grape-jwt-authentication 1.3.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a33372149e82a854964a634712e715c7bfecb81116d54f182e0bacaad7969630
-  data.tar.gz: c97fced07a3740c14dcaab1c037cdf2f2d39b1ede386938bda483bcf246e1942
+  metadata.gz: 30a5d4d0a29a146c657ef5452513e1ffd546fca42ee41c08ed6096537b4b454f
+  data.tar.gz: ab6fc80154deca0a7c61b775678aa22965283cb1f9b528cca0db97c4ebdcc301
 SHA512:
-  metadata.gz: 3a3b8e0cf468782c570178879c2223763b00893081e76a0682cf230df332a40207d02fe02a1b6bf09e16426a51ed3694a326b2e8453b3e885fbfdeae131c1f09
-  data.tar.gz: 2e45e3eeb4c9ce9345a751f138c765230bfc622616b51afc843c6781c2f947d6136bc35b1523eea0aa511513ad9c973f0a642a1fc06130868a56bafb01f57dba
+  metadata.gz: 460a1222afd6240182b328f4bcc69fa44a4e2a18d9c63f478121e59853da3585265b589a50ebd8bdd0d67e483b44d8abfc743cdbfff04fef9c2b00357fc759b7
+  data.tar.gz: a38e6870649e183a3329a8eb3b078c7254c6cb01dac1e704ef7d164d0ef8795999e7d7fe8ca6bdc3f3d192b628869c3a089702b06c6eb398d3c10acc82fffb63

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+### 2.0.0
+
+* Extracted the JWT verification functionality into its own gem
+  ([keyless](https://github.com/hausgold/keyless)) (#6)
+  * This extraction allows users to use the JWT/RSA key handling without Grape
+  * The API/configuration stays the same
+* With the major update to 2.0 we dropped a lot of code which is now located at
+  the Keyless gem:
+  * `Grape::Jwt::Authentication::Jwt` was replace with `Keyless::Jwt`
+  * `Grape::Jwt::Authentication::RsaPublicKey` was replace with `Keyless::RsaPublicKey`
+
 ### 1.3.0
 
 * Dropped support for EOL Ruby 2.3 (in addition to Grape)

data/README.md

@@ -185,18 +185,18 @@ have your own mechanism.
 
 ```ruby
 # Get your public key, by using the global configuration
-public_key = Grape::Jwt::Authentication::RsaPublicKey.fetch
+public_key = Keyless::RsaPublicKey.fetch
 # => OpenSSL::PKey::RSA
 
 # Using a local configuration
-fetcher = Grape::Jwt::Authentication::RsaPublicKey.instance
+fetcher = Keyless::RsaPublicKey.instance
 fetcher.url = 'https://your.identity.provider/rsa_public_key'
 public_key = fetcher.fetch
 # => OpenSSL::PKey::RSA
 ```
 
 The following examples show you how to configure the
-`Grape::Jwt::Authentication::RsaPublicKey` class the global way. This is useful
+`Keyless::RsaPublicKey` class the global way. This is useful
 for a shared initializer place.
 
 ##### RSA public key location (URL)
@@ -261,7 +261,7 @@ the `RsaPublicKey` fetcher class. (by default)
 raw_token = 'eyJ0eXAiOiJKV1QifQ.eyJ0ZXN0Ijp0cnVlfQ.'
 
 # Parse the raw token and create a instance of it
-token = Grape::Jwt::Authentication::Jwt.new(raw_token)
+token = Keyless::Jwt.new(raw_token)
 
 # Access the payload easily (recursive-open-struct)
 token.payload.test
@@ -274,7 +274,7 @@ token.valid?
 ```
 
 The following examples show you how to configure the
-`Grape::Jwt::Authentication::Jwt` class the global way. This is useful for a
+`Keyless::Jwt` class the global way. This is useful for a
 shared initializer place.
 
 ##### Issuer verification
@@ -323,7 +323,7 @@ end
 You can configure your own verification key on the `Jwt` wrapper class.  This
 way you can pass your HMAC secret or your ECDSA public key to the JSON Web
 Token validation method. Here you need to pass a proc, on the
-`Grape::Jwt::Authentication::Jwt` class it has to be a scalar value. By default
+`Keyless::Jwt` class it has to be a scalar value. By default
 we use the `RsaPublicKey` class to retrieve the RSA public key.
 
 ```ruby
@@ -394,7 +394,7 @@ Grape::Jwt::Authentication.configure do |conf|
   # Custom verification logic.
   conf.authenticator = proc do |token|
     # Parse and instantiate a JWT verification instance
-    jwt = Grape::Jwt::Authentication::Jwt.new(token)
+    jwt = Keyless::Jwt.new(token)
 
     # We just allow valid access tokens
     jwt.access_token? && jwt.valid?

data/grape-jwt-authentication.gemspec

@@ -36,4 +36,5 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'httparty'
   spec.add_runtime_dependency 'jwt', '~> 2.1'
   spec.add_runtime_dependency 'recursive-open-struct', '~> 1.0'
+  spec.add_runtime_dependency 'keyless', '~> 1.0'
 end

data/lib/grape/jwt/authentication.rb

@@ -7,15 +7,13 @@ require 'active_support/cache'
 require 'active_support/core_ext/hash'
 require 'active_support/time'
 require 'active_support/time_with_zone'
-
 require 'jwt'
-
+require 'keyless'
 require 'grape'
 require 'grape/jwt/authentication/version'
 require 'grape/jwt/authentication/configuration'
+require 'grape/jwt/authentication/dependencies'
 require 'grape/jwt/authentication/jwt_handler'
-require 'grape/jwt/authentication/jwt'
-require 'grape/jwt/authentication/rsa_public_key'
 
 module Grape
   module Jwt
@@ -43,11 +41,13 @@ module Grape
       #   end
       def self.configure
         yield(configuration)
+        configure_dependencies
       end
 
       # Reset the current configuration with the default one.
       def self.reset_configuration!
         self.configuration = Configuration.new
+        configure_dependencies
       end
 
       included do

data/lib/grape/jwt/authentication/dependencies.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Grape
+  module Jwt
+    module Authentication
+      # Specifies which configuration keys are shared between keyless
+      # and grape-jwt-authentication, so that we can easily pass through
+      # our configuration to keyless.
+      KEYLESS_CONFIGURATION = %i[
+        authenticator rsa_public_key_url rsa_public_key_caching
+        rsa_public_key_expiration jwt_issuer jwt_beholder jwt_options
+        jwt_verification_key
+      ]
+
+      # (Re)configure our gem dependencies. We take care of setting up
+      # +Keyless+, which has been extracted from this gem.
+      def self.configure_dependencies
+        configure_keyless
+      end
+
+      # Configure the +Keyless+ gem with our configuration.
+      def self.configure_keyless
+        configuration = Grape::Jwt::Authentication.configuration
+
+        Keyless.configure do |keyless|
+          KEYLESS_CONFIGURATION.each do |option|
+            keyless.send("#{option}=", configuration.send(option))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape/jwt/authentication/jwt_handler.rb

@@ -91,8 +91,8 @@ module Grape
         # @param env [Hash{String => Mixed}] the Rack environment
         # @param token [String] the token parsed from the HTTP header
         def inject_token_into_env(env, token)
-          env['grape_jwt_auth.parsed_token'] = Jwt.new(token)
-        rescue *Jwt::RESCUE_JWT_EXCEPTIONS
+          env['grape_jwt_auth.parsed_token'] = Keyless::Jwt.new(token)
+        rescue *Keyless::Jwt::RESCUE_JWT_EXCEPTIONS
           env['grape_jwt_auth.parsed_token'] = nil
         ensure
           env['grape_jwt_auth.original_token'] = token

data/lib/grape/jwt/authentication/version.rb

@@ -3,7 +3,7 @@
 module Grape
   module Jwt
     module Authentication
-      VERSION = '1.3.0'.freeze
+      VERSION = '2.0.0'.freeze
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grape-jwt-authentication
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Hermann Mayer
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-02-04 00:00:00.000000000 Z
+date: 2020-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -212,6 +212,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: keyless
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: A reusable Grape JWT authentication concern
 email:
 - hermann.mayer92@gmail.com
@@ -236,14 +250,13 @@ files:
 - grape-jwt-authentication.gemspec
 - lib/grape/jwt/authentication.rb
 - lib/grape/jwt/authentication/configuration.rb
-- lib/grape/jwt/authentication/jwt.rb
+- lib/grape/jwt/authentication/dependencies.rb
 - lib/grape/jwt/authentication/jwt_handler.rb
-- lib/grape/jwt/authentication/rsa_public_key.rb
 - lib/grape/jwt/authentication/version.rb
 homepage: https://github.com/hausgold/grape-jwt-authentication
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -258,8 +271,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: A reusable Grape JWT authentication concern
 test_files: []

data/lib/grape/jwt/authentication/jwt.rb

@@ -1,113 +0,0 @@
-# frozen_string_literal: true
-
-require 'recursive-open-struct'
-
-module Grape
-  module Jwt
-    module Authentication
-      # A easy to use model for verification of JSON Web Tokens. This is just a
-      # wrapper class for the excellent ruby-jwt gem. It's completely up to you
-      # to use it. But be aware, its a bit optinionated by default.
-      class Jwt
-        # All the following JWT verification issues lead to a failed validation.
-        RESCUE_JWT_EXCEPTIONS = [
-          ::JWT::DecodeError,
-          ::JWT::VerificationError,
-          ::JWT::ExpiredSignature,
-          ::JWT::IncorrectAlgorithm,
-          ::JWT::ImmatureSignature,
-          ::JWT::InvalidIssuerError,
-          ::JWT::InvalidIatError,
-          ::JWT::InvalidAudError,
-          ::JWT::InvalidSubError,
-          ::JWT::InvalidJtiError,
-          ::JWT::InvalidPayload
-        ].freeze
-
-        # :reek:Attribute because its fine to be extern-modifiable at these
-        # instances
-        attr_reader :payload, :token
-        attr_writer :verification_key, :jwt_options
-        attr_accessor :issuer, :beholder
-
-        # Setup a new JWT instance. You have to pass the raw JSON Web Token to
-        # the initializer. Example:
-        #
-        #   Jwt.new('j.w.t')
-        #   # => <Jwt>
-        #
-        # @return [Jwt]
-        def initialize(token)
-          parsed_payload = JWT.decode(token, nil, false).first.symbolize_keys
-          @token = token
-          @payload = RecursiveOpenStruct.new(parsed_payload)
-        end
-
-        # Checks if the payload says this is a refresh token.
-        #
-        # @return [Boolean] Whenever this is a access token
-        def access_token?
-          payload.typ == 'access'
-        end
-
-        # Checks if the payload says this is a refresh token.
-        #
-        # @return [Boolean] Whenever this is a refresh token
-        def refresh_token?
-          payload.typ == 'refresh'
-        end
-
-        # Retrives the expiration date from the payload when set.
-        #
-        # @return [nil|ActiveSupport::TimeWithZone] The expiration date
-        def expires_at
-          exp = payload.exp
-          return nil unless exp
-
-          Time.zone.at(exp)
-        end
-
-        # Deliver the public key for verification by default. This uses the
-        # {RsaPublicKey} class, but you can configure the verification key the
-        # way you like. (Especially for different algorithms, like HMAC or
-        # ECDSA) Just make use of the same named setter.
-        #
-        # @return [OpenSSL::PKey::RSA|Mixed] The verification key
-        def verification_key
-          unless @verification_key
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.jwt_verification_key.call
-          end
-          @verification_key
-        end
-
-        # This getter passes back the default JWT verification option hash
-        # which is optinionated.  You can change this the way you like by
-        # configuring your options with the help of the same named setter.
-        #
-        # @return [Hash] The JWT verification options hash
-        def jwt_options
-          unless @jwt_options
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.jwt_options.call
-          end
-          @jwt_options
-        end
-
-        # Verify the current token by our hard and strict rules. Whenever the
-        # token was not parsed from a string, we encode the current state to a
-        # JWT string representation and check this.
-        #
-        # @return [Boolean] Whenever the token is valid or not
-        #
-        # :reek:NilCheck because we have to check the token
-        #                origin and react on it
-        def valid?
-          JWT.decode(token, verification_key, true, jwt_options) && true
-        rescue *RESCUE_JWT_EXCEPTIONS
-          false
-        end
-      end
-    end
-  end
-end

data/lib/grape/jwt/authentication/rsa_public_key.rb

@@ -1,132 +0,0 @@
-# frozen_string_literal: true
-
-require 'singleton'
-require 'openssl'
-require 'httparty'
-
-module Grape
-  module Jwt
-    module Authentication
-      # A common purpose RSA public key fetching/caching helper. With the help
-      # of this class you are able to retrieve the RSA public key from a remote
-      # server or a local file. This is naturally only useful if you care about
-      # JSON Web Token which are signed by the RSA algorithm.
-      class RsaPublicKey
-        # A internal exception handling for failed fetch attempts.
-        class FetchError < StandardError; end
-
-        include Singleton
-
-        # Setup all the getters and setters.
-        attr_accessor :cache
-        attr_writer :url, :expiration, :caching
-
-        # Setup the instance.
-        def initialize
-          @expiration = 1.hour
-          @cache = ActiveSupport::Cache::MemoryStore.new
-        end
-
-        # Just a simple shortcut class method to access the fetch method
-        # without specifying the singleton instance.
-        #
-        # @return [OpenSSL::PKey::RSA]
-        def self.fetch
-          instance.fetch
-        end
-
-        # Configure the single instance. This is just a wrapper (like tap)
-        # to the instance itself.
-        def configure
-          yield(self)
-        end
-
-        # Fetch the public key with the help of the configuration.  You can
-        # configure the public key location (local file, remote (HTTP/HTTPS)
-        # file), whenever we should cache and how long to cache.
-        #
-        # @return [OpenSSL::PKey::RSA]
-        def fetch
-          encoded_key = if cache?
-                          cache.fetch('encoded_key', expires_in: expiration) do
-                            fetch_encoded_key
-                          end
-                        else
-                          fetch_encoded_key
-                        end
-
-          OpenSSL::PKey::RSA.new(encoded_key)
-        end
-
-        # Fetch the encoded (DER, or PEM) public key from a remote or local
-        # location.
-        #
-        # @return [String] The encoded public key
-        def fetch_encoded_key
-          raise ArgumentError, 'No URL for RsaPublicKey configured' unless url
-
-          if remote?
-            res = HTTParty.get(url)
-            raise FetchError, res.inspect unless (200..299).include? res.code
-            res.body
-          else
-            File.read(url)
-          end
-        end
-
-        # A helper for the caching configuration.
-        #
-        # @return [Boolean]
-        def cache?
-          caching && true
-        end
-
-        # A helper to determine if the configured URL is on a remote server or
-        # it is local on the filesystem. Whenever the configured URL specifies
-        # the HTTP/HTTPS protocol, we assume it is remote.
-        #
-        # @return [Boolean]
-        def remote?
-          !(url =~ /^https?/).nil?
-        end
-
-        # This getter passes back the default RSA public key.  You can change
-        # this the way you like by configuring your URL with the help of the
-        # same named setter.
-        #
-        # @return [String] The configured public key location
-        def url
-          unless @url
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_url
-          end
-          @url
-        end
-
-        # This getter passes back the default public key cache expiration time.
-        # You can change this time with the help of the same named setter.
-        #
-        # @return [Integer] The configured cache expiration time
-        def expiration
-          unless @expiration
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_expiration
-          end
-          @expiration
-        end
-
-        # This getter passes back the caching flag. You can change this flag
-        # with the help of the same named setter.
-        #
-        # @return [Boolean] Whenever we should cache or not
-        def caching
-          unless @caching
-            conf = Grape::Jwt::Authentication.configuration
-            return conf.rsa_public_key_caching
-          end
-          @caching
-        end
-      end
-    end
-  end
-end