jwt-auth 2.1.2 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8095c74014d970773a09234afe5a12fa932f9ecd
4
- data.tar.gz: 521e99eba63ccb44626c5955fc3abdf5b1d5c5ee
3
+ metadata.gz: 4fc903bec961f43790b39851ed465e98ee4db262
4
+ data.tar.gz: 2c54dc88944789086ec0ef2cfb11f33b3ec63520
5
5
  SHA512:
6
- metadata.gz: 6e046e9d8bfe47c4366e1302285a4d94a9b4774739b3097e607670a247563775b9a607950fe98bc037cd12652dc624e33b8fa0cbe96a8e83ae6d356334ff3c99
7
- data.tar.gz: d8264bfd3fc7b48f1a9166e626c831df2dfece0790dd4aa288e4a943d80923079ae6f4502ce1df6f04e534c26059d5d72a0bdacf47e5fe82f80e1375b9caa764
6
+ metadata.gz: 6caaeac87553b3fb5fc3ab08e7c0806cb01ba40cac74e8b11bf739517383687289dd9f157a22b81b9571029c58ff04cc8f499abb6e0059a2f32016d5c05aa13d
7
+ data.tar.gz: 89da2604d876f84c21836acfb6cf11e47c3d542a01514ee2d2d6d4b653c5f081f60ce670e1dfb67a3f532f8d3f9ae803af65e9bd3f65b1a19105cee23b62f8e4
data/README.md CHANGED
@@ -77,11 +77,15 @@ class ApplicationController < ActionController::API
77
77
  end
78
78
  ```
79
79
 
80
- Set `before_action` on routes:
80
+ Set callbacks on routes:
81
81
 
82
82
  ```ruby
83
83
  class MyController < ApplicationController
84
+ # Authenticates user from request header
84
85
  before_action :authenticate_user
86
+
87
+ # Renew token and set response header
88
+ after_action :renew_token
85
89
  end
86
90
  ```
87
91
 
@@ -29,4 +29,5 @@ Gem::Specification.new do |spec|
29
29
  spec.add_development_dependency 'rake', '~> 12.0'
30
30
  spec.add_development_dependency 'rspec', '~> 3.5'
31
31
  spec.add_development_dependency 'rspec-rails', '~> 3.5'
32
+ spec.add_development_dependency 'byebug'
32
33
  end
@@ -20,15 +20,12 @@ module JWT
20
20
  #
21
21
  def authenticate_user
22
22
  raise JWT::Auth::UnauthorizedError unless jwt&.valid?
23
-
24
- # Regenerate token (renews expiration date)
25
- add_token_to_response
26
23
  end
27
24
 
28
25
  ##
29
26
  # Add JWT header to response
30
27
  #
31
- def add_token_to_response
28
+ def renew_token
32
29
  return unless jwt&.valid?
33
30
  jwt.renew!
34
31
  response.headers['Authorization'] = "Bearer #{jwt.to_jwt}"
@@ -10,21 +10,26 @@ module JWT
10
10
  # In-memory representation of JWT
11
11
  #
12
12
  class Token
13
- attr_accessor :expiration, :subject
13
+ attr_accessor :expiration, :subject, :token_version
14
14
 
15
15
  def valid?
16
- !subject.nil? && !expiration.nil? && Time.at(expiration).future?
16
+ return false if subject.nil? || expiration.nil? || token_version.nil?
17
+ return false if Time.at(expiration).past?
18
+ return false if token_version != subject.token_version
19
+
20
+ true
17
21
  end
18
22
 
19
23
  def renew!
20
24
  self.expiration = nil
25
+ self.token_version = nil
21
26
  end
22
27
 
23
28
  def to_jwt
24
29
  payload = {
25
30
  :exp => expiration || JWT::Auth.token_lifetime.from_now.to_i,
26
31
  :sub => subject.id,
27
- :ver => subject.token_version
32
+ :ver => token_version || subject.token_version
28
33
  }
29
34
  JWT.encode payload, JWT::Auth.secret
30
35
  end
@@ -41,6 +46,7 @@ module JWT
41
46
 
42
47
  token = JWT::Auth::Token.new
43
48
  token.expiration = payload['exp']
49
+ token.token_version = payload['ver']
44
50
 
45
51
  find_method = JWT::Auth.model.respond_to?(:find_by_token) ? :find_by_token : :find_by
46
52
  token.subject = JWT::Auth.model.send find_method, :id => payload['sub'], :token_version => payload['ver']
@@ -2,6 +2,6 @@
2
2
 
3
3
  module JWT
4
4
  module Auth
5
- VERSION = '2.1.2'
5
+ VERSION = '3.0.0'
6
6
  end
7
7
  end
@@ -1,7 +1,9 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'jwt/auth'
4
- require 'rails'
4
+ # require 'rails'
5
+
6
+ require 'dummy/config/environment'
5
7
 
6
8
  # This file was generated by the `rspec --init` command. Conventionally, all
7
9
  # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.2
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Florian Dejonckheere
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-02 00:00:00.000000000 Z
11
+ date: 2017-05-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -108,6 +108,20 @@ dependencies:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '3.5'
111
+ - !ruby/object:Gem::Dependency
112
+ name: byebug
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
111
125
  description: Authentication middleware for Rails API that uses JWTs, without depending
112
126
  on Devise
113
127
  email: