz: f314586b7b4c7c2e854906d0ae0eed283897d6637ddf3187755c60ad9111abbb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9104971155ab7a783893dab28c456169455629b9bcd823137efd7bbfeb5b34609bdcf994a25c5a76aaaca0bed79953d60dffd1617088e1ea153e8d2db375f2e1
|
|
7
|
+
data.tar.gz: f8ebbd0fe7baa394f396870afa1fd2cacb95c813f221bbb4239253f35baf73b8e682d33267239573b914557425d3c19a726b0d40d1bd8cbf8318b97facae068e
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'jwt'
|
|
2
2
|
require 'devise'
|
|
3
|
+
require "request_store"
|
|
3
4
|
|
|
4
5
|
module Devise
|
|
5
6
|
module Strategies
|
|
@@ -51,6 +52,33 @@ module Devise
|
|
|
51
52
|
( auth0_client_secret? and auth0_client_id? and !!jwt_token )
|
|
52
53
|
end
|
|
53
54
|
|
|
55
|
+
def to_boolean(value)
|
|
56
|
+
# Most calls to this will pass in nil so have this guard clause first
|
|
57
|
+
# as a performance optimization
|
|
58
|
+
return false if value.nil?
|
|
59
|
+
|
|
60
|
+
# We interpret a boolean true or the lowercase normalize strings 'true', and 't'
|
|
61
|
+
# as a true value
|
|
62
|
+
return value if value == !!value
|
|
63
|
+
return !!(['true', 't'].index(value.downcase)) if value.kind_of?(::String)
|
|
64
|
+
|
|
65
|
+
# All others are always false
|
|
66
|
+
return false
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def decode_options
|
|
70
|
+
# We will continue doing our own claim checks just for backwards compatibility
|
|
71
|
+
{
|
|
72
|
+
verify_expiration: false,
|
|
73
|
+
verify_iat: false,
|
|
74
|
+
verify_iss: false,
|
|
75
|
+
verify_aud: false,
|
|
76
|
+
verify_jti: false,
|
|
77
|
+
verify_subj: false,
|
|
78
|
+
verify_not_before: false
|
|
79
|
+
}
|
|
80
|
+
end
|
|
81
|
+
|
|
54
82
|
def authenticate!
|
|
55
83
|
|
|
56
84
|
if ENV['DEBUG_AUTH0_JWT']
|
|
@@ -60,22 +88,26 @@ module Devise
|
|
|
60
88
|
end
|
|
61
89
|
|
|
62
90
|
if valid?
|
|
91
|
+
# Passing true will cause #decode to verify the token signature
|
|
63
92
|
# This will throw JWT::DecodeError if it fails
|
|
64
|
-
payload, header = ::JWT.decode(@jwt_token,
|
|
65
|
-
::JWT.base64url_decode(auth0_client_secret))
|
|
93
|
+
payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)
|
|
66
94
|
|
|
67
95
|
STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']
|
|
68
96
|
|
|
69
97
|
raise ClaimInvalid.new('JWT has the wrong client id') unless payload['aud'] == auth0_client_id
|
|
70
98
|
raise ClaimInvalid.new('JWT has expired') unless payload['exp'].to_i > Time.now.to_i
|
|
71
99
|
|
|
72
|
-
u = ::User.
|
|
100
|
+
u = ::User.find_for_devise_auth0_jwt_strategy(payload['email'])
|
|
73
101
|
|
|
74
102
|
if u.nil?
|
|
75
103
|
fail!("Could not log in")
|
|
76
104
|
|
|
77
105
|
else
|
|
78
106
|
u.ignore_timedout = true if u.respond_to?(:ignore_timedout=)
|
|
107
|
+
u.ignore_active = to_boolean(payload['ignore_active']) if u.respond_to?(:ignore_active=)
|
|
108
|
+
|
|
109
|
+
::RequestStore.store[:jwt_scopes] = payload['scopes']
|
|
110
|
+
|
|
79
111
|
success!(u)
|
|
80
112
|
|
|
81
113
|
end
|
metadata
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_auth0_jwt_strategy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Patrick McGraw
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
date: 2015-03-10 00:00:00.000000000 Z
|
|
@@ -14,16 +14,16 @@ dependencies:
|
|
|
14
14
|
name: jwt
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 2.2.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 2.2.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: devise
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -38,36 +38,50 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '3.4'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: request_store
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '1.3'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '1.3'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: rails
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
44
58
|
requirements:
|
|
45
59
|
- - ">="
|
|
46
60
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
61
|
+
version: 5.0.0
|
|
48
62
|
type: :development
|
|
49
63
|
prerelease: false
|
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
65
|
requirements:
|
|
52
66
|
- - ">="
|
|
53
67
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
68
|
+
version: 5.0.0
|
|
55
69
|
- !ruby/object:Gem::Dependency
|
|
56
70
|
name: rspec-rails
|
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
|
58
72
|
requirements:
|
|
59
73
|
- - "~>"
|
|
60
74
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '3.
|
|
75
|
+
version: '3.7'
|
|
62
76
|
type: :development
|
|
63
77
|
prerelease: false
|
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
79
|
requirements:
|
|
66
80
|
- - "~>"
|
|
67
81
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: '3.
|
|
82
|
+
version: '3.7'
|
|
69
83
|
description: Authenticate requests using an Auth0 JWT passed by HTTP header
|
|
70
|
-
email:
|
|
84
|
+
email: pat@bloodhub.com
|
|
71
85
|
executables: []
|
|
72
86
|
extensions: []
|
|
73
87
|
extra_rdoc_files: []
|
|
@@ -79,7 +93,7 @@ homepage: http://rubygems.org/gems/devise_auth0_jwt_strategy
|
|
|
79
93
|
licenses:
|
|
80
94
|
- MIT
|
|
81
95
|
metadata: {}
|
|
82
|
-
post_install_message:
|
|
96
|
+
post_install_message:
|
|
83
97
|
rdoc_options: []
|
|
84
98
|
require_paths:
|
|
85
99
|
- lib
|
|
@@ -94,9 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
94
108
|
- !ruby/object:Gem::Version
|
|
95
109
|
version: '0'
|
|
96
110
|
requirements: []
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
signing_key:
|
|
111
|
+
rubygems_version: 3.0.6
|
|
112
|
+
signing_key:
|
|
100
113
|
specification_version: 4
|
|
101
114
|
summary: Authenticate requests using an Auth0 JWT passed by HTTP header
|
|
102
115
|
test_files: []
|