devise_auth0_jwt_strategy 0.0.7 → 0.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/devise_auth0_jwt_strategy/strategy.rb +35 -3
- metadata +28 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: addef3a62f8cab3e6bce4d6c204766c2376ca6b8039ca78a3a67c45168248f8e
|
|
4
|
+
data.tar.gz: f314586b7b4c7c2e854906d0ae0eed283897d6637ddf3187755c60ad9111abbb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9104971155ab7a783893dab28c456169455629b9bcd823137efd7bbfeb5b34609bdcf994a25c5a76aaaca0bed79953d60dffd1617088e1ea153e8d2db375f2e1
|
|
7
|
+
data.tar.gz: f8ebbd0fe7baa394f396870afa1fd2cacb95c813f221bbb4239253f35baf73b8e682d33267239573b914557425d3c19a726b0d40d1bd8cbf8318b97facae068e
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'jwt'
|
|
2
2
|
require 'devise'
|
|
3
|
+
require "request_store"
|
|
3
4
|
|
|
4
5
|
module Devise
|
|
5
6
|
module Strategies
|
|
@@ -51,6 +52,33 @@ module Devise
|
|
|
51
52
|
( auth0_client_secret? and auth0_client_id? and !!jwt_token )
|
|
52
53
|
end
|
|
53
54
|
|
|
55
|
+
def to_boolean(value)
|
|
56
|
+
# Most calls to this will pass in nil so have this guard clause first
|
|
57
|
+
# as a performance optimization
|
|
58
|
+
return false if value.nil?
|
|
59
|
+
|
|
60
|
+
# We interpret a boolean true or the lowercase normalize strings 'true', and 't'
|
|
61
|
+
# as a true value
|
|
62
|
+
return value if value == !!value
|
|
63
|
+
return !!(['true', 't'].index(value.downcase)) if value.kind_of?(::String)
|
|
64
|
+
|
|
65
|
+
# All others are always false
|
|
66
|
+
return false
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def decode_options
|
|
70
|
+
# We will continue doing our own claim checks just for backwards compatibility
|
|
71
|
+
{
|
|
72
|
+
verify_expiration: false,
|
|
73
|
+
verify_iat: false,
|
|
74
|
+
verify_iss: false,
|
|
75
|
+
verify_aud: false,
|
|
76
|
+
verify_jti: false,
|
|
77
|
+
verify_subj: false,
|
|
78
|
+
verify_not_before: false
|
|
79
|
+
}
|
|
80
|
+
end
|
|
81
|
+
|
|
54
82
|
def authenticate!
|
|
55
83
|
|
|
56
84
|
if ENV['DEBUG_AUTH0_JWT']
|
|
@@ -60,22 +88,26 @@ module Devise
|
|
|
60
88
|
end
|
|
61
89
|
|
|
62
90
|
if valid?
|
|
91
|
+
# Passing true will cause #decode to verify the token signature
|
|
63
92
|
# This will throw JWT::DecodeError if it fails
|
|
64
|
-
payload, header = ::JWT.decode(@jwt_token,
|
|
65
|
-
::JWT.base64url_decode(auth0_client_secret))
|
|
93
|
+
payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)
|
|
66
94
|
|
|
67
95
|
STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']
|
|
68
96
|
|
|
69
97
|
raise ClaimInvalid.new('JWT has the wrong client id') unless payload['aud'] == auth0_client_id
|
|
70
98
|
raise ClaimInvalid.new('JWT has expired') unless payload['exp'].to_i > Time.now.to_i
|
|
71
99
|
|
|
72
|
-
u = ::User.
|
|
100
|
+
u = ::User.find_for_devise_auth0_jwt_strategy(payload['email'])
|
|
73
101
|
|
|
74
102
|
if u.nil?
|
|
75
103
|
fail!("Could not log in")
|
|
76
104
|
|
|
77
105
|
else
|
|
78
106
|
u.ignore_timedout = true if u.respond_to?(:ignore_timedout=)
|
|
107
|
+
u.ignore_active = to_boolean(payload['ignore_active']) if u.respond_to?(:ignore_active=)
|
|
108
|
+
|
|
109
|
+
::RequestStore.store[:jwt_scopes] = payload['scopes']
|
|
110
|
+
|
|
79
111
|
success!(u)
|
|
80
112
|
|
|
81
113
|
end
|
metadata
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_auth0_jwt_strategy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Patrick McGraw
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
date: 2015-03-10 00:00:00.000000000 Z
|
|
@@ -14,16 +14,16 @@ dependencies:
|
|
|
14
14
|
name: jwt
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 2.2.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 2.2.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: devise
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -38,36 +38,50 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '3.4'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: request_store
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '1.3'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '1.3'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: rails
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
44
58
|
requirements:
|
|
45
59
|
- - ">="
|
|
46
60
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
61
|
+
version: 5.0.0
|
|
48
62
|
type: :development
|
|
49
63
|
prerelease: false
|
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
65
|
requirements:
|
|
52
66
|
- - ">="
|
|
53
67
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
68
|
+
version: 5.0.0
|
|
55
69
|
- !ruby/object:Gem::Dependency
|
|
56
70
|
name: rspec-rails
|
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
|
58
72
|
requirements:
|
|
59
73
|
- - "~>"
|
|
60
74
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '3.
|
|
75
|
+
version: '3.7'
|
|
62
76
|
type: :development
|
|
63
77
|
prerelease: false
|
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
79
|
requirements:
|
|
66
80
|
- - "~>"
|
|
67
81
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: '3.
|
|
82
|
+
version: '3.7'
|
|
69
83
|
description: Authenticate requests using an Auth0 JWT passed by HTTP header
|
|
70
|
-
email:
|
|
84
|
+
email: pat@bloodhub.com
|
|
71
85
|
executables: []
|
|
72
86
|
extensions: []
|
|
73
87
|
extra_rdoc_files: []
|
|
@@ -79,7 +93,7 @@ homepage: http://rubygems.org/gems/devise_auth0_jwt_strategy
|
|
|
79
93
|
licenses:
|
|
80
94
|
- MIT
|
|
81
95
|
metadata: {}
|
|
82
|
-
post_install_message:
|
|
96
|
+
post_install_message:
|
|
83
97
|
rdoc_options: []
|
|
84
98
|
require_paths:
|
|
85
99
|
- lib
|
|
@@ -94,9 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
94
108
|
- !ruby/object:Gem::Version
|
|
95
109
|
version: '0'
|
|
96
110
|
requirements: []
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
signing_key:
|
|
111
|
+
rubygems_version: 3.0.6
|
|
112
|
+
signing_key:
|
|
100
113
|
specification_version: 4
|
|
101
114
|
summary: Authenticate requests using an Auth0 JWT passed by HTTP header
|
|
102
115
|
test_files: []
|