devise_lulibrary_jwt 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 4ba06053aa2d59bd2cf574be161a11aefe869068
4
+ data.tar.gz: c35e30ee6925c99668a0050f67ee5c4c91fe359d
5
+ SHA512:
6
+ metadata.gz: 64cbedc362dc044d446397f2b0f1a46405cbbe0950d0f147443c4884b3cbda04b40173895c5134cee264f0e361be5c18cafa46bb58175830c00e94f475762592
7
+ data.tar.gz: 2e3c8e4d06c246f2c0cb1eb36c9e4e3bd2192689b1e58193917e40eecca226f6b0a2df74cfeb58be3859178006c66a6890d1de3cf7e58791824c4f22b1ab3018
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.2.3
5
+ before_install: gem install bundler -v 1.12.5
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in devise_lulibrary_jwt.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2016 Stephen Robinson
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,50 @@
1
+ # Devise LULibrary JWT
2
+
3
+ Provides a simple devise authentication strategy for authenticating by JSON Web Tokens (JWTs) passed either as a GET parameter or as an Authorization header.
4
+
5
+ Designed to be used with our JWT Server package which provides a central server to authenticate users behind CoSign or similar service that provides a JWT to be used for authentication with other services.
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'devise_lulibrary_jwt'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install devise_lulibrary_jwt
22
+
23
+ ## Usage
24
+
25
+ After installing the gem add the following to the model you wish to use for authentication.
26
+
27
+ `devise :jwt_authenticatable, :authentication_keys => [:username], :jwt_create_user => true`
28
+
29
+ The options of `authentication_keys` and `jwt_create_user` allow for multiple models to be used with different configuration options, be this using different authentication keys or changed whether the strategy only looks up a user compared to creating the user if they don't exist.
30
+
31
+ Within the global devise config the following options can be configured, the only required values are `jwt_secret`, `jwt_issuer` and `jwt_audience`.
32
+
33
+ | Parameter | Description |
34
+ | --- | --- |
35
+ | jwt_secret | The secret used to verify the integrity of the JWT (required) |
36
+ | jwt_issuer | The issuer of the JWT (required) |
37
+ | jwt_audience | The audience for the JWT (required) |
38
+ | verify_aud | Boolean for whether to verify the token audience (false allows for jwt_audience to be nil) |
39
+ | verify_iss | Boolean for whether to verify the token issuer (false allows for jwt_issuer to be nil) |
40
+ | verify_iat | Boolean for whether to verify the issued at timestamp of the token |
41
+ | jwt_create_user | Boolean - Global option for whether to create a user if they don't exist (true) or to just find existing users (false). Can be overridden by setting :jwt_create_user on the devise config line of the model. |
42
+
43
+ ## Contributing
44
+
45
+ Bug reports and pull requests are welcome on GitHub at https://github.com/lulibrary/devise_lulibrary_jwt.
46
+
47
+
48
+ ## License
49
+
50
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "devise_lulibrary_jwt"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,36 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'devise_lulibrary_jwt/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "devise_lulibrary_jwt"
8
+ spec.version = DeviseLulibraryJwt::VERSION
9
+ spec.authors = ["Stephen Robinson", "LULibrary"]
10
+ spec.email = ["library.dit@lancaster.ac.uk"]
11
+
12
+ spec.summary = "Devise extension to allow authentication using JWT"
13
+ spec.description = spec.summary
14
+ spec.homepage = "https://github.com/lulibrary/Devise-JWT"
15
+ spec.license = "MIT"
16
+
17
+ # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
18
+ # to allow pushing to a single host or delete this section to allow pushing to any host.
19
+ if spec.respond_to?(:metadata)
20
+ spec.metadata['allowed_push_host'] = "https://rubygems.org"
21
+ else
22
+ raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
23
+ end
24
+
25
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
26
+ spec.bindir = "exe"
27
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
28
+ spec.require_paths = ["lib"]
29
+
30
+ spec.add_dependency "devise", ">= 4.2.0"
31
+ spec.add_dependency "jwt", ">= 1.5.4"
32
+
33
+ spec.add_development_dependency "bundler", "~> 1.12"
34
+ spec.add_development_dependency "rake", "~> 10.0"
35
+ spec.add_development_dependency "rspec", "~> 3.0"
36
+ end
@@ -0,0 +1,41 @@
1
+ require 'devise_lulibrary_jwt/strategy'
2
+
3
+ module Devise
4
+ module Models
5
+ module JwtAuthenticatable
6
+ extend ActiveSupport::Concern
7
+
8
+ module ClassMethods
9
+
10
+ Devise::Models.config(self, :jwt_create_user)
11
+
12
+ def find_for_jwt_authentication jwt_claims
13
+
14
+ auth_params = {}
15
+
16
+ jwt_keymap.each_pair { |k,v| auth_params[v] = jwt_claims[k] }
17
+
18
+ auth_key = self.authentication_keys.first.to_s
19
+ auth_key_value = auth_params[auth_key]
20
+
21
+ return nil unless auth_key_value.present?
22
+
23
+ resource = where(auth_key => auth_key_value).first
24
+
25
+ if resource.blank?
26
+ resource = new(auth_params)
27
+ end
28
+
29
+ if self.jwt_create_user && resource.new_record?
30
+ resource.save!
31
+ end
32
+
33
+ resource
34
+
35
+ end
36
+
37
+ end
38
+
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,113 @@
1
+ require 'devise/strategies/authenticatable'
2
+ require 'jwt'
3
+
4
+ module Devise
5
+ module Strategies
6
+ class JwtAuthenticatable < Authenticatable
7
+
8
+ def valid?
9
+ !jwt.nil? && !jwt.empty?
10
+ end
11
+
12
+ def authenticate!
13
+
14
+ resource = mapping.to.new
15
+
16
+ if validate(resource) { valid_jwt? }
17
+ if decode_jwt.nil?
18
+ fail!(:invalid_jwt)
19
+ else
20
+
21
+ resource = mapping.to.find_for_jwt_authentication jwt_claims
22
+
23
+ if resource.nil?
24
+ return fail!(:invalid_user)
25
+ end
26
+
27
+ if resource.persisted?
28
+ return success!(resource)
29
+ end
30
+
31
+ fail!(:invalid_user)
32
+
33
+ end
34
+ end
35
+
36
+ end
37
+
38
+ private
39
+
40
+ def bearer_token
41
+ pattern = /^Bearer /
42
+ header = request.headers["Authorization"] # <= env
43
+ header.gsub(pattern, '') if header && header.match(pattern)
44
+ end
45
+
46
+ def jwt
47
+
48
+ if params[:jwt]
49
+ return params[:jwt]
50
+ end
51
+
52
+ if !bearer_token.nil? && !bearer_token.empty?
53
+ return bearer_token
54
+ end
55
+
56
+ nil
57
+
58
+ end
59
+
60
+ def jwt_claims
61
+
62
+ jwt = decode_jwt
63
+
64
+ if jwt.nil?
65
+ nil
66
+ else
67
+ jwt[0]
68
+ end
69
+
70
+ end
71
+
72
+ def decode_jwt
73
+
74
+ secret = ::Devise.jwt_secret
75
+
76
+ begin
77
+ decoded_token = JWT.decode jwt, secret, true, { :verify_iat => ::Devise.verify_iat, :iss => ::Devise.jwt_issuer, :verify_iss => ::Devise.verify_iss, :aud => ::Devise.jwt_audience, :verify_aud => ::Devise.verify_aud, :algorithm => 'HS256'}
78
+ rescue JWT::ExpiredSignature
79
+ Rails.logger.info('Expired Signature')
80
+ return nil
81
+ rescue JWT::InvalidIssuerError
82
+ Rails.logger.info('Invalid Issuer Error')
83
+ return nil
84
+ rescue JWT::InvalidAudError
85
+ Rails.logger.info('Invalid Audience')
86
+ return nil
87
+ rescue JWT::InvalidIatError
88
+ Rails.logger.info('Invalid issued at')
89
+ return nil
90
+ rescue JWT::VerificationError
91
+ Rails.logger.info('Signature Verification error')
92
+ return nil
93
+ end
94
+
95
+ decoded_token
96
+
97
+ end
98
+
99
+ def valid_jwt?
100
+
101
+ if decode_jwt.nil?
102
+ return nil
103
+ end
104
+
105
+ true
106
+
107
+ end
108
+
109
+ end
110
+ end
111
+ end
112
+
113
+ Warden::Strategies.add(:jwt_authenticatable, Devise::Strategies::JwtAuthenticatable)
@@ -0,0 +1,3 @@
1
+ module DeviseLulibraryJwt
2
+ VERSION = "0.1.0"
3
+ end
@@ -0,0 +1,32 @@
1
+ require 'devise'
2
+
3
+ require "devise_lulibrary_jwt/version"
4
+ require 'devise_lulibrary_jwt/strategy'
5
+ require 'devise_lulibrary_jwt/model'
6
+
7
+ module Devise
8
+
9
+ mattr_accessor :jwt_secret
10
+ @@jwt_secret = nil
11
+
12
+ mattr_accessor :jwt_issuer
13
+ @@jwt_issuer = nil
14
+
15
+ mattr_accessor :jwt_audience
16
+ @@jwt_audience = nil
17
+
18
+ mattr_accessor :verify_aud
19
+ @@verify_aud = true
20
+
21
+ mattr_accessor :verify_iss
22
+ @@verify_iss = true
23
+
24
+ mattr_accessor :verify_iat
25
+ @@verify_iat = true
26
+
27
+ mattr_accessor :jwt_create_user
28
+ @@jwt_create_user = true
29
+
30
+ end
31
+
32
+ Devise.add_module(:jwt_authenticatable, strategy: true, model: 'devise_lulibrary_jwt/model')
metadata ADDED
@@ -0,0 +1,130 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: devise_lulibrary_jwt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Stephen Robinson
8
+ - LULibrary
9
+ autorequire:
10
+ bindir: exe
11
+ cert_chain: []
12
+ date: 2016-08-22 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: devise
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: 4.2.0
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: 4.2.0
28
+ - !ruby/object:Gem::Dependency
29
+ name: jwt
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: 1.5.4
35
+ type: :runtime
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: 1.5.4
42
+ - !ruby/object:Gem::Dependency
43
+ name: bundler
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '1.12'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '1.12'
56
+ - !ruby/object:Gem::Dependency
57
+ name: rake
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '10.0'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '10.0'
70
+ - !ruby/object:Gem::Dependency
71
+ name: rspec
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - "~>"
75
+ - !ruby/object:Gem::Version
76
+ version: '3.0'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - "~>"
82
+ - !ruby/object:Gem::Version
83
+ version: '3.0'
84
+ description: Devise extension to allow authentication using JWT
85
+ email:
86
+ - library.dit@lancaster.ac.uk
87
+ executables: []
88
+ extensions: []
89
+ extra_rdoc_files: []
90
+ files:
91
+ - ".gitignore"
92
+ - ".rspec"
93
+ - ".travis.yml"
94
+ - Gemfile
95
+ - LICENSE.txt
96
+ - README.md
97
+ - Rakefile
98
+ - bin/console
99
+ - bin/setup
100
+ - devise_lulibrary_jwt.gemspec
101
+ - lib/devise_lulibrary_jwt.rb
102
+ - lib/devise_lulibrary_jwt/model.rb
103
+ - lib/devise_lulibrary_jwt/strategy.rb
104
+ - lib/devise_lulibrary_jwt/version.rb
105
+ homepage: https://github.com/lulibrary/Devise-JWT
106
+ licenses:
107
+ - MIT
108
+ metadata:
109
+ allowed_push_host: https://rubygems.org
110
+ post_install_message:
111
+ rdoc_options: []
112
+ require_paths:
113
+ - lib
114
+ required_ruby_version: !ruby/object:Gem::Requirement
115
+ requirements:
116
+ - - ">="
117
+ - !ruby/object:Gem::Version
118
+ version: '0'
119
+ required_rubygems_version: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - ">="
122
+ - !ruby/object:Gem::Version
123
+ version: '0'
124
+ requirements: []
125
+ rubyforge_project:
126
+ rubygems_version: 2.4.5.1
127
+ signing_key:
128
+ specification_version: 4
129
+ summary: Devise extension to allow authentication using JWT
130
+ test_files: []