jwt_api_auth 0.0.1.pre.5 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/jwt_api_auth/authentication_controller.rb +4 -1
  3. data/lib/jwt_api_auth/authentication.rb +8 -1
  4. data/lib/jwt_api_auth/version.rb +1 -1
  5. data/lib/jwt_api_auth.rb +4 -1
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5cb12ec56ae2eb4d3de12a3651610fd2f10068876e22a79f5d19b2a1e8c87f51
4
- data.tar.gz: a7de6b200b4b09751e0d827d6414c1da15b11c601aa3c4d6a78a83db0a2eba26
3
+ metadata.gz: 82f4da01fc8302efb2f44ab509f436ed767aa8f92941bce504a4922513b4a13a
4
+ data.tar.gz: ed4e6b9cb3881688ee1d67e57c558c164c8ea240b226726663e5d20be488e376
5
5
  SHA512:
6
- metadata.gz: 2b962f0af973fe0571454cd51182b9d15abf2dd6d78f8fb5a5dd27aac3864be14d1d80e2b6289b4b987cedae0955788b2b11ef5ad3e7336ad01e8b9b0a87ab1e
7
- data.tar.gz: 57801bd10539344e71911a8bd68eb95927f9c89477d63bf11d904bab00228790512de04c2b71f120bcbe23864f72b2dbff1d9c9b88ce949e340a4a027149af26
6
+ metadata.gz: '08ecf5e7903324c82e6d4d8e9b7ae213fcab1f143a84e4c411cb6e8cfdc47a65a28e4d06a88a6c374a50722c5f535a3aeb7b835ca5f23f787b301f36cccdc77c'
7
+ data.tar.gz: 715cbb2ce9e0b3a7b2227e02e1ae6ad83a83050f6dcef93930271d25b231841d18488286ea009057711d39d7bf2696e87330a07fffb3485106457d77c032c6f3
data/app/controllers/jwt_api_auth/authentication_controller.rb CHANGED
@@ -54,7 +54,10 @@ module JwtApiAuth
54
54
  end
55
55
 
56
56
  def payload
57
- { sub: resource.id }
57
+ {
58
+ sub: resource.id,
59
+ aud: JwtApiAuth.token_audience
60
+ }.delete_if { |_key, value| value.blank? }
58
61
  end
59
62
 
60
63
  def token
data/lib/jwt_api_auth/authentication.rb CHANGED
@@ -16,7 +16,14 @@ module JwtApiAuth
16
16
 
17
17
  def authenticate_user
18
18
  token = request.headers['Authorization']&.split('Bearer ')&.last
19
- ::JWT.decode token, JwtApiAuth.token_secret.call, true, { algorithm: 'HS256' }
19
+ options = { algorithm: 'HS256' }
20
+
21
+ if JwtApiAuth.token_audience.present?
22
+ options[:aud] = JwtApiAuth.token_audience.map(&:to_s)
23
+ options[:verify_aud] = true
24
+ end
25
+
26
+ ::JWT.decode token, JwtApiAuth.token_secret.call, true, options
20
27
 
21
28
  head :unauthorized unless token
22
29
  end
data/lib/jwt_api_auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JwtApiAuth
4
- VERSION = '0.0.1.pre.5'
4
+ VERSION = '0.0.2'
5
5
  end
data/lib/jwt_api_auth.rb CHANGED
@@ -17,7 +17,7 @@ module JwtApiAuth
17
17
  self.refresh_token_lifetime = 1.week
18
18
 
19
19
  mattr_accessor :token_secret
20
- self.token_secret = -> { Rails.application.secrets.secret_key_base }
20
+ self.token_secret = -> { Rails.application.secrets.secret_key_base || Rails.application.secret_key_base }
21
21
 
22
22
  mattr_accessor :model
23
23
  self.model = :user
@@ -25,6 +25,9 @@ module JwtApiAuth
25
25
  mattr_accessor :refresh_token_model
26
26
  self.refresh_token_model = :refresh_token
27
27
 
28
+ mattr_accessor :token_audience
29
+ self.token_audience = nil
30
+
28
31
  def self.setup
29
32
  yield self
30
33
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_api_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1.pre.5
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cristian Stügelmayer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-22 00:00:00.000000000 Z
11
+ date: 2021-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -290,9 +290,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
290
290
  version: '0'
291
291
  required_rubygems_version: !ruby/object:Gem::Requirement
292
292
  requirements:
293
- - - ">"
293
+ - - ">="
294
294
  - !ruby/object:Gem::Version
295
- version: 1.3.1
295
+ version: '0'
296
296
  requirements: []
297
297
  rubygems_version: 3.0.8
298
298
  signing_key: