jwt-auth 4.1.0 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -1
- data/lib/jwt/auth/authentication.rb +7 -0
- data/lib/jwt/auth/version.rb +1 -1
- data/spec/authentication_spec.rb +41 -0
- data/spec/dummy/app/controllers/authentication_controller.rb +8 -1
- data/spec/dummy/config/routes.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cb9d83836fe9d226380f942eaa215d51fb3ad36d05ea5ead0aaae1fbb270931a
|
|
4
|
+
data.tar.gz: ec4fcf71b3bea2a226e806ad26c979695fd2eaec8ee506fc078147b2145659d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d881ce27f177aa441846d4d7cd8aa9d5518e1c543caa7a5df06f31f5a6b95d4daf13d29a2e2321e767e5ed9574908859cd055fd2458c4bb9c2bd5f44576e1334
|
|
7
|
+
data.tar.gz: 5c94d698a8d3797416b8bb7a357fbccd203fca8fa82b92bf340fafd03e17783467b4ccdc646f66bf0aeef74153f384464c68ae667d440af37b7ad648adc3b9ce
|
data/README.md
CHANGED
|
@@ -84,7 +84,13 @@ Set callbacks on routes:
|
|
|
84
84
|
```ruby
|
|
85
85
|
class MyController < ApplicationController
|
|
86
86
|
# Authenticates user from request header
|
|
87
|
-
|
|
87
|
+
# The callback raises an UnauthorizedError on missing or invalid token
|
|
88
|
+
before_action :authenticate_user, :except => %i[create]
|
|
89
|
+
|
|
90
|
+
# Validate token if there is a token present
|
|
91
|
+
# The callback raises an UnauthorizedError only if there is a token present, and it is invalid
|
|
92
|
+
# This prevents users from using an expired token on an unauthenticated route and getting a HTTP 2xx
|
|
93
|
+
before_action :validate_token
|
|
88
94
|
|
|
89
95
|
# Renew token and set response header
|
|
90
96
|
after_action :renew_token
|
|
@@ -22,6 +22,13 @@ module JWT
|
|
|
22
22
|
raise JWT::Auth::UnauthorizedError unless jwt && jwt.valid?
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
##
|
|
26
|
+
# Validate a token (authenticate a request iff there is a token)
|
|
27
|
+
#
|
|
28
|
+
def validate_token
|
|
29
|
+
authenticate_user if jwt
|
|
30
|
+
end
|
|
31
|
+
|
|
25
32
|
##
|
|
26
33
|
# Add JWT header to response
|
|
27
34
|
#
|
data/lib/jwt/auth/version.rb
CHANGED
data/spec/authentication_spec.rb
CHANGED
|
@@ -92,4 +92,45 @@ RSpec.describe AuthenticationController, :type => :request do
|
|
|
92
92
|
end
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
|
+
|
|
96
|
+
describe 'GET /validate' do
|
|
97
|
+
context 'activated user' do
|
|
98
|
+
it 'is accessible without token' do
|
|
99
|
+
get '/validate'
|
|
100
|
+
|
|
101
|
+
expect(response.status).to eq 204
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
it 'is accessible with token' do
|
|
105
|
+
get '/validate', :headers => headers
|
|
106
|
+
|
|
107
|
+
expect(response.status).to eq 204
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
it 'renews the token' do
|
|
111
|
+
get '/validate', :headers => headers
|
|
112
|
+
|
|
113
|
+
jwt = response.headers['Authorization'].scan(/Bearer (.*)$/).flatten.last
|
|
114
|
+
token = JWT::Auth::Token.from_token jwt
|
|
115
|
+
|
|
116
|
+
expect(token).to be_valid
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
context 'disabled user' do
|
|
121
|
+
let(:user) { User.new }
|
|
122
|
+
|
|
123
|
+
it 'is accessible without token' do
|
|
124
|
+
get '/validate'
|
|
125
|
+
|
|
126
|
+
expect(response.status).to eq 204
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
it 'is not accessible with token' do
|
|
130
|
+
get '/validate', :headers => headers
|
|
131
|
+
|
|
132
|
+
expect(response.status).to eq 401
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
end
|
|
95
136
|
end
|
|
@@ -2,14 +2,21 @@ class AuthenticationController < ApplicationController
|
|
|
2
2
|
# Authenticates user from request header
|
|
3
3
|
before_action :authenticate_user, :only => :private
|
|
4
4
|
|
|
5
|
+
# Validate token
|
|
6
|
+
before_action :validate_token, :only => :validate
|
|
7
|
+
|
|
5
8
|
# Renew token and set response header
|
|
6
9
|
after_action :renew_token
|
|
7
10
|
|
|
11
|
+
def public
|
|
12
|
+
head :no_content
|
|
13
|
+
end
|
|
14
|
+
|
|
8
15
|
def private
|
|
9
16
|
head :no_content
|
|
10
17
|
end
|
|
11
18
|
|
|
12
|
-
def
|
|
19
|
+
def validate
|
|
13
20
|
head :no_content
|
|
14
21
|
end
|
|
15
22
|
end
|
data/spec/dummy/config/routes.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Florian Dejonckheere
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|