jwt_auth_engine 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b8a125215a3bf059193a53e3da267d0f1a184fb4bf2fd1164496cdbd50f19771
+  data.tar.gz: 9bb10ed91224204e9cb0b56ba11233e3eb7ec4a3899f34568cae4d5bd77356f7
+SHA512:
+  metadata.gz: 462499366a8d8eeb8c4b80e5d6c912eeb869d944a6dd101cfceb2a6b5fef66803a40431b346f5271eb558c43f3a65e1cbab21ef142a4cc6f19b70404a860fdf7
+  data.tar.gz: fbc43a2bacb4add9e4c600705fcb50e4be24dc768b7327c03abbf1760f68eb9b654c0896e8dafbec66a39e740f76a8497891f7dbdaa49f6b764a500f9b180e33

data/CHANGELOG.md

@@ -0,0 +1,37 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+---
+
+## [Unreleased]
+
+---
+
+## [1.0.0] - 2026-06-28
+
+### Added
+
+- Initial release of JwtAuthEngine
+- Stateless JWT access + refresh token pair issuance
+- Configurable auth model (`auth_model`), identifier field, and password field
+- Install generator with migration, initializer, and model concern templates
+- Endpoints: `signup`, `login`, `logout`, `refresh_token`, `change_password`, `me`, `ping`, `authenticated_ping`
+- Service layer: `SignupService`, `LoginService`, `RefreshTokenService`, `ChangePasswordService`, `TokenService`
+- Controller concerns: `Authenticatable`, `Rescuable`, `ResponseRenderable`, `Serializable`, `Tokenizable`
+- Case-insensitive identifier lookup for string/text columns
+- Password field type validation before update
+- Global exception handling scoped to engine endpoints only
+- Dynamic JWT payload keys based on configured model and identifier
+- `JwtAuthEngine::MissingSecretKey` guard before any API call
+- Comprehensive compatibility testing infrastructure:
+  - Appraisal boundary strategy covering Rails 6.1-8.1 (12 boundary versions)
+  - `bin/appraisal_rvm` helper for RVM-isolated gemset testing
+  - Two-tier CI workflows: fast required checks + scheduled full matrix
+  - GitHub Actions workflows for automated compatibility testing
+- Rails 6.1 boot compatibility fix (explicit `require 'logger'`)
+- Rails 8.x sqlite3 2.1+ support with conditional gem version override
+- Complete test coverage (95% line, 90% branch) with SimpleCov enforcement
+- RSpec test suite with 175 examples across all endpoints and services

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2026 Abhishek Kushwaha
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,422 @@
+# JwtAuthEngine
+
+[![Ruby](https://img.shields.io/badge/Ruby-%3E%3D%203.0-red)](https://www.ruby-lang.org)
+[![Rails](https://img.shields.io/badge/Rails-%3E%3D%206.1-red)](https://rubyonrails.org)
+[![CI](https://github.com/abhiskush/jwt_auth_engine/actions/workflows/ci.yml/badge.svg)](https://github.com/abhiskush/jwt_auth_engine/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE.txt)
+
+A mountable Rails engine that provides **stateless JWT authentication** endpoints for API-only Rails applications. It authenticates against your host application's existing model — no separate user table required.
+
+---
+
+## Table of Contents
+
+- [Features](#features)
+- [Requirements](#requirements)
+- [Installation](#installation)
+- [Configuration](#configuration)
+- [Mounting the Engine](#mounting-the-engine)
+- [API Endpoints](#api-endpoints)
+- [Authentication](#authentication)
+- [Customization](#customization)
+- [Response Shapes](#response-shapes)
+- [Testing](#testing)
+- [Contributing](#contributing)
+- [License](#license)
+
+---
+
+## Features
+
+- 🔐 Stateless JWT access & refresh token pair
+- 🧩 Plugs into any ActiveRecord model (`User`, `Account`, `Admin::User`, etc.)
+- ⚙️ Fully configurable identifier field (`email`, `username`, etc.)
+- ⚙️ Fully configurable password field (`password`, `pin`, etc.)
+- 🏗️ Install generator that scaffolds migration, initializer, and model concern
+- 🔒 Case-insensitive identifier lookup for string/text columns
+- 🛡️ Global exception handling scoped only to engine endpoints
+- 📦 Zero host-app pollution — uses `isolate_namespace`
+
+---
+
+## Requirements
+
+| Dependency | Version     |
+|------------|-------------|
+| Ruby       | `>= 3.0.0`  |
+| Rails      | `>= 6.1.0`  |
+| bcrypt     | `>= 3.1.18` |
+| jwt        | `>= 2.9.0`  |
+
+---
+
+## Installation
+
+### 1. Add the gem
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'jwt_auth_engine'
+```
+
+### 2. Install dependencies
+
+```zsh
+bundle install
+```
+
+### 3. Run the install generator
+
+```zsh
+bundle exec rails generate jwt_auth_engine:install
+```
+
+The generator accepts options to customize the auth model, identifier field, and password field. See [Generator Options](#generator-options).
+
+This generates:
+
+| File                                                               | Purpose                                             |
+|--------------------------------------------------------------------|-----------------------------------------------------|
+| `config/initializers/jwt_auth_engine.rb`                           | Engine configuration                                |
+| `db/migrate/<timestamp>_add_jwt_auth_engine_columns_to_<table>.rb` | Adds identifier + password digest columns           |
+| `app/models/concerns/jwt_auth_engine/auth_model_concern.rb`        | Model behavior (`has_secure_password`, validations) |
+
+The generator also attempts to inject `include JwtAuthEngine::AuthModelConcern` into your model file automatically.
+
+### 4. Run migration
+
+```zsh
+bundle exec rails db:migrate
+```
+
+### 5. Set your JWT secret key
+
+Open the generated initializer and set `config.jwt_secret_key` to a secure random string.
+
+> ⚠️ The engine will raise `JwtAuthEngine::MissingSecretKey` at runtime if this value is `nil`.
+
+Generate a secret:
+
+```zsh
+bundle exec rails secret
+```
+
+You can source it any way that suits your setup:
+
+```ruby
+# From Rails credentials
+config.jwt_secret_key = Rails.application.credentials.dig(:jwt_auth_engine, :secret_key)
+
+# From an environment variable
+config.jwt_secret_key = ENV['JWT_SECRET_KEY']
+
+# From Rails secrets
+config.jwt_secret_key = Rails.application.secrets.jwt_secret_key
+```
+
+---
+
+## Configuration
+
+The install generator creates an initializer with sensible defaults:
+
+```ruby
+# config/initializers/jwt_auth_engine.rb
+JwtAuthEngine.configure do |config|
+  config.auth_model           = 'User'      # Your ActiveRecord model class name
+  config.identifier_field     = :email      # Field used for login/signup lookup
+  config.password_field       = :password   # Base attribute for has_secure_password
+  config.jwt_secret_key       = nil         # REQUIRED: Set to a secure random string
+  config.access_token_expiry  = 8.hours     # Access token expiry duration
+  config.refresh_token_expiry = 7.days      # Refresh token expiry duration
+end
+```
+
+### Generator Options
+
+All options are optional — defaults are applied if not provided.    
+E.g., to use an `Account` model with `username` as the identifier and `pin` as the password field:
+
+```zsh
+bundle exec rails generate jwt_auth_engine:install \
+  --auth-model=Account \
+  --identifier-field=username \
+  --password-field=pin
+```
+
+| Option               | Default    | Description                                                                 |
+|----------------------|------------|-----------------------------------------------------------------------------|
+| `--auth-model`       | `User`     | ActiveRecord model class name                                               |
+| `--identifier-field` | `email`    | Login/signup lookup field                                                   |
+| `--password-field`   | `password` | Password attribute (digest column = `<field>_digest`, required by `bcrypt`) |
+
+---
+
+## Mounting the Engine
+
+Add to your host app's routes:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  # other routes...
+  mount JwtAuthEngine::Engine, at: '/auth'
+end
+```
+
+All engine endpoints will be available under `/auth/` path.
+
+---
+
+## API Endpoints
+
+You may see [JWT Auth Engine API Collection](https://abhiskush.github.io/jwt_auth_engine/api_collection.html) for detailed information on endpoints, request/response shapes, and example payloads.
+
+A summary of endpoints is provided below.
+
+### Public Endpoints
+
+| Method | Path           | Description                                                       |
+|--------|----------------|-------------------------------------------------------------------|
+| `GET`  | `/auth/ping`   | Health check — returns `pong!`                                    |
+| `POST` | `/auth/signup` | Register a new account and returns new access and refresh tokens  |
+| `POST` | `/auth/login`  | Authenticate and returns new access and refresh tokens            |
+
+### Protected Endpoints (require access token)
+
+| Method   | Path                       | Description                               |
+|----------|----------------------------|-------------------------------------------|
+| `GET`    | `/auth/authenticated_ping` | Verify token is valid                     |
+| `DELETE` | `/auth/logout`             | Stateless logout (client discards tokens) |
+| `POST`   | `/auth/change_password`    | Change password for authenticated account |
+| `GET`    | `/auth/me`                 | Retrieve authenticated account profile    |
+
+### Token Endpoints (require refresh token)
+
+| Method | Path                  | Description                                 |
+|--------|-----------------------|---------------------------------------------|
+| `POST` | `/auth/refresh_token` | Exchange refresh token for a new token pair |
+
+> Send the refresh token as `Authorization: Bearer <refresh_token>` — not the access token.
+
+---
+
+## Authentication
+
+### How It Works
+
+1. On login/signup, the engine issues a **token pair** (access + refresh)
+2. The client sends the access token as `Authorization: Bearer <token>` on protected requests
+3. The engine decodes the token, extracts the model ID, and loads the authenticated record
+4. When the access token expires, use the refresh token at `/auth/refresh_token` to get a new pair
+
+### JWT Payload Structure
+
+```json
+{
+  "user_id": 1,
+  "email": "user@example.com",
+  "exp": 1717200000,
+  "token_type": "access"
+}
+```
+
+Payload keys are dynamic: `user_id` becomes `account_id` if `auth_model = 'Account'` and `email` becomes `username` if `identifier_field = :username`.
+
+### Token Expiry Defaults
+
+| Token         | Default Expiry |
+|---------------|----------------|
+| Access token  | 8 hours        |
+| Refresh token | 7 days         |
+
+---
+
+## Customization
+
+### Auth Model Concern
+
+The generator creates `app/models/concerns/jwt_auth_engine/auth_model_concern.rb` in your host app. This file is **yours to customize**:
+
+- Modify validations
+- Change normalization behavior
+- Add additional callbacks
+
+If the generator can't find your model file, include the concern manually:
+
+```ruby
+class User < ApplicationRecord
+  include JwtAuthEngine::AuthModelConcern
+end
+```
+
+The generated concern includes a `before_validation` callback that strips and downcases string identifiers. You can customize or remove this in the generated concern file to match your identifier semantics.
+
+---
+
+## Response Shapes
+
+All engine responses follow a consistent JSON shape, scoped only to engine endpoints (no impact on host app error handling).
+
+| HTTP Status  | Shape                                                                      |
+|--------------|----------------------------------------------------------------------------|
+| `200`        | `{ "success": true, "data": { ... } }`                                     |
+| `201`        | `{ "success": true, "data": { ... } }`                                     |
+| `401`        | `{ "success": false, "errors": "..." }`                                    |
+| `422`        | `{ "success": false, "errors": [...] }`                                    |
+| `500`        | `{ "success": false, "errors": { "message": "...", "backtrace": [...] } }` |
+
+## Custom Error Classes
+
+| Error                              | When Raised                                            |
+|------------------------------------|--------------------------------------------------------|
+| `JwtAuthEngine::MissingSecretKey`  | `jwt_secret_key` is not configured                     |
+| `JwtAuthEngine::AuthModelNotFound` | Configured model class cannot be resolved              |
+| `JwtAuthEngine::InvalidAuthModel`  | Model does not inherit from `ActiveRecord::Base`       |
+| `JwtAuthEngine::TokenExpired`      | JWT has passed its expiry time                         |
+| `JwtAuthEngine::InvalidToken`      | JWT cannot be decoded                                  |
+| `JwtAuthEngine::InvalidTokenType`  | Token type does not match expected (access vs refresh) |
+
+---
+
+## Testing
+
+The gem uses **RSpec** for testing and **SimpleCov** for code coverage enforcement. Tests run against a minimal dummy Rails app (`spec/dummy/`) with an in-memory SQLite database.
+
+### Coverage Thresholds
+
+| Metric | Minimum Required |
+|--------|-----------------|
+| Line coverage | 95% |
+| Branch coverage | 90% |
+
+SimpleCov will fail the test suite if coverage drops below these thresholds.
+
+### Running Tests
+
+```zsh
+# Run the full test suite
+bundle exec rspec
+
+# Run with verbose output
+bundle exec rspec --format documentation
+
+# Run a specific spec file
+bundle exec rspec spec/services/jwt_auth_engine/login_service_spec.rb
+
+# Run a specific example by line number
+bundle exec rspec spec/requests/jwt_auth_engine/sessions_spec.rb:12
+```
+
+After each run, a coverage report is generated at `coverage/index.html`.
+
+### Test Structure
+
+```
+spec/
+├── spec_helper.rb              # SimpleCov setup + coverage thresholds
+├── rails_helper.rb             # Boots dummy app, DatabaseCleaner, JwtAuthEngine config
+├── dummy/                      # Minimal Rails API app for integration testing
+├── lib/                        # Unit tests for core library modules
+├── services/                   # Unit tests for service objects
+└── requests/                   # Integration tests for all API endpoints
+```
+
+### Multi-Version Testing with Appraisal
+
+The gem supports Rails 6.1 through 8.1. We use
+[Appraisal](https://github.com/thoughtbot/appraisal) with a boundary strategy:
+minimum and latest patch for each supported Rails minor line.
+
+#### Setup
+
+```zsh
+# Install base dependencies
+bundle install
+
+# Generate appraisal gemfiles (run after editing Appraisals file)
+bundle exec appraisal generate
+```
+
+#### Listing Available Appraisals
+
+```zsh
+bundle exec appraisal list
+```
+
+#### Running Tests Against a Specific Boundary
+
+```zsh
+bundle exec appraisal rails-6.1-min rspec
+bundle exec appraisal rails-7.2-max rspec
+bundle exec appraisal rails-8.1-max rspec
+```
+
+#### Running Tests Against ALL Rails Versions
+
+```zsh
+bundle exec appraisal rspec
+```
+
+#### RVM Isolated Gemsets (One Per Appraisal)
+
+If you use RVM, this project includes a helper that keeps dependencies isolated
+with one gemset per appraisal gemfile.
+
+```zsh
+# Show all appraisal targets
+bin/appraisal_rvm list
+
+# Create Ruby + gemset + install dependencies for one appraisal
+bin/appraisal_rvm bootstrap rails-7.2-max
+
+# Run specs for one appraisal in its dedicated gemset
+bin/appraisal_rvm run rails-7.2-max
+
+# Pre-install all appraisals (can take time)
+bin/appraisal_rvm bootstrap-all
+```
+
+> **Note:** Rails and Ruby compatibility is constrained by both Rails requirements
+> and this gem's minimum Ruby requirement (`>= 3.0.0`).
+
+#### Compatibility Matrix
+
+| Rails Line | Tested Boundaries | Effective Min Ruby |
+|---|---|---|
+| Rails 6.1.x | 6.1.0 and 6.1.7.10 | 3.0.0 |
+| Rails 7.0.x | 7.0.0 and 7.0.10 | 3.0.0 |
+| Rails 7.1.x | 7.1.0 and 7.1.6 | 3.0.0 |
+| Rails 7.2.x | 7.2.0 and 7.2.3.1 | 3.1.0 |
+| Rails 8.0.x | 8.0.0 and 8.0.5 | 3.2.0 |
+| Rails 8.1.x | 8.1.0 and 8.1.3 | 3.2.0 |
+
+### CI (GitHub Actions)
+
+We run a two-tier matrix:
+
+- `.github/workflows/ci.yml`: required PR/push checks with boundary coverage.
+- `.github/workflows/compatibility-full.yml`: scheduled/manual broad matrix
+  across Ruby 3.0-3.5 and all Rails boundary appraisals.
+
+This is a standard professional setup: fast required feedback plus deeper
+periodic compatibility surveillance.
+
+---
+
+## Contributing
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/my-feature`)
+3. Commit your changes (`git commit -am 'Add my feature'`)
+4. Push to the branch (`git push origin feature/my-feature`)
+5. Open a Pull Request
+
+Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on the code of conduct and contribution process.
+
+---
+
+## License
+
+This gem is available as open source under the terms of the [MIT License](LICENSE.txt).

data/app/controllers/concerns/jwt_auth_engine/authenticatable.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Controller concern for extracting and validating bearer access tokens.
+  module Authenticatable
+    extend ActiveSupport::Concern
+
+    included do
+      attr_accessor :current_auth_model_instance
+    end
+
+    private
+
+    def authenticate_auth_model!
+      token = bearer_token
+      return render_unauthorized('Authorization header missing or malformed') unless token
+
+      assign_current_auth_model(token)
+    rescue StandardError => e
+      handle_authentication_error(e)
+    end
+
+    def assign_current_auth_model(token)
+      payload = TokenService.decode_access(token)
+      payload_key = JwtAuthEngine.auth_model_token_payload_key
+      model_id = payload[payload_key]
+      self.current_auth_model_instance = JwtAuthEngine.auth_model_class.find(model_id)
+    end
+
+    def handle_authentication_error(error)
+      message = authentication_error_message(error)
+      return render_unauthorized(message) if message
+
+      raise error
+    end
+
+    def authentication_error_message(error)
+      return 'Access token has expired' if error.is_a?(JwtAuthEngine::TokenExpired)
+      return error.message if error.is_a?(JwtAuthEngine::InvalidToken)
+      return 'Access token expected' if error.is_a?(JwtAuthEngine::InvalidTokenType)
+
+      "#{JwtAuthEngine.auth_model_name.to_s.humanize} not found" if error.is_a?(ActiveRecord::RecordNotFound)
+    end
+
+    def bearer_token
+      header = request.headers['Authorization']
+      return nil unless header&.start_with?('Bearer ')
+
+      header.split(' ', 2).last.presence
+    end
+  end
+end

data/app/controllers/concerns/jwt_auth_engine/rescuable.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Concern that converts unhandled exceptions to structured JSON responses.
+  module Rescuable
+    extend ActiveSupport::Concern
+
+    included do
+      rescue_from StandardError, with: :render_unhandled_exception
+    end
+
+    private
+
+    def render_unhandled_exception(exception)
+      render_internal_server_error(
+        errors: {
+          message: exception.message,
+          backtrace: Array(exception.backtrace).first(10)
+        }
+      )
+    end
+  end
+end

data/app/controllers/concerns/jwt_auth_engine/response_renderable.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Concern with shared JSON response helpers for engine controllers.
+  module ResponseRenderable
+    def render_success(**data)
+      render json: { success: true, data: data.except(:status) },
+             status: data[:status] || :ok
+    end
+
+    def render_unauthorized(message = 'Unauthorized')
+      render_error(errors: message, status: :unauthorized)
+    end
+
+    def render_validation_error(errors:)
+      render_error(errors: errors, status: :unprocessable_entity)
+    end
+
+    def render_internal_server_error(errors:)
+      render_error(errors: errors, status: :internal_server_error)
+    end
+
+    private
+
+    def render_error(errors:, status:)
+      render json: { success: false, errors: errors }, status: status
+    end
+  end
+end

data/app/controllers/concerns/jwt_auth_engine/serializable.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Concern that serializes auth model fields for API responses.
+  module Serializable
+    extend ActiveSupport::Concern
+
+    private
+
+    def serialize_auth_model_instance(auth_model_instance)
+      if auth_model_instance.respond_to?(JwtAuthEngine.identifier_field)
+        identifier_value = auth_model_instance.public_send(JwtAuthEngine.identifier_field)
+      end
+
+      primary_key = auth_model_instance.class.primary_key
+      primary_key_value = auth_model_instance.public_send(primary_key)
+
+      { primary_key => primary_key_value, JwtAuthEngine.identifier_field => identifier_value }.compact
+    end
+  end
+end

data/app/controllers/concerns/jwt_auth_engine/tokenizable.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Concern that builds token payloads and issues access/refresh token pairs.
+  module Tokenizable
+    extend ActiveSupport::Concern
+
+    private
+
+    def issue_tokens(auth_model_instance)
+      payload = {
+        JwtAuthEngine.auth_model_token_payload_key => auth_model_instance.id,
+        JwtAuthEngine.identifier_field => auth_model_instance.public_send(JwtAuthEngine.identifier_field)
+      }
+
+      {
+        access_token: TokenService.encode_access(payload),
+        refresh_token: TokenService.encode_refresh(payload)
+      }
+    end
+  end
+end

data/app/controllers/jwt_auth_engine/application_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Base API controller for all engine endpoints.
+  class ApplicationController < ActionController::API
+    include Authenticatable
+    include ResponseRenderable
+    include Rescuable
+
+    before_action :ensure_jwt_secret_key!
+    before_action :authenticate_auth_model!
+
+    private
+
+    def ensure_jwt_secret_key!
+      JwtAuthEngine.configuration.jwt_secret_key
+    rescue JwtAuthEngine::MissingSecretKey => e
+      render_internal_server_error(errors: e.message)
+    end
+  end
+end

data/app/controllers/jwt_auth_engine/passwords_controller.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module JwtAuthEngine
+  # Handles password rotation for authenticated users.
+  class PasswordsController < ApplicationController
+    # ── POST /change_password ─────────────────────────────────────────────────
+    def change_password
+      result = ChangePasswordService.new(
+        auth_model_instance: current_auth_model_instance,
+        change_password_params: change_password_params
+      ).call
+
+      return render_success(message: result[:message]) if result[:success]
+
+      return render_unauthorized(result[:invalid]) if result[:invalid]
+
+      render_validation_error(errors: result[:errors])
+    end
+
+    private
+
+    def change_password_params
+      params.permit(JwtAuthEngine.current_password_field, JwtAuthEngine.new_password_field)
+    end
+  end
+end