jwt_api 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 19e4d4dcf76be937121c8a2559e64417c07c1218b352492985120076db85d4bd
-  data.tar.gz: ba9ac0f21978e74a0ada2837d6966b0d017b74043ab001948bb6c137184f9089
+  metadata.gz: b98af57b80db1d208e37fea555f8840b0ef28d975b450e3d4913e5b43b90e49c
+  data.tar.gz: 37ab658dbc48fcaf0dc6fa332f64f85a5a16a654a1b603855df72d4d00d049f1
 SHA512:
-  metadata.gz: ba08a36a4111d4ecb70466481fbc67f55b62a831f56c866ce10e754af84e9091c570e5ce594043da49b3ec13cf389332e78beafcc5c30de02d6558a90a75b0a5
-  data.tar.gz: d57636254090a1e52d2e9e4408a1925fe7b4accb265b32b4a6933cbddd3439bb255ced6e6c84d35f3f99bac36ca26fa97c8c1a4117a00c9f6f516add5f38185d
+  metadata.gz: 325cb78e50548492bf4537a0b89b59e2c8bf9541481b9fc75dad97174251b0e2a7697ef5b8183dc67461375614a8fe22f576a8262df63db63116c0a65be04a54
+  data.tar.gz: 32143ac809d4b48c0b0afdd0274c04061f4fd0b094c8e35179d59515a0aecbfa5eabd0bb4a0fbf259f95d3e75387bb789741ffd8cd809de412ada9b8fa78db27

data/Gemfile

@@ -7,4 +7,4 @@ gemspec
 
 gem 'jwt', '~> 2.2', '>= 2.2.3'
 gem 'rake', '~> 13.0'
-# gem 'rspec', '~> 3.0'
+gem 'rspec'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    jwt_api (0.1.0)
+    jwt_api (0.1.1)
       jwt (~> 2.2, >= 2.2.3)
 
 GEM
@@ -25,13 +25,14 @@ GEM
     rspec-support (3.10.2)
 
 PLATFORMS
+  arm64-darwin-21
   x86_64-darwin-20
 
 DEPENDENCIES
   jwt (~> 2.2, >= 2.2.3)
   jwt_api!
   rake (~> 13.0)
-  rspec (~> 3.0)
+  rspec
 
 BUNDLED WITH
    2.2.25

data/README.md

@@ -51,7 +51,7 @@ Running via Spring preloader in process 56250
 == 20210827123255 AddJtiToUsers: migrated (0.0259s) ===========================
 ```
 
-Feel free to remove the gem from your Gemfile, you now have everything you need in your application.
+
 ## Usage
 
 1. Make sure that each user that needs access to the API has a JTI generated.

data/lib/generators/jwt_api/templates/api/base_controller.rb

@@ -8,11 +8,7 @@ class Api::BaseController < ApplicationController
   protected
 
   def authenticate_request!
-    unless user_id_in_token?
-      render json: { errors: ['Unauthorized'] }, status: :unauthorized
-      return
-    end
-    @current_user = User.find(auth_token[:user_id])
+    user_id_in_token?
   rescue JWT::VerificationError, JWT::DecodeError
     render json: { errors: ['Unauthorized'] }, status: :unauthorized
   end
@@ -20,27 +16,33 @@ class Api::BaseController < ApplicationController
   private
 
   def http_token
-    @http_token ||= if request.headers['Authorization'].present?
-                      request.headers['Authorization'].split.last
-                    end
+    @http_token ||= (request.headers['Authorization'].split.last if request.headers['Authorization'].present?)
   end
 
   def auth_token
-    @auth_token ||= JsonWebToken.decode(http_token)
-  rescue JWT::ExpiredSignature
-    render json: { error: 'token expired' }
+    @auth_token ||= jwt.decode(http_token)[0].to_h.symbolize_keys!
+    return nil if token_expired?
+    return @auth_token if @auth_token.present? && @auth_token[:user_id].present? && jti_matches?
+  end
+
+  def token_expired?
+    @auth_token[:exp] < Time.now.to_i
   end
 
   def jti_matches?
-    @current_user = User.find(auth_token[:user_id])
-    !@current_user.jti.nil? && @current_user.jti == auth_token[:jti]
+    @current_user = User.find(@auth_token[:user_id])
+    @current_user&.jti == @auth_token[:jti]
   end
 
   def user_id_in_token?
-    http_token && auth_token && auth_token[:user_id].to_i && jti_matches?
+    http_token && auth_token
   end
 
   def user_reset_token_in_params?
     params[:reset_password_token]
   end
+
+  def jwt
+    JsonWebToken.new
+  end
 end

data/lib/generators/jwt_api/templates/api/v1/authentication_controller.rb

@@ -29,11 +29,12 @@ class Api::V1::AuthenticationController < Api::BaseController
 
     iat = Time.now.to_i
     exp = Time.now.to_i + 24 * 3600
+
     {
-      token: JsonWebToken.encode({ user_id: user.id,
-                                   jti: user.jti,
-                                   iat: iat,
-                                   exp: exp })
+      token: jwt.encode({ user_id: user.id,
+                          jti: user.jti,
+                          iat: iat,
+                          exp: exp })
     }
   end
 end

data/lib/generators/jwt_api/templates/api/v1/passwords_controller.rb

@@ -11,15 +11,14 @@ class Api::V1::PasswordsController < Api::BaseController
     @user = User.find_by(email: password_params[:email])
     if @user.nil?
       render json: { message: 'email not found' }, status: :not_found
+    elsif @user.update(
+      reset_password_token: SecureRandom.uuid,
+      reset_password_sent_at: Time.now
+    )
+      JwtMailer.reset_password(@user.id, @user.reset_password_token).deliver
+      render json: { message: 'reset password instructions sent' }, status: :ok
     else
-      @user.reset_password_token = SecureRandom.uuid
-      @user.reset_password_sent_at = Time.now
-      if @user.save
-        JwtMailer.reset_password(@user.id, @user.reset_password_token).deliver
-        render json: { message: 'reset password instructions sent' }, status: :ok
-      else
-        render json: { message: @user.errors }, status: :not_found
-      end
+      render json: { message: @user.errors }, status: :not_found
     end
   end
 
@@ -27,25 +26,22 @@ class Api::V1::PasswordsController < Api::BaseController
   # with a token in the params, if a succesful response is received, the client can
   # store the newly issued JWT and redirect the user to the password reset form
   def verify
-    @user = User.where(reset_password_token: params[:token]).first
+    @user = User.find_by(reset_password_token: params[:token])
     if @user.nil?
       render json: { message: 'reset password token not found' }, status: :not_found
-    elsif @user.reset_password_sent_at < 1.hour.ago
+    elsif @user.reset_password_sent_at < 10.minutes.ago
       render json: { message: 'reset password token has expired' }, status: :not_found
     else
-      @user.reset_password_token = nil
-      @user.reset_password_sent_at = nil
-      @user.jti = SecureRandom.uuid
-      @user.save
-
-      iat = Time.now.to_i
-      exp = Time.now.to_i + 10 * 60
-
+      @user.update!(
+        reset_password_token: nil,
+        reset_password_sent_at: nil,
+        jti: SecureRandom.uuid
+      )
       render json: {
         token: JsonWebToken.encode({ user_id: @user.id,
                                      jti: @user.jti,
-                                     iat: iat,
-                                     exp: exp })
+                                     iat: Time.now.to_i,
+                                     exp: Time.now.to_i + 10 * 60 })
       }, status: :ok
     end
   end

data/lib/generators/jwt_api/templates/api/v1/users_controller.rb

@@ -3,6 +3,7 @@
 # User controller
 class Api::V1::UsersController < Api::BaseController
   skip_before_action :authenticate_request!, only: %i[create]
+
   def create
     unless user_params[:password] == user_params[:password_confirmation]
       return render json: { message: "passwords don't match" }, status: :unprocessable_entity

data/lib/generators/jwt_api/templates/initializers/json_web_token.rb

@@ -1,11 +1,17 @@
+# frozen_string_literal: true
+
+# JSON Web Token class
 class JsonWebToken
-  def self.encode(payload)
-    JWT.encode(payload, Rails.application.secrets.secret_key_base)
+  def initialize(key = Rails.application.credentials[:secret_key_base], algorithm = 'HS256')
+    @key = key
+    @algorithm = algorithm
+  end
+
+  def encode(payload)
+    JWT.encode(payload, @key, @algorithm)
   end
 
-  def self.decode(token)
-    HashWithIndifferentAccess.new(JWT.decode(token, Rails.application.secrets.secret_key_base)[0])
-  rescue StandardError
-    nil
+  def decode(token)
+    JWT.decode(token, @key, @algorithm)
   end
 end

data/lib/jwt_api/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JwtApi
-  VERSION = "0.1.0"
+  VERSION = '0.1.1'
 end

data/lib/jwt_api.rb

@@ -2,32 +2,3 @@
 
 require 'jwt'
 require_relative 'jwt_api/version'
-
-module JwtApi
-  class Jwt
-    def initialize(key, algorithm = 'HS256')
-      @key = key
-      @algorithm = algorithm
-    end
-
-    def encode(payload)
-      JWT.encode(payload, @key, @algorithm)
-    end
-
-    def decode(token)
-      JWT.decode(token, @key, @algorithm)
-    end
-  end
-end
-
-class JsonWebToken
-  def self.encode(payload)
-    JWT.encode(payload, Rails.application.secrets.secret_key_base)
-  end
-
-  def self.decode(token)
-    HashWithIndifferentAccess.new(JWT.decode(token, Rails.application.secrets.secret_key_base)[0])
-  rescue StandardError
-    nil
-  end
-end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt_api
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Leo Policastro
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-08-29 00:00:00.000000000 Z
+date: 2022-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -48,6 +48,7 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- jwt_api-0.1.0.gem
 - jwt_api.gemspec
 - lib/generators/jwt_api/setup_generator.rb
 - lib/generators/jwt_api/templates/api/base_controller.rb
@@ -83,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Write a short summary, because RubyGems requires one.