jwt-auth 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a874a275ba2aca5369cd936de7858c338e234cfe
-  data.tar.gz: b4a5a6fbc4143376145497ba0790f9e7a55334df
+  metadata.gz: d74cc6625139bc3902a071d6d874459689d5d760
+  data.tar.gz: 486adce1dd96a6eb8131de2ae8f423ed0c5bea88
 SHA512:
-  metadata.gz: efb36f4092b5c9e0b3810c3619991e3f51cfb318af6182aa01d6ad18c8a7116766fc6bcd59d52f24b0132c6ccf4bc7d51e0420592ea7b78e213cd4f67e521cdb
-  data.tar.gz: b0d0f600130e4db273164e0c02ecc42e6983ffc5dbc2b62cf796c2ba3965c407e037696782af05553628d67fb553202dd57690a4933e7176d815246bfcc5b51f
+  metadata.gz: d0bd4f187aa11e758844a12fb84dc7fc05cb3f0f9c402a83968412a4eafa1f38ac93249483cbf63a02f56df54a8834b676e1aef67a5f9ab9138be089efc498ec
+  data.tar.gz: f2da60f7133afd87c05d5474575f4e20a7622ff7a48890ec8971e071253ae5109dde7eecf143ce327009cb9e9d1f4e8bf0bda66c9db9d6a0ebad2c240e2f0e0d

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/README.md

@@ -21,11 +21,12 @@ Or install it yourself as:
 Create an initializer:
 
 ```ruby
-JwtAuth.configure do |config|
+JWT::Auth.configure do |config|
   ##
-  # Token lifetime (in hours)
+  # Token lifetime
   #
-  config.token_lifetime = 24
+  config.token_lifetime = 24.hours
+  
   ##
   # JWT secret
   #
@@ -41,6 +42,17 @@ class User < ApplicationRecord
 end
 ```
 
+Add a `token_version` field to your user model:
+
+```ruby
+class AddTokenVersionToUser < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :token_version, :integer, :null => false, :default => 1
+  end
+end
+
+```
+
 Include controller methods in your `ApplicationController`:
 
 ```ruby

data/lib/jwt/auth.rb

@@ -3,3 +3,7 @@
 require 'jwt'
 
 require 'jwt/auth/version'
+require 'jwt/auth/configuration'
+require 'jwt/auth/authenticatable'
+require 'jwt/auth/authentication'
+require 'jwt/auth/token'

data/lib/jwt/auth/authenticatable.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+
+module JWT
+  module Auth
+    ##
+    # User model methods
+    #
+    module Authenticatable
+      extend ActiveSupport::Concern
+
+      included do
+        JWT::Auth.configure do |config|
+          config.model = const_get name
+        end
+      end
+    end
+  end
+end

data/lib/jwt/auth/authentication.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'jwt/auth/configuration'
+
+module JWT
+  module Auth
+    ##
+    # Controller methods
+    #
+    module Authentication
+      ##
+      # Current user helper
+      #
+      def current_user
+        token&.subject
+      end
+
+      ##
+      # Authenticate a request
+      #
+      def authenticate_user
+        return head :unauthorized unless token&.valid?
+
+        # Regenerate token (renews expiration date)
+        add_token_to_response
+      end
+
+      ##
+      # Add JWT header to response
+      #
+      def add_token_to_response
+        token.renew!
+        response.headers['Authorization'] = "Bearer #{token.to_jwt}"
+      end
+
+      protected
+
+      ##
+      # Extract JWT from request
+      #
+      def token
+        return @token if @token
+
+        header = request.env['HTTP_AUTHORIZATION']
+        return nil unless header
+
+        token = header.scan(/Bearer (.*)$/).flatten.last
+        return nil unless token
+
+        @token = JWT::Auth::Token.from_token token
+      rescue JWT::DecodeError
+        nil
+      end
+    end
+  end
+end

data/lib/jwt/auth/configuration.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module JWT
+  module Auth
+    class << self
+      attr_accessor :model, :secret, :token_lifetime
+
+      def configure
+        yield JWT::Auth
+      end
+    end
+  end
+end

data/lib/jwt/auth/token.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'active_support/core_ext/numeric/time'
+
+require 'jwt/auth/configuration'
+
+module JWT
+  module Auth
+    ##
+    # In-memory representation of JWT
+    #
+    class Token
+      attr_accessor :expiration, :subject
+
+      def valid?
+        subject && Time.at(expiration).future?
+      end
+
+      def renew!
+        self.expiration = nil
+      end
+
+      def to_jwt
+        payload = {
+          :exp => expiration || JWT::Auth.token_lifetime.from_now.to_i,
+          :sub => subject.id,
+          :ver => subject.token_version
+        }
+        JWT.encode payload, JWT::Auth.secret
+      end
+
+      def self.from_user(subject)
+        token = JWT::Auth::Token.new
+        token.subject = subject
+
+        token
+      end
+
+      def self.from_token(token)
+        payload = JWT.decode(token, JWT::Auth.secret).first
+
+        token = JWT::Auth::Token.new
+        token.expiration = payload['exp']
+        token.subject = JWT::Auth.model.find_by :id => payload['sub'], :token_version => payload['ver']
+
+        token
+      end
+    end
+  end
+end

data/lib/jwt/auth/version.rb

@@ -2,6 +2,6 @@
 
 module JWT
   module Auth
-    VERSION = '1.0.0'
+    VERSION = '1.1.0'
   end
 end

data/spec/configuration_spec.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'support/dummy_user'
+
+RSpec.describe JWT::Auth do
+  it 'configures correctly' do
+    JWT::Auth.configure do |config|
+      config.token_lifetime = 666
+      config.secret = 'mysecret'
+    end
+
+    expect(subject.token_lifetime).to eq 666
+    expect(subject.secret).to eq 'mysecret'
+    expect(subject.model).to eq DummyUser
+  end
+end

data/spec/spec_helper.rb

@@ -1,4 +1,107 @@
 # frozen_string_literal: true
 
-require 'rack/test'
 require 'jwt/auth'
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
+  # have no way to turn it off -- the option exists only for backwards
+  # compatibility in RSpec 3). It causes shared context metadata to be
+  # inherited by the metadata hash of host groups and examples, rather than
+  # triggering implicit auto-inclusion in groups with matching metadata.
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # This allows you to limit a spec run to individual examples or groups
+  # you care about by tagging them with `:focus` metadata. When nothing
+  # is tagged with `:focus`, all examples get run. RSpec also provides
+  # aliases for `it`, `describe`, and `context` that include `:focus`
+  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  config.filter_run_when_matching :focus
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

data/spec/support/dummy_user.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'jwt/auth'
+
+class DummyUser
+  include JWT::Auth::Authenticatable
+
+  attr_accessor :id, :token_version
+
+  def initialize(params = {})
+    self.id = params[:id] || Random.rand(1000)
+    self.token_version = params[:token_version] || 1
+  end
+
+  def self.find_by(params)
+    DummyUser.new params
+  end
+end

data/spec/token_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'support/dummy_user'
+
+RSpec.describe JWT::Auth::Token do
+  before :each do
+    JWT::Auth.configure do |config|
+      config.token_lifetime = 24.hours
+
+      config.secret = 'mysecret'
+    end
+  end
+
+  let(:user) { DummyUser.new }
+
+  describe 'properties' do
+    let(:token) { token = JWT::Auth::Token.from_user user }
+
+    it 'has an expiration' do
+      expect(token).to respond_to :expiration
+      expect(token.expiration).to be_nil
+    end
+
+    it 'has a subject' do
+      expect(token).to respond_to :subject
+      expect(token.subject).to eq user
+    end
+  end
+
+  describe 'from token' do
+    let(:jwt) do
+      payload = {
+        :exp => JWT::Auth.token_lifetime.from_now.to_i,
+        :sub => user.id,
+        :ver => user.token_version
+      }
+      JWT.encode payload, JWT::Auth.secret
+    end
+
+    let(:token) { JWT::Auth::Token.from_token jwt }
+
+    it 'matches expiration' do
+      expect(token.expiration).to eq JWT::Auth.token_lifetime.from_now.to_i
+    end
+
+    it 'matches subject' do
+      expect(token.subject.id).to eq user.id
+      expect(token.subject.token_version).to eq user.token_version
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jwt-auth
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Florian Dejonckheere
@@ -103,15 +103,23 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
 - ".rubocop.yml"
 - Gemfile
-- LICENSE
+- LICENSE.md
 - README.md
 - Rakefile
 - jwt-auth.gemspec
 - lib/jwt/auth.rb
+- lib/jwt/auth/authenticatable.rb
+- lib/jwt/auth/authentication.rb
+- lib/jwt/auth/configuration.rb
+- lib/jwt/auth/token.rb
 - lib/jwt/auth/version.rb
+- spec/configuration_spec.rb
 - spec/spec_helper.rb
+- spec/support/dummy_user.rb
+- spec/token_spec.rb
 homepage: https://github.com/floriandejonckheere/jwt-auth
 licenses:
 - MIT
@@ -137,4 +145,7 @@ signing_key:
 specification_version: 4
 summary: JWT-based authentication for Rails API without Devise
 test_files:
+- spec/configuration_spec.rb
 - spec/spec_helper.rb
+- spec/support/dummy_user.rb
+- spec/token_spec.rb