jwt-auth 4.2.0 → 5.0.0

data/spec/dummy/app/controllers/content_controller.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class ContentController < ApplicationController
+  # Validate access token on all actions
+  before_action :validate_access_token
+
+  # Require token for protected actions
+  before_action :require_token, :only => :authenticated
+
+  ##
+  # GET /unauthenticated
+  #
+  # This endpoint is not protected, performing a request without a token, or with a valid token will succeed
+  # Performing a request with an invalid token will raise an UnauthorizedError
+  #
+  def unauthenticated
+    head :no_content
+  end
+
+  ##
+  # GET /unauthenticated
+  #
+  # This endpoint is protected, performing a request with a valid access token will succeed
+  # Performing a request without a token, with an invalid token or with a refresh token will raise an UnauthorizedError
+  #
+  def authenticated
+    head :no_content
+  end
+end

data/spec/dummy/app/controllers/tokens_controller.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class TokensController < ApplicationController
+  # Validate refresh token on refresh action
+  before_action :validate_refresh_token, :only => :update
+
+  # Require token only on refresh action
+  before_action :require_token, :only => :update
+
+  ##
+  # POST /token
+  #
+  # Sign in the user
+  #
+  # ::request::
+  #
+  # @body email, password
+  #
+  # ::response::
+  #
+  # @header Authorization A long lived refresh token
+  #
+  def create
+    @user = User.active.find_by :email => params[:email], :password => params[:password]
+    raise JWT::Auth::UnauthorizedError unless @user
+
+    # Return a long-lived refresh token
+    set_refresh_token @user
+
+    head :no_content
+  end
+
+  ##
+  #
+  # PATCH /token
+  #
+  # Refresh access token
+  #
+  # ::request::
+  #
+  # @header Authorization Refresh token
+  #
+  # ::response::
+  #
+  # @header Authorization Access token
+  #
+  def update
+    # Return a short-lived access token
+    set_access_token
+
+    head :no_content
+  end
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 module ApplicationHelper
 end

data/spec/dummy/app/helpers/authentication_helper.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 module AuthenticationHelper
 end

data/spec/dummy/app/jobs/application_job.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 class ApplicationJob < ActiveJob::Base
 end

data/spec/dummy/app/mailers/application_mailer.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 class ApplicationMailer < ActionMailer::Base
-  default from: 'from@example.com'
+  default :from => 'from@example.com'
   layout 'mailer'
 end

data/spec/dummy/app/models/application_record.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class ApplicationRecord < ActiveRecord::Base
   self.abstract_class = true
 end

data/spec/dummy/app/models/user.rb

@@ -1,14 +1,11 @@
+# frozen_string_literal: true
+
 class User < ApplicationRecord
   include JWT::Auth::Authenticatable
 
-  validates :token_version, :presence => true
-
   def self.find_by_token(params)
     find_by params.merge :activated => true
   end
 
-  def increment_token_version!
-    self.token_version += 1
-    save!
-  end
+  scope :active, -> { where :activated => true }
 end

data/spec/dummy/bin/bundle

@@ -1,3 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __dir__)
 load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 APP_PATH = File.expand_path('../config/application', __dir__)
 require_relative '../config/boot'
 require 'rails/commands'

data/spec/dummy/bin/rake

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 require_relative '../config/boot'
 require 'rake'
 Rake.application.run

data/spec/dummy/bin/setup

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 require 'fileutils'
 include FileUtils
 

data/spec/dummy/bin/update

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 require 'fileutils'
 include FileUtils
 

data/spec/dummy/bin/yarn

@@ -1,11 +1,11 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 APP_ROOT = File.expand_path('..', __dir__)
 Dir.chdir(APP_ROOT) do
-  begin
-    exec "yarnpkg", *ARGV
-  rescue Errno::ENOENT
-    $stderr.puts "Yarn executable was not detected in the system."
-    $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install"
-    exit 1
-  end
+  exec 'yarnpkg', *ARGV
+rescue Errno::ENOENT
+  warn 'Yarn executable was not detected in the system.'
+  warn 'Download Yarn at https://yarnpkg.com/en/docs/install'
+  exit 1
 end

data/spec/dummy/config.ru

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # This file is used by Rack-based servers to start the application.
 
 require_relative 'config/environment'

data/spec/dummy/config/application.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'boot'
 
 require 'rails/all'

data/spec/dummy/config/boot.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __dir__)
 
 require 'bundler/setup' # Set up gems listed in the Gemfile.
-#require 'bootsnap/setup' # Speed up boot time by caching expensive operations.
+# require 'bootsnap/setup' # Speed up boot time by caching expensive operations.

data/spec/dummy/config/environment.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Load the Rails application.
 require_relative 'application'
 

data/spec/dummy/config/environments/development.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
@@ -57,5 +59,5 @@ Rails.application.configure do
 
   # Use an evented file watcher to asynchronously detect changes in source code,
   # routes, locales, etc. This feature depends on the listen gem.
-  #config.file_watcher = ActiveSupport::EventedFileUpdateChecker
+  # config.file_watcher = ActiveSupport::EventedFileUpdateChecker
 end

data/spec/dummy/config/environments/production.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
@@ -54,7 +56,7 @@ Rails.application.configure do
   config.log_level = :debug
 
   # Prepend all log lines with the following tags.
-  config.log_tags = [ :request_id ]
+  config.log_tags = [:request_id]
 
   # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
@@ -83,7 +85,7 @@ Rails.application.configure do
   # require 'syslog/logger'
   # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
 
-  if ENV["RAILS_LOG_TO_STDOUT"].present?
+  if ENV['RAILS_LOG_TO_STDOUT'].present?
     logger           = ActiveSupport::Logger.new(STDOUT)
     logger.formatter = config.log_formatter
     config.logger    = ActiveSupport::TaggedLogging.new(logger)

data/spec/dummy/config/environments/test.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 

data/spec/dummy/config/initializers/application_controller_renderer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # ActiveSupport::Reloader.to_prepare do

data/spec/dummy/config/initializers/assets.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Version of your assets, change this if you want to expire all your assets.

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.

data/spec/dummy/config/initializers/content_security_policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Define an application-wide content security policy

data/spec/dummy/config/initializers/cookies_serializer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Specify a serializer for the signed and encrypted cookie jars.

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.

data/spec/dummy/config/initializers/inflections.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Add new inflection rules using the following format. Inflections

data/spec/dummy/config/initializers/jwt_auth.rb

@@ -1,8 +1,15 @@
+# frozen_string_literal: true
+
 JWT::Auth.configure do |config|
   ##
-  # Token lifetime
+  # Refresh token lifetime
+  #
+  config.refresh_token_lifetime = 1.year
+
+  ##
+  # Access token lifetime
   #
-  config.token_lifetime = 24.hours
+  config.access_token_lifetime = 2.hours
 
   ##
   # JWT secret

data/spec/dummy/config/initializers/mime_types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Add new mime types for use in respond_to blocks:

data/spec/dummy/config/initializers/new_framework_defaults_5_2.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 #
 # This file contains migration options to ease your Rails 5.2 upgrade.

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # This file contains settings for ActionController::ParamsWrapper which
@@ -5,7 +7,7 @@
 
 # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
 ActiveSupport.on_load(:action_controller) do
-  wrap_parameters format: [:json]
+  wrap_parameters :format => [:json]
 end
 
 # To enable root element in JSON for ActiveRecord objects.

data/spec/dummy/config/puma.rb

@@ -1,19 +1,21 @@
+# frozen_string_literal: true
+
 # Puma can serve each request in a thread from an internal thread pool.
 # The `threads` method setting takes two numbers: a minimum and maximum.
 # Any libraries that use thread pools should be configured to match
 # the maximum value specified for Puma. Default is set to 5 threads for minimum
 # and maximum; this matches the default thread size of Active Record.
 #
-threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }
+threads_count = ENV.fetch('RAILS_MAX_THREADS') { 5 }
 threads threads_count, threads_count
 
 # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
 #
-port        ENV.fetch("PORT") { 3000 }
+port        ENV.fetch('PORT') { 3000 }
 
 # Specifies the `environment` that Puma will run in.
 #
-environment ENV.fetch("RAILS_ENV") { "development" }
+environment ENV.fetch('RAILS_ENV') { 'development' }
 
 # Specifies the number of `workers` to boot in clustered mode.
 # Workers are forked webserver processes. If using threads and workers together

data/spec/dummy/config/routes.rb

@@ -1,7 +1,8 @@
+# frozen_string_literal: true
+
 Rails.application.routes.draw do
-  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
+  resource :token, :only => %i[create update]
 
-  get '/public' => 'authentication#public'
-  get '/private' => 'authentication#private'
-  get '/validate' => 'authentication#validate'
+  get '/unauthenticated' => 'content#unauthenticated'
+  get '/authenticated' => 'content#authenticated'
 end

data/spec/dummy/config/spring.rb

@@ -1,6 +1,8 @@
-%w(
+# frozen_string_literal: true
+
+%w[
   .ruby-version
   .rbenv-vars
   tmp/restart.txt
   tmp/caching-dev.txt
-).each { |path| Spring.watch(path) }
+].each { |path| Spring.watch(path) }

data/spec/dummy/db/migrate/20170726110751_create_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class CreateUsers < ActiveRecord::Migration[5.1]
   def change
     create_table :users do |t|

data/spec/dummy/db/migrate/20170726110825_add_token_version_to_user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddTokenVersionToUser < ActiveRecord::Migration[5.0]
   def change
     add_column :users, :token_version, :integer, :null => false, :default => 1

data/spec/dummy/db/migrate/20170726112117_add_activated_to_user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddActivatedToUser < ActiveRecord::Migration[5.1]
   def change
     add_column :users, :activated, :boolean, :default => false

data/spec/dummy/db/migrate/20190221100103_add_password_to_user.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddPasswordToUser < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :password, :string
+  end
+end