grape-jwt-authentication 1.1.0 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff7b66cbce6da2abf8a94f05de6e1193c28609ee3603c7373a7b189f1e9b67d4
-  data.tar.gz: 29f400c994e453466570810c10c1fcc6d674074a1edf5c2a3f8d282146c3e9fa
+  metadata.gz: 8e9342b70db03baa2d358176c7a95c64ce06d60905245dc68939059ce5fc853a
+  data.tar.gz: '025155931791462ef7afc5366410ed3426bb8a5f15d3d4a641c7e70d232da84b'
 SHA512:
-  metadata.gz: 4f7b6a29dbe8c3e6fe6e230efd52605b3729757b77ad47d2ead3d27f88f022d63d0f65a4eb11cbf99c5b23490331b1489d077e5ba49c7dd876b2843d05eeb269
-  data.tar.gz: d6235df2c6853433ed4a056eb2ddddeb84a2d64355fceac52181916afd6039a61c832f4a75b2283517f5abd2b3cdd40428ee007ba83babe0cc8f54692764a189
+  metadata.gz: 86cbd40f1df368f4836638dff6ee80c12c8a70aa0b7f3a39a763a7aa28b4bdf3a878634f5a8bb05bb91094e3d838e1f61b216dac84a84f17afa403bb69950820
+  data.tar.gz: 1c12302d38a2fb246db94353a4c55db7fa40f3717f0ba90ab7fe1e5391e926f7c8ac7cef2f710a79338260726c16bcad0b65c048719c0a9c05d51ded9f835475

data/.gitignore

@@ -6,6 +6,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+/Gemfile.lock
 
 # rspec failure tracking
 .rspec_status

data/.travis.yml

@@ -1,14 +1,13 @@
 env:
   global:
-    - CC_TEST_REPORTER_ID=6e5d2de1ccc0412cdc8d01fdddc560fe3051b14f1c15fea55b0d6e32e27a81cf
+    - CC_TEST_REPORTER_ID=ecb753423174dbd8e4aaf04fb62bf4ef9c2a54904ac49a33fdf2b908b3c5e5f3
 
 sudo: false
 language: ruby
 rvm:
+  - 2.6
   - 2.5
   - 2.4
-  - 2.3
-  - 2.2
 
 before_install: gem install bundler
 

data/CHANGELOG.md

@@ -1,3 +1,34 @@
+### 2.0.2
+
+* Corrected some documentation glitches
+
+### 2.0.1
+
+* Corrected a migration bug on the configuration which used the wrong namespace
+  for `RsaPublicKey` (resulted in `uninitialized constant
+  Grape::Jwt::Authentication::Configuration::RsaPublicKey`)
+
+### 2.0.0
+
+* Extracted the JWT verification functionality into its own gem
+  ([keyless](https://github.com/hausgold/keyless)) (#6)
+  * This extraction allows users to use the JWT/RSA key handling without Grape
+  * The API/configuration stays the same
+* With the major update to 2.0 we dropped a lot of code which is now located at
+  the Keyless gem:
+  * `Grape::Jwt::Authentication::Jwt` was replace with `Keyless::Jwt`
+  * `Grape::Jwt::Authentication::RsaPublicKey` was replace with `Keyless::RsaPublicKey`
+
+### 1.3.0
+
+* Dropped support for EOL Ruby 2.3 (in addition to Grape)
+
+### 1.2.0
+
+* Check the remote response on public key fetching (#3)
+* Added support for Ruby 2.6
+* Dropped support for EOL Ruby 2.2
+
 ### 1.1.0
 
 * Added the parsed and original token to the Rack environment (#2)

data/README.md

@@ -1,9 +1,9 @@
-![grape-jwt-authentication](doc/assets/project.png)
+![grape-jwt-authentication](doc/assets/project.svg)
 
-[![Build Status](https://travis-ci.org/hausgold/grape-jwt-authentication.svg?branch=master)](https://travis-ci.org/hausgold/grape-jwt-authentication)
+[![Build Status](https://travis-ci.com/hausgold/grape-jwt-authentication.svg?branch=master)](https://travis-ci.com/hausgold/grape-jwt-authentication)
 [![Gem Version](https://badge.fury.io/rb/grape-jwt-authentication.svg)](https://badge.fury.io/rb/grape-jwt-authentication)
-[![Maintainability](https://api.codeclimate.com/v1/badges/446f3eff18bebff9c174/maintainability)](https://codeclimate.com/github/hausgold/grape-jwt-authentication/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/446f3eff18bebff9c174/test_coverage)](https://codeclimate.com/github/hausgold/grape-jwt-authentication/test_coverage)
+[![Maintainability](https://api.codeclimate.com/v1/badges/ab14a3bab572edfbf305/maintainability)](https://codeclimate.com/repos/5cac8bc06c282f791c009a66/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/ab14a3bab572edfbf305/test_coverage)](https://codeclimate.com/repos/5cac8bc06c282f791c009a66/test_coverage)
 [![API docs](https://img.shields.io/badge/docs-API-blue.svg)](https://www.rubydoc.info/gems/grape-jwt-authentication)
 
 This gem is dedicated to easily integrate a JWT authentication to your
@@ -185,18 +185,18 @@ have your own mechanism.
 
 ```ruby
 # Get your public key, by using the global configuration
-public_key = Grape::Jwt::Authentication::RsaPublicKey.fetch
+public_key = Keyless::RsaPublicKey.fetch
 # => OpenSSL::PKey::RSA
 
 # Using a local configuration
-fetcher = Grape::Jwt::Authentication::RsaPublicKey.instance
+fetcher = Keyless::RsaPublicKey.instance
 fetcher.url = 'https://your.identity.provider/rsa_public_key'
 public_key = fetcher.fetch
 # => OpenSSL::PKey::RSA
 ```
 
 The following examples show you how to configure the
-`Grape::Jwt::Authentication::RsaPublicKey` class the global way. This is useful
+`Keyless::RsaPublicKey` class the global way. This is useful
 for a shared initializer place.
 
 ##### RSA public key location (URL)
@@ -261,7 +261,7 @@ the `RsaPublicKey` fetcher class. (by default)
 raw_token = 'eyJ0eXAiOiJKV1QifQ.eyJ0ZXN0Ijp0cnVlfQ.'
 
 # Parse the raw token and create a instance of it
-token = Grape::Jwt::Authentication::Jwt.new(raw_token)
+token = Keyless::Jwt.new(raw_token)
 
 # Access the payload easily (recursive-open-struct)
 token.payload.test
@@ -274,7 +274,7 @@ token.valid?
 ```
 
 The following examples show you how to configure the
-`Grape::Jwt::Authentication::Jwt` class the global way. This is useful for a
+`Keyless::Jwt` class the global way. This is useful for a
 shared initializer place.
 
 ##### Issuer verification
@@ -305,7 +305,7 @@ end
 You can configure a different JSON Web Token verification option hash if your
 algorithm differs or you want some extra/different options.  Just watch out
 that you have to pass a proc to this configuration property. On the
-`Grape::Jwt::Authentication::Jwt` class it has to be a simple hash. The default
+`Keyless::Jwt` class it has to be a simple hash. The default
 is here the `RS256` algorithm with enabled expiration check, and issuer+audience
 check when the `jwt_issuer` / `jwt_beholder` are configured accordingly.
 
@@ -323,7 +323,7 @@ end
 You can configure your own verification key on the `Jwt` wrapper class.  This
 way you can pass your HMAC secret or your ECDSA public key to the JSON Web
 Token validation method. Here you need to pass a proc, on the
-`Grape::Jwt::Authentication::Jwt` class it has to be a scalar value. By default
+`Keyless::Jwt` class it has to be a scalar value. By default
 we use the `RsaPublicKey` class to retrieve the RSA public key.
 
 ```ruby
@@ -394,7 +394,7 @@ Grape::Jwt::Authentication.configure do |conf|
   # Custom verification logic.
   conf.authenticator = proc do |token|
     # Parse and instantiate a JWT verification instance
-    jwt = Grape::Jwt::Authentication::Jwt.new(token)
+    jwt = Keyless::Jwt.new(token)
 
     # We just allow valid access tokens
     jwt.access_token? && jwt.valid?

data/doc/assets/project.svg

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.1"
+   id="Ebene_1"
+   x="0px"
+   y="0px"
+   viewBox="0 0 800 200"
+   xml:space="preserve"
+   width="800"
+   height="200"><metadata
+   id="metadata33"><rdf:RDF><cc:Work
+       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
+   id="defs31" />
+<style
+   type="text/css"
+   id="style2">
+    .st0{fill-rule:evenodd;clip-rule:evenodd;fill:#E73E11;}
+    .st1{fill-rule:evenodd;clip-rule:evenodd;fill:#0371B9;}
+    .st2{fill:#132E48;}
+    .st3{font-family:'OpenSans-Bold';}
+    .st4{font-size:29.5168px;}
+    .st5{fill-rule:evenodd;clip-rule:evenodd;fill:none;}
+    .st6{opacity:0.5;fill:#132E48;}
+    .st7{font-family:'OpenSans';}
+    .st8{font-size:12px;}
+</style>
+<g
+   transform="translate(0,1.53584)"
+   id="g828"><g
+   transform="translate(35.93985,35.66416)"
+   id="g8">
+    <path
+   style="clip-rule:evenodd;fill:#e73e11;fill-rule:evenodd"
+   id="path4"
+   d="m -0.1,124.4 c 0,0 33.7,-123.2 66.7,-123.2 12.8,0 26.9,21.9 38.8,47.2 -23.6,27.9 -66.6,59.7 -94,76 -7.1,0 -11.5,0 -11.5,0 z"
+   class="st0" />
+    <path
+   style="clip-rule:evenodd;fill:#0371b9;fill-rule:evenodd"
+   id="path6"
+   d="m 88.1,101.8 c 13.5,-10.4 18.4,-16.2 27.1,-25.4 10,25.7 16.7,48 16.7,48 0,0 -41.4,0 -78,0 14.6,-7.9 18.7,-10.7 34.2,-22.6 z"
+   class="st1" />
+</g><text
+   y="106.40316"
+   x="192.43155"
+   style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:29.51733398px;font-family:'Open Sans', sans-serif;-inkscape-font-specification:'OpenSans-Bold, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;writing-mode:lr-tb;text-anchor:start;fill:#132e48"
+   id="text10"
+   class="st2 st3 st4">grape-jwt-authentication</text>
+<rect
+   style="clip-rule:evenodd;fill:none;fill-rule:evenodd"
+   id="rect12"
+   height="24"
+   width="314.5"
+   class="st5"
+   y="118.06416"
+   x="194.23985" /><text
+   y="127.22146"
+   x="194.21715"
+   style="font-size:12px;font-family:'Open Sans', sans-serif;opacity:0.5;fill:#132e48;-inkscape-font-specification:'Open Sans, sans-serif, Normal';font-weight:normal;font-style:normal;font-stretch:normal;font-variant:normal;text-anchor:start;text-align:start;writing-mode:lr;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;"
+   id="text14"
+   class="st6 st7 st8">A reusable Grape JWT authentication concern</text>
+</g>
+</svg>

data/grape-jwt-authentication.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'bundler', '>= 1.16', '< 3'
   spec.add_development_dependency 'rack', '~> 2.0'
   spec.add_development_dependency 'rack-test', '~> 0.8.2'
   spec.add_development_dependency 'rake', '~> 10.0'
@@ -36,4 +36,5 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'httparty'
   spec.add_runtime_dependency 'jwt', '~> 2.1'
   spec.add_runtime_dependency 'recursive-open-struct', '~> 1.0'
+  spec.add_runtime_dependency 'keyless', '~> 1.0'
 end

data/lib/grape/jwt/authentication.rb

@@ -7,15 +7,13 @@ require 'active_support/cache'
 require 'active_support/core_ext/hash'
 require 'active_support/time'
 require 'active_support/time_with_zone'
-
 require 'jwt'
-
+require 'keyless'
 require 'grape'
 require 'grape/jwt/authentication/version'
 require 'grape/jwt/authentication/configuration'
+require 'grape/jwt/authentication/dependencies'
 require 'grape/jwt/authentication/jwt_handler'
-require 'grape/jwt/authentication/jwt'
-require 'grape/jwt/authentication/rsa_public_key'
 
 module Grape
   module Jwt
@@ -43,11 +41,13 @@ module Grape
       #   end
       def self.configure
         yield(configuration)
+        configure_dependencies
       end
 
       # Reset the current configuration with the default one.
       def self.reset_configuration!
         self.configuration = Configuration.new
+        configure_dependencies
       end
 
       included do
@@ -65,7 +65,7 @@ module Grape
           # date, etc inside your API definition. When the authenticator stated
           # that the validation failed, then the parsed token is +nil+.
           #
-          # @return [Grape::Jwt::Authentication::Jwt, nil] the parsed token
+          # @return [Keyless::Jwt, nil] the parsed token
           def request_jwt
             env['grape_jwt_auth.parsed_token']
           end

data/lib/grape/jwt/authentication/configuration.rb

@@ -96,10 +96,10 @@ module Grape
         # You can configure a different JSON Web Token verification option hash
         # if your algorithm differs or you want some extra/different options.
         # Just watch out that you have to pass a proc to this configuration
-        # property. On the {Grape::Jwt::Authentication::Jwt} class it has to be
-        # a simple hash. The default is here the RS256 algorithm with enabled
-        # expiration check, and issuer+audience check when the
-        # {jwt_issuer}/{jwt_beholder} are configured accordingly.
+        # property. On the {Keyless::Jwt} class it has to be a simple hash. The
+        # default is here the RS256 algorithm with enabled expiration check,
+        # and issuer+audience check when the {jwt_issuer}/{jwt_beholder} are
+        # configured accordingly.
         config_accessor(:jwt_options) do
           proc do
             conf = Grape::Jwt::Authentication.configuration
@@ -117,12 +117,11 @@ module Grape
         # You can configure your own verification key on the Jwt wrapper class.
         # This way you can pass your HMAC secret or your ECDSA public key to
         # the JSON Web Token validation method. Here you need to pass a proc,
-        # on the {Grape::Jwt::Authentication::Jwt} class it has to be a scalar
-        # value. By default we use the
-        # {Grape::Jwt::Authentication::RsaPublicKey} class to retrieve the RSA
-        # public key.
+        # on the {Keyless::Jwt} class it has to be a scalar value. By default
+        # we use the {Keyless::RsaPublicKey} class to retrieve the RSA public
+        # key.
         config_accessor(:jwt_verification_key) do
-          proc { RsaPublicKey.instance.fetch }
+          proc { Keyless::RsaPublicKey.instance.fetch }
         end
       end
     end

data/lib/grape/jwt/authentication/dependencies.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Grape
+  module Jwt
+    module Authentication
+      # Specifies which configuration keys are shared between keyless
+      # and grape-jwt-authentication, so that we can easily pass through
+      # our configuration to keyless.
+      KEYLESS_CONFIGURATION = %i[
+        authenticator rsa_public_key_url rsa_public_key_caching
+        rsa_public_key_expiration jwt_issuer jwt_beholder jwt_options
+        jwt_verification_key
+      ]
+
+      # (Re)configure our gem dependencies. We take care of setting up
+      # +Keyless+, which has been extracted from this gem.
+      def self.configure_dependencies
+        configure_keyless
+      end
+
+      # Configure the +Keyless+ gem with our configuration.
+      def self.configure_keyless
+        configuration = Grape::Jwt::Authentication.configuration
+
+        Keyless.configure do |keyless|
+          KEYLESS_CONFIGURATION.each do |option|
+            keyless.send("#{option}=", configuration.send(option))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape/jwt/authentication/jwt_handler.rb

@@ -91,8 +91,8 @@ module Grape
         # @param env [Hash{String => Mixed}] the Rack environment
         # @param token [String] the token parsed from the HTTP header
         def inject_token_into_env(env, token)
-          env['grape_jwt_auth.parsed_token'] = Jwt.new(token)
-        rescue *Jwt::RESCUE_JWT_EXCEPTIONS
+          env['grape_jwt_auth.parsed_token'] = Keyless::Jwt.new(token)
+        rescue *Keyless::Jwt::RESCUE_JWT_EXCEPTIONS
           env['grape_jwt_auth.parsed_token'] = nil
         ensure
           env['grape_jwt_auth.original_token'] = token

data/lib/grape/jwt/authentication/version.rb

@@ -3,7 +3,7 @@
 module Grape
   module Jwt
     module Authentication
-      VERSION = '1.1.0'.freeze
+      VERSION = '2.0.2'.freeze
     end
   end
 end

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: grape-jwt-authentication
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.2
 platform: ruby
 authors:
 - Hermann Mayer
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-11-01 00:00:00.000000000 Z
+date: 2020-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -206,6 +212,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: keyless
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: A reusable Grape JWT authentication concern
 email:
 - hermann.mayer92@gmail.com
@@ -221,26 +241,22 @@ files:
 - ".travis.yml"
 - CHANGELOG.md
 - Gemfile
-- Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
 - bin/console
 - bin/setup
-- doc/assets/logo.png
-- doc/assets/project.png
-- doc/assets/project.xcf
+- doc/assets/project.svg
 - grape-jwt-authentication.gemspec
 - lib/grape/jwt/authentication.rb
 - lib/grape/jwt/authentication/configuration.rb
-- lib/grape/jwt/authentication/jwt.rb
+- lib/grape/jwt/authentication/dependencies.rb
 - lib/grape/jwt/authentication/jwt_handler.rb
-- lib/grape/jwt/authentication/rsa_public_key.rb
 - lib/grape/jwt/authentication/version.rb
 homepage: https://github.com/hausgold/grape-jwt-authentication
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -255,9 +271,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: A reusable Grape JWT authentication concern
 test_files: []

data/Gemfile.lock

@@ -1,114 +0,0 @@
-PATH
-  remote: .
-  specs:
-    grape-jwt-authentication (1.1.0)
-      activesupport (>= 3.2.0)
-      grape (~> 1.0)
-      httparty
-      jwt (~> 2.1)
-      recursive-open-struct (~> 1.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activesupport (5.2.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
-    axiom-types (0.1.1)
-      descendants_tracker (~> 0.0.4)
-      ice_nine (~> 0.11.0)
-      thread_safe (~> 0.3, >= 0.3.1)
-    builder (3.2.3)
-    coercible (1.0.0)
-      descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.0.5)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
-    diff-lcs (1.3)
-    docile (1.1.5)
-    equalizer (0.0.11)
-    grape (1.1.0)
-      activesupport
-      builder
-      mustermann-grape (~> 1.0.0)
-      rack (>= 1.3.0)
-      rack-accept
-      virtus (>= 1.0.0)
-    hashdiff (0.3.7)
-    httparty (0.16.2)
-      multi_xml (>= 0.5.2)
-    i18n (1.1.1)
-      concurrent-ruby (~> 1.0)
-    ice_nine (0.11.2)
-    json (2.1.0)
-    jwt (2.1.0)
-    minitest (5.11.3)
-    multi_xml (0.6.0)
-    mustermann (1.0.3)
-    mustermann-grape (1.0.0)
-      mustermann (~> 1.0.0)
-    public_suffix (3.0.1)
-    rack (2.0.3)
-    rack-accept (0.4.5)
-      rack (>= 0.4)
-    rack-test (0.8.2)
-      rack (>= 1.0, < 3)
-    rake (10.5.0)
-    recursive-open-struct (1.1.0)
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.0)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-mocks (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.0)
-    safe_yaml (1.0.4)
-    simplecov (0.15.1)
-      docile (~> 1.1.0)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    vcr (3.0.3)
-    virtus (1.0.5)
-      axiom-types (~> 0.1)
-      coercible (~> 1.0)
-      descendants_tracker (~> 0.0, >= 0.0.3)
-      equalizer (~> 0.0, >= 0.0.9)
-    webmock (3.1.1)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.16)
-  grape-jwt-authentication!
-  rack (~> 2.0)
-  rack-test (~> 0.8.2)
-  rake (~> 10.0)
-  rspec (~> 3.0)
-  simplecov (~> 0.15)
-  timecop (~> 0.9.1)
-  vcr (~> 3.0)
-  webmock (~> 3.1)
-
-BUNDLED WITH
-   1.16.5

data/lib/grape/jwt/authentication/jwt.rb

@@ -1,113 +0,0 @@
-# frozen_string_literal: true
-
-require 'recursive-open-struct'
-
-module Grape
-  module Jwt
-    module Authentication
-      # A easy to use model for verification of JSON Web Tokens. This is just a
-      # wrapper class for the excellent ruby-jwt gem. It's completely up to you
-      # to use it. But be aware, its a bit optinionated by default.
-      class Jwt
-        # All the following JWT verification issues lead to a failed validation.
-        RESCUE_JWT_EXCEPTIONS = [
-          ::JWT::DecodeError,
-          ::JWT::VerificationError,
-          ::JWT::ExpiredSignature,
-          ::JWT::IncorrectAlgorithm,
-          ::JWT::ImmatureSignature,
-          ::JWT::InvalidIssuerError,
-          ::JWT::InvalidIatError,
-          ::JWT::InvalidAudError,
-          ::JWT::InvalidSubError,
-          ::JWT::InvalidJtiError,
-          ::JWT::InvalidPayload
-        ].freeze
-
-        # :reek:Attribute because its fine to be extern-modifiable at these
-        # instances
-        attr_reader :payload, :token
-        attr_writer :verification_key, :jwt_options
-        attr_accessor :issuer, :beholder
-
-        # Setup a new JWT instance. You have to pass the raw JSON Web Token to
-        # the initializer. Example:
-        #
-        #   Jwt.new('j.w.t')
-        #   # => <Jwt>
-        #
-        # @return [Jwt]
-        def initialize(token)
-          parsed_payload = JWT.decode(token, nil, false).first.symbolize_keys
-          @token = token
-          @payload = RecursiveOpenStruct.new(parsed_payload)
-        end
-
-        # Checks if the payload says this is a refresh token.
-        #
-        # @return [Boolean] Whenever this is a access token
-        def access_token?
-          payload.typ == 'access'
-        end
-
-        # Checks if the payload says this is a refresh token.
-        #
-        # @return [Boolean] Whenever this is a refresh token
-        def refresh_token?
-          payload.typ == 'refresh'
-        end
-
-        # Retrives the expiration date from the payload when set.
-        #
-        # @return [nil|ActiveSupport::TimeWithZone] The expiration date
-        def expires_at
-          exp = payload.exp
-          return nil unless exp
-
-          Time.zone.at(exp)
-        end
-
-        # Deliver the public key for verification by default. This uses the
-        # {RsaPublicKey} class, but you can configure the verification key the
-        # way you like. (Especially for different algorithms, like HMAC or
-        # ECDSA) Just make use of the same named setter.
-        #
-        # @return [OpenSSL::PKey::RSA|Mixed] The verification key
-        def verification_key
-          unless @verification_key
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.jwt_verification_key.call
-          end
-          @verification_key
-        end
-
-        # This getter passes back the default JWT verification option hash
-        # which is optinionated.  You can change this the way you like by
-        # configuring your options with the help of the same named setter.
-        #
-        # @return [Hash] The JWT verification options hash
-        def jwt_options
-          unless @jwt_options
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.jwt_options.call
-          end
-          @jwt_options
-        end
-
-        # Verify the current token by our hard and strict rules. Whenever the
-        # token was not parsed from a string, we encode the current state to a
-        # JWT string representation and check this.
-        #
-        # @return [Boolean] Whenever the token is valid or not
-        #
-        # :reek:NilCheck because we have to check the token
-        #                origin and react on it
-        def valid?
-          JWT.decode(token, verification_key, true, jwt_options) && true
-        rescue *RESCUE_JWT_EXCEPTIONS
-          false
-        end
-      end
-    end
-  end
-end

data/lib/grape/jwt/authentication/rsa_public_key.rb

@@ -1,127 +0,0 @@
-# frozen_string_literal: true
-
-require 'singleton'
-require 'openssl'
-require 'httparty'
-
-module Grape
-  module Jwt
-    module Authentication
-      # A common purpose RSA public key fetching/caching helper. With the help
-      # of this class you are able to retrieve the RSA public key from a remote
-      # server or a local file. This is naturally only useful if you care about
-      # JSON Web Token which are signed by the RSA algorithm.
-      class RsaPublicKey
-        include Singleton
-
-        # Setup all the getters and setters.
-        attr_accessor :cache
-        attr_writer :url, :expiration, :caching
-
-        # Setup the instance.
-        def initialize
-          @expiration = 1.hour
-          @cache = ActiveSupport::Cache::MemoryStore.new
-        end
-
-        # Just a simple shortcut class method to access the fetch method
-        # without specifying the singleton instance.
-        #
-        # @return [OpenSSL::PKey::RSA]
-        def self.fetch
-          instance.fetch
-        end
-
-        # Configure the single instance. This is just a wrapper (like tap)
-        # to the instance itself.
-        def configure
-          yield(self)
-        end
-
-        # Fetch the public key with the help of the configuration.  You can
-        # configure the public key location (local file, remote (HTTP/HTTPS)
-        # file), whenever we should cache and how long to cache.
-        #
-        # @return [OpenSSL::PKey::RSA]
-        def fetch
-          encoded_key = if cache?
-                          cache.fetch('encoded_key', expires_in: expiration) do
-                            fetch_encoded_key
-                          end
-                        else
-                          fetch_encoded_key
-                        end
-
-          OpenSSL::PKey::RSA.new(encoded_key)
-        end
-
-        # Fetch the encoded (DER, or PEM) public key from a remote or local
-        # location.
-        #
-        # @return [String] The encoded public key
-        def fetch_encoded_key
-          raise ArgumentError, 'No URL for RsaPublicKey configured' unless url
-
-          if remote?
-            HTTParty.get(url).body
-          else
-            File.read(url)
-          end
-        end
-
-        # A helper for the caching configuration.
-        #
-        # @return [Boolean]
-        def cache?
-          caching && true
-        end
-
-        # A helper to determine if the configured URL is on a remote server or
-        # it is local on the filesystem. Whenever the configured URL specifies
-        # the HTTP/HTTPS protocol, we assume it is remote.
-        #
-        # @return [Boolean]
-        def remote?
-          !(url =~ /^https?/).nil?
-        end
-
-        # This getter passes back the default RSA public key.  You can change
-        # this the way you like by configuring your URL with the help of the
-        # same named setter.
-        #
-        # @return [String] The configured public key location
-        def url
-          unless @url
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_url
-          end
-          @url
-        end
-
-        # This getter passes back the default public key cache expiration time.
-        # You can change this time with the help of the same named setter.
-        #
-        # @return [Integer] The configured cache expiration time
-        def expiration
-          unless @expiration
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_expiration
-          end
-          @expiration
-        end
-
-        # This getter passes back the caching flag. You can change this flag
-        # with the help of the same named setter.
-        #
-        # @return [Boolean] Whenever we should cache or not
-        def caching
-          unless @caching
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_caching
-          end
-          @caching
-        end
-      end
-    end
-  end
-end