RubyGems - jwt-authenticator - Versions diffs - 1.0.0 → 2.0.0 - Mend

jwt-authenticator 1.0.0 → 2.0.0

Files changed (9) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/Gemfile.lock +14 -14
data/jwt-authenticator.gemspec +3 -3
data/lib/jwt-authenticator.rb +39 -31
data/lib/jwt-authenticator/version.rb +1 -1
data/test/helper.rb +8 -0
data/test/{jwt-authenticator-test.rb → test-jwt-authenticator.rb} +18 -18
metadata +17 -12

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a0f3e5579beda1099857bfb7731cf03f9a531f5178289ac89721561f51b9394
-  data.tar.gz: b4d779f5919c2bcce341e484b720fe995eea90eb4d1dd1f7faa7fde9fa669293
+  metadata.gz: 707fad532a2bd87b7ab6a9e7839cd61789d53024a18f7b4849d5fbb6e44eb16c
+  data.tar.gz: 8e020e5ca4feac5e69dd276d93d8bce8b17928a75e0e20f2d4743656e33072cd
 SHA512:
-  metadata.gz: fc10f802cea4187f46f4c8ef876e8caf11010f8477fa2461d210d75a63cdfda109f711e320b8a4b2e06b7e22f0c86845a2cd4b1ce4f08189648f3e292488eda9
-  data.tar.gz: 77512700bcc753b7505b82682595baeabc46b50cbff09cf1199ff4fb559e19143d106958f485051b77ed393c2eca1516cec85e84fd6cc734d66c175129e960fd
+  metadata.gz: c4868783d0751eeeda6c5e4c7ecab2f5b9c36f4b61881d82332b3bdd20e10a683265a4f9e8c05bc671ab4951e2dd7f25a91441e4f6ce6f438f6209c1ce548b9c
+  data.tar.gz: c90110f5b22510a4ce50630dea91a6f2ebb7cf711098f5e6500c27255b31aa8bcb55f734f07fffce52348aeb038eebe43ef0c4358870fcca0c890848343c8e21

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.5.1
1	+ 2.7.3

data/Gemfile.lock CHANGED Viewed

@@ -1,41 +1,41 @@
 PATH
   remote: .
   specs:
-    jwt-authenticator (1.0.0)
+    jwt-authenticator (2.0.0)
       activesupport (>= 4.0, < 6.0)
-      jwt (~> 2.1.0)
-      method-not-implemented (~> 1.0.1)
+      jwt (~> 2.1)
+      method-not-implemented (~> 1.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.1)
+    activesupport (5.2.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    concurrent-ruby (1.0.5)
-    i18n (1.1.0)
+    concurrent-ruby (1.1.9)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    jwt (2.1.0)
+    jwt (2.2.3)
     method-not-implemented (1.0.1)
-    minitest (5.11.3)
-    power_assert (1.1.3)
-    rake (12.3.1)
-    test-unit (3.2.8)
+    minitest (5.14.4)
+    power_assert (2.0.0)
+    rake (12.3.3)
+    test-unit (3.4.4)
       power_assert
     thread_safe (0.3.6)
-    tzinfo (1.2.5)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
 PLATFORMS
   ruby
 DEPENDENCIES
-  bundler (~> 1.7)
+  bundler (>= 1.7, < 3.0)
   jwt-authenticator!
   rake (~> 12.3)
   test-unit (~> 3.2)
 BUNDLED WITH
-   1.16.4
+   2.1.4

data/jwt-authenticator.gemspec CHANGED Viewed

@@ -17,8 +17,8 @@ Gem::Specification.new do |s|
   s.require_paths         = ["lib"]
   s.required_ruby_version = "~> 2.5"
-  s.add_dependency             "jwt", "~> 2.1.0"
-  s.add_dependency             "method-not-implemented", "~> 1.0.1"
+  s.add_dependency             "jwt", "~> 2.1"
+  s.add_dependency             "method-not-implemented", "~> 1.0"
   s.add_dependency             "activesupport", ">= 4.0", "< 6.0"
-  s.add_development_dependency "bundler", "~> 1.7"
+  s.add_development_dependency "bundler", ">= 1.7", "< 3.0"
 end

data/lib/jwt-authenticator.rb CHANGED Viewed

@@ -14,17 +14,23 @@ class JWT::Authenticator
   def initialize
     @verification_options = token_verification_options_from_environment \
-      self.class.name.split("::").first.underscore.upcase.gsub(/_?JWT\z/, "") + "_JWT"
+      self.class.name.split("::")[0...-1].join("_").underscore.upcase.gsub(/_?JWT\z/, "") + "_JWT"
   end
   def call(token)
-    error! "Token is missing.", 101 if token.blank?
-    token_type, token_value = token.to_s.squish.split(" ")
-    error! "Token type is not provided or invalid.", 102 unless token_type == "Bearer"
-    returned = JWT.decode(token_value, nil, true, @verification_options) { |header| public_key(header.deep_symbolize_keys) }
+    error! type: :token_missing unless token.present?
+    returned = JWT.decode token, nil, true, @verification_options do |header|
+      public_key(header.deep_symbolize_keys)
+    end
     returned.map(&:deep_symbolize_keys)
+  rescue JWT::ExpiredSignature => e
+    error! message: e.inspect, type: :token_expired
   rescue JWT::DecodeError => e
-    error!(e.inspect, 103)
+    error! message: e.inspect, type: :token_invalid
   end
 protected
@@ -33,29 +39,31 @@ protected
     method_not_implemented
   end
-  def token_verification_options_from_environment(prefix)
-    { verify_expiration: ENV["#{prefix}_VERIFY_EXP"] != "false",
-      verify_not_before: ENV["#{prefix}_VERIFY_NBF"] != "false",
-      iss:               ENV["#{prefix}_ISS"].to_s.squish.presence,
-      verify_iat:        ENV["#{prefix}_VERIFY_IAT"] != "false",
-      verify_jti:        ENV["#{prefix}_VERIFY_JTI"] != "false",
-      aud:               ENV["#{prefix}_AUD"].to_s.split(",").map(&:squish).reject(&:blank?).presence, # Comma-separated values.
-      sub:               ENV["#{prefix}_SUB"].to_s.squish.presence,
-      algorithms:        ENV["#{prefix}_ALG"].to_s.split(",").map(&:squish).reject(&:blank?).presence, # Comma-separated values.
-      leeway:            ENV["#{prefix}_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? },
-      iat_leeway:        ENV["#{prefix}_IAT_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? },
-      exp_leeway:        ENV["#{prefix}_EXP_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? },
-      nbf_leeway:        ENV["#{prefix}_NBF_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? }
-    }.tap { |options|
-      options.merge! \
-        verify_sub: options[:sub].present?,
-        verify_iss: options[:iss].present?,
-        verify_aud: options[:aud].present?
-    }.compact
+  def token_verification_options_from_environment(namespace)
+    namespace = namespace.gsub(/_+\z/, "")
+    options = {
+      verify_expiration: ENV["#{namespace}_VERIFY_EXP"] != "false",
+      verify_not_before: ENV["#{namespace}_VERIFY_NBF"] != "false",
+      iss:               ENV["#{namespace}_ISS"].to_s.split(",").map(&:squish).reject(&:blank?).presence, # Comma-separated values.
+      verify_iat:        ENV["#{namespace}_VERIFY_IAT"] != "false",
+      verify_jti:        ENV["#{namespace}_VERIFY_JTI"] != "false",
+      aud:               ENV["#{namespace}_AUD"].to_s.split(",").map(&:squish).reject(&:blank?).presence, # Comma-separated values.
+      sub:               ENV["#{namespace}_SUB"].to_s.squish.presence,
+      algorithms:        ENV["#{namespace}_ALG"].to_s.split(",").map(&:squish).reject(&:blank?).presence, # Comma-separated values.
+      leeway:            ENV["#{namespace}_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? },
+      iat_leeway:        ENV["#{namespace}_IAT_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? },
+      exp_leeway:        ENV["#{namespace}_EXP_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? },
+      nbf_leeway:        ENV["#{namespace}_NBF_LEEWAY"].to_s.squish.yield_self { |n| n.to_i if n.present? }
+    }
+    options.merge! \
+      verify_sub: options[:sub].present?,
+      verify_iss: options[:iss].present?,
+      verify_aud: options[:aud].present?
+    options.compact
   end
-  def error!(message, code = nil)
-    raise Error.new(message, code)
+  def error!(**options)
+    raise Error.new(**options)
   end
   class << self
@@ -65,11 +73,11 @@ protected
   end
   class Error < StandardError
-    attr_reader :code
+    attr_reader :type
-    def initialize(message, code = nil)
-      super(message)
-      @code = code
+    def initialize(message: nil, type:)
+      super message.presence || type.to_s.humanize
+      @type = type
     end
   end
 end

data/lib/jwt-authenticator/version.rb CHANGED Viewed

@@ -3,6 +3,6 @@
 module JWT
   class Authenticator
-    VERSION = "1.0.0"
+    VERSION = "2.0.0"
   end
 end

data/test/helper.rb CHANGED Viewed

@@ -40,3 +40,11 @@ module MyAPIv2
     end
   end
 end
+module MyAPI
+  module V3
+    class JWTAuthenticator < JWT::Authenticator
+    end
+  end
+end

data/test/{jwt-authenticator-test.rb → test-jwt-authenticator.rb} RENAMED Viewed

@@ -33,7 +33,7 @@ class JWTAuthenticatorTest < Test::Unit::TestCase
     end
     modify_environment "MY_API_V1_JWT_ISS", " foo " do
-      assert_equal(default.merge(iss: "foo", verify_iss: true), my_api_v1_token_verification_options)
+      assert_equal(default.merge(iss: %w[foo], verify_iss: true), my_api_v1_token_verification_options)
     end
     modify_environment "MY_API_V1_JWT_VERIFY_IAT", "false" do
@@ -76,13 +76,7 @@ class JWTAuthenticatorTest < Test::Unit::TestCase
   test "blank token" do
     error = assert_raises(JWT::Authenticator::Error) { JWT::Authenticator.instance.call(" ") }
     assert_match(/\bmissing\b/i, error.message)
-    assert_equal(101, error.code)
-  end
-  test "token with invalid type" do
-    error = assert_raises(JWT::Authenticator::Error) { JWT::Authenticator.instance.call("Beer XXX.YYY.ZZZ") }
-    assert_match(/\binvalid\b/i, error.message)
-    assert_equal(102, error.code)
+    assert_equal(:token_missing, error.type)
   end
   test "token decoding and verification" do
@@ -96,63 +90,69 @@ class JWTAuthenticatorTest < Test::Unit::TestCase
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.merge(iss: "qux"))
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid issuer\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "missing iss" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.tap { |p| p.delete(:iss) })
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid issuer\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "missing aud" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.tap { |p| p.delete(:aud) })
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid audience\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "wrong aud" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.merge(aud: "qux"))
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid audience\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "missing sub" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.tap { |p| p.delete(:sub) })
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid subject\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "wrong sub" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.merge(sub: "qux"))
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid subject\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "token is expired" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.merge(exp: Time.now.to_i - 5))
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\bexpired\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_expired, error.type)
   end
   test "missing jti" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.tap { |p| p.delete(:jti) })
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\bmissing jti\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
   end
   test "issued at in future" do
     jwt = my_api_v2_jwt_encode(my_api_v2_jwt_payload.merge(iat: Time.now.to_i + 30))
     error = assert_raises(JWT::Authenticator::Error) { my_api_v2_jwt_decode(jwt) }
     assert_match(/\binvalid iat\b/i, error.message)
-    assert_equal(103, error.code)
+    assert_equal(:token_invalid, error.type)
+  end
+  test "loading token verification options from environment (authenticator nested under multiple modules)" do
+    ENV["MY_API_V3_JWT_ISS"] = "bar"
+    authenticator = MyAPI::V3::JWTAuthenticator.instance
+    assert_equal([ENV["MY_API_V3_JWT_ISS"]], authenticator.instance_variable_get(:@verification_options)[:iss])
   end
 private
@@ -179,6 +179,6 @@ private
   end
   def my_api_v2_jwt_decode(jwt)
-    MyAPIv2::JWTAuthenticator.call("Bearer " + jwt)
+    MyAPIv2::JWTAuthenticator.call(jwt)
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt-authenticator
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Yaroslav Konoplov
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-02 00:00:00.000000000 Z
+date: 2021-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: method-not-implemented
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -62,16 +62,22 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description: The gem provides easy & extendable way to perform JSON Web Token authentication.
 email: eahome00@gmail.com
 executables: []
@@ -89,7 +95,7 @@ files:
 - lib/jwt-authenticator.rb
 - lib/jwt-authenticator/version.rb
 - test/helper.rb
-- test/jwt-authenticator-test.rb
+- test/test-jwt-authenticator.rb
 homepage: https://github.com/ruby-jwt/jwt-authenticator
 licenses:
 - Apache-2.0
@@ -109,11 +115,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: JSON Web Token authentication Ruby service.
 test_files:
 - test/helper.rb
-- test/jwt-authenticator-test.rb
+- test/test-jwt-authenticator.rb