jwt_keeper 3.2.0 → 5.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5313f67290a724013407952cecbc2c8df761ccc32d105df14ddf377433270283
-  data.tar.gz: a71960bcace03b25fd0bb2d58256a34138197e432a2b7fef0db88bc33264f3e1
+  metadata.gz: 4ce4912150544b5d9944105ef36f43022c480578eb922d6a5f001c2044a53de6
+  data.tar.gz: 8f1ef7fa13008c88133aac5babbf8622070db55ac3ea49eb45ef515c23e1751b
 SHA512:
-  metadata.gz: 316164c515d750a2dafffb9c070412ec3eedaef7240748dac61e4b623e7edb7f772feffced56b9e269bc545e69fe07f58df5868cb8348c4664675c2a16650c23
-  data.tar.gz: 1798c936fa86de719cc95915c6a32fa4c0d94b8337b6a56fe3f8cf48556d4f7ebc3224a66b712f288f0e31b12a21cf573c75a5c167df40b40cc229530cb9de9c
+  metadata.gz: df62c535a49f323772ee6b7fe995ada5a1906c1ac3d80916949a30c7030c058eea47105368edc97351c1853bdf11cf6f561452e21d71d2d79f32246964acf3b5
+  data.tar.gz: b03abb09f142d3d5b27706b9792be412ea8c5698b4c7c385a343f15cd147cf9b71202c32b24b7dbbd892a9ac054be6918b9562498f7f8a347d30d054d54ddc19

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec

data/README.md

@@ -32,11 +32,13 @@ raw_token_string = token.to_jwt
 The designed rails token flow is to receive and respond to requests with the token being present in the `Authorization` part of the header. This is to allow us to seamlessly rotate the tokens on the fly without having to rebuff the request as part of the user flow. Automatic rotation happens as part of the `require_authentication` action, meaning that you will always get the latest token data as created by `generate_claims` in your controllers. This new token is added to the response with the `write_authentication_token` action.
 
 ```bash
-rake generate jwt_keeper:install
+rails generate jwt_keeper:install
 ```
 
 ```ruby
 class ApplicationController < ActionController::Base
+  include JWTKeeper::Controller
+
   before_action :require_authentication
 
   def not_authenticated

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 

data/jwt_keeper.gemspec

@@ -23,13 +23,14 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'yard'
   spec.add_development_dependency 'rubocop'
   spec.add_development_dependency 'dotenv'
+  spec.add_development_dependency 'pry'
 
   spec.add_development_dependency 'rspec', '~> 3.8'
   spec.add_development_dependency 'fuubar'
   spec.add_development_dependency 'simplecov'
 
   spec.add_dependency 'redis'
-  spec.add_dependency 'rails', '~> 5.0'
-  spec.add_dependency 'activesupport', '~> 5.0'
+  spec.add_dependency 'rails'
+  spec.add_dependency 'activesupport'
   spec.add_dependency 'jwt', '>= 1.5'
 end

data/lib/generators/templates/jwt_keeper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 JWTKeeper.configure do |config|
   # The time to expire for the tokens
   # config.expiry           = 1.hour
@@ -26,6 +28,9 @@ JWTKeeper.configure do |config|
 
   # the location of redis config file
   # config.redis_connection = Redis.new(connection_options)
+  # config.redis_connection = ConnectionPool.new(size: ENV.fetch('RAILS_MAX_THREADS', 5)) do
+  #   Redis.new(url: ENV['REDISCLOUD_URL'] || 'redis://localhost:6379/')
+  # end
 
   # A unique idenfitier for the token version.
   # config.version          = 1

data/lib/jwt_keeper.rb

@@ -23,6 +23,4 @@ module JWTKeeper
 
     @configuration = new_configuration.freeze
   end
-
-  require 'jwt_keeper/engine' if defined?(Rails)
 end

data/lib/jwt_keeper/configuration.rb

@@ -4,8 +4,8 @@ module JWTKeeper
       algorithm:       'HS512',
       secret:           nil,
       expiry:           24.hours,
-      issuer:           'api.example.com',
-      audience:         'example.com',
+      issuer:           nil,
+      audience:         nil,
       redis_connection: nil,
       version:          nil,
       cookie_lock:      false,

data/lib/jwt_keeper/controller.rb

@@ -29,7 +29,7 @@ module JWTKeeper
       @authentication_token ||=
         JWTKeeper::Token.find(
           request.headers['Authorization'].split.last,
-          cookies.signed['jwt_keeper']
+          cookie_secret: defined?(cookies) && cookies.signed['jwt_keeper']
         )
     end
 
@@ -39,7 +39,7 @@ module JWTKeeper
     def write_authentication_token(token)
       return clear_authentication_token if token.nil?
       response.headers['Authorization'] = "Bearer #{token.to_jwt}"
-      cookies.signed['jwt_keeper'] = token.to_cookie
+      defined?(cookies) && cookies.signed['jwt_keeper'] = token.to_cookie
       @authentication_token = token
     end
 
@@ -47,7 +47,7 @@ module JWTKeeper
     # @return [void]
     def clear_authentication_token
       response.headers['Authorization'] = nil
-      cookies.delete('jwt_keeper')
+      defined?(cookies) && cookies.delete('jwt_keeper')
       @authentication_token = nil
     end
 

data/lib/jwt_keeper/datastore.rb

@@ -27,12 +27,28 @@ module JWTKeeper
 
       # @!visibility private
       def set_with_expiry(jti, seconds, type)
-        JWTKeeper.configuration.redis_connection.setex(jti, seconds, type)
+        redis = JWTKeeper.configuration.redis_connection
+
+        if redis.is_a?(Redis)
+          redis.setex(jti, seconds, type)
+        elsif defined?(ConnectionPool) && redis.is_a?(ConnectionPool)
+          redis.with { |conn| conn.setex(jti, seconds, type) }
+        else
+          throw 'Bad Redis Connection'
+        end
       end
 
       # @!visibility private
       def get(jti)
-        JWTKeeper.configuration.redis_connection.get(jti)
+        redis = JWTKeeper.configuration.redis_connection
+
+        if redis.is_a?(Redis)
+          redis.get(jti)
+        elsif defined?(ConnectionPool) && redis.is_a?(ConnectionPool)
+          redis.with { |conn| conn.get(jti) }
+        else
+          throw 'Bad Redis Connection'
+        end
       end
     end
   end

data/lib/jwt_keeper/token.rb

@@ -2,40 +2,47 @@ module JWTKeeper
   # This class acts as the main interface to wrap the concerns of JWTs. Handling everything from
   # encoding to invalidation.
   class Token
-    attr_accessor :claims, :cookie_secret
+    attr_accessor :claims, :secret, :cookie_secret
 
     # Initalizes a new web token
-    # @param private_claims [Hash] the custom claims to encode
-    # @param cookie_secret [String] the cookie secret to use during encoding
+    # @param options [Hash] the custom claims to encode
+    # @param secret the secret to use during encoding, defaults to config
+    # @param cookie_secret the cookie secret to use during encoding
     # @return [void]
-    def initialize(private_claims = {}, cookie_secret = nil)
-      @cookie_secret = cookie_secret
+    def initialize(options = {})
+      @secret = options.delete(:secret) || JWTKeeper.configuration.secret
+      @cookie_secret = options.delete(:cookie_secret)
       @claims = {
         nbf: DateTime.now.to_i, # not before
         iat: DateTime.now.to_i, # issued at
         jti: SecureRandom.uuid  # JWT ID
       }
+
       @claims.merge!(JWTKeeper.configuration.base_claims)
-      @claims.merge!(private_claims)
+      @claims.merge!(options)
+      @claims[:exp] = @claims[:exp].to_i if @claims[:exp].is_a?(Time)
     end
 
     # Creates a new web token
-    # @param private_claims [Hash] the custom claims to encode
+    # @param options [Hash] the custom claims to encode
+    # @param secret the secret to use during encoding, defaults to config
     # @return [Token] token object
-    def self.create(private_claims)
+    def self.create(options)
       cookie_secret = SecureRandom.hex(16) if JWTKeeper.configuration.cookie_lock
-      new(private_claims, cookie_secret)
+      new(options.merge(cookie_secret: cookie_secret))
     end
 
     # Decodes and validates an existing token
     # @param raw_token [String] the raw token
     # @param cookie_secret [String] the cookie secret
     # @return [Token] token object
-    def self.find(raw_token, cookie_secret = nil)
-      claims = decode(raw_token, cookie_secret)
+    def self.find(raw_token, secret: nil, cookie_secret: nil, iss: nil)
+      claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret, iss: iss)
       return nil if claims.nil?
 
-      new_token = new(claims, cookie_secret)
+      new_token = new(secret: secret, cookie_secret: cookie_secret, iss: iss)
+      new_token.claims = claims
+
       return nil if new_token.revoked?
       new_token
     end
@@ -66,6 +73,7 @@ module JWTKeeper
     # @param new_claims [Hash] Used to override and update claims during rotation
     # @return [Token]
     def rotate(new_claims = nil)
+      return self if claims[:iss] != JWTKeeper.configuration.issuer
       revoke
 
       new_claims ||= claims.except(:iss, :aud, :exp, :nbf, :iat, :jti)
@@ -110,7 +118,11 @@ module JWTKeeper
     # Checks if the token invalid?
     # @return [Boolean]
     def invalid?
-      self.class.decode(encode, cookie_secret).nil? || revoked?
+      self.class.decode(
+        encode,
+        secret: secret,
+        cookie_secret: cookie_secret
+      ).nil? || revoked?
     end
 
     # Encodes the jwt
@@ -130,8 +142,11 @@ module JWTKeeper
     end
 
     # @!visibility private
-    def self.decode(raw_token, cookie_secret)
-      JWT.decode(raw_token, JWTKeeper.configuration.secret.to_s + cookie_secret.to_s, true,
+    def self.decode(raw_token, secret: nil, cookie_secret: nil, iss: nil)
+      secret ||= JWTKeeper.configuration.secret
+      iss ||= JWTKeeper.configuration.issuer
+
+      JWT.decode(raw_token, secret.to_s + cookie_secret.to_s, true,
                  algorithm: JWTKeeper.configuration.algorithm,
                  verify_iss: true,
                  verify_aud: true,
@@ -139,7 +154,7 @@ module JWTKeeper
                  verify_sub: false,
                  verify_jti: false,
                  leeway: 0,
-                 iss: JWTKeeper.configuration.issuer,
+                 iss: iss,
                  aud: JWTKeeper.configuration.audience
                 ).first.symbolize_keys
 
@@ -151,8 +166,8 @@ module JWTKeeper
 
     # @!visibility private
     def encode
-      JWT.encode(claims,
-                 JWTKeeper.configuration.secret.to_s + cookie_secret.to_s,
+      JWT.encode(claims.compact,
+                 secret.to_s + cookie_secret.to_s,
                  JWTKeeper.configuration.algorithm
                 )
     end

data/lib/jwt_keeper/version.rb

@@ -1,4 +1,4 @@
 # Gem Version
 module JWTKeeper
-  VERSION = '3.2.0'.freeze
+  VERSION = '5.0.1'.freeze
 end

data/spec/lib/jwt_keeper/controller_spec.rb

@@ -4,7 +4,8 @@ RSpec.describe JWTKeeper do
   describe 'Controller' do
     include_context 'initialize config'
 
-    let(:token) { JWTKeeper::Token.create(claim: "Jet fuel can't melt steel beams") }
+    let(:token) { JWTKeeper::Token.create(claim: "The Earth is Flat") }
+
     subject(:test_controller) do
       cookies_klass = Class.new(Hash) do
         def signed

data/spec/lib/jwt_keeper/token_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module JWTKeeper
   RSpec.describe Token do
     include_context 'initialize config'
-    let(:private_claims) { { claim: "Jet fuel can't melt steel beams" } }
+    let(:private_claims) { { claim: "The Earth is Flat" } }
     let(:token)          { described_class.create(private_claims) }
     let(:raw_token)      { token.to_jwt }
 
@@ -24,6 +24,25 @@ module JWTKeeper
         it { is_expected.to be_instance_of described_class }
         it { expect(subject.claims[:exp]).to eql private_claims[:exp] }
       end
+
+      context 'when overriding default secret' do
+        subject { described_class.create(**private_claims, secret: secret) }
+
+        let(:secret) { SecureRandom.uuid }
+
+        it { is_expected.to be_instance_of described_class }
+        it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
+      end
+
+      context 'when overriding default issuer' do
+        subject { described_class.create(**private_claims, iss: issuer) }
+
+        let(:issuer) { 'ISSUER' }
+
+        it { is_expected.to be_instance_of described_class }
+        it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
+        it { expect(subject.claims[:iss]).to eql issuer }
+      end
     end
 
     describe '.find' do
@@ -42,16 +61,50 @@ module JWTKeeper
         it { is_expected.to be nil }
       end
 
-      context 'with bad cookie' do
-        subject { described_class.find(raw_token, 'BAD_COOKIE') }
-        it { is_expected.to be nil }
+      context 'describe with cookie locking' do
+        before { JWTKeeper.configure(JWTKeeper::Configuration.new(config.merge(cookie_lock: true))) }
+
+        context 'with no cookie' do
+          subject { described_class.find(raw_token, cookie_secret: nil) }
+          it { is_expected.to be nil }
+        end
+
+        context 'with bad cookie' do
+          subject { described_class.find(raw_token, cookie_secret: 'BAD_COOKIE') }
+          it { is_expected.to be nil }
+        end
+
+        context 'with valid cookie' do
+          subject { described_class.find(raw_token, cookie_secret: token.cookie_secret) }
+          it { is_expected.to be_instance_of described_class }
+        end
       end
 
-      context 'with valid cookie' do
-        before { JWTKeeper.configure(JWTKeeper::Configuration.new(config.merge(cookie_lock: true))) }
-        subject { described_class.find(raw_token, token.cookie_secret) }
+      context 'when overriding default secret' do
+        subject { described_class.find(raw_token, secret: secret) }
+
+        let(:token) { described_class.create(**private_claims, secret: secret) }
+        let(:secret) { SecureRandom.uuid }
 
         it { is_expected.to be_instance_of described_class }
+        it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
+      end
+
+      context 'when overriding default issuer' do
+        subject { described_class.find(raw_token, iss: issuer) }
+
+        let(:token) { described_class.create(**private_claims, iss: issuer) }
+        let(:issuer) { 'ISSUER' }
+
+        it { is_expected.to be_instance_of described_class }
+        it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
+        it { expect(subject.claims[:iss]).to eql issuer }
+
+        context 'with an issuer mismatch' do
+          subject { described_class.find(raw_token) }
+
+          it { is_expected.to be nil }
+        end
       end
     end
 
@@ -174,6 +227,13 @@ module JWTKeeper
       it { expect(new_token).to be_valid }
       it { expect(old_token.claims[:claim]).to eq new_token.claims[:claim] }
       it { expect(old_token.cookie_secret).not_to eq new_token.cookie_secret }
+
+      context 'with a foreign issued token' do
+        let(:old_token) { described_class.create(**private_claims, iss: 'ISSUER') }
+        let(:new_token) { old_token.rotate }
+
+        it { expect(old_token).to eq new_token }
+      end
     end
 
     describe '#valid?' do
@@ -187,6 +247,16 @@ module JWTKeeper
       context 'when valid' do
         it { is_expected.to be_valid }
       end
+
+      context 'with overriden secret' do
+        subject { described_class.create(**private_claims, secret: secret) }
+
+        let(:secret) { SecureRandom.uuid }
+
+        context 'when valid' do
+          it { is_expected.to be_valid }
+        end
+      end
     end
 
     describe '#invalid?' do

data/spec/spec_helper.rb

@@ -1,3 +1,4 @@
+require 'pry'
 require 'dotenv'
 Dotenv.load
 

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: jwt_keeper
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 5.0.1
 platform: ruby
 authors:
 - David Rivera
 - Zane Wolfgang Pickett
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-02-06 00:00:00.000000000 Z
+date: 2021-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -81,6 +81,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -141,30 +155,30 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -220,7 +234,7 @@ homepage: https://github.com/sirwolfgang/jwt_keeper
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -235,9 +249,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: JWT for Rails made easy
 test_files: