jwt-auth 4.2.0 → 5.0.0

data/spec/dummy/db/schema.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
@@ -10,14 +12,13 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2017_07_26_112117) do
-
-  create_table "users", force: :cascade do |t|
-    t.string "email"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
-    t.integer "token_version", default: 1, null: false
-    t.boolean "activated", default: false
+ActiveRecord::Schema.define(:version => 20_190_221_100_103) do
+  create_table 'users', :force => :cascade do |t|
+    t.string 'email'
+    t.datetime 'created_at', :null => false
+    t.datetime 'updated_at', :null => false
+    t.integer 'token_version', :default => 1, :null => false
+    t.boolean 'activated', :default => false
+    t.string 'password'
   end
-
 end

data/spec/jwt/auth/access_token_spec.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe JWT::Auth::AccessToken do
+  ##
+  # Configuration
+  #
+  ##
+  # Test variables
+  #
+  let(:user) { User.create! :activated => true }
+
+  ##
+  # Subject
+  #
+  subject(:token) { described_class.new }
+
+  ##
+  # Tests
+  #
+  describe '#type' do
+    it 'returns the correct token type' do
+      expect(subject.type).to eq :access
+    end
+  end
+
+  describe '#lifetime' do
+    it { is_expected.to respond_to :lifetime }
+
+    it 'returns an integer' do
+      expect(subject.lifetime).to be_a_kind_of Integer
+    end
+  end
+end

data/spec/jwt/auth/configuration_spec.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+require 'rails_helper'
+
+RSpec.describe JWT::Auth do
+  ##
+  # Configuration
+  #
+  JWT::Auth.configure do |config|
+    config.refresh_token_lifetime = 1.year
+    config.access_token_lifetime = 2.hours
+    config.secret = 'mysecret'
+  end
+
+  ##
+  # Test variables
+  #
+
+  # Ensure the User model is autoloaded, which initializes the JWT::Auth.model configuration entry
+  before { User }
+
+  ##
+  # Subject
+  #
+  subject { JWT::Auth }
+
+  ##
+  # Tests
+  #
+  it { is_expected.to have_attributes :refresh_token_lifetime => 1.year,
+                                      :access_token_lifetime => 2.hours,
+                                      :secret => 'mysecret',
+                                      :model => 'User' }
+end

data/spec/jwt/auth/refresh_token_spec.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe JWT::Auth::RefreshToken do
+  ##
+  # Configuration
+  #
+  ##
+  # Test variables
+  #
+  let(:user) { User.create! :activated => true }
+
+  ##
+  # Subject
+  #
+  subject(:token) { described_class.new }
+
+  ##
+  # Tests
+  #
+  describe '#type' do
+    it 'returns the correct token type' do
+      expect(subject.type).to eq :refresh
+    end
+  end
+
+  describe '#lifetime' do
+    it { is_expected.to respond_to :lifetime }
+
+    it 'returns an integer' do
+      expect(subject.lifetime).to be_a_kind_of Integer
+    end
+  end
+end

data/spec/jwt/auth/token_spec.rb

@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe JWT::Auth::Token do
+  ##
+  # Configuration
+  #
+  ##
+  # Test variables
+  #
+  let(:user) { User.create! :activated => true }
+
+  ##
+  # Subject
+  #
+  subject(:token) { described_class.new }
+
+  ##
+  # Tests
+  #
+  describe 'properties' do
+    it { is_expected.to respond_to :issued_at }
+    it { is_expected.to respond_to :subject }
+    it { is_expected.to respond_to :version }
+
+    it { is_expected.to have_attributes :issued_at => nil, :subject => nil, :version => nil }
+
+    describe 'constructor' do
+      subject(:token) { described_class.new :issued_at => 'foo', :subject => 'bar', :version => 'bat' }
+
+      it { is_expected.to have_attributes :issued_at => 'foo', :subject => 'bar', :version => 'bat' }
+    end
+  end
+
+  describe '#valid?' do
+    before do
+      # Override not implemented methods for test purposes
+      allow_any_instance_of(described_class).to receive(:type).and_return :access
+      allow_any_instance_of(described_class).to receive(:lifetime).and_return 2.hours.to_i
+    end
+
+    subject(:token) { described_class.new :subject => user,
+                                          :issued_at => Time.now.to_i,
+                                          :version => user.token_version }
+
+    it { is_expected.to be_valid }
+
+    context 'when the subject is nil' do
+      before { token.subject = nil }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when the subject is destroyed' do
+      before { user.destroy }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when issued_at is nil' do
+      before { token.issued_at = nil }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when version is nil' do
+      before { token.version = nil }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when token_version is incremented' do
+      # Explicitly call `token` to initialize it with the old token_version
+      before { token; user.increment! :token_version }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when the token has expired' do
+      before { token.issued_at = JWT::Auth.access_token_lifetime.ago.to_i }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when the issued_at is in the future' do
+      before { token.issued_at = 1.year.from_now.to_i }
+
+      it { is_expected.not_to be_valid }
+    end
+  end
+
+  describe '#to_jwt' do
+    before do
+      # Override not implemented methods for test purposes
+      allow_any_instance_of(described_class).to receive(:type).and_return :access
+    end
+
+    let(:token) { described_class.new :subject => user }
+    subject(:payload) { JWT.decode(token.to_jwt, JWT::Auth.secret).first }
+
+    it { is_expected.to eq 'iat' => Time.now.to_i, 'sub' => user.id, 'ver' => user.token_version, 'typ' => 'access' }
+  end
+
+  describe '.from_jwt' do
+    let(:jwt) { JWT.encode({ :iat => Time.now.to_i, :sub => user.id, :ver => user.token_version, :typ => type }, JWT::Auth.secret) }
+    let(:type)  { :access }
+    subject(:token) { described_class.from_jwt jwt }
+
+    it { is_expected.to have_attributes :issued_at => a_kind_of(Integer), :subject => user, :version => user.token_version }
+
+    context 'when the jwt cannot be decoded' do
+      let(:jwt) { 'rubbish' }
+
+      it { is_expected.to be_nil }
+    end
+
+    context 'when the typ payload parameter is nil' do
+      let(:type) { nil }
+
+      it { is_expected.to be_nil }
+    end
+
+    context 'when the typ payload parameter is "access"' do
+      let(:type) { :access }
+
+      it { is_expected.to be_an_instance_of JWT::Auth::AccessToken }
+    end
+
+    context 'when the typ payload parameter is "refresh"' do
+      let(:type) { :refresh }
+
+      it { is_expected.to be_an_instance_of JWT::Auth::RefreshToken }
+    end
+
+    it 'calls the User#find_by_token method' do
+      expect(User).to receive(:find_by_token)
+        .with :id => user.id,
+              :token_version => user.token_version
+
+      described_class.from_jwt jwt
+    end
+  end
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe User do
+  ##
+  # Configuration
+  #
+  ##
+  # Test variables
+  #
+  ##
+  # Subject
+  #
+  ##
+  # Tests
+  #
+  it { is_expected.to validate_presence_of :token_version }
+  it { is_expected.to respond_to :find_by_token }
+
+  it 'sets the JWT::Auth configuration model entry to User' do
+    expect(JWT::Auth.model).to eq described_class.to_s
+  end
+end

data/spec/rails_helper.rb

@@ -6,6 +6,7 @@ abort('The Rails environment is running in production mode!') if Rails.env.produ
 require 'spec_helper'
 require 'rspec/rails'
 # Add additional requires below this line. Rails is not loaded until this point!
+require 'shoulda/matchers'
 
 require 'dummy/config/environment'
 # ENV['RAILS_ROOT'] ||= File.join File.dirname(__FILE__), 'spec', 'dummy'
@@ -48,3 +49,10 @@ RSpec.configure do |config|
   # arbitrary gems may also be filtered via:
   # config.filter_gems_from_backtrace("gem name")
 end
+
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.test_framework :rspec
+    with.library :rails
+  end
+end

data/spec/spec_helper.rb

@@ -57,57 +57,55 @@ RSpec.configure do |config|
   # triggering implicit auto-inclusion in groups with matching metadata.
   config.shared_context_metadata_behavior = :apply_to_host_groups
 
-# The settings below are suggested to provide a good initial experience
-# with RSpec, but feel free to customize to your heart's content.
-=begin
-  # This allows you to limit a spec run to individual examples or groups
-  # you care about by tagging them with `:focus` metadata. When nothing
-  # is tagged with `:focus`, all examples get run. RSpec also provides
-  # aliases for `it`, `describe`, and `context` that include `:focus`
-  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
-  config.filter_run_when_matching :focus
-
-  # Allows RSpec to persist some state between runs in order to support
-  # the `--only-failures` and `--next-failure` CLI options. We recommend
-  # you configure your source control system to ignore this file.
-  config.example_status_persistence_file_path = "spec/examples.txt"
-
-  # Limits the available syntax to the non-monkey patched syntax that is
-  # recommended. For more details, see:
-  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
-  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
-  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
-  config.disable_monkey_patching!
-
-  # This setting enables warnings. It's recommended, but in some cases may
-  # be too noisy due to issues in dependencies.
-  config.warnings = true
-
-  # Many RSpec users commonly either run the entire suite or an individual
-  # file, and it's useful to allow more verbose output when running an
-  # individual spec file.
-  if config.files_to_run.one?
-    # Use the documentation formatter for detailed output,
-    # unless a formatter has already been configured
-    # (e.g. via a command-line flag).
-    config.default_formatter = 'doc'
-  end
-
-  # Print the 10 slowest examples and example groups at the
-  # end of the spec run, to help surface which specs are running
-  # particularly slow.
-  config.profile_examples = 10
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = :random
-
-  # Seed global randomization in this process using the `--seed` CLI option.
-  # Setting this allows you to use `--seed` to deterministically reproduce
-  # test failures related to randomization by passing the same `--seed` value
-  # as the one that triggered the failure.
-  Kernel.srand config.seed
-=end
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  #   # This allows you to limit a spec run to individual examples or groups
+  #   # you care about by tagging them with `:focus` metadata. When nothing
+  #   # is tagged with `:focus`, all examples get run. RSpec also provides
+  #   # aliases for `it`, `describe`, and `context` that include `:focus`
+  #   # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  #   config.filter_run_when_matching :focus
+  #
+  #   # Allows RSpec to persist some state between runs in order to support
+  #   # the `--only-failures` and `--next-failure` CLI options. We recommend
+  #   # you configure your source control system to ignore this file.
+  #   config.example_status_persistence_file_path = "spec/examples.txt"
+  #
+  #   # Limits the available syntax to the non-monkey patched syntax that is
+  #   # recommended. For more details, see:
+  #   #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  #   config.disable_monkey_patching!
+  #
+  #   # This setting enables warnings. It's recommended, but in some cases may
+  #   # be too noisy due to issues in dependencies.
+  #   config.warnings = true
+  #
+  #   # Many RSpec users commonly either run the entire suite or an individual
+  #   # file, and it's useful to allow more verbose output when running an
+  #   # individual spec file.
+  #   if config.files_to_run.one?
+  #     # Use the documentation formatter for detailed output,
+  #     # unless a formatter has already been configured
+  #     # (e.g. via a command-line flag).
+  #     config.default_formatter = 'doc'
+  #   end
+  #
+  #   # Print the 10 slowest examples and example groups at the
+  #   # end of the spec run, to help surface which specs are running
+  #   # particularly slow.
+  #   config.profile_examples = 10
+  #
+  #   # Run specs in random order to surface order dependencies. If you find an
+  #   # order dependency and want to debug it, you can fix the order by providing
+  #   # the seed, which is printed after each run.
+  #   #     --seed 1234
+  #   config.order = :random
+  #
+  #   # Seed global randomization in this process using the `--seed` CLI option.
+  #   # Setting this allows you to use `--seed` to deterministically reproduce
+  #   # test failures related to randomization by passing the same `--seed` value
+  #   # as the one that triggered the failure.
+  #   Kernel.srand config.seed
 end

data/spec/support/database_cleaner.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'database_cleaner'
+
+RSpec.configure do |config|
+  # before the entire test suite runs, clear the test database out completely
+  config.before(:suite) do
+    DatabaseCleaner.clean
+  end
+
+  # Default strategy is transaction (very fast)
+  config.before do
+    DatabaseCleaner.strategy = :transaction
+  end
+
+  config.before do
+    DatabaseCleaner.start
+  end
+  config.after do
+    DatabaseCleaner.clean
+  end
+end