devise_lulibrary_jwt 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +5 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +50 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/devise_lulibrary_jwt.gemspec +36 -0
- data/lib/devise_lulibrary_jwt/model.rb +41 -0
- data/lib/devise_lulibrary_jwt/strategy.rb +113 -0
- data/lib/devise_lulibrary_jwt/version.rb +3 -0
- data/lib/devise_lulibrary_jwt.rb +32 -0
- metadata +130 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 4ba06053aa2d59bd2cf574be161a11aefe869068
|
4
|
+
data.tar.gz: c35e30ee6925c99668a0050f67ee5c4c91fe359d
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 64cbedc362dc044d446397f2b0f1a46405cbbe0950d0f147443c4884b3cbda04b40173895c5134cee264f0e361be5c18cafa46bb58175830c00e94f475762592
|
7
|
+
data.tar.gz: 2e3c8e4d06c246f2c0cb1eb36c9e4e3bd2192689b1e58193917e40eecca226f6b0a2df74cfeb58be3859178006c66a6890d1de3cf7e58791824c4f22b1ab3018
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 Stephen Robinson
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
# Devise LULibrary JWT
|
2
|
+
|
3
|
+
Provides a simple devise authentication strategy for authenticating by JSON Web Tokens (JWTs) passed either as a GET parameter or as an Authorization header.
|
4
|
+
|
5
|
+
Designed to be used with our JWT Server package which provides a central server to authenticate users behind CoSign or similar service that provides a JWT to be used for authentication with other services.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'devise_lulibrary_jwt'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install devise_lulibrary_jwt
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
After installing the gem add the following to the model you wish to use for authentication.
|
26
|
+
|
27
|
+
`devise :jwt_authenticatable, :authentication_keys => [:username], :jwt_create_user => true`
|
28
|
+
|
29
|
+
The options of `authentication_keys` and `jwt_create_user` allow for multiple models to be used with different configuration options, be this using different authentication keys or changed whether the strategy only looks up a user compared to creating the user if they don't exist.
|
30
|
+
|
31
|
+
Within the global devise config the following options can be configured, the only required values are `jwt_secret`, `jwt_issuer` and `jwt_audience`.
|
32
|
+
|
33
|
+
| Parameter | Description |
|
34
|
+
| --- | --- |
|
35
|
+
| jwt_secret | The secret used to verify the integrity of the JWT (required) |
|
36
|
+
| jwt_issuer | The issuer of the JWT (required) |
|
37
|
+
| jwt_audience | The audience for the JWT (required) |
|
38
|
+
| verify_aud | Boolean for whether to verify the token audience (false allows for jwt_audience to be nil) |
|
39
|
+
| verify_iss | Boolean for whether to verify the token issuer (false allows for jwt_issuer to be nil) |
|
40
|
+
| verify_iat | Boolean for whether to verify the issued at timestamp of the token |
|
41
|
+
| jwt_create_user | Boolean - Global option for whether to create a user if they don't exist (true) or to just find existing users (false). Can be overridden by setting :jwt_create_user on the devise config line of the model. |
|
42
|
+
|
43
|
+
## Contributing
|
44
|
+
|
45
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/lulibrary/devise_lulibrary_jwt.
|
46
|
+
|
47
|
+
|
48
|
+
## License
|
49
|
+
|
50
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "devise_lulibrary_jwt"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'devise_lulibrary_jwt/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "devise_lulibrary_jwt"
|
8
|
+
spec.version = DeviseLulibraryJwt::VERSION
|
9
|
+
spec.authors = ["Stephen Robinson", "LULibrary"]
|
10
|
+
spec.email = ["library.dit@lancaster.ac.uk"]
|
11
|
+
|
12
|
+
spec.summary = "Devise extension to allow authentication using JWT"
|
13
|
+
spec.description = spec.summary
|
14
|
+
spec.homepage = "https://github.com/lulibrary/Devise-JWT"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
18
|
+
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
19
|
+
if spec.respond_to?(:metadata)
|
20
|
+
spec.metadata['allowed_push_host'] = "https://rubygems.org"
|
21
|
+
else
|
22
|
+
raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
|
23
|
+
end
|
24
|
+
|
25
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
26
|
+
spec.bindir = "exe"
|
27
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
28
|
+
spec.require_paths = ["lib"]
|
29
|
+
|
30
|
+
spec.add_dependency "devise", ">= 4.2.0"
|
31
|
+
spec.add_dependency "jwt", ">= 1.5.4"
|
32
|
+
|
33
|
+
spec.add_development_dependency "bundler", "~> 1.12"
|
34
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
35
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
36
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'devise_lulibrary_jwt/strategy'
|
2
|
+
|
3
|
+
module Devise
|
4
|
+
module Models
|
5
|
+
module JwtAuthenticatable
|
6
|
+
extend ActiveSupport::Concern
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
|
10
|
+
Devise::Models.config(self, :jwt_create_user)
|
11
|
+
|
12
|
+
def find_for_jwt_authentication jwt_claims
|
13
|
+
|
14
|
+
auth_params = {}
|
15
|
+
|
16
|
+
jwt_keymap.each_pair { |k,v| auth_params[v] = jwt_claims[k] }
|
17
|
+
|
18
|
+
auth_key = self.authentication_keys.first.to_s
|
19
|
+
auth_key_value = auth_params[auth_key]
|
20
|
+
|
21
|
+
return nil unless auth_key_value.present?
|
22
|
+
|
23
|
+
resource = where(auth_key => auth_key_value).first
|
24
|
+
|
25
|
+
if resource.blank?
|
26
|
+
resource = new(auth_params)
|
27
|
+
end
|
28
|
+
|
29
|
+
if self.jwt_create_user && resource.new_record?
|
30
|
+
resource.save!
|
31
|
+
end
|
32
|
+
|
33
|
+
resource
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,113 @@
|
|
1
|
+
require 'devise/strategies/authenticatable'
|
2
|
+
require 'jwt'
|
3
|
+
|
4
|
+
module Devise
|
5
|
+
module Strategies
|
6
|
+
class JwtAuthenticatable < Authenticatable
|
7
|
+
|
8
|
+
def valid?
|
9
|
+
!jwt.nil? && !jwt.empty?
|
10
|
+
end
|
11
|
+
|
12
|
+
def authenticate!
|
13
|
+
|
14
|
+
resource = mapping.to.new
|
15
|
+
|
16
|
+
if validate(resource) { valid_jwt? }
|
17
|
+
if decode_jwt.nil?
|
18
|
+
fail!(:invalid_jwt)
|
19
|
+
else
|
20
|
+
|
21
|
+
resource = mapping.to.find_for_jwt_authentication jwt_claims
|
22
|
+
|
23
|
+
if resource.nil?
|
24
|
+
return fail!(:invalid_user)
|
25
|
+
end
|
26
|
+
|
27
|
+
if resource.persisted?
|
28
|
+
return success!(resource)
|
29
|
+
end
|
30
|
+
|
31
|
+
fail!(:invalid_user)
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def bearer_token
|
41
|
+
pattern = /^Bearer /
|
42
|
+
header = request.headers["Authorization"] # <= env
|
43
|
+
header.gsub(pattern, '') if header && header.match(pattern)
|
44
|
+
end
|
45
|
+
|
46
|
+
def jwt
|
47
|
+
|
48
|
+
if params[:jwt]
|
49
|
+
return params[:jwt]
|
50
|
+
end
|
51
|
+
|
52
|
+
if !bearer_token.nil? && !bearer_token.empty?
|
53
|
+
return bearer_token
|
54
|
+
end
|
55
|
+
|
56
|
+
nil
|
57
|
+
|
58
|
+
end
|
59
|
+
|
60
|
+
def jwt_claims
|
61
|
+
|
62
|
+
jwt = decode_jwt
|
63
|
+
|
64
|
+
if jwt.nil?
|
65
|
+
nil
|
66
|
+
else
|
67
|
+
jwt[0]
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|
71
|
+
|
72
|
+
def decode_jwt
|
73
|
+
|
74
|
+
secret = ::Devise.jwt_secret
|
75
|
+
|
76
|
+
begin
|
77
|
+
decoded_token = JWT.decode jwt, secret, true, { :verify_iat => ::Devise.verify_iat, :iss => ::Devise.jwt_issuer, :verify_iss => ::Devise.verify_iss, :aud => ::Devise.jwt_audience, :verify_aud => ::Devise.verify_aud, :algorithm => 'HS256'}
|
78
|
+
rescue JWT::ExpiredSignature
|
79
|
+
Rails.logger.info('Expired Signature')
|
80
|
+
return nil
|
81
|
+
rescue JWT::InvalidIssuerError
|
82
|
+
Rails.logger.info('Invalid Issuer Error')
|
83
|
+
return nil
|
84
|
+
rescue JWT::InvalidAudError
|
85
|
+
Rails.logger.info('Invalid Audience')
|
86
|
+
return nil
|
87
|
+
rescue JWT::InvalidIatError
|
88
|
+
Rails.logger.info('Invalid issued at')
|
89
|
+
return nil
|
90
|
+
rescue JWT::VerificationError
|
91
|
+
Rails.logger.info('Signature Verification error')
|
92
|
+
return nil
|
93
|
+
end
|
94
|
+
|
95
|
+
decoded_token
|
96
|
+
|
97
|
+
end
|
98
|
+
|
99
|
+
def valid_jwt?
|
100
|
+
|
101
|
+
if decode_jwt.nil?
|
102
|
+
return nil
|
103
|
+
end
|
104
|
+
|
105
|
+
true
|
106
|
+
|
107
|
+
end
|
108
|
+
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
Warden::Strategies.add(:jwt_authenticatable, Devise::Strategies::JwtAuthenticatable)
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'devise'
|
2
|
+
|
3
|
+
require "devise_lulibrary_jwt/version"
|
4
|
+
require 'devise_lulibrary_jwt/strategy'
|
5
|
+
require 'devise_lulibrary_jwt/model'
|
6
|
+
|
7
|
+
module Devise
|
8
|
+
|
9
|
+
mattr_accessor :jwt_secret
|
10
|
+
@@jwt_secret = nil
|
11
|
+
|
12
|
+
mattr_accessor :jwt_issuer
|
13
|
+
@@jwt_issuer = nil
|
14
|
+
|
15
|
+
mattr_accessor :jwt_audience
|
16
|
+
@@jwt_audience = nil
|
17
|
+
|
18
|
+
mattr_accessor :verify_aud
|
19
|
+
@@verify_aud = true
|
20
|
+
|
21
|
+
mattr_accessor :verify_iss
|
22
|
+
@@verify_iss = true
|
23
|
+
|
24
|
+
mattr_accessor :verify_iat
|
25
|
+
@@verify_iat = true
|
26
|
+
|
27
|
+
mattr_accessor :jwt_create_user
|
28
|
+
@@jwt_create_user = true
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
Devise.add_module(:jwt_authenticatable, strategy: true, model: 'devise_lulibrary_jwt/model')
|
metadata
ADDED
@@ -0,0 +1,130 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: devise_lulibrary_jwt
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Stephen Robinson
|
8
|
+
- LULibrary
|
9
|
+
autorequire:
|
10
|
+
bindir: exe
|
11
|
+
cert_chain: []
|
12
|
+
date: 2016-08-22 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: devise
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - ">="
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: 4.2.0
|
21
|
+
type: :runtime
|
22
|
+
prerelease: false
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: 4.2.0
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: jwt
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ">="
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: 1.5.4
|
35
|
+
type: :runtime
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - ">="
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 1.5.4
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: bundler
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - "~>"
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: '1.12'
|
49
|
+
type: :development
|
50
|
+
prerelease: false
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - "~>"
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '1.12'
|
56
|
+
- !ruby/object:Gem::Dependency
|
57
|
+
name: rake
|
58
|
+
requirement: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - "~>"
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '10.0'
|
63
|
+
type: :development
|
64
|
+
prerelease: false
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - "~>"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '10.0'
|
70
|
+
- !ruby/object:Gem::Dependency
|
71
|
+
name: rspec
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - "~>"
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '3.0'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - "~>"
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '3.0'
|
84
|
+
description: Devise extension to allow authentication using JWT
|
85
|
+
email:
|
86
|
+
- library.dit@lancaster.ac.uk
|
87
|
+
executables: []
|
88
|
+
extensions: []
|
89
|
+
extra_rdoc_files: []
|
90
|
+
files:
|
91
|
+
- ".gitignore"
|
92
|
+
- ".rspec"
|
93
|
+
- ".travis.yml"
|
94
|
+
- Gemfile
|
95
|
+
- LICENSE.txt
|
96
|
+
- README.md
|
97
|
+
- Rakefile
|
98
|
+
- bin/console
|
99
|
+
- bin/setup
|
100
|
+
- devise_lulibrary_jwt.gemspec
|
101
|
+
- lib/devise_lulibrary_jwt.rb
|
102
|
+
- lib/devise_lulibrary_jwt/model.rb
|
103
|
+
- lib/devise_lulibrary_jwt/strategy.rb
|
104
|
+
- lib/devise_lulibrary_jwt/version.rb
|
105
|
+
homepage: https://github.com/lulibrary/Devise-JWT
|
106
|
+
licenses:
|
107
|
+
- MIT
|
108
|
+
metadata:
|
109
|
+
allowed_push_host: https://rubygems.org
|
110
|
+
post_install_message:
|
111
|
+
rdoc_options: []
|
112
|
+
require_paths:
|
113
|
+
- lib
|
114
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - ">="
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '0'
|
124
|
+
requirements: []
|
125
|
+
rubyforge_project:
|
126
|
+
rubygems_version: 2.4.5.1
|
127
|
+
signing_key:
|
128
|
+
specification_version: 4
|
129
|
+
summary: Devise extension to allow authentication using JWT
|
130
|
+
test_files: []
|