RubyGems - jwt_sessions - Versions diffs - 1.0.1 → 1.0.2 - Mend

jwt_sessions 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +33 -4
data/lib/jwt_sessions/access_token.rb +2 -1
data/lib/jwt_sessions/session.rb +10 -2
data/lib/jwt_sessions/version.rb +1 -1
data/test/units/jwt_sessions/test_access_token.rb +30 -0
data/test/units/jwt_sessions/test_refresh_token.rb +1 -1
data/test/units/jwt_sessions/test_session.rb +3 -3
data/test/units/jwt_sessions/test_token.rb +5 -3
metadata +46 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5168d7361bdf008db2c14204b698bed8926aa0fc
-  data.tar.gz: 7a218c9787fef9375a260064adaaf69f31d53e78
+  metadata.gz: 143a1452f628f1d201801cc8b7b4855de56479fb
+  data.tar.gz: e648fe573c4239e2359d808b5fb93e58d253cf59
 SHA512:
-  metadata.gz: 5646630d2e046bf3f6519f384e21306ba109127f53cf831d06164e39d8805396f7a3e561a3afe702c647308faca3cee949300726e3e0134e3fb24563c1330981
-  data.tar.gz: 902ef70ff8adfe56771ebbab3f06b330bf762a81fc13e9c555df0eaab4b8dfd7ca30b95d84355cfaf4bf11c3508c0e015bcba744bf7eb39095d7c4f6b3b9f4c1
+  metadata.gz: d81c0bda06caebed8b38ca9649de98c3e5680859beb7059fd5f0534239f1aeb5b859c0e6f0582bb4585de44b7eef83136fa735d1ac2f7fa6107949e82dd777bb
+  data.tar.gz: 7e717dc3a0326c81239d1ce12937182bcc5f7d59df884f9eb4e7513f7a398b8c42984b97865e8bdc6f1a3efc75e8b8c96225b04ff76c64adf44f95508cdc57e7

data/README.md CHANGED Viewed

@@ -1,8 +1,29 @@
 # jwt_sessions
 [![Gem Version](https://badge.fury.io/rb/jwt_sessions.svg)](https://badge.fury.io/rb/jwt_sessions)
+[![Maintainability](https://api.codeclimate.com/v1/badges/53de11b8334933b1c0ef/maintainability)](https://codeclimate.com/github/tuwukee/jwt_sessions/maintainability)
+[![Build Status](https://travis-ci.org/tuwukee/jwt_sessions.svg?branch=master)](https://travis-ci.org/tuwukee/jwt_sessions)
 XSS/CSRF safe JWT auth designed for SPA
+## Table of Contents
+- [Synopsis](#synopsis)
+- [Installation](#installation)
+- [Getting Started](#getting-started)
+  * [Rails integration](#rails-integration)
+  * [Non-Rails usage](#non-rails-usage)
+- [Configuration](#configuration)
+    + [Redis](#redis)
+    + [JWT encryption](#jwt-encryption)
+    + [Request headers and cookies names](#request-headers-and-cookies-names)
+    + [Expiration time](#expiration-time)
+    + [CSRF and cookies](#csrf-and-cookies)
+    + [Refresh token hijack protection](#refresh-token-hijack-protection)
+- [Examples](#examples)
+- [TODO](#todo)
+- [Contributing](#contributing)
+- [License](#license)
 ## Synopsis
 Main goal of this gem is to provide configurable, manageable, and safe stateful sessions based on JSON Web Tokens.
@@ -60,7 +81,8 @@ JWTSessions.encryption_key = Rails.application.secrets.secret_jwt_encryption_key
 ```
 Generate access/refresh/csrf tokens with a custom payload. \
-The payload will be available in the controllers once the access (or refresh) token is authorized.
+The payload will be available in the controllers once the access (or refresh) token is authorized. \
+Access/refresh tokens contain expiration time in their payload. Yet expiration times are also added to the output just in case.
 ```ruby
 > payload = { user_id: user.id }
@@ -72,7 +94,9 @@ The payload will be available in the controllers once the access (or refresh) to
 > session.login
 => {:csrf=>"BmhxDRW5NAEIx...",
     :access=>"eyJhbGciOiJIUzI1NiJ9...",
-    :refresh=>"eyJhbGciOiJIUzI1NiJ9..."}
+    :access_expires_at=>"..."
+    :refresh=>"eyJhbGciOiJIUzI1NiJ9...",
+    :refresh_expires_at=>"..."}
 ```
 You can build login controller to receive access, refresh and csrf tokens in exchange for user's login/password. \
@@ -185,7 +209,7 @@ def request_method
 end
 ```
-Example Sinatra app.
+Example Sinatra app. \
 NOTE: Since rack updates HTTP headers by using `HTTP_` prefix, upcasing and using underscores for sake of simplicity JWTSessions tokens header names are converted to rack-style in this example.
 ```ruby
@@ -231,7 +255,7 @@ class SimpleApp < Sinatra::Base
     session.refresh(found_token).to_json
   end
-  # GEY /payload
+  # GET /payload
   # authorization: Bearer ...
   get '/payload' do
     authorize_access_request!
@@ -310,6 +334,11 @@ session = JwtSessions::Session.new(payload: payload)
 session.refresh(refresh_token) { |refresh_token_uid, access_token_expiration| ... }
 ```
+## Examples
+[Rails API](test/support/dummy_api) \
+[Sinatra API](test/support/dummy_sinatra_api)
 ## TODO
 Ability to specify public and private keys for RSA/EDCSA/EDDSA, there are no default values for keys. \

data/lib/jwt_sessions/access_token.rb CHANGED Viewed

@@ -1,12 +1,13 @@
 module JWTSessions
   class AccessToken
-    attr_reader :token, :payload, :uid, :expiration, :csrf
+    attr_reader :token, :payload, :uid, :expiration, :csrf, :store
     def initialize(csrf, payload, store, uid = SecureRandom.uuid, expiration = JWTSessions.access_expiration)
       @csrf       = csrf
       @uid        = uid
       @expiration = expiration
       @payload    = payload
+      @store      = store
       @token      = Token.encode(payload.merge(uid: uid, exp: expiration.to_i))
     end

data/lib/jwt_sessions/session.rb CHANGED Viewed

@@ -84,7 +84,11 @@ module JWTSessions
     end
     def tokens_hash
-      { csrf: csrf_token, access: access_token, refresh: refresh_token }
+      { csrf: csrf_token,
+        access: access_token,
+        access_expires_at: Time.at(@_access.expiration.to_i),
+        refresh: refresh_token,
+        refresh_expires_at: Time.at(@_refresh.expiration.to_i) }
     end
     def check_refresh_on_time
@@ -111,7 +115,11 @@ module JWTSessions
     end
     def create_refresh_token
-      @_refresh = RefreshToken.create(@_csrf.encoded, @_access.uid, @_access.expiration, store, @refresh_payload)
+      @_refresh = RefreshToken.create(@_csrf.encoded,
+                                      @_access.uid,
+                                      @_access.expiration,
+                                      store,
+                                      @refresh_payload)
       @refresh_token = @_refresh.token
     end

data/lib/jwt_sessions/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module JWTSessions
-  VERSION = '1.0.1'
+  VERSION = '1.0.2'
 end

data/test/units/jwt_sessions/test_access_token.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require 'minitest/autorun'
+require 'jwt_sessions'
+class TestAccessToken < Minitest::Test
+   attr_reader :access_token, :uid
+  def setup
+    JWTSessions.encryption_key = 'secret key'
+    @payload = { user_id: 1 }
+    @csrf = JWTSessions::CSRFToken.new
+    @uid = SecureRandom.uuid
+    @access_token = JWTSessions::AccessToken.create(@csrf.encoded,
+                                                    @payload,
+                                                    JWTSessions.token_store)
+  end
+  def test_csrf
+    token = JWTSessions.token_store.fetch_access(access_token.uid)
+    assert_equal token[:csrf], access_token.csrf
+    access_token.destroy
+  end
+  def test_destroy
+    JWTSessions::AccessToken.destroy(access_token.uid, JWTSessions.token_store)
+    token = JWTSessions.token_store.fetch_access(access_token.uid)
+    assert_equal({}, token)
+  end
+end

data/test/units/jwt_sessions/test_refresh_token.rb CHANGED Viewed

@@ -7,7 +7,7 @@ class TestRefreshToken < Minitest::Test
    attr_reader :csrf, :token, :access_uid
   def setup
-    JWTSessions.encryption_key = '65994c7b523a3232e7aba54d8cbf'
+    JWTSessions.encryption_key = 'secure encryption'
     @access_uid = SecureRandom.uuid
     @csrf = JWTSessions::CSRFToken.new
     @token = JWTSessions::RefreshToken.create(@csrf.encoded,

data/test/units/jwt_sessions/test_session.rb CHANGED Viewed

@@ -5,11 +5,11 @@ require 'jwt_sessions'
 class TestSession < Minitest::Test
   attr_reader :session, :payload, :tokens
-  EXPECTED_KEYS = [:access, :csrf, :refresh].freeze
+  EXPECTED_KEYS = %i[access access_expires_at csrf refresh refresh_expires_at].freeze
   def setup
-    JWTSessions.encryption_key = '65994c7b523a3232e7aba54d8cbf'
-    @payload = { test: 'test' }
+    JWTSessions.encryption_key = 'encrypted'
+    @payload = { test: 'secret' }
     @session = JWTSessions::Session.new(payload: payload)
     @tokens = session.login
   end

data/test/units/jwt_sessions/test_token.rb CHANGED Viewed

@@ -7,13 +7,15 @@ class TestToken < Minitest::Test
   attr_reader :payload
   def setup
-    JWTSessions.encryption_key = '65994c7b523a3232e7aba54d8cbf'
-    @payload = { 'user_id' => 1 }
+    JWTSessions.encryption_key = 'super secret'
+    @payload = { 'user_id' => 1, 'secret' => 'mystery' }
   end
   def test_valid_token_decode
     token = JWTSessions::Token.encode(payload)
-    assert_equal payload['user_id'], JWTSessions::Token.decode(token).first['user_id']
+    decoded = JWTSessions::Token.decode(token).first
+    assert_equal payload['user_id'], decoded['user_id']
+    assert_equal payload['secret'], decoded['secret']
   end
   def test_invalid_token_decode

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt_sessions
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Yulia Oletskaya
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-17 00:00:00.000000000 Z
+date: 2018-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -38,6 +38,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
 description: XSS/CSRF safe JWT auth designed for SPA
 email: yulia.oletskaya@gmail.com
 executables: []
@@ -71,6 +113,7 @@ files:
 - lib/jwt_sessions/session.rb
 - lib/jwt_sessions/token.rb
 - lib/jwt_sessions/version.rb
+- test/units/jwt_sessions/test_access_token.rb
 - test/units/jwt_sessions/test_csrf_token.rb
 - test/units/jwt_sessions/test_refresh_token.rb
 - test/units/jwt_sessions/test_session.rb
@@ -102,6 +145,7 @@ specification_version: 4
 summary: JWT Sessions
 test_files:
 - test/units/test_jwt_sessions.rb
+- test/units/jwt_sessions/test_access_token.rb
 - test/units/jwt_sessions/test_csrf_token.rb
 - test/units/jwt_sessions/test_refresh_token.rb
 - test/units/jwt_sessions/test_session.rb