grape-jwt-authentication 1.0.1 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 6a78c43fa11b24e40395c34bbc802f61c6e4646c
-  data.tar.gz: ca386d7ac9298045d93e38b0c6df2c3e8ab1dcae
+SHA256:
+  metadata.gz: 00a891189e6112551bcafe2469783cbb39c6fdd1f923fd0131a8e6be9d693405
+  data.tar.gz: 24b25986aa9a88e9f3f279554233c5e5e2e5a3de99abb5bc4525fa31eb097429
 SHA512:
-  metadata.gz: 1b234415911e6f3f2820d9511af016e290ed4723521374913d9cb5b5e05925722a9222f48016c7f4a75f88ee30aa901aaa702f8699e86792e4ed9d58fab439c6
-  data.tar.gz: 1557a1c9a4fc4acb8cf77be68fbaf4f5417753bc5e859917508bd334e36ca9449e9c483119b009158f9d0ac4202413a372ed2c4638d45444e0e9d6ce9594139a
+  metadata.gz: 17d674a6dd8fd413e5a565d12998b3d161a0dea5fecad9b9cb16532e35634750df7049a8ceed133726f351a0f4b084403e93866ef0d546ecd67bc738021a4554
+  data.tar.gz: 23ccc11a897827a771c50470d61142b46eb11b3ed90f0e7cb2a3bfba7021f456e8cb1317d1eca4ac2a6c283de02b956e3aafd679cfabbaad1adcebe606546794

data/.editorconfig

@@ -0,0 +1,30 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = true
+
+[*.json]
+indent_style = space
+indent_size = 2
+
+[*.yml]
+indent_style = space
+indent_size = 2
+
+[Makefile]
+trim_trailing_whitespace = true
+indent_style = tab
+indent_size = 4
+
+[*.sh]
+indent_style = space
+indent_size = 2

data/.gitignore

@@ -6,6 +6,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+/Gemfile.lock
 
 # rspec failure tracking
 .rspec_status

data/.simplecov

@@ -0,0 +1,3 @@
+SimpleCov.start 'test_frameworks' do
+  add_filter '/vendor/bundle/'
+end

data/.travis.yml

@@ -1,12 +1,12 @@
 env:
   global:
-    - CC_TEST_REPORTER_ID=6e5d2de1ccc0412cdc8d01fdddc560fe3051b14f1c15fea55b0d6e32e27a81cf
+    - CC_TEST_REPORTER_ID=ecb753423174dbd8e4aaf04fb62bf4ef9c2a54904ac49a33fdf2b908b3c5e5f3
 
 sudo: false
 language: ruby
 rvm:
-  - 2.2
-  - 2.3
+  - 2.6
+  - 2.5
   - 2.4
 
 before_install: gem install bundler
@@ -15,6 +15,6 @@ before_script:
   - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
   - chmod +x ./cc-test-reporter
   - ./cc-test-reporter before-build
-
+script: bundle exec rake
 after_script:
   - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT

data/CHANGELOG.md

@@ -1,3 +1,35 @@
+### 2.0.1
+
+* Corrected a migration bug on the configuration which used the wrong namespace
+  for `RsaPublicKey` (resulted in `uninitialized constant
+  Grape::Jwt::Authentication::Configuration::RsaPublicKey`)
+
+### 2.0.0
+
+* Extracted the JWT verification functionality into its own gem
+  ([keyless](https://github.com/hausgold/keyless)) (#6)
+  * This extraction allows users to use the JWT/RSA key handling without Grape
+  * The API/configuration stays the same
+* With the major update to 2.0 we dropped a lot of code which is now located at
+  the Keyless gem:
+  * `Grape::Jwt::Authentication::Jwt` was replace with `Keyless::Jwt`
+  * `Grape::Jwt::Authentication::RsaPublicKey` was replace with `Keyless::RsaPublicKey`
+
+### 1.3.0
+
+* Dropped support for EOL Ruby 2.3 (in addition to Grape)
+
+### 1.2.0
+
+* Check the remote response on public key fetching (#3)
+* Added support for Ruby 2.6
+* Dropped support for EOL Ruby 2.2
+
+### 1.1.0
+
+* Added the parsed and original token to the Rack environment (#2)
+  * Two new helper methods are now available to access the JWT from an API spec
+
 ### 1.0.1
 
 * First public release of the gem

data/README.md

@@ -1,9 +1,10 @@
-![grape-jwt-authentication](doc/assets/project.png)
+![grape-jwt-authentication](doc/assets/project.svg)
 
-[![Build Status](https://api.travis-ci.org/hausgold/grape-jwt-authentication.svg)](https://travis-ci.org/hausgold/grape-jwt-authentication)
+[![Build Status](https://travis-ci.com/hausgold/grape-jwt-authentication.svg?branch=master)](https://travis-ci.com/hausgold/grape-jwt-authentication)
 [![Gem Version](https://badge.fury.io/rb/grape-jwt-authentication.svg)](https://badge.fury.io/rb/grape-jwt-authentication)
-[![Maintainability](https://api.codeclimate.com/v1/badges/446f3eff18bebff9c174/maintainability)](https://codeclimate.com/github/hausgold/grape-jwt-authentication/maintainability)
-[![Test Coverage](https://codeclimate.com/github/hausgold/grape-jwt-authentication/badges/coverage.svg)](https://codeclimate.com/github/hausgold/grape-jwt-authentication/coverage)
+[![Maintainability](https://api.codeclimate.com/v1/badges/ab14a3bab572edfbf305/maintainability)](https://codeclimate.com/repos/5cac8bc06c282f791c009a66/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/ab14a3bab572edfbf305/test_coverage)](https://codeclimate.com/repos/5cac8bc06c282f791c009a66/test_coverage)
+[![API docs](https://img.shields.io/badge/docs-API-blue.svg)](https://www.rubydoc.info/gems/grape-jwt-authentication)
 
 This gem is dedicated to easily integrate a JWT authentication to your
 [Grape](https://github.com/ruby-grape/grape) API. The real authentication
@@ -13,6 +14,7 @@ flexible on the JWT verification level.
 - [Installation](#installation)
 - [Usage](#usage)
   - [Grape API](#grape-api)
+    - [Helpers](#helpers)
   - [Configuration](#configuration)
     - [Authenticator](#authenticator)
     - [Malformed token handling](#malformed-token-handling)
@@ -72,6 +74,42 @@ module UserApi
 end
 ```
 
+#### Helpers
+
+The inclusion of the `Grape::Jwt::Authentication` inserts some helpers to
+access the parsed and original JWT. This can be handy when you need to work
+with the JWT payload or perform some extra calculations with the expiration
+date of it.  The following example demonstrated the usage of the helpers.
+
+```ruby
+module UserApi
+  class ApiV1 < Grape::API
+    # All your fancy Grape API stuff [..]
+    version 'v1', using: :path
+
+    resource :payload do
+      desc 'A JWT payload echo service.'
+      get do
+        # The parsed JWT which has an accessible payload (RecursiveOpenStruct)
+        { payload: request_jwt.payload.to_h }
+      end
+    end
+
+    resource :token do
+      desc 'A JWT echo service.'
+      get do
+        # The original JWT parsed from the HTTP authorization header
+        { token: original_request_jwt }
+      end
+    end
+
+    # Enable JWT authentication on this API
+    include Grape::Jwt::Authentication
+    auth :jwt
+  end
+end
+```
+
 ### Configuration
 
 This gem is quite customizable and flexible to fulfill your needs. You can make
@@ -147,18 +185,18 @@ have your own mechanism.
 
 ```ruby
 # Get your public key, by using the global configuration
-public_key = Grape::Jwt::Authentication::RsaPublicKey.fetch
+public_key = Keyless::RsaPublicKey.fetch
 # => OpenSSL::PKey::RSA
 
 # Using a local configuration
-fetcher = Grape::Jwt::Authentication::RsaPublicKey.instance
+fetcher = Keyless::RsaPublicKey.instance
 fetcher.url = 'https://your.identity.provider/rsa_public_key'
 public_key = fetcher.fetch
 # => OpenSSL::PKey::RSA
 ```
 
 The following examples show you how to configure the
-`Grape::Jwt::Authentication::RsaPublicKey` class the global way. This is useful
+`Keyless::RsaPublicKey` class the global way. This is useful
 for a shared initializer place.
 
 ##### RSA public key location (URL)
@@ -223,7 +261,7 @@ the `RsaPublicKey` fetcher class. (by default)
 raw_token = 'eyJ0eXAiOiJKV1QifQ.eyJ0ZXN0Ijp0cnVlfQ.'
 
 # Parse the raw token and create a instance of it
-token = Grape::Jwt::Authentication::Jwt.new(raw_token)
+token = Keyless::Jwt.new(raw_token)
 
 # Access the payload easily (recursive-open-struct)
 token.payload.test
@@ -236,7 +274,7 @@ token.valid?
 ```
 
 The following examples show you how to configure the
-`Grape::Jwt::Authentication::Jwt` class the global way. This is useful for a
+`Keyless::Jwt` class the global way. This is useful for a
 shared initializer place.
 
 ##### Issuer verification
@@ -285,7 +323,7 @@ end
 You can configure your own verification key on the `Jwt` wrapper class.  This
 way you can pass your HMAC secret or your ECDSA public key to the JSON Web
 Token validation method. Here you need to pass a proc, on the
-`Grape::Jwt::Authentication::Jwt` class it has to be a scalar value. By default
+`Keyless::Jwt` class it has to be a scalar value. By default
 we use the `RsaPublicKey` class to retrieve the RSA public key.
 
 ```ruby
@@ -356,7 +394,7 @@ Grape::Jwt::Authentication.configure do |conf|
   # Custom verification logic.
   conf.authenticator = proc do |token|
     # Parse and instantiate a JWT verification instance
-    jwt = Grape::Jwt::Authentication::Jwt.new(token)
+    jwt = Keyless::Jwt.new(token)
 
     # We just allow valid access tokens
     jwt.access_token? && jwt.valid?
@@ -376,8 +414,8 @@ end
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake spec` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
+`bundle exec rake spec` to run the tests. You can also run `bin/console` for an
+interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`. To
 release a new version, update the version number in `version.rb`, and then run

data/doc/assets/project.svg

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.1"
+   id="Ebene_1"
+   x="0px"
+   y="0px"
+   viewBox="0 0 800 200"
+   xml:space="preserve"
+   width="800"
+   height="200"><metadata
+   id="metadata33"><rdf:RDF><cc:Work
+       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
+   id="defs31" />
+<style
+   type="text/css"
+   id="style2">
+    .st0{fill-rule:evenodd;clip-rule:evenodd;fill:#E73E11;}
+    .st1{fill-rule:evenodd;clip-rule:evenodd;fill:#0371B9;}
+    .st2{fill:#132E48;}
+    .st3{font-family:'OpenSans-Bold';}
+    .st4{font-size:29.5168px;}
+    .st5{fill-rule:evenodd;clip-rule:evenodd;fill:none;}
+    .st6{opacity:0.5;fill:#132E48;}
+    .st7{font-family:'OpenSans';}
+    .st8{font-size:12px;}
+</style>
+<g
+   transform="translate(0,1.53584)"
+   id="g828"><g
+   transform="translate(35.93985,35.66416)"
+   id="g8">
+    <path
+   style="clip-rule:evenodd;fill:#e73e11;fill-rule:evenodd"
+   id="path4"
+   d="m -0.1,124.4 c 0,0 33.7,-123.2 66.7,-123.2 12.8,0 26.9,21.9 38.8,47.2 -23.6,27.9 -66.6,59.7 -94,76 -7.1,0 -11.5,0 -11.5,0 z"
+   class="st0" />
+    <path
+   style="clip-rule:evenodd;fill:#0371b9;fill-rule:evenodd"
+   id="path6"
+   d="m 88.1,101.8 c 13.5,-10.4 18.4,-16.2 27.1,-25.4 10,25.7 16.7,48 16.7,48 0,0 -41.4,0 -78,0 14.6,-7.9 18.7,-10.7 34.2,-22.6 z"
+   class="st1" />
+</g><text
+   y="106.40316"
+   x="192.43155"
+   style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:29.51733398px;font-family:'Open Sans', sans-serif;-inkscape-font-specification:'OpenSans-Bold, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;writing-mode:lr-tb;text-anchor:start;fill:#132e48"
+   id="text10"
+   class="st2 st3 st4">grape-jwt-authentication</text>
+<rect
+   style="clip-rule:evenodd;fill:none;fill-rule:evenodd"
+   id="rect12"
+   height="24"
+   width="314.5"
+   class="st5"
+   y="118.06416"
+   x="194.23985" /><text
+   y="127.22146"
+   x="194.21715"
+   style="font-size:12px;font-family:'Open Sans', sans-serif;opacity:0.5;fill:#132e48;-inkscape-font-specification:'Open Sans, sans-serif, Normal';font-weight:normal;font-style:normal;font-stretch:normal;font-variant:normal;text-anchor:start;text-align:start;writing-mode:lr;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;"
+   id="text14"
+   class="st6 st7 st8">A reusable Grape JWT authentication concern</text>
+</g>
+</svg>

data/grape-jwt-authentication.gemspec

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'grape/jwt/authentication/version'
 
@@ -21,19 +21,20 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'bundler', '>= 1.16', '< 3'
+  spec.add_development_dependency 'rack', '~> 2.0'
+  spec.add_development_dependency 'rack-test', '~> 0.8.2'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'simplecov', '~> 0.15'
+  spec.add_development_dependency 'timecop', '~> 0.9.1'
   spec.add_development_dependency 'vcr', '~> 3.0'
   spec.add_development_dependency 'webmock', '~> 3.1'
-  spec.add_development_dependency 'timecop', '~> 0.9.1'
-  spec.add_development_dependency 'rack', '~> 2.0'
-  spec.add_development_dependency 'rack-test', '~> 0.8.2'
 
   spec.add_runtime_dependency 'activesupport', '>= 3.2.0'
   spec.add_runtime_dependency 'grape', '~> 1.0'
   spec.add_runtime_dependency 'httparty'
   spec.add_runtime_dependency 'jwt', '~> 2.1'
   spec.add_runtime_dependency 'recursive-open-struct', '~> 1.0'
+  spec.add_runtime_dependency 'keyless', '~> 1.0'
 end

data/lib/grape/jwt/authentication.rb

@@ -7,15 +7,13 @@ require 'active_support/cache'
 require 'active_support/core_ext/hash'
 require 'active_support/time'
 require 'active_support/time_with_zone'
-
 require 'jwt'
-
+require 'keyless'
 require 'grape'
 require 'grape/jwt/authentication/version'
 require 'grape/jwt/authentication/configuration'
+require 'grape/jwt/authentication/dependencies'
 require 'grape/jwt/authentication/jwt_handler'
-require 'grape/jwt/authentication/jwt'
-require 'grape/jwt/authentication/rsa_public_key'
 
 module Grape
   module Jwt
@@ -43,11 +41,13 @@ module Grape
       #   end
       def self.configure
         yield(configuration)
+        configure_dependencies
       end
 
       # Reset the current configuration with the default one.
       def self.reset_configuration!
         self.configuration = Configuration.new
+        configure_dependencies
       end
 
       included do
@@ -58,6 +58,27 @@ module Grape
         Grape::Middleware::Auth::Strategies.add(:jwt,
                                                 JwtHandler,
                                                 ->(opts) { [opts] })
+
+        helpers do
+          # Get the parsed JWT from the authorization header of the current
+          # request. You could use it to access the payload or the expiration
+          # date, etc inside your API definition. When the authenticator stated
+          # that the validation failed, then the parsed token is +nil+.
+          #
+          # @return [Grape::Jwt::Authentication::Jwt, nil] the parsed token
+          def request_jwt
+            env['grape_jwt_auth.parsed_token']
+          end
+
+          # Get the original JWT from the authorization header of the current
+          # request, without further changes. You could use it to display a
+          # custom error or to parse it differently.
+          #
+          # @return [String] the JWT from the authorization header
+          def original_request_jwt
+            env['grape_jwt_auth.original_token']
+          end
+        end
       end
     end
   end

data/lib/grape/jwt/authentication/configuration.rb

@@ -118,11 +118,10 @@ module Grape
         # This way you can pass your HMAC secret or your ECDSA public key to
         # the JSON Web Token validation method. Here you need to pass a proc,
         # on the {Grape::Jwt::Authentication::Jwt} class it has to be a scalar
-        # value. By default we use the
-        # {Grape::Jwt::Authentication::RsaPublicKey} class to retrieve the RSA
-        # public key.
+        # value. By default we use the {Keyless::RsaPublicKey} class to
+        # retrieve the RSA public key.
         config_accessor(:jwt_verification_key) do
-          proc { RsaPublicKey.instance.fetch }
+          proc { Keyless::RsaPublicKey.instance.fetch }
         end
       end
     end

data/lib/grape/jwt/authentication/dependencies.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Grape
+  module Jwt
+    module Authentication
+      # Specifies which configuration keys are shared between keyless
+      # and grape-jwt-authentication, so that we can easily pass through
+      # our configuration to keyless.
+      KEYLESS_CONFIGURATION = %i[
+        authenticator rsa_public_key_url rsa_public_key_caching
+        rsa_public_key_expiration jwt_issuer jwt_beholder jwt_options
+        jwt_verification_key
+      ]
+
+      # (Re)configure our gem dependencies. We take care of setting up
+      # +Keyless+, which has been extracted from this gem.
+      def self.configure_dependencies
+        configure_keyless
+      end
+
+      # Configure the +Keyless+ gem with our configuration.
+      def self.configure_keyless
+        configuration = Grape::Jwt::Authentication.configuration
+
+        Keyless.configure do |keyless|
+          KEYLESS_CONFIGURATION.each do |option|
+            keyless.send("#{option}=", configuration.send(option))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape/jwt/authentication/jwt_handler.rb

@@ -15,8 +15,12 @@ module Grape
         # A internal exception handling for malformed headers.
         class MalformedHeaderError < StandardError; end
 
+        # A generic JWT part, the full token contains three parts
+        # separated by a period.
+        JWT_PART_REGEX = /([a-zA-Z0-9\-_]+)?/.freeze
+
         # A common JWT validation regex which meets the RFC specs.
-        JWT_REGEX = /^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/
+        JWT_REGEX = Regexp.new("^#{([JWT_PART_REGEX] * 3).join('\.')}$").freeze
 
         # Initialize a new Rack middleware for Bearer token
         # processing.
@@ -76,12 +80,30 @@ module Grape
         def parse_token(header)
           token = header.to_s.scan(/^Bearer (.*)/).flatten.first
           raise MalformedHeaderError unless JWT_REGEX =~ token
+
           token
         end
 
+        # Inject the token to the environment as a parsed version. This allows
+        # further usage like extracting the subject from the payload when the
+        # verification was valid.
+        #
+        # @param env [Hash{String => Mixed}] the Rack environment
+        # @param token [String] the token parsed from the HTTP header
+        def inject_token_into_env(env, token)
+          env['grape_jwt_auth.parsed_token'] = Keyless::Jwt.new(token)
+        rescue *Keyless::Jwt::RESCUE_JWT_EXCEPTIONS
+          env['grape_jwt_auth.parsed_token'] = nil
+        ensure
+          env['grape_jwt_auth.original_token'] = token
+        end
+
         # Perform the authentication logic on the Rack compatible
         # interface.
         #
+        # @param env [Hash{String => Mixed}] the Rack environment
+        #
+        # rubocop:disable Metrics/AbcSize because thats the auth handling core
         # :reek:TooManyStatements because reek counts exception
         #                         handling as statements
         def call(env)
@@ -94,11 +116,16 @@ module Grape
           # errors, that why we invoke the formatter middleware here.
           Grape::Middleware::Formatter.new(->(_) {}).call(env)
 
-          # Parse the JWT token and give it to the user defined block
+          # Parse the JWT token from the request headers.
+          token = parse_token(env['HTTP_AUTHORIZATION'])
+
+          # Inject the parsed token to the Rack environment.
+          inject_token_into_env(env, token)
+
+          # Give the parsed token to the user defined block
           # for futher verification. The user given block MUST return
           # a positive result to allow the request to be further
           # processed, or a negative result to stop processing.
-          token = parse_token(env['HTTP_AUTHORIZATION'])
           raise AuthenticationError unless authenticator.call(token)
 
           # Looks like we are on a good path and the given token was
@@ -112,6 +139,7 @@ module Grape
           # Call the user defined failed authentication handler.
           failed_handler.call(token, @app)
         end
+        # rubocop:enable Metrics/AbcSize
       end
     end
   end

data/lib/grape/jwt/authentication/version.rb

@@ -3,7 +3,7 @@
 module Grape
   module Jwt
     module Authentication
-      VERSION = '1.0.1'
+      VERSION = '2.0.1'.freeze
     end
   end
 end

metadata

@@ -1,73 +1,79 @@
 --- !ruby/object:Gem::Specification
 name: grape-jwt-authentication
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.1
 platform: ruby
 authors:
 - Hermann Mayer
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-11-23 00:00:00.000000000 Z
+date: 2020-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 0.8.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 0.8.2
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.15'
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.15'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
-  name: vcr
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -81,19 +87,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '0.15'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '0.15'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -109,33 +115,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.9.1
 - !ruby/object:Gem::Dependency
-  name: rack
+  name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.2
+        version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.2
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -206,6 +212,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: keyless
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: A reusable Grape JWT authentication concern
 email:
 - hermann.mayer92@gmail.com
@@ -213,32 +233,30 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".editorconfig"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".simplecov"
 - ".travis.yml"
 - CHANGELOG.md
 - Gemfile
-- Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
 - bin/console
 - bin/setup
-- doc/assets/logo.png
-- doc/assets/project.png
-- doc/assets/project.xcf
+- doc/assets/project.svg
 - grape-jwt-authentication.gemspec
 - lib/grape/jwt/authentication.rb
 - lib/grape/jwt/authentication/configuration.rb
-- lib/grape/jwt/authentication/jwt.rb
+- lib/grape/jwt/authentication/dependencies.rb
 - lib/grape/jwt/authentication/jwt_handler.rb
-- lib/grape/jwt/authentication/rsa_public_key.rb
 - lib/grape/jwt/authentication/version.rb
 homepage: https://github.com/hausgold/grape-jwt-authentication
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -253,9 +271,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: A reusable Grape JWT authentication concern
 test_files: []

data/Gemfile.lock

@@ -1,114 +0,0 @@
-PATH
-  remote: .
-  specs:
-    grape-jwt-authentication (1.0.1)
-      activesupport (>= 3.2.0)
-      grape (~> 1.0)
-      httparty
-      jwt (~> 2.1)
-      recursive-open-struct (~> 1.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activesupport (5.1.4)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
-    axiom-types (0.1.1)
-      descendants_tracker (~> 0.0.4)
-      ice_nine (~> 0.11.0)
-      thread_safe (~> 0.3, >= 0.3.1)
-    builder (3.2.3)
-    coercible (1.0.0)
-      descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.0.5)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
-    diff-lcs (1.3)
-    docile (1.1.5)
-    equalizer (0.0.11)
-    grape (1.0.1)
-      activesupport
-      builder
-      mustermann-grape (~> 1.0.0)
-      rack (>= 1.3.0)
-      rack-accept
-      virtus (>= 1.0.0)
-    hashdiff (0.3.7)
-    httparty (0.15.6)
-      multi_xml (>= 0.5.2)
-    i18n (0.9.1)
-      concurrent-ruby (~> 1.0)
-    ice_nine (0.11.2)
-    json (2.1.0)
-    jwt (2.1.0)
-    minitest (5.10.3)
-    multi_xml (0.6.0)
-    mustermann (1.0.1)
-    mustermann-grape (1.0.0)
-      mustermann (~> 1.0.0)
-    public_suffix (3.0.1)
-    rack (2.0.3)
-    rack-accept (0.4.5)
-      rack (>= 0.4)
-    rack-test (0.8.2)
-      rack (>= 1.0, < 3)
-    rake (10.5.0)
-    recursive-open-struct (1.0.5)
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.0)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-mocks (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.0)
-    safe_yaml (1.0.4)
-    simplecov (0.15.1)
-      docile (~> 1.1.0)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.4)
-      thread_safe (~> 0.1)
-    vcr (3.0.3)
-    virtus (1.0.5)
-      axiom-types (~> 0.1)
-      coercible (~> 1.0)
-      descendants_tracker (~> 0.0, >= 0.0.3)
-      equalizer (~> 0.0, >= 0.0.9)
-    webmock (3.1.1)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.16)
-  grape-jwt-authentication!
-  rack (~> 2.0)
-  rack-test (~> 0.8.2)
-  rake (~> 10.0)
-  rspec (~> 3.0)
-  simplecov (~> 0.15)
-  timecop (~> 0.9.1)
-  vcr (~> 3.0)
-  webmock (~> 3.1)
-
-BUNDLED WITH
-   1.16.0

data/lib/grape/jwt/authentication/jwt.rb

@@ -1,112 +0,0 @@
-# frozen_string_literal: true
-
-require 'recursive-open-struct'
-
-module Grape
-  module Jwt
-    module Authentication
-      # A easy to use model for verification of JSON Web Tokens. This is just a
-      # wrapper class for the excellent ruby-jwt gem. It's completely up to you
-      # to use it. But be aware, its a bit optinionated by default.
-      class Jwt
-        # All the following JWT verification issues lead to a failed validation.
-        RESCUE_JWT_EXCEPTIONS = [
-          ::JWT::DecodeError,
-          ::JWT::VerificationError,
-          ::JWT::ExpiredSignature,
-          ::JWT::IncorrectAlgorithm,
-          ::JWT::ImmatureSignature,
-          ::JWT::InvalidIssuerError,
-          ::JWT::InvalidIatError,
-          ::JWT::InvalidAudError,
-          ::JWT::InvalidSubError,
-          ::JWT::InvalidJtiError,
-          ::JWT::InvalidPayload
-        ].freeze
-
-        # :reek:Attribute because its fine to be extern-modifiable at these
-        # instances
-        attr_reader :payload, :token
-        attr_writer :verification_key, :jwt_options
-        attr_accessor :issuer, :beholder
-
-        # Setup a new JWT instance. You have to pass the raw JSON Web Token to
-        # the initializer. Example:
-        #
-        #   Jwt.new('j.w.t')
-        #   # => <Jwt>
-        #
-        # @return [Jwt]
-        def initialize(token)
-          parsed_payload = JWT.decode(token, nil, false).first.symbolize_keys
-          @token = token
-          @payload = RecursiveOpenStruct.new(parsed_payload)
-        end
-
-        # Checks if the payload says this is a refresh token.
-        #
-        # @return [Boolean] Whenever this is a access token
-        def access_token?
-          payload.typ == 'access'
-        end
-
-        # Checks if the payload says this is a refresh token.
-        #
-        # @return [Boolean] Whenever this is a refresh token
-        def refresh_token?
-          payload.typ == 'refresh'
-        end
-
-        # Retrives the expiration date from the payload when set.
-        #
-        # @return [nil|ActiveSupport::TimeWithZone] The expiration date
-        def expires_at
-          exp = payload.exp
-          return nil unless exp
-          Time.zone.at(exp)
-        end
-
-        # Deliver the public key for verification by default. This uses the
-        # {RsaPublicKey} class, but you can configure the verification key the
-        # way you like. (Especially for different algorithms, like HMAC or
-        # ECDSA) Just make use of the same named setter.
-        #
-        # @return [OpenSSL::PKey::RSA|Mixed] The verification key
-        def verification_key
-          unless @verification_key
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.jwt_verification_key.call
-          end
-          @verification_key
-        end
-
-        # This getter passes back the default JWT verification option hash
-        # which is optinionated.  You can change this the way you like by
-        # configuring your options with the help of the same named setter.
-        #
-        # @return [Hash] The JWT verification options hash
-        def jwt_options
-          unless @jwt_options
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.jwt_options.call
-          end
-          @jwt_options
-        end
-
-        # Verify the current token by our hard and strict rules. Whenever the
-        # token was not parsed from a string, we encode the current state to a
-        # JWT string representation and check this.
-        #
-        # @return [Boolean] Whenever the token is valid or not
-        #
-        # :reek:NilCheck because we have to check the token
-        #                origin and react on it
-        def valid?
-          JWT.decode(token, verification_key, true, jwt_options) && true
-        rescue *RESCUE_JWT_EXCEPTIONS
-          false
-        end
-      end
-    end
-  end
-end

data/lib/grape/jwt/authentication/rsa_public_key.rb

@@ -1,126 +0,0 @@
-# frozen_string_literal: true
-
-require 'singleton'
-require 'openssl'
-require 'httparty'
-
-module Grape
-  module Jwt
-    module Authentication
-      # A common purpose RSA public key fetching/caching helper. With the help
-      # of this class you are able to retrieve the RSA public key from a remote
-      # server or a local file. This is naturally only useful if you care about
-      # JSON Web Token which are signed by the RSA algorithm.
-      class RsaPublicKey
-        include Singleton
-
-        # Setup all the getters and setters.
-        attr_accessor :cache
-        attr_writer :url, :expiration, :caching
-
-        # Setup the instance.
-        def initialize
-          @expiration = 1.hour
-          @cache = ActiveSupport::Cache::MemoryStore.new
-        end
-
-        # Just a simple shortcut class method to access the fetch method
-        # without specifying the singleton instance.
-        #
-        # @return [OpenSSL::PKey::RSA]
-        def self.fetch
-          instance.fetch
-        end
-
-        # Configure the single instance. This is just a wrapper (like tap)
-        # to the instance itself.
-        def configure
-          yield(self)
-        end
-
-        # Fetch the public key with the help of the configuration.  You can
-        # configure the public key location (local file, remote (HTTP/HTTPS)
-        # file), whenever we should cache and how long to cache.
-        #
-        # @return [OpenSSL::PKey::RSA]
-        def fetch
-          encoded_key = if cache?
-                          cache.fetch('encoded_key', expires_in: expiration) do
-                            fetch_encoded_key
-                          end
-                        else
-                          fetch_encoded_key
-                        end
-
-          OpenSSL::PKey::RSA.new(encoded_key)
-        end
-
-        # Fetch the encoded (DER, or PEM) public key from a remote or local
-        # location.
-        #
-        # @return [String] The encoded public key
-        def fetch_encoded_key
-          raise ArgumentError, 'No URL for RsaPublicKey configured' unless url
-          if remote?
-            HTTParty.get(url).body
-          else
-            File.read(url)
-          end
-        end
-
-        # A helper for the caching configuration.
-        #
-        # @return [Boolean]
-        def cache?
-          caching && true
-        end
-
-        # A helper to determine if the configured URL is on a remote server or
-        # it is local on the filesystem. Whenever the configured URL specifies
-        # the HTTP/HTTPS protocol, we assume it is remote.
-        #
-        # @return [Boolean]
-        def remote?
-          !(url =~ /^https?/).nil?
-        end
-
-        # This getter passes back the default RSA public key.  You can change
-        # this the way you like by configuring your URL with the help of the
-        # same named setter.
-        #
-        # @return [String] The configured public key location
-        def url
-          unless @url
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_url
-          end
-          @url
-        end
-
-        # This getter passes back the default public key cache expiration time.
-        # You can change this time with the help of the same named setter.
-        #
-        # @return [Integer] The configured cache expiration time
-        def expiration
-          unless @expiration
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_expiration
-          end
-          @expiration
-        end
-
-        # This getter passes back the caching flag. You can change this flag
-        # with the help of the same named setter.
-        #
-        # @return [Boolean] Whenever we should cache or not
-        def caching
-          unless @caching
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_caching
-          end
-          @caching
-        end
-      end
-    end
-  end
-end