devise_jwt_auth 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/devise_jwt_auth/version.rb +1 -1
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb +13 -13
- data/test/dummy/tmp/generators/app/models/mang.rb +9 -0
- data/test/dummy/tmp/generators/config/routes.rb +9 -0
- data/test/dummy/tmp/generators/db/migrate/{20200209222205_devise_jwt_auth_create_azpire_v1_human_resource_users.rb → 20200209225557_devise_jwt_auth_create_azpire_v1_human_resource_users.rb} +0 -0
- data/test/dummy/tmp/generators/db/migrate/20200209225557_devise_jwt_auth_create_mangs.rb +51 -0
- metadata +10 -6
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +0 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7330fe7fcd262dea525c6716fdee30c1c2f1361e00b708a4b848281350555fd4
|
|
4
|
+
data.tar.gz: 01f87c1814dbcd8d51fe800ebb091941a9e0d0b768e40b14a784d7c546ba3acc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4e729775d51fa3e5c7871c2d0d9d56d5efd88a42d8dbbc72af572c7953e64d184eab735103da2f2fbb869bb329de120041010f2e4c2bb05f04e32821ad8b555b
|
|
7
|
+
data.tar.gz: e942baa694e185efa7bf1a5ccfc9e462a28a636dbbc61f768c13baa7cb81332582fdd398c159e56132d6f970c8375f64caddab467dc9a1a38abe2952c29fe47b
|
data/README.md
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
A JWT-based port of [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) with silent refresh support.
|
|
4
4
|
|
|
5
|
-
If you're building SPA or a mobile app, this library takes an JWT
|
|
5
|
+
If you're building SPA or a mobile app, this library takes an JWT approach to authentication. If you're new to how JWTs (pronounced 'jot') work, you can read up on them [here](https://jwt.io/introduction/). This library is designed with an access/refresh token authentication model in mind.
|
|
6
6
|
|
|
7
7
|
## How does silent refresh authentication work?
|
|
8
8
|
|
|
9
|
-
When a user is authenticated, an access token is sent in the response and usually in the body in the form of JSON data. These tokens are designed to last a "short" time - only about 15 minutes. What you do with these tokens is up to you, but the best practice is to keep these tokens in memory and NOT to store them as cookies or in local storage. That way they cannot be used in XSS or CSRF attacks. The access tokens are then sent as headers in requests when an authenticated user is required to access protected resources.
|
|
9
|
+
When a user is authenticated, an access token is sent in the response and usually in the body in the form of JSON data. These tokens are designed to last a "short" time - only about 15 minutes. What you do with these tokens is up to you, but the best practice is to keep these tokens in memory and NOT to store them as cookies or in local storage. That way they cannot be used in [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) or [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) attacks. The access tokens are then sent as headers in requests when an authenticated user is required to access protected resources.
|
|
10
10
|
|
|
11
11
|
The downside here is that the user will need to reauthenticate themselves frequently and if the user reloads their browser, the access token disappears and the user is no longer authenticated. This is where refresh tokens come into play.
|
|
12
12
|
|
|
@@ -5,38 +5,38 @@ DeviseJwtAuth.setup do |config|
|
|
|
5
5
|
# user. To receive new access tokens, you should either reauthenticate or
|
|
6
6
|
# use the HTTP only refresh cookie that is sent during the authentication
|
|
7
7
|
# process and make refresh token requests.
|
|
8
|
-
#
|
|
8
|
+
# config.send_new_access_token_on_each_request = false
|
|
9
9
|
|
|
10
10
|
# By default, refresh token HTTP Only cookies last for 2 weeks. These tokens
|
|
11
11
|
# are used for requesting shorter-lived acccess tokens.
|
|
12
|
-
#
|
|
12
|
+
# config.refresh_token_lifespan = 2.weeks
|
|
13
13
|
|
|
14
14
|
# By default, access tokens last for 15 minutes. These tokens are used to
|
|
15
15
|
# access protected resources. When these tokens expire, you need to
|
|
16
16
|
# reauthenticate the user or use a refresh token cookie to get a new access
|
|
17
17
|
# token.
|
|
18
|
-
#
|
|
18
|
+
# config.access_token_lifespan = 15.minutes
|
|
19
19
|
|
|
20
20
|
# This is the name of the HTTP Only cookie that will be sent to the client
|
|
21
21
|
# for the purpose of requesting new access tokens.
|
|
22
|
-
#
|
|
22
|
+
# config.refresh_token_name = 'refresh-token'
|
|
23
23
|
|
|
24
24
|
# This is the name of the token that will be sent in the JSON responses used
|
|
25
25
|
# for accessing protected resources. NEVER store this token in a cookie or
|
|
26
26
|
# any form of local storage on the client. Save it in memory as a javascript
|
|
27
27
|
# variable or in some kind of context manager like Redux. Send it in your
|
|
28
28
|
# request headers when you want to be authenticated.
|
|
29
|
-
#
|
|
29
|
+
# config.access_token_name = 'access-token'
|
|
30
30
|
|
|
31
31
|
# This is the refresh token encryption key. You should set this in an
|
|
32
32
|
# environment variable or secret key base that isn't store in a repository.
|
|
33
33
|
# Also, its a good idea to NOT use the same key for access tokens.
|
|
34
|
-
|
|
34
|
+
config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
|
|
35
35
|
|
|
36
36
|
# This is the refresh token encryption key. You should set this in an
|
|
37
37
|
# environment variable or secret key base that isn't store in a repository.
|
|
38
38
|
# Also, its a good idea to NOT use the same key for access tokens.
|
|
39
|
-
|
|
39
|
+
config.access_token_encryption_key = 'your-access-token-secret-key-here'
|
|
40
40
|
|
|
41
41
|
# This route will be the prefix for all oauth2 redirect callbacks. For
|
|
42
42
|
# example, using the default '/omniauth', the github oauth2 provider will
|
|
@@ -64,11 +64,11 @@ DeviseJwtAuth.setup do |config|
|
|
|
64
64
|
# config.send_confirmation_email = true
|
|
65
65
|
|
|
66
66
|
# TODO: Document these settings
|
|
67
|
-
#
|
|
68
|
-
#
|
|
69
|
-
#
|
|
70
|
-
#
|
|
71
|
-
#
|
|
72
|
-
#
|
|
67
|
+
# config.default_confirm_success_url = nil
|
|
68
|
+
# config.default_password_reset_url = nil
|
|
69
|
+
# config.redirect_whitelist = nil
|
|
70
|
+
# config.update_token_version_after_password_reset = true
|
|
71
|
+
# config.bypass_sign_in = true
|
|
72
|
+
# config.require_client_password_reset_token = false
|
|
73
73
|
|
|
74
74
|
end
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class Mang < ActiveRecord::Base
|
|
4
|
+
# Include default devise modules. Others available are:
|
|
5
|
+
# :confirmable, :lockable, :timeoutable and :omniauthable
|
|
6
|
+
devise :database_authenticatable, :registerable,
|
|
7
|
+
:recoverable, :rememberable, :trackable, :validatable
|
|
8
|
+
include DeviseJwtAuth::Concerns::User
|
|
9
|
+
end
|
|
File without changes
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class DeviseJwtAuthCreateMangs < ActiveRecord::Migration[6.0]
|
|
4
|
+
def change
|
|
5
|
+
|
|
6
|
+
create_table(:mangs) do |t|
|
|
7
|
+
## Required
|
|
8
|
+
t.string :provider, null: false, default: 'email'
|
|
9
|
+
t.string :uid, null: false, default: ''
|
|
10
|
+
|
|
11
|
+
## Database authenticatable
|
|
12
|
+
t.string :encrypted_password, null: false, default: ''
|
|
13
|
+
|
|
14
|
+
## Recoverable
|
|
15
|
+
t.string :reset_password_token
|
|
16
|
+
t.datetime :reset_password_sent_at
|
|
17
|
+
t.boolean :allow_password_change, default: false
|
|
18
|
+
|
|
19
|
+
## Rememberable
|
|
20
|
+
t.datetime :remember_created_at
|
|
21
|
+
|
|
22
|
+
## Confirmable
|
|
23
|
+
t.string :confirmation_token
|
|
24
|
+
t.datetime :confirmed_at
|
|
25
|
+
t.datetime :confirmation_sent_at
|
|
26
|
+
t.string :unconfirmed_email # Only if using reconfirmable
|
|
27
|
+
|
|
28
|
+
## Lockable
|
|
29
|
+
# t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
|
|
30
|
+
# t.string :unlock_token # Only if unlock strategy is :email or :both
|
|
31
|
+
# t.datetime :locked_at
|
|
32
|
+
|
|
33
|
+
## User Info
|
|
34
|
+
t.string :name
|
|
35
|
+
t.string :nickname
|
|
36
|
+
t.string :image
|
|
37
|
+
t.string :email
|
|
38
|
+
|
|
39
|
+
## Tokens
|
|
40
|
+
t.text :tokens
|
|
41
|
+
|
|
42
|
+
t.timestamps
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
add_index :mangs, :email, unique: true
|
|
46
|
+
add_index :mangs, [:uid, :provider], unique: true
|
|
47
|
+
add_index :mangs, :reset_password_token, unique: true
|
|
48
|
+
add_index :mangs, :confirmation_token, unique: true
|
|
49
|
+
# add_index :mangs, :unlock_token, unique: true
|
|
50
|
+
end
|
|
51
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron A
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-02-
|
|
11
|
+
date: 2020-02-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -348,10 +348,12 @@ files:
|
|
|
348
348
|
- test/dummy/db/migrate/20190924101113_devise_jwt_auth_create_confirmable_users.rb
|
|
349
349
|
- test/dummy/db/schema.rb
|
|
350
350
|
- test/dummy/lib/migration_database_helper.rb
|
|
351
|
-
- test/dummy/tmp/generators/app/controllers/application_controller.rb
|
|
352
351
|
- test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb
|
|
352
|
+
- test/dummy/tmp/generators/app/models/mang.rb
|
|
353
353
|
- test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
|
|
354
|
-
- test/dummy/tmp/generators/
|
|
354
|
+
- test/dummy/tmp/generators/config/routes.rb
|
|
355
|
+
- test/dummy/tmp/generators/db/migrate/20200209225557_devise_jwt_auth_create_azpire_v1_human_resource_users.rb
|
|
356
|
+
- test/dummy/tmp/generators/db/migrate/20200209225557_devise_jwt_auth_create_mangs.rb
|
|
355
357
|
- test/factories/users.rb
|
|
356
358
|
- test/lib/devise_jwt_auth/blacklist_test.rb
|
|
357
359
|
- test/lib/devise_jwt_auth/token_factory_test.rb
|
|
@@ -406,10 +408,12 @@ test_files:
|
|
|
406
408
|
- test/test_helper.rb
|
|
407
409
|
- test/dummy/lib/migration_database_helper.rb
|
|
408
410
|
- test/dummy/config.ru
|
|
409
|
-
- test/dummy/tmp/generators/db/migrate/
|
|
411
|
+
- test/dummy/tmp/generators/db/migrate/20200209225557_devise_jwt_auth_create_azpire_v1_human_resource_users.rb
|
|
412
|
+
- test/dummy/tmp/generators/db/migrate/20200209225557_devise_jwt_auth_create_mangs.rb
|
|
413
|
+
- test/dummy/tmp/generators/config/routes.rb
|
|
410
414
|
- test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
|
|
411
415
|
- test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb
|
|
412
|
-
- test/dummy/tmp/generators/app/
|
|
416
|
+
- test/dummy/tmp/generators/app/models/mang.rb
|
|
413
417
|
- test/dummy/db/migrate/20150708104536_devise_jwt_auth_create_unconfirmable_users.rb
|
|
414
418
|
- test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb
|
|
415
419
|
- test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb
|