jwt_sessions 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4b639d9a9560b309205c8cc09a55d4e29ade5af7
+  data.tar.gz: 4936d31724cfe88af332f0edf5c29faefdd8ed74
+SHA512:
+  metadata.gz: 54ba0f9e9826cebeba55de7687e5215255a827e3765b360913cf460569d5f121657a9d0b6ecdab72149403ad2d2c15e594e55a508516b4bb9f1dd10c31568727
+  data.tar.gz: 0d91952a603ef98df693c9daa3603c52523a7fa045a9a6c7d9ba90c9a15c21706305a657ee0870a74977ffd51ea3596b2fff9148b74313eb7916b7f755e5a997

data/Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,27 @@
+PATH
+  remote: .
+  specs:
+    jwt_sessions (0.0.0)
+      jwt (~> 1.4)
+      redis (~> 3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.1.2)
+    jwt (1.5.6)
+    method_source (0.9.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    redis (3.3.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  jwt_sessions!
+  pry
+
+BUNDLED WITH
+   1.16.1

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Yulia Oletskaya
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,2 @@
+# jwt_sessions
+XSS/CSRF safe JWT auth designed for SPA

data/Rakefile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new do |task|
+  task.test_files = FileList['test/units/test_*.rb', 'test/units/**/test_*.rb']
+end
+desc 'Run tests'
+
+task default: :test

data/jwt_sessions.gemspec

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'jwt_sessions/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'jwt_sessions'
+  s.version     = JWTSessions::VERSION
+  s.date        = '2018-03-08'
+  s.summary     = 'JWT Sessions'
+  s.description = 'XSS/CSRF safe JWT auth designed for SPA'
+  s.authors     = ['Yulia Oletskaya']
+  s.email       = 'yulia.oletskaya@gmail.com'
+  s.homepage    = 'http://rubygems.org/gems/jwt_sessions'
+  s.license     = 'MIT'
+
+  s.files         = Dir['*', 'lib/**/*', 'LICENSE', 'README.md']
+  s.test_files    = Dir['test/units/*', 'test/units/**/*']
+  s.require_paths = ['lib']
+
+  s.add_dependency 'jwt', '~>1.4'
+  s.add_dependency 'redis', '~>3'
+
+  s.add_development_dependency 'pry', '~>0.11'
+end

data/lib/jwt_sessions.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+require 'jwt_sessions/errors'
+require 'jwt_sessions/token'
+require 'jwt_sessions/redis_token_store'
+require 'jwt_sessions/refresh_token'
+require 'jwt_sessions/csrf_token'
+require 'jwt_sessions/access_token'
+require 'jwt_sessions/session'
+require 'jwt_sessions/authorization'
+require 'jwt_sessions/version'
+
+module JWTSessions
+  extend self
+
+  attr_writer :token_store
+
+  DEFAULT_SETTINGS_KEYS = %i[redis_host
+                             redis_port
+                             redis_db_name
+                             token_prefix
+                             algorithm
+                             exp_time
+                             refresh_exp_time].freeze
+  DEFAULT_REDIS_HOST = '127.0.0.1'
+  DEFAULT_REDIS_PORT = '6379'
+  DEFAULT_REDIS_DB_NAME = 'jwtokens'
+  DEFAULT_TOKEN_PREFIX = 'jwt_'
+  DEFAULT_ALGORITHM = 'HS256'
+  DEFAULT_EXP_TIME = 3600 # 1 hour in seconds
+  DEFAULT_REFRESH_EXP_TIME = 604800 # 1 week in seconds
+
+
+  DEFAULT_SETTINGS_KEYS.each do |setting|
+    var_name = :"@#{setting}"
+
+    define_method(setting) do
+      if instance_variables.include?(var_name)
+        instance_variable_get(var_name)
+      else
+        instance_variable_set(var_name,
+                              const_get("DEFAULT_#{setting.upcase}"))
+      end
+    end
+
+    define_method("#{setting}=") do |val|
+      instance_variable_set(var_name, val)
+    end
+  end
+
+  def token_store
+    RedisTokenStore.instance(redis_host, redis_port, redis_db_name, token_prefix)
+  end
+
+  def encryption_key
+    raise Errors::Malconfigured, 'encryption_key is not specified' unless @encryption_key
+    @encryption_key
+  end
+
+  def access_expiration
+    Time.now.to_i + exp_time.to_i
+  end
+
+  def refresh_expiration
+    Time.now.to_i + refresh_exp_time.to_i
+  end
+
+  def encryption_key=(key)
+    @encryption_key = key
+  end
+end

data/lib/jwt_sessions/access_token.rb

@@ -0,0 +1,29 @@
+module JWTSessions
+  class AccessToken
+    attr_reader :token, :payload, :uid, :expiration, :csrf
+
+    def initialize(csrf, payload, store, uid = SecureRandom.uuid, expiration = JWTSessions.access_expiration)
+      @csrf       = csrf
+      @uid        = uid
+      @expiration = expiration
+      @payload    = payload
+      @token      = Token.encode(payload.merge(uid: uid, exp: expiration.to_i))
+    end
+
+    def destroy
+      store.destroy_access(uid)
+    end
+
+    class << self
+      def create(csrf, payload, store)
+        new(csrf, payload, store).tap do |inst|
+          store.persist_access(inst.uid, inst.csrf, inst.expiration)
+        end
+      end
+
+      def destroy(uid, store)
+        store.destroy_access(uid)
+      end
+    end
+  end
+end

data/lib/jwt_sessions/authorization.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+module JWTSessions
+  module Authorization
+    CSRF_SAFE_METHODS = ['GET', 'HEAD'].freeze
+
+    protected
+
+    def authenticate_request!
+      begin
+        cookieless_auth
+      rescue Errors::Unauthorized
+        cookie_based_auth
+      end
+
+      invalid_authentication unless Token.valid_payload?(payload)
+      check_csrf
+    end
+
+    def invalid_authentication
+      raise Errors::Unauthorized
+    end
+
+    def get_from_payload(key)
+      payload[key]
+    end
+
+    def check_csrf
+      invalid_authentication if should_check_csrf? && @_csrf_check && !valid_csrf_token?(retrieve_csrf)
+    end
+
+    def should_check_csrf?
+      !CSRF_SAFE_METHODS.include?(request_method)
+    end
+
+    def token_header
+      raise Errors::Malconfigured, 'token_header is not implemented'
+    end
+
+    def token_cookie
+      raise Errors::Malconfigured, 'token_cookie is not implemented'
+    end
+
+    def csrf_header
+      raise Errors::Malconfigured, 'csrf_header is not implemented'
+    end
+
+    def request_headers
+      raise Errors::Malconfigured, 'request_headers is not implemented'
+    end
+
+    def request_cookies
+      raise Errors::Malconfigured, 'request_cookies is not implemented'
+    end
+
+    def request_method
+      raise Errors::Malconfigured, 'request_method is not implemented'
+    end
+
+    def valid_csrf_token?(csrf_token)
+      JWTSessions::Session.new.valid_csrf?(@_raw_token, csrf_token)
+    end
+
+    def cookieless_auth
+      @_csrf_check = false
+      @_raw_token = token_from_headers
+    end
+
+    def cookie_based_auth
+      @_csrf_check = true
+      @_raw_token = token_from_cookies
+    end
+
+    private
+
+    def retrieve_csrf
+      token = requset_headers[csrf_header]
+      raise Errors::Unauthorized, 'CSRF token is not found' unless token
+      token
+    end
+
+    def token_from_headers
+      raw_token = request_headers[token_header]
+      token = raw_token.split(' ')[-1]
+      raise Errors::Unauthorized, 'Token is not found among request headers' unless token
+      token
+    end
+
+    def token_from_cookies
+      token = request_cookies[token_cookie]
+      raise Errors::Unauthorized, 'Token is not found among cookies' unless token
+      token
+    end
+
+    def payload
+      @_payload ||= Token.decode(@token).first
+    end
+  end
+end

data/lib/jwt_sessions/csrf_token.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module JWTSessions
+  class CSRFToken
+    CSRF_LENGTH = 32
+
+    attr_reader :encoded, :token
+
+    def initialize(csrf_token = nil)
+      @encoded = csrf_token || SecureRandom.base64(CSRF_LENGTH)
+      @token   = masked_token
+    end
+
+    def valid_authenticity_token?(encoded_masked_token)
+      if encoded_masked_token.nil? || encoded_masked_token.empty? || !encoded_masked_token.is_a?(String)
+        return false
+      end
+
+      begin
+        masked_token = Base64.strict_decode64(encoded_masked_token)
+      rescue ArgumentError
+        return false
+      end
+
+      if masked_token.length == AUTHENTICITY_TOKEN_LENGTH
+        secure_compare(masked_token, raw_token)
+      elsif masked_token.length == AUTHENTICITY_TOKEN_LENGTH * 2
+        csrf_token = unmask_token(masked_token)
+        secure_compare(csrf_token, raw_token)
+      else
+        false
+      end
+    end
+
+    private
+
+    def secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+
+    def unmask_token(masked_token)
+      one_time_pad = masked_token[0...CSRF_LENGTH]
+      encrypted_csrf_token = masked_token[CSRF_LENGTH..-1]
+      xor_byte_strings(one_time_pad, encrypted_csrf_token)
+    end
+
+    def masked_token
+      one_time_pad = SecureRandom.random_bytes(CSRF_LENGTH)
+      encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token)
+      masked_token = one_time_pad + encrypted_csrf_token
+      Base64.strict_encode64(masked_token)
+    end
+
+    def raw_token
+      Base64.strict_decode64(encoded)
+    end
+
+    def xor_byte_strings(s1, s2)
+      s2_bytes = s2.bytes
+      s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 }
+      s2_bytes.pack("C*")
+    end
+  end
+end

data/lib/jwt_sessions/errors.rb

@@ -0,0 +1,8 @@
+module JWTSessions
+  module Errors
+    class Error < RuntimeError; end
+    class Malconfigured < Error; end
+    class InvalidPayload < Error; end
+    class Unauthorized < Error; end
+  end
+end

data/lib/jwt_sessions/rails_authorization.rb

@@ -0,0 +1,13 @@
+module JWTSessions
+  module RailsAuthorization
+    include Authorization
+
+    def request_headers
+      request.headers
+    end
+
+    def request_cookies
+      request.cookie_jar
+    end
+  end
+end

data/lib/jwt_sessions/redis_token_store.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'redis'
+
+module JWTSessions
+  class RedisTokenStore
+    class << self
+      def instance(redis_host, redis_port, redis_db_name, prefix)
+        @_tokens_store ||= Redis.new(url: "redis://#{redis_host}:#{redis_port}/#{redis_db_name}")
+        @_token_prefix ||= prefix
+
+        new(@_tokens_store, @_token_prefix)
+      end
+
+      def clear
+        @_tokens_store = nil
+        @_token_prefix = nil
+      end
+
+      private
+
+      def new(store, prefix)
+        super(store, prefix)
+      end
+    end
+
+    attr_reader :store, :prefix
+
+    def initialize(store, prefix)
+      @store  = store
+      @prefix = prefix
+    end
+
+    def fetch_access(uid)
+      csrf = store.get(access_key(uid))
+      return {} if csrf.nil?
+      { csrf: csrf }
+    end
+
+    def persist_access(uid, csrf, expiration)
+      key = access_key(uid)
+      store.set(key, csrf)
+      store.expireat(key, expiration)
+    end
+
+    def fetch_refresh(uid)
+      keys   = [:csrf, :access_uid, :access_expiration, :expiration]
+      values = store.hmget(refresh_key(uid), *keys)
+      return {} if values.empty?
+      keys.each_with_index.inject({}) { |acc, (key, index)| acc[key] = values[index]; acc }
+    end
+
+    def persist_refresh(uid, access_expiration, access_uid, csrf, expiration)
+      key = refresh_key(uid)
+      update_refresh(uid, access_expiration, access_uid, csrf)
+      store.hset(key, :expiration, expiration)
+      store.expireat(key, expiration)
+    end
+
+    def update_refresh(uid, access_expiration, access_uid, csrf)
+      store.hmset(refresh_key(uid), :csrf, csrf, :access_expiration, access_expiration, :access_uid, access_uid)
+    end
+
+    def destroy_refresh(uid)
+      store.del(refresh_key(uid))
+    end
+
+    def destroy_access(uid)
+      store.del(access_key(uid))
+    end
+
+    private
+
+    def access_key(uid)
+      "#{prefix}_access_#{uid}"
+    end
+
+    def refresh_key(uid)
+      "#{prefix}_refresh_#{uid}"
+    end
+  end
+end

data/lib/jwt_sessions/refresh_token.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module JWTSessions
+  class RefreshToken
+    attr_reader :expiration, :uid, :token, :csrf, :access_uid, :access_expiration, :store
+
+    def initialize(csrf, access_uid, access_expiration, store, uid = SecureRandom.uuid, expiration = JWTSessions.refresh_expiration)
+      @csrf              = csrf
+      @access_uid        = access_uid
+      @access_expiration = access_expiration
+      @uid               = uid
+      @expiration        = expiration
+      @store             = store
+      @token             = Token.encode(uid: uid, exp: expiration.to_i)
+    end
+
+    class << self
+      def create(csrf, access_uid, access_expiration, store)
+        inst = new(csrf, access_uid, access_expiration, store)
+        inst.send(:persist_in_store)
+        inst
+      end
+
+      def find(uid, store)
+        token_attrs = store.fetch_refresh(uid)
+        raise Errors::Unauthorized, 'Refresh token not found' if token_attrs.empty?
+        new(token_attrs[:csrf],
+            token_attrs[:access_uid],
+            token_attrs[:access_expiration],
+            store,
+            uid,
+            token_attrs[:expiration])
+      end
+
+      def destroy(uid, store)
+        store.destroy_refresh(uid)
+      end
+    end
+
+    def update(access_uid, access_expiration, csrf)
+      store.update_refresh(uid, access_uid, access_expiration, csrf)
+    end
+
+    def destroy
+      store.destroy_refresh(uid)
+    end
+
+    private
+
+    def persist_in_store
+      store.persist_refresh(uid, access_expiration, access_uid, csrf, expiration)
+    end
+  end
+end

data/lib/jwt_sessions/session.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+module JWTSessions
+  class Session
+    attr_reader :access_token, :refresh_token, :csrf_token
+    attr_accessor :payload, :store
+
+    def initialize(options = {})
+      @store   = options.fetch(:store, JWTSessions.token_store)
+      @payload = options.fetch(:payload, {})
+    end
+
+    def login
+      create_csrf_token
+      create_access_token
+      create_refresh_token
+
+      tokens_hash
+    end
+
+    def valid_csrf?(access_token, csrf_token)
+      csrf(access_token).valid_authenticity_token?(csrf_token)
+    end
+
+    def masked_csrf(access_token)
+      csrf(access_token).token
+    end
+
+    def refresh(refresh_token, &block)
+      refresh_token_data(refresh_token)
+      refresh_by_uid(&block)
+    end
+
+    private
+
+    def refresh_by_uid(&block)
+      check_refresh_on_time(&block) if block_given?
+      AccessToken.destroy(@_refresh.access_uid, store)
+      issue_tokens_after_refresh
+    end
+
+    def csrf(access_token)
+      token_data = access_token_data(access_token)
+      raise Errors::Unauthorized, 'Access token not found' if token_data.empty?
+      CSRFToken.new(token_data[:csrf])
+    end
+
+    def access_token_data(token)
+      uid = token_uid(token, :access)
+      store.fetch_access(uid)
+    end
+
+    def refresh_token_data(token)
+      uid = token_uid(token, :refresh)
+      retrieve_refresh_token(uid)
+    end
+
+    def token_uid(token, type)
+      token_payload = JWTSessions::Token.decode(refresh_token).first
+      uid           = token_payload.fetch('uid', nil)
+      if uid.nil?
+        message = "#{type.to_s.capitalize} token payload does not contain token uid"
+        raise Errors::InvalidPayload, message
+      end
+      uid
+    end
+
+    def retrieve_refresh_token(uid)
+      @_refresh = RefreshToken.find(uid, store)
+    end
+
+    def tokens_hash
+      { csrf: csrf_token, access: access_token, refresh: refresh_token }
+    end
+
+    def check_refresh_on_time
+      expiration = @_refresh.access_expiration
+      yield @_refresh.uid, expiration if expiration.to_i > Time.now.to_i
+    end
+
+    def issue_tokens_after_refresh
+      create_csrf_token
+      create_access_token
+      update_refresh_token
+
+      tokens_hash
+    end
+
+    def update_refresh_token
+      @_refresh.update(@_access.uid, @_access.expiration, @_csrf.encoded)
+      @refresh_token = @_refresh.token
+    end
+
+    def create_csrf_token
+      @_csrf = CSRFToken.new
+      @csrf_token = @_csrf.token
+    end
+
+    def create_refresh_token
+      @_refresh = RefreshToken.create(@_csrf.encoded, @_access.uid, @_access.expiration, store)
+      @refresh_token = @_refresh.token
+    end
+
+    def create_access_token
+      @_access = AccessToken.create(@_csrf.encoded, payload, store)
+      @access_token = @_access.token
+    end
+  end
+end

data/lib/jwt_sessions/token.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module JWTSessions
+  class Token
+    class << self
+      def encode(payload)
+        exp_payload = meta.merge(payload)
+        JWT.encode(exp_payload, JWTSessions.encryption_key, JWTSessions.algorithm)
+      end
+
+      def decode(token)
+        JWT.decode(token, JWTSessions.encryption_key, true, { algorithm: JWTSessions.algorithm, verify_expiration: false })
+      rescue JWT::DecodeError => e
+        raise Errors::Unauthorized, e.message
+      rescue StandardError
+        raise Errors::Unauthorized, 'could not decode a token'
+      end
+
+      def valid_payload?(payload)
+        !expired?(payload)
+      end
+
+      def meta
+        { exp: JWTSessions.access_expiration }
+      end
+
+      def expired?(payload)
+        Time.at(payload['exp']) < Time.now
+      rescue StandardError
+        raise Errors::Unauthorized, 'invalid payload expiration time'
+      end
+    end
+  end
+end

data/lib/jwt_sessions/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module JWTSessions
+  VERSION = '0.0.1'
+end

data/test/units/jwt_sessions/test_session.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'minitest/autorun'
+require 'jwt_sessions'
+
+class TestSession < Minitest::Test
+  attr_accessor :session, :payload, :tokens
+  EXPECTED_KEYS = [:access, :csrf, :refresh].freeze
+
+  def setup
+    JWTSessions.encryption_key = '65994c7b523a3232e7aba54d8cbf'
+    @payload = { test: 'test' }
+    @session = JWTSessions::Session.new(payload: payload)
+    @tokens = session.login
+  end
+
+  def test_login
+    decoded_access = JWTSessions::Token.decode(tokens[:access]).first
+    assert_equal EXPECTED_KEYS, tokens.keys.sort
+    assert_equal payload[:test], decoded_access['test']
+  end
+
+  def test_refresh
+    refreshed_tokens = session.refresh(tokens[:refresh])
+    decoded_access = JWTSessions::Token.decode(refreshed_tokens[:access]).first
+    assert_equal EXPECTED_KEYS, refreshed_tokens.keys.sort
+    assert_equal payload[:test], decoded_access['test']
+  end
+
+  def test_refresh_with_block_not_expired
+    assert_raises JWTSessions::Errors::Unauthorized do
+      session.refresh(tokens[:refresh]) do
+        raise JWTSessions::Errors::Unauthorized
+      end
+    end
+  end
+
+  def test_refresh_with_block_expired
+    JWTSessions.exp_time = 0
+    @session = JWTSessions::Session.new(payload: payload)
+    @tokens = session.login
+    refreshed_tokens = session.refresh(tokens[:refresh]) do
+      raise JWTSessions::Errors::Unauthorized
+    end
+    JWTSessions.exp_time = 3600
+    decoded_access = JWTSessions::Token.decode(refreshed_tokens[:access]).first
+    assert_equal EXPECTED_KEYS, refreshed_tokens.keys.sort
+    assert_equal payload[:test], decoded_access['test']
+  end
+end

data/test/units/jwt_sessions/test_token.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'minitest/autorun'
+require 'jwt_sessions'
+
+class TestToken < Minitest::Test
+  attr_accessor :payload
+
+  def setup
+    JWTSessions.encryption_key = '65994c7b523a3232e7aba54d8cbf'
+    @payload = { 'user_id' => 1 }
+  end
+
+  def test_valid_token_decode
+    token = JWTSessions::Token.encode(payload)
+    assert_equal payload['user_id'], JWTSessions::Token.decode(token).first['user_id']
+  end
+
+  def test_invalid_token_decode
+    assert_raises JWTSessions::Errors::Unauthorized do
+      JWTSessions::Token.decode('abc')
+    end
+    assert_raises JWTSessions::Errors::Unauthorized do
+      JWTSessions::Token.decode('')
+    end
+    assert_raises JWTSessions::Errors::Unauthorized do
+      JWTSessions::Token.decode(nil)
+    end
+  end
+
+  def test_payload_exp_time
+    assert_raises JWTSessions::Errors::Unauthorized do
+      JWTSessions::Token.valid_payload?(payload)
+    end
+    payload['exp'] = Time.now - (3600 * 24)
+    assert_equal false, JWTSessions::Token.valid_payload?(payload)
+    payload['exp'] = Time.now + (3600 * 24)
+    assert_equal true, JWTSessions::Token.valid_payload?(payload)
+  end
+end

data/test/units/test_jwt_sessions.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'minitest/autorun'
+require 'jwt_sessions'
+
+class TestJWTSessions < Minitest::Test
+  def test_default_settings
+    assert_equal JWTSessions::DEFAULT_REDIS_HOST, JWTSessions.redis_host
+    assert_equal JWTSessions::DEFAULT_REDIS_DB_NAME, JWTSessions.redis_db_name
+    assert_equal JWTSessions::DEFAULT_TOKEN_PREFIX, JWTSessions.token_prefix
+    assert_equal JWTSessions::DEFAULT_ALGORITHM, JWTSessions.algorithm
+    assert_equal JWTSessions::DEFAULT_EXP_TIME, JWTSessions.exp_time
+    assert_equal JWTSessions::DEFAULT_REFRESH_EXP_TIME, JWTSessions.refresh_exp_time
+  end
+
+  def test_encryption_key
+    JWTSessions.encryption_key = nil
+    assert_raises JWTSessions::Errors::Malconfigured do
+      JWTSessions.encryption_key
+    end
+  end
+end

metadata

@@ -0,0 +1,108 @@
+--- !ruby/object:Gem::Specification
+name: jwt_sessions
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Yulia Oletskaya
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-03-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+description: XSS/CSRF safe JWT auth designed for SPA
+email: yulia.oletskaya@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- jwt_sessions.gemspec
+- lib/jwt_sessions.rb
+- lib/jwt_sessions/access_token.rb
+- lib/jwt_sessions/authorization.rb
+- lib/jwt_sessions/csrf_token.rb
+- lib/jwt_sessions/errors.rb
+- lib/jwt_sessions/rails_authorization.rb
+- lib/jwt_sessions/redis_token_store.rb
+- lib/jwt_sessions/refresh_token.rb
+- lib/jwt_sessions/session.rb
+- lib/jwt_sessions/token.rb
+- lib/jwt_sessions/version.rb
+- test/units/jwt_sessions/test_session.rb
+- test/units/jwt_sessions/test_token.rb
+- test/units/test_jwt_sessions.rb
+homepage: http://rubygems.org/gems/jwt_sessions
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: JWT Sessions
+test_files:
+- test/units/test_jwt_sessions.rb
+- test/units/jwt_sessions/test_session.rb
+- test/units/jwt_sessions/test_token.rb