jwt_api 0.1.0 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 19e4d4dcf76be937121c8a2559e64417c07c1218b352492985120076db85d4bd
-  data.tar.gz: ba9ac0f21978e74a0ada2837d6966b0d017b74043ab001948bb6c137184f9089
+  metadata.gz: 7772f9c066af82798657d3761b4e2591a5d3bc9683983fe5f230bbd063c1d8d8
+  data.tar.gz: 0b7e3c073bd3480c48be3e7610b0d5bc25c75dfdcc1f22e17bade00fc50f9e47
 SHA512:
-  metadata.gz: ba08a36a4111d4ecb70466481fbc67f55b62a831f56c866ce10e754af84e9091c570e5ce594043da49b3ec13cf389332e78beafcc5c30de02d6558a90a75b0a5
-  data.tar.gz: d57636254090a1e52d2e9e4408a1925fe7b4accb265b32b4a6933cbddd3439bb255ced6e6c84d35f3f99bac36ca26fa97c8c1a4117a00c9f6f516add5f38185d
+  metadata.gz: 59bf83ec8f2afeea4a824a69783dad05f20ccea2895ae608574b391253b4a1b6d089ffb9ab2deeac95c87f623839998e55fdcf8fd63f76fce16c0f6384b4a91a
+  data.tar.gz: f8a201feaf0ea3c2a0443b4a6c6a50e8931f8b57c60fc57e2ae17d818e2d6ee19ff24a5d3646010df15520e55ffe5debeaf3610323df59dcfa6add06fee33481

data/CHANGELOG.md

@@ -3,3 +3,12 @@
 ## [0.1.0] - 2021-08-26
 
 - Initial release
+
+
+## [0.1.1] - 2022-02-13
+
+- Clean up and refactor
+
+## 0.1.2 - 2022-02-13
+
+- Update gemspec description

data/Gemfile

@@ -7,4 +7,4 @@ gemspec
 
 gem 'jwt', '~> 2.2', '>= 2.2.3'
 gem 'rake', '~> 13.0'
-# gem 'rspec', '~> 3.0'
+gem 'rspec'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    jwt_api (0.1.0)
+    jwt_api (0.1.1)
       jwt (~> 2.2, >= 2.2.3)
 
 GEM
@@ -25,13 +25,14 @@ GEM
     rspec-support (3.10.2)
 
 PLATFORMS
+  arm64-darwin-21
   x86_64-darwin-20
 
 DEPENDENCIES
   jwt (~> 2.2, >= 2.2.3)
   jwt_api!
   rake (~> 13.0)
-  rspec (~> 3.0)
+  rspec
 
 BUNDLED WITH
    2.2.25

data/README.md

@@ -1,6 +1,6 @@
 # JwtApi
 
-Generate user, session, and password api routes with JWT authentication.
+Scaffold a JSON Web Token API.
 
 ## Installation
 
@@ -51,13 +51,22 @@ Running via Spring preloader in process 56250
 == 20210827123255 AddJtiToUsers: migrated (0.0259s) ===========================
 ```
 
-Feel free to remove the gem from your Gemfile, you now have everything you need in your application.
+
 ## Usage
 
 1. Make sure that each user that needs access to the API has a JTI generated.
    1. `User.first.jti = SecureRandom.uuid`
-2. Request a JWT at the `/api/authenticate/` endpoint.
-3. Include that token as a `Bearer` token in all other requests.
+2. From your Rails console run `SecureRandom.hex(64)` and make note of the output.
+   - Sample output:
+      ```text
+      "0086870fb04cafbaa15b110cf78352fbca75537cc90e06892e206e07c24caa33ff5f6aadf2649cafac08c4acf6a1b7527b97bfa943481c282ba2480a0a922657"
+      ```
+3. Run `rails credentials:edit --environment=development` (and production, staging when applicable) and set your `jwt_secret` environment variable.
+   ```yml
+      jwt_secret: 0086870fb04cafbaa15b110cf78352fbca75537cc90e06892e206e07c24caa33ff5f6aadf2649cafac08c4acf6a1b7527b97bfa943481c282ba2480a0a922657
+   ```
+3. Request a JWT at the `/api/authenticate/` endpoint.
+4. Include that token as a `Bearer` token in all other requests.
 
 
 [![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/6130650-059cc2e3-88f7-48a8-95d0-d7dca1d7caef?action=collection%2Ffork&collection-url=entityId%3D6130650-059cc2e3-88f7-48a8-95d0-d7dca1d7caef%26entityType%3Dcollection%26workspaceId%3D128e0ba1-898b-40bb-8006-a329fb1c28de)
@@ -67,11 +76,6 @@ Feel free to remove the gem from your Gemfile, you now have everything you need
 
 ## Limitations
 - Currently this will only work with a devise User model.
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
 ## Contributing
 
@@ -83,8 +87,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the JwtApi project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/jwt_api/blob/main/CODE_OF_CONDUCT.md).
-
+Everyone interacting in the JwtApi project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/leopolicastro/jwt_api/blob/main/CODE_OF_CONDUCT.md).
 
-## TODO
-- Create test suite and add to generator to copy into users app.

data/jwt_api.gemspec

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ['Leo Policastro']
   spec.email         = ['lpolicastro@pm.me']
 
-  spec.summary       = 'Write a short summary, because RubyGems requires one.'
-  spec.description   = 'Write a longer description or delete this line.'
+  spec.summary       = 'Scaffold a JSON Web Token API'
+  spec.description   = 'Scaffold a JSON Web Token API.'
   spec.homepage      = 'https://github.com/leopolicastro/jwt_api/'
   spec.license       = 'MIT'
   spec.required_ruby_version = '>= 2.4.0'

data/lib/generators/jwt_api/templates/api/base_controller.rb

@@ -8,11 +8,7 @@ class Api::BaseController < ApplicationController
   protected
 
   def authenticate_request!
-    unless user_id_in_token?
-      render json: { errors: ['Unauthorized'] }, status: :unauthorized
-      return
-    end
-    @current_user = User.find(auth_token[:user_id])
+    http_token && auth_token && jti_matches?
   rescue JWT::VerificationError, JWT::DecodeError
     render json: { errors: ['Unauthorized'] }, status: :unauthorized
   end
@@ -20,27 +16,28 @@ class Api::BaseController < ApplicationController
   private
 
   def http_token
-    @http_token ||= if request.headers['Authorization'].present?
-                      request.headers['Authorization'].split.last
-                    end
+    @http_token ||= (request.headers['Authorization'].split.last if request.headers['Authorization'].present?)
   end
 
   def auth_token
-    @auth_token ||= JsonWebToken.decode(http_token)
-  rescue JWT::ExpiredSignature
-    render json: { error: 'token expired' }
+    @auth_token ||= jwt.decode(http_token)[0].to_h.symbolize_keys!
+    return @auth_token if @auth_token.present? && @auth_token[:user_id].present? && !token_expired?
   end
 
-  def jti_matches?
-    @current_user = User.find(auth_token[:user_id])
-    !@current_user.jti.nil? && @current_user.jti == auth_token[:jti]
+  def token_expired?
+    @auth_token[:exp] < Time.now.to_i
   end
 
-  def user_id_in_token?
-    http_token && auth_token && auth_token[:user_id].to_i && jti_matches?
+  def jti_matches?
+    @current_user = User.find(@auth_token[:user_id])
+    @current_user&.jti == @auth_token[:jti]
   end
 
   def user_reset_token_in_params?
     params[:reset_password_token]
   end
+
+  def jwt
+    JsonWebToken.new
+  end
 end

data/lib/generators/jwt_api/templates/api/v1/authentication_controller.rb

@@ -29,11 +29,12 @@ class Api::V1::AuthenticationController < Api::BaseController
 
     iat = Time.now.to_i
     exp = Time.now.to_i + 24 * 3600
+
     {
-      token: JsonWebToken.encode({ user_id: user.id,
-                                   jti: user.jti,
-                                   iat: iat,
-                                   exp: exp })
+      token: jwt.encode({ user_id: user.id,
+                          jti: user.jti,
+                          iat: iat,
+                          exp: exp })
     }
   end
 end

data/lib/generators/jwt_api/templates/api/v1/passwords_controller.rb

@@ -11,15 +11,14 @@ class Api::V1::PasswordsController < Api::BaseController
     @user = User.find_by(email: password_params[:email])
     if @user.nil?
       render json: { message: 'email not found' }, status: :not_found
+    elsif @user.update(
+      reset_password_token: SecureRandom.uuid,
+      reset_password_sent_at: Time.now
+    )
+      JwtMailer.reset_password(@user.id, @user.reset_password_token).deliver
+      render json: { message: 'reset password instructions sent' }, status: :ok
     else
-      @user.reset_password_token = SecureRandom.uuid
-      @user.reset_password_sent_at = Time.now
-      if @user.save
-        JwtMailer.reset_password(@user.id, @user.reset_password_token).deliver
-        render json: { message: 'reset password instructions sent' }, status: :ok
-      else
-        render json: { message: @user.errors }, status: :not_found
-      end
+      render json: { message: @user.errors }, status: :not_found
     end
   end
 
@@ -27,25 +26,22 @@ class Api::V1::PasswordsController < Api::BaseController
   # with a token in the params, if a succesful response is received, the client can
   # store the newly issued JWT and redirect the user to the password reset form
   def verify
-    @user = User.where(reset_password_token: params[:token]).first
+    @user = User.find_by(reset_password_token: params[:token])
     if @user.nil?
       render json: { message: 'reset password token not found' }, status: :not_found
-    elsif @user.reset_password_sent_at < 1.hour.ago
+    elsif @user.reset_password_sent_at < 10.minutes.ago
       render json: { message: 'reset password token has expired' }, status: :not_found
     else
-      @user.reset_password_token = nil
-      @user.reset_password_sent_at = nil
-      @user.jti = SecureRandom.uuid
-      @user.save
-
-      iat = Time.now.to_i
-      exp = Time.now.to_i + 10 * 60
-
+      @user.update!(
+        reset_password_token: nil,
+        reset_password_sent_at: nil,
+        jti: SecureRandom.uuid
+      )
       render json: {
         token: JsonWebToken.encode({ user_id: @user.id,
                                      jti: @user.jti,
-                                     iat: iat,
-                                     exp: exp })
+                                     iat: Time.now.to_i,
+                                     exp: Time.now.to_i + 10 * 60 })
       }, status: :ok
     end
   end

data/lib/generators/jwt_api/templates/api/v1/users_controller.rb

@@ -3,6 +3,7 @@
 # User controller
 class Api::V1::UsersController < Api::BaseController
   skip_before_action :authenticate_request!, only: %i[create]
+
   def create
     unless user_params[:password] == user_params[:password_confirmation]
       return render json: { message: "passwords don't match" }, status: :unprocessable_entity

data/lib/generators/jwt_api/templates/initializers/json_web_token.rb

@@ -1,11 +1,17 @@
+# frozen_string_literal: true
+
+# JSON Web Token class
 class JsonWebToken
-  def self.encode(payload)
-    JWT.encode(payload, Rails.application.secrets.secret_key_base)
+  def initialize(key = Rails.application.credentials[:jwt_secret], algorithm = 'HS256')
+    @key = key
+    @algorithm = algorithm
+  end
+
+  def encode(payload)
+    JWT.encode(payload, @key, @algorithm)
   end
 
-  def self.decode(token)
-    HashWithIndifferentAccess.new(JWT.decode(token, Rails.application.secrets.secret_key_base)[0])
-  rescue StandardError
-    nil
+  def decode(token)
+    JWT.decode(token, @key, @algorithm)
   end
 end

data/lib/jwt_api/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JwtApi
-  VERSION = "0.1.0"
+  VERSION = '0.1.4'
 end

data/lib/jwt_api.rb

@@ -2,32 +2,3 @@
 
 require 'jwt'
 require_relative 'jwt_api/version'
-
-module JwtApi
-  class Jwt
-    def initialize(key, algorithm = 'HS256')
-      @key = key
-      @algorithm = algorithm
-    end
-
-    def encode(payload)
-      JWT.encode(payload, @key, @algorithm)
-    end
-
-    def decode(token)
-      JWT.decode(token, @key, @algorithm)
-    end
-  end
-end
-
-class JsonWebToken
-  def self.encode(payload)
-    JWT.encode(payload, Rails.application.secrets.secret_key_base)
-  end
-
-  def self.decode(token)
-    HashWithIndifferentAccess.new(JWT.decode(token, Rails.application.secrets.secret_key_base)[0])
-  rescue StandardError
-    nil
-  end
-end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt_api
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.4
 platform: ruby
 authors:
 - Leo Policastro
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-08-29 00:00:00.000000000 Z
+date: 2022-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -30,7 +30,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.2.3
-description: Write a longer description or delete this line.
+description: Scaffold a JSON Web Token API.
 email:
 - lpolicastro@pm.me
 executables: []
@@ -48,6 +48,8 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- jwt_api-0.1.2.gem
+- jwt_api-0.1.3.gem
 - jwt_api.gemspec
 - lib/generators/jwt_api/setup_generator.rb
 - lib/generators/jwt_api/templates/api/base_controller.rb
@@ -83,8 +85,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
-summary: Write a short summary, because RubyGems requires one.
+summary: Scaffold a JSON Web Token API
 test_files: []