RubyGems - devise_jwt_auth - Versions diffs - 0.1.0 → 0.1.1 - Mend

devise_jwt_auth 0.1.0 → 0.1.1

Files changed (14) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0517633f0e6ab6279f0c88ea33f0297b61ad94b9efa4b3db4d83befb21c0337a
-  data.tar.gz: 928947b0baddce870ee1562dec38641cff72660406974df8313dad02523b8482
+  metadata.gz: 5696b7fd28731ae8f1b92ea62e27e19849e338414f2ceb3e4c34f8d0f9d01bb1
+  data.tar.gz: 8c87dbf4b8fd5fc5042f5ad43bbddcd1f779f0fac58731df84376c060f1f368a
 SHA512:
-  metadata.gz: 883502bfa948b19aad5c25d9d79793e33bee14d2ad13656c6ba9a0e1ac7e6617b03075757831a50ea5747e1fdad2ed25ce0868a0707256569ae9af5e3e66e3e2
-  data.tar.gz: cba02b2f073b3466cb0b59d8c1be85117736928d6a4976c8183c16edfbdc8e12699ce9eec016a0d29a70cb49b8dd3a2124bb7f2e7eb76bb66c5d7202aadfc4a6
+  metadata.gz: 5000f849307719199b1b8de4495bc6f283fff8e0f24da5e6bc61020552789886479ad99c81458083824232b6519f97b2913bbd768c73a7eae2f1525480fad509
+  data.tar.gz: a1ee99b078d18ebda654ba0eb64922b8b0449dc90c3794ca72d76cac38ae1d948cafa962531087020d58d49862287c9ba7b955e7d6f5056fa9447f267f3298d4

data/README.md CHANGED Viewed

@@ -1,34 +1,30 @@
-# Devise Token Auth
+# Devise Jwt Auth
-[![Gem Version](https://badge.fury.io/rb/devise_jwt_auth.svg)](http://badge.fury.io/rb/devise_jwt_auth)
-[![Build Status](https://travis-ci.org/lynndylanhurley/devise_jwt_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_jwt_auth)
-[![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_jwt_auth/badges/gpa.svg)](https://codeclimate.com/github/lynndylanhurley/devise_jwt_auth)
-[![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_jwt_auth/badges/coverage.svg)](https://codeclimate.com/github/lynndylanhurley/devise_jwt_auth/coverage)
-[![Downloads](https://img.shields.io/gem/dt/devise_jwt_auth.svg)](https://rubygems.org/gems/devise_jwt_auth)
-[![Backers on Open Collective](https://opencollective.com/devise_jwt_auth/backers/badge.svg)](#backers)
-[![Sponsors on Open Collective](https://opencollective.com/devise_jwt_auth/sponsors/badge.svg)](#sponsors)
-[![Join the chat at https://gitter.im/lynndylanhurley/devise_jwt_auth](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/lynndylanhurley/devise_jwt_auth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+A JWT-based port of [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) with silent refresh support.
-Simple, multi-client and secure token-based authentication for Rails.
+If you're building SPA or a mobile app, this library takes an JWT token approach to authentication. If you're new to how JWTs (pronounced 'jot') work, you can read up on them [here](https://jwt.io/introduction/). This library is designed with an access/refresh token model in mind.
-If you're building SPA or a mobile app, and you want authentication, you need tokens, not cookies.
-This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.
-Also, it maintains a session for each client/device, so you can have as many sessions as you want.
+## How does silent refresh authentication work?
+When a user is authenticated, an access token is sent in the response and usually in the body in the form of JSON data. These tokens are designed to last a "short" time - only about 15 minutes. What you do with these tokens is up to you, but the best practice is to keep these tokens in memory and NOT to store them as cookies or in local storage. That way they cannot be used in XSS or CSRF attacks. The access tokens are then sent as headers in requests when an authenticated user is required to access protected resources.
+The downside here is that the user will need to reauthenticate themselves frequently and if the user reloads their browser, the access token disappears and the user is no longer authenticated. This is where refresh tokens come into play.
+Refresh tokens are different than access tokens in the fact that they are sent as HTTP only cookies that cannot be accessed using Javascript. These tokens are expected to last a "long" time - a fews days or maybe a week. When the user's access token expires, or the user reloads the page, these tokens persist and then are used for the sole purpose of requesting new access tokens.
+An additional feature can allow you to invalidate all the user's tokens by implementing a token version number. Anytime that user changes their password or their security roles change or if they choose to log out of all of their devices, updating the user's token version (usually in the form of incrementing its value) will invalidate all of the user's tokens in the wild. The way this works is by including the user's token version in the JWT payload so when the server authenticates a user, the user is found not only by their `uid` but also their `token_version`.
+*Note:* Token versions are not currently supported by this library but will be in the near future.
 ## Main features
-* Seamless integration with:
-  * [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) for [AngularJS](https://github.com/angular/angular.js)
-  * [Angular-Token](https://github.com/neroniaky/angular-token) for [Angular](https://github.com/angular/angular)
-  * [redux-token-auth](https://github.com/kylecorbelli/redux-token-auth) for [React with Redux](https://github.com/reactjs/react-redux)
-  * [jToker](https://github.com/lynndylanhurley/j-toker) for [jQuery](https://jquery.com/)
 * Oauth2 authentication using [OmniAuth](https://github.com/intridea/omniauth).
 * Email authentication using [Devise](https://github.com/plataformatec/devise), including:
   * User registration, update and deletion
   * Login and logout
   * Password reset, account confirmation
-* Support for [multiple user models](./docs/usage/multiple_models.md).
-* It is [secure](docs/security.md).
+* Support for multiple user models.
+* It is secure.
 This project leverages the following gems:
@@ -49,51 +45,20 @@ Then install the gem using bundle:
 bundle install
 ~~~
-## [Docs](https://devise-token-auth.gitbook.io/devise-token-auth)
+More documentation will come later as this project progresses.
 ## Need help?
-Please use [StackOverflow](https://stackoverflow.com/questions/tagged/devise-token-auth) for help requests and how-to questions.
-Please open GitHub issues for bugs and enhancements only, not general help requests. Please search previous issues (and Google and StackOverflow) before creating a new issue.
-Please read the [issue template](https://github.com/lynndylanhurley/devise_jwt_auth/blob/master/.github/ISSUE_TEMPLATE.md) before posting issues.
-## [FAQ](docs/faq.md)
+As this library is fairly new there will be some issues until it matures. Please feel free to post questions here and contributers are also welcome, especially if you have knowledge with continuous integration as I'm fairly new to that and as this is a port of DTA, I'm in the process of configuring the project with its own settings.
 ## Contributors wanted!
-See our [Contribution Guidelines](https://github.com/lynndylanhurley/devise_jwt_auth/blob/master/.github/CONTRIBUTING.md). Feel free to submit pull requests, review pull requests, or review open issues. If you'd like to get in contact, [Zach Feldman](https://github.com/zachfeldman) has been wrangling this effort, you can reach him with his name @gmail. Further discussion of this in [this issue](https://github.com/lynndylanhurley/devise_jwt_auth/issues/969).
-We have some bounties for some issues, [check them out](https://github.com/lynndylanhurley/devise_jwt_auth/issues?q=is%3Aopen+is%3Aissue+label%3Abounty)!
+See our [Contribution Guidelines](https://github.com/aarona/devise_jwt_auth/blob/master/.github/CONTRIBUTING.md). Feel free to submit pull requests, review pull requests, or review open issues. If you'd like to get in contact, you can reach me [here](https://github.com/aarona/).
 ## Live Demos
-[Here is a demo](http://ng-token-auth-demo.herokuapp.com/) of this app running with the [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module and [AngularJS](https://github.com/angular/angular.js).
-[Here is a demo](https://stackblitz.com/github/neroniaky/angular-token) of this app running with the [Angular-Token](https://github.com/neroniaky/angular-token) service and [Angular](https://github.com/angular/angular).
-[Here is a demo](https://j-toker-demo.herokuapp.com/) of this app using the [jToker](https://github.com/lynndylanhurley/j-toker) plugin and [React](http://facebook.github.io/react/).
-The fully configured api used in these demos can be found [here](https://github.com/lynndylanhurley/devise_jwt_auth_demo).
-## Contributors
-<a href="graphs/contributors"><img src="https://opencollective.com/devise_jwt_auth/contributors.svg?width=890&button=false" /></a>
-## Backers
-Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/devise_jwt_auth#backer)]
-[![](https://opencollective.com/devise_jwt_auth/backers.svg?width=890)](https://opencollective.com/devise_jwt_auth#backers)
-## Sponsors
-Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/devise_jwt_auth#sponsor)]
-[![](https://opencollective.com/devise_jwt_auth/sponsor/0/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/0/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/1/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/1/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/2/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/2/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/3/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/3/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/4/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/4/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/5/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/5/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/6/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/6/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/7/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/7/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/8/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/8/website) [![](https://opencollective.com/devise_jwt_auth/sponsor/9/avatar.svg)](https://opencollective.com/devise_jwt_auth/sponsor/9/website)
+Live demos will hopefully be added in the future. At the very least, I'm planning on creating a Rails/React proof of concept repo that you can clone and run locally.
 ## License
 This project uses the WTFPL

data/app/controllers/devise_jwt_auth/sessions_controller.rb CHANGED Viewed

@@ -33,6 +33,7 @@ module DeviseJwtAuth
         yield @resource if block_given?
+        update_refresh_token_cookie
         render_create_success
       elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
         if @resource.respond_to?(:locked_at) && @resource.locked_at
@@ -46,6 +47,8 @@ module DeviseJwtAuth
     end
     def destroy
+      # TODO: logout? update token version?
       # remove auth instance variables so that after_action does not run
       user = remove_instance_variable(:@resource) if @resource
       # client = @token.client if @token.client
@@ -95,9 +98,10 @@ module DeviseJwtAuth
     end
     def render_create_success
+      auth_header = @resource.create_named_token_pair
       render json: {
         data: resource_data(resource_json: @resource.token_validation_response)
-      }
+      }.merge(auth_header)
     end
     def render_create_error_not_confirmed

data/app/controllers/devise_jwt_auth/unlocks_controller.rb CHANGED Viewed

@@ -35,25 +35,16 @@ module DeviseJwtAuth
       @resource = resource_class.unlock_access_by_token(params[:unlock_token])
       if @resource.persisted?
-        # token = @resource.create_token
-        # @resource.save!
         yield @resource if block_given?
         redirect_header_options = { unlock: true }
         redirect_headers = @resource.create_named_token_pair.
                              merge(redirect_header_options)
-        # TODO: add a refresh token cookie in the response.
         update_refresh_token_cookie
         redirect_url = after_unlock_path_for(@resource)
         redirect_to_link = DeviseJwtAuth::Url.generate(redirect_url, redirect_headers)
-        # redirect_headers = build_redirect_headers(token.token,
-        #                                           token.client,
-        #                                           redirect_header_options)
-        # redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource),
-        #                                      redirect_headers))
         redirect_to redirect_to_link
       else
         render_show_error
@@ -62,7 +53,8 @@ module DeviseJwtAuth
     private
     def after_unlock_path_for(resource)
-      #TODO: This should probably be a configuration option at the very least.
+      # TODO: This should probably be a configuration option at the very least.
+      # Use confirmation controller / tests as a template for building out this feature.
       '/'
     end

data/lib/devise_jwt_auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DeviseJwtAuth
-  VERSION = '0.1.0'.freeze
+  VERSION = '0.1.1'.freeze
 end

data/test/controllers/devise_jwt_auth/registrations_controller_test.rb CHANGED Viewed

@@ -176,7 +176,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
       end
     end
-    describe 'failure if not redirecturl' do
+    describe 'failure if not redirect_url' do
       test 'request should fail if not redirect_url' do
         post '/auth',
              params: { email: Faker::Internet.email,
@@ -237,14 +237,6 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
       test 'email contains the default redirect url' do
         assert_equal @redirect_url, @sent_redirect_url
       end
-      test 'response should have an access token' do
-        assert @data[DeviseJwtAuth.access_token_name]
-      end
-      test 'response should have refresh token' do
-        assert response.cookies[DeviseJwtAuth.refresh_token_name]
-      end
     end
     describe 'using namespaces' do
@@ -260,7 +252,6 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
         }
         @resource = assigns(:resource)
-        @data = JSON.parse(response.body)
         @mail = ActionMailer::Base.deliveries.last
       end
@@ -271,14 +262,6 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
       test 'user should have been created' do
         assert @resource.id
       end
-      test 'response should have an access token' do
-        assert @data[DeviseJwtAuth.access_token_name]
-      end
-      test 'response should have refresh token' do
-        assert response.cookies[DeviseJwtAuth.refresh_token_name]
-      end
     end
     describe 'case-insensitive email' do

data/test/controllers/devise_jwt_auth/sessions_controller_test.rb CHANGED Viewed

@@ -13,7 +13,6 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
     describe 'Confirmed user' do
       before do
         @existing_user = create(:user, :with_nickname, :confirmed)
-        @access_token_name = DeviseJwtAuth.access_token_name
       end
       describe 'success' do
@@ -35,57 +34,14 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
         test 'request should return user data' do
           assert_equal @existing_user.email, @data['data']['email']
         end
-=begin
-        describe "with multiple clients and headers don't change in each request" do
-          before do
-            # Set the max_number_of_devices to a lower number
-            #  to expedite tests! (Default is 10)
-            DeviseJwtAuth.max_number_of_devices = 2
-            DeviseJwtAuth.change_headers_on_each_request = false
-            @user_session_params = {
-              email: @existing_user.email,
-              password: @existing_user.password
-            }
-          end
-          test 'should limit the maximum number of concurrent devices' do
-            # increment the number of devices until the maximum is exceeded
-            1.upto(DeviseJwtAuth.max_number_of_devices + 1).each do |n|
-              initial_tokens = @existing_user.reload.tokens
-              assert_equal(
-                [n, DeviseJwtAuth.max_number_of_devices].min,
-                @existing_user.reload.tokens.length
-              )
-              # Already have the max number of devices
-              post :create, params: @user_session_params
-              # A session for a new device maintains the max number of concurrent devices
-              refute_equal initial_tokens, @existing_user.reload.tokens
-            end
-          end
-          test 'should drop old tokens when max number of devices is exceeded' do
-            1.upto(DeviseJwtAuth.max_number_of_devices).each do |n|
-              post :create, params: @user_session_params
-            end
-            oldest_token, _ = @existing_user.reload.tokens \
-                                .min_by { |cid, v| v[:expiry] || v['expiry'] }
-            post :create, params: @user_session_params
-            assert_not_includes @existing_user.reload.tokens.keys, oldest_token
-          end
+        test 'response should have access token' do
+          assert @data[DeviseJwtAuth.access_token_name]
+        end
-          after do
-            DeviseJwtAuth.max_number_of_devices = 10
-            DeviseJwtAuth.change_headers_on_each_request = true
-          end
+        test 'response should have refresh token' do
+          assert response.cookies[DeviseJwtAuth.refresh_token_name]
         end
-=end
       end
       describe 'get sign_in is not supported' do
@@ -99,10 +55,19 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
         test 'user is notified that they should use post sign_in to authenticate' do
           assert_equal 405, response.status
         end
         test 'response should contain errors' do
           assert @data['errors']
           assert_equal @data['errors'], [I18n.t('devise_jwt_auth.sessions.not_supported')]
         end
+        test 'response should not have access token' do
+          assert_nil @data[DeviseJwtAuth.access_token_name]
+        end
+        test 'response should not have refresh token' do
+          assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
+        end
       end
       describe 'header sign_in is supported' do
@@ -119,6 +84,14 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
         test 'user can sign in using header request' do
           assert_equal 200, response.status
         end
+        test 'response should have access token' do
+          assert @data[DeviseJwtAuth.access_token_name]
+        end
+        test 'response should have refresh token' do
+          assert response.cookies[DeviseJwtAuth.refresh_token_name]
+        end
       end
       describe 'alt auth keys' do
@@ -133,6 +106,14 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
           assert_equal 200, response.status
           assert_equal @existing_user.email, @data['data']['email']
         end
+        test 'response should have access token' do
+          assert @data[DeviseJwtAuth.access_token_name]
+        end
+        test 'response should have refresh token' do
+          assert response.cookies[DeviseJwtAuth.refresh_token_name]
+        end
       end
       describe 'authed user sign out' do
@@ -144,21 +125,25 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
           def @controller.reset_session
             @reset_session_called = true
           end
           @auth_headers = @existing_user.create_named_token_pair
           request.headers.merge!(@auth_headers)
           delete :destroy, format: :json
+          @data = JSON.parse(response.body)
         end
         test 'user is successfully logged out' do
           assert_equal 200, response.status
         end
-=begin
-        test 'token was destroyed' do
-          @existing_user.reload
-          refute @existing_user.tokens[@auth_headers['client']]
+        test 'response should not have access token' do
+          assert_nil @data[DeviseJwtAuth.access_token_name]
+        end
+        test 'response should not have refresh token' do
+          assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
         end
-=end
         test 'session was destroyed' do
           assert_equal true, @controller.reset_session_called
@@ -182,6 +167,14 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
           assert_equal @data['errors'],
                        [I18n.t('devise_jwt_auth.sessions.user_not_found')]
         end
+        test 'response should not have access token' do
+          assert_nil @data[DeviseJwtAuth.access_token_name]
+        end
+        test 'response should not have refresh token' do
+          assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
+        end
       end
       describe 'failure' do
@@ -203,6 +196,14 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
           assert_equal @data['errors'],
                        [I18n.t('devise_jwt_auth.sessions.bad_credentials')]
         end
+        test 'response should not have access token' do
+          assert_nil @data[DeviseJwtAuth.access_token_name]
+        end
+        test 'response should not have refresh token' do
+          assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
+        end
       end
 =begin
@@ -249,13 +250,21 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
         test 'request should succeed if configured' do
           @resource_class.case_insensitive_keys = [:email]
           post :create, params: @request_params
+          @data = JSON.parse(response.body)
           assert_equal 200, response.status
+          assert @data[DeviseJwtAuth.access_token_name]
+          assert response.cookies[DeviseJwtAuth.refresh_token_name]
         end
         test 'request should fail if not configured' do
           @resource_class.case_insensitive_keys = []
           post :create, params: @request_params
+          @data = JSON.parse(response.body)
           assert_equal 401, response.status
+          assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
+          assert_nil @data[DeviseJwtAuth.access_token_name]
         end
       end
@@ -272,13 +281,22 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
         test 'request should succeed if configured' do
           @resource_class.strip_whitespace_keys = [:email]
           post :create, params: @request_params
+          @data = JSON.parse(response.body)
           assert_equal 200, response.status
+          # p 'DATA', @data.inspect
+          assert @data[DeviseJwtAuth.access_token_name]
+          assert response.cookies[DeviseJwtAuth.refresh_token_name]
         end
         test 'request should fail if not configured' do
           @resource_class.strip_whitespace_keys = []
           post :create, params: @request_params
+          @data = JSON.parse(response.body)
           assert_equal 401, response.status
+          assert_nil @data[DeviseJwtAuth.access_token_name]
+          assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
         end
       end
     end

data/test/controllers/devise_jwt_auth/unlocks_controller_test.rb CHANGED Viewed

@@ -140,34 +140,20 @@ class DeviseJwtAuth::UnlocksControllerTest < ActionController::TestCase
               raw_qs = response.location.split('?')[1]
               @qs = Rack::Utils.parse_nested_query(raw_qs)
-              @access_token   = @qs['access-token']
-              @client         = @qs['client']
-              @client_id      = @qs['client_id']
-              @expiry         = @qs['expiry']
-              @token          = @qs['token']
-              @uid            = @qs['uid']
+              @access_token   = @qs[DeviseJwtAuth.access_token_name]
               @unlock         = @qs['unlock']
+              @refresh_token  = response.cookies[DeviseJwtAuth.refresh_token_name]
             end
             test 'respones should have success redirect status' do
               assert_equal 302, response.status
             end
-=begin
             test 'response should contain auth params' do
               assert @access_token
-              assert @client
-              assert @client_id
-              assert @expiry
-              assert @token
-              assert @uid
               assert @unlock
+              assert @refresh_token
             end
-            test 'response auth params should be valid' do
-              assert @resource.valid_token?(@token, @client_id)
-              assert @resource.valid_token?(@access_token, @client)
-            end
-=end
           end
         end

data/test/dummy/app/controllers/overrides/sessions_controller.rb CHANGED Viewed

@@ -8,13 +8,13 @@ module Overrides
       @resource = resource_class.dta_find_by(email: resource_params[:email])
       if @resource && valid_params?(:email, resource_params[:email]) && @resource.valid_password?(resource_params[:password]) && @resource.confirmed?
-        @token = @resource.create_token
+        auth_header = @resource.create_named_token_pair
         @resource.save
         render json: {
           data: @resource.as_json(except: %i[tokens created_at updated_at]),
           override_proof: OVERRIDE_PROOF
-        }
+        }.merge(auth_header)
       elsif @resource && (not @resource.confirmed?)
         render json: {

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Aaron A
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-06 00:00:00.000000000 Z
+date: 2020-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -348,10 +348,6 @@ files:
 - test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
-- test/dummy/tmp/generators/app/models/user.rb
-- test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
-- test/dummy/tmp/generators/config/routes.rb
-- test/dummy/tmp/generators/db/migrate/20200206224309_devise_jwt_auth_create_users.rb
 - test/factories/users.rb
 - test/lib/devise_jwt_auth/blacklist_test.rb
 - test/lib/devise_jwt_auth/token_factory_test.rb
@@ -406,10 +402,6 @@ test_files:
 - test/test_helper.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/config.ru
-- test/dummy/tmp/generators/db/migrate/20200206224309_devise_jwt_auth_create_users.rb
-- test/dummy/tmp/generators/config/routes.rb
-- test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
-- test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb
 - test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb
 - test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb

data/test/dummy/tmp/generators/app/models/user.rb DELETED Viewed

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
-  devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
-  include DeviseJwtAuth::Concerns::User
-end

data/test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb DELETED Viewed

@@ -1,74 +0,0 @@
-# frozen_string_literal: true
-DeviseJwtAuth.setup do |config|
-  # By default, you will only receive an access token when authenticating a
-  # user. To receive new access tokens, you should either reauthenticate or
-  # use the HTTP only refresh cookie that is sent during the authentication
-  # process and make refresh token requests.
-  # self.send_new_access_token_on_each_request = false
-  # By default, refresh token HTTP Only cookies last for 2 weeks. These tokens
-  # are used for requesting shorter-lived acccess tokens.
-  # self.refresh_token_lifespan = 2.weeks
-  # By default, access tokens last for 15 minutes. These tokens are used to
-  # access protected resources. When these tokens expire, you need to
-  # reauthenticate the user or use a refresh token cookie to get a new access
-  # token.
-  # self.access_token_lifespan = 15.minutes
-  # This is the name of the HTTP Only cookie that will be sent to the client
-  # for the purpose of requesting new access tokens.
-  # self.refresh_token_name = 'refresh-token'
-  # This is the name of the token that will be sent in the JSON responses used
-  # for accessing protected resources. NEVER store this token in a cookie or
-  # any form of local storage on the client. Save it in memory as a javascript
-  # variable or in some kind of context manager like Redux. Send it in your
-  # request headers when you want to be authenticated.
-  # self.access_token_name = 'access-token'
-  # This is the refresh token encryption key. You should set this in an
-  # environment variable or secret key base that isn't store in a repository.
-  # Also, its a good idea to NOT use the same key for access tokens.
-  self.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
-  # This is the refresh token encryption key. You should set this in an
-  # environment variable or secret key base that isn't store in a repository.
-  # Also, its a good idea to NOT use the same key for access tokens.
-  self.access_token_encryption_key = 'your-access-token-secret-key-here'
-  # This route will be the prefix for all oauth2 redirect callbacks. For
-  # example, using the default '/omniauth', the github oauth2 provider will
-  # redirect successful authentications to '/omniauth/github/callback'
-  # config.omniauth_prefix = "/omniauth"
-  # By default sending current password is not needed for the password update.
-  # Uncomment to enforce current_password param to be checked before all
-  # attribute updates. Set it to :password if you want it to be checked only if
-  # password is updated.
-  # config.check_current_password_before_update = :attributes
-  # By default we will use callbacks for single omniauth.
-  # It depends on fields like email, provider and uid.
-  # config.default_callbacks = true
-  # By default, only Bearer Token authentication is implemented out of the box.
-  # If, however, you wish to integrate with legacy Devise authentication, you can
-  # do so by enabling this flag. NOTE: This feature is highly experimental!
-  # config.enable_standard_devise_support = false
-  # By default DeviseJwtAuth will not send confirmation email, even when including
-  # devise confirmable module. If you want to use devise confirmable module and
-  # send email, set it to true. (This is a setting for compatibility)
-  # config.send_confirmation_email = true
-  # TODO: Document these settings
-  # self.default_confirm_success_url               = nil
-  # self.default_password_reset_url                = nil
-  # self.redirect_whitelist                        = nil
-  # self.update_token_version_after_password_reset = true
-  # self.bypass_sign_in                            = true
-  # self.require_client_password_reset_token       = false
-end

data/test/dummy/tmp/generators/config/routes.rb DELETED Viewed

@@ -1,4 +0,0 @@
-            Rails.application.routes.draw do
-  mount_devise_jwt_auth_for 'User', at: 'auth'
-              patch '/chong', to: 'bong#index'
-            end

data/test/dummy/tmp/generators/db/migrate/20200206224309_devise_jwt_auth_create_users.rb DELETED Viewed

@@ -1,51 +0,0 @@
-# frozen_string_literal: true
-class DeviseJwtAuthCreateUsers < ActiveRecord::Migration[6.0]
-  def change
-    create_table(:users) do |t|
-      ## Required
-      t.string :provider, null: false, default: 'email'
-      t.string :uid, null: false, default: ''
-      ## Database authenticatable
-      t.string :encrypted_password, null: false, default: ''
-      ## Recoverable
-      t.string   :reset_password_token
-      t.datetime :reset_password_sent_at
-      t.boolean  :allow_password_change, default: false
-      ## Rememberable
-      t.datetime :remember_created_at
-      ## Confirmable
-      t.string   :confirmation_token
-      t.datetime :confirmed_at
-      t.datetime :confirmation_sent_at
-      t.string   :unconfirmed_email # Only if using reconfirmable
-      ## Lockable
-      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
-      # t.string   :unlock_token # Only if unlock strategy is :email or :both
-      # t.datetime :locked_at
-      ## User Info
-      t.string :name
-      t.string :nickname
-      t.string :image
-      t.string :email
-      ## Tokens
-      t.text :tokens
-      t.timestamps
-    end
-    add_index :users, :email,                unique: true
-    add_index :users, [:uid, :provider],     unique: true
-    add_index :users, :reset_password_token, unique: true
-    add_index :users, :confirmation_token,   unique: true
-    # add_index :users, :unlock_token,       unique: true
-  end
-end