jwt_api_auth 0.0.1.pre.2 → 0.0.1.pre.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a3d6706c3f7eca8fde96b0646701053a353cd8441bd8e3433e0cc0809ebc203
4
- data.tar.gz: e6fedc984827b63767f2ded9a7b9883c05874f1e15c3d83a5900a97e7b4bcc90
3
+ metadata.gz: 28b2ffb88b8c174666626ded4fd860ae53e959f5ea7175fa8da868082760f48c
4
+ data.tar.gz: fdd742dd754b19af9b1049d03a1ee808f8c1b6948c13f1edaa49aa59e2f07f48
5
5
  SHA512:
6
- metadata.gz: 3483d02230bf7e03a0dfd944f5f1dbf418d256e0775685c0b4bc42350a2a19986775272be1da11904fac3ca8345aaa1f1a2353a84cd471bcb2f5ceb3fcc1a5f4
7
- data.tar.gz: 3032a7fb6f88f07cab5e1a2fdc5361d8d471ca07b2f1567637d69c76786828d17aa2396f264a25aebeb4dd79fc91de3f2b082193e6b61047f2585de2c19d1ad8
6
+ metadata.gz: 1fa57315afa1679b7697d3f9b89c31ff0b78477c20d357b1ae13d407fdc2484998ec3bb75d80cbc49e439eef08d84dc3a69a581af8107f453040113efa663ac8
7
+ data.tar.gz: 58bc3d32d241422879b91eae44926b6d4225422698dce01e0483b7bda0b3967731aefc562e13589d9cc214cc5017e8c3c38da16ae1159284bfed4c76c1b8cf7f
@@ -2,24 +2,12 @@
2
2
 
3
3
  module JwtApiAuth
4
4
  class ApplicationController < ActionController::Base
5
- skip_before_action :verify_authenticity_token
6
- before_action :authenticate_user
5
+ include JwtApiAuth::Authentication
7
6
 
8
- rescue_from JWT::DecodeError do
9
- head :unauthorized
10
- end
7
+ skip_before_action :verify_authenticity_token
11
8
 
12
9
  rescue_from ActiveRecord::RecordNotFound do
13
10
  head :not_found
14
11
  end
15
-
16
- private
17
-
18
- def authenticate_user
19
- token = request.headers['Authorization']&.split('Bearer ')&.last
20
- JWT.decode token, JwtApiAuth.token_secret.call, true, { algorithm: 'HS256' }
21
-
22
- head :unauthorized unless token
23
- end
24
12
  end
25
13
  end
@@ -54,11 +54,14 @@ module JwtApiAuth
54
54
  end
55
55
 
56
56
  def payload
57
- { sub: resource.id }
57
+ {
58
+ sub: resource.id,
59
+ aud: JwtApiAuth.token_audience
60
+ }.delete_if { |_key, value| value.blank? }
58
61
  end
59
62
 
60
63
  def token
61
- JWT.encode payload, JwtApiAuth.token_secret.call, 'HS256'
64
+ ::JWT.encode payload, JwtApiAuth.token_secret.call, 'HS256'
62
65
  end
63
66
  end
64
67
  end
@@ -3,6 +3,7 @@
3
3
  require 'jwt'
4
4
  require 'jwt_api_auth/engine'
5
5
  require 'jwt_api_auth/helpers'
6
+ require 'jwt_api_auth/authentication'
6
7
 
7
8
  module JwtApiAuth
8
9
  ActiveSupport.on_load(:action_controller) do
@@ -23,4 +24,11 @@ module JwtApiAuth
23
24
 
24
25
  mattr_accessor :refresh_token_model
25
26
  self.refresh_token_model = :refresh_token
27
+
28
+ mattr_accessor :token_audience
29
+ self.token_audience = nil
30
+
31
+ def self.setup
32
+ yield self
33
+ end
26
34
  end
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JwtApiAuth
4
+ module Authentication
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+ before_action :authenticate_user
9
+
10
+ rescue_from ::JWT::DecodeError do
11
+ head :unauthorized
12
+ end
13
+ end
14
+
15
+ private
16
+
17
+ def authenticate_user
18
+ token = request.headers['Authorization']&.split('Bearer ')&.last
19
+ options = { algorithm: 'HS256' }
20
+
21
+ if JwtApiAuth.token_audience.present?
22
+ options[:aud] = JwtApiAuth.token_audience.map(&:to_s)
23
+ options[:verify_aud] = true
24
+ end
25
+
26
+ ::JWT.decode token, JwtApiAuth.token_secret.call, true, options
27
+
28
+ head :unauthorized unless token
29
+ end
30
+ end
31
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JwtApiAuth
4
- VERSION = '0.0.1.pre.2'
4
+ VERSION = '0.0.1.pre.7'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_api_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1.pre.2
4
+ version: 0.0.1.pre.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cristian Stügelmayer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-21 00:00:00.000000000 Z
11
+ date: 2020-12-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -269,6 +269,7 @@ files:
269
269
  - app/views/layouts/jwt_api_auth/application.html.erb
270
270
  - config/routes.rb
271
271
  - lib/jwt_api_auth.rb
272
+ - lib/jwt_api_auth/authentication.rb
272
273
  - lib/jwt_api_auth/engine.rb
273
274
  - lib/jwt_api_auth/helpers.rb
274
275
  - lib/jwt_api_auth/version.rb