jwt_sessions 2.7.3 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed69732617f15f4c07c0fb37d3ad938807224b729f136d24755a90f58b7b28ab
-  data.tar.gz: 27bee3f1c2bd4b099b0dadea703143d70e6abf1aaa6e5556f67515dfbc6f2e5b
+  metadata.gz: 7e7a3aefe57092b27b60f6ef28e6a2acb55f6a18228984b2ca4b08c3e7b887e7
+  data.tar.gz: 75eda3e6ec9a47dae19f03a00c0b3e30a99f0f4548b37aae6815aa9e808126d9
 SHA512:
-  metadata.gz: a0a81d8d8013a1393b441ddd15ec34fb57ceb0bd3198f9ee4a2554dff653efbe4379ad6992d1a8678895e0391f45626068a2f16b422ad8c658b7a086a08241d3
-  data.tar.gz: 46e744a4512da3d90b54f6552c42f35c7b3b3d25a9d73292058ac5782102ed9d9c77ac6a734a865b40e2fcccd675257cc5c41d27be45bd5fde758e8d6c97537f
+  metadata.gz: 8d2eb29176309d00726b1e7df7d7ace1f914c62c9998b2655f754d9c4992d75bd5db3d54183034c80be889fd43216bc1b548ccbcf52104eea216621923dc6d8e
+  data.tar.gz: 5c7ba9621534b445373b2b588b4be2076c2ed7e4266852aea1d653b51f166c85bec1f6de33b9a6445de049e081cb93356d5e92980887849d209a03e39d1b54d9

data/CHANGELOG.md

@@ -1,11 +1,25 @@
-## 2.7.3 (August 26, 2022)
+## 3.0.0 (December 27, 2022)
 
-Bugfixes:
+Features:
 
-- compatibility with jwt 2.5
+- replace `redis` with `redis-client`
+- add `pool_size` setting to support concurrency within `redis-client`'s connection pool
+
+Support:
+
+- upgrade `jwt` to 2.6 in dependencies
+
+## 2.7.4 (August 31, 2022)
 
 Support:
 
+- compatibility with redis 5.0
+
+## 2.7.3 (August 26, 2022)
+
+Support:
+
+- compatibility with jwt 2.5
 - add rspec to development deps
 
 ## 2.7.2 (January 24, 2022)

data/README.md

@@ -1,7 +1,7 @@
 # jwt_sessions
 [![Gem Version](https://badge.fury.io/rb/jwt_sessions.svg)](https://badge.fury.io/rb/jwt_sessions)
 [![Maintainability](https://api.codeclimate.com/v1/badges/53de11b8334933b1c0ef/maintainability)](https://codeclimate.com/github/tuwukee/jwt_sessions/maintainability)
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/c86efdfca81448919ec3e1c1e48fc152)](https://www.codacy.com/app/tuwukee/jwt_sessions?utm_source=github.com&utm_medium=referral&utm_content=tuwukee/jwt_sessions&utm_campaign=Badge_Grade)
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/6ba02043e42144a9af96c9675207a5c4)](https://www.codacy.com/gh/tuwukee/jwt_sessions/dashboard?utm_source=github.com&utm_medium=referral&utm_content=tuwukee/jwt_sessions&utm_campaign=Badge_Grade)
 [![Build Status](https://travis-ci.org/tuwukee/jwt_sessions.svg?branch=master)](https://travis-ci.org/tuwukee/jwt_sessions)
 
 XSS/CSRF safe JWT auth designed for SPA
@@ -348,7 +348,7 @@ List of configurable settings with their default values.
 
 ##### Token store
 
-In order to configure a token store you should set up a store adapter in a following way: `JWTSessions.token_store = :redis, { redis_url: 'redis://127.0.0.1:6379/0' }` (options can be omitted). Currently supported stores are `:redis` and `:memory`. Please note, that if you want to use Redis as a store then you should have `redis` gem listed in your Gemfile. If you do not configure the adapter explicitly, this gem will try to load `redis` and use it. Otherwise it will fall back to a `memory` adapter.
+In order to configure a token store you should set up a store adapter in a following way: `JWTSessions.token_store = :redis, { redis_url: 'redis://127.0.0.1:6379/0' }` (options can be omitted). Currently supported stores are `:redis` and `:memory`. Please note, that if you want to use Redis as a store then you should have `redis-client` gem listed in your Gemfile. If you do not configure the adapter explicitly, this gem will try to load `redis-client` and use it. Otherwise it will fall back to a `memory` adapter.
 
 Memory store only accepts a `prefix` (used for Redis db keys). Here is a default configuration for Redis:
 
@@ -357,9 +357,11 @@ JWTSessions.token_store = :redis, {
   redis_host: "127.0.0.1",
   redis_port: "6379",
   redis_db_name: "0",
-  token_prefix: "jwt_"
+  token_prefix: "jwt_",
+  pool_size: Integer(ENV.fetch("RAILS_MAX_THREADS", 5))
 }
 ```
+On default `pool_size` is set to 5. Override it with the value of max number of parallel redis connections in your app.
 
 You can also provide a Redis URL instead:
 
@@ -381,7 +383,7 @@ JWTSessions.token_store = :redis, {
 If you already have a configured Redis client, you can pass it among the options to reduce opened connections to a Redis server:
 
 ```ruby
-JWTSessions.token_store = :redis, {redis_client: Redis.current}
+JWTSessions.token_store = :redis, {redis_client: redis_pool}
 ```
 
 ##### JWT signature
@@ -409,11 +411,11 @@ jwt_sessions only uses `exp` claim by default when it decodes tokens and you can
 setting `jwt_options`. You can also specify leeway to account for clock skew.
 
 ```ruby
-JWTSessions.jwt_options.verify_iss = true
-JWTSessions.jwt_options.verify_sub = true
-JWTSessions.jwt_options.verify_iat = true
-JWTSessions.jwt_options.verify_aud = true
-JWTSessions.jwt_options.leeway     = 30 # seconds
+JWTSessions.jwt_options[:verify_iss] = true
+JWTSessions.jwt_options[:verify_sub] = true
+JWTSessions.jwt_options[:verify_iat] = true
+JWTSessions.jwt_options[:verify_aud] = true
+JWTSessions.jwt_options[:leeway]     = 30 # seconds
 ```
 
 To pass options like `sub`, `aud`, `iss`, or leeways you should specify a method called `token_claims` in your controller.

data/lib/jwt_sessions/session.rb

@@ -89,7 +89,7 @@ module JWTSessions
       tokens.each do |token|
         AccessToken.destroy(token.access_uid, store)
         # unlink refresh token from the current access token
-        token.update(nil, nil, token.csrf)
+        token.update(0, 0, token.csrf)
       end.count
     end
 
@@ -208,7 +208,7 @@ module JWTSessions
     def check_access_uid_within_refresh_token
       uid = retrieve_val_from(payload, :access, "uid", "access uid")
       access_uid = @_refresh.access_uid
-      return if access_uid.size.zero?
+      return if access_uid == "0"
       yield @_refresh.uid, @_refresh.access_expiration if access_uid != uid
     end
 

data/lib/jwt_sessions/store_adapters/redis_store_adapter.rb

@@ -6,6 +6,7 @@ module JWTSessions
       attr_reader :prefix, :storage
 
       REFRESH_KEYS = %i[csrf access_uid access_expiration expiration].freeze
+      DEFAULT_POOL_SIZE = 5
 
       def initialize(token_prefix: JWTSessions.token_prefix, redis_client: nil, **options)
         @prefix = token_prefix
@@ -14,10 +15,10 @@ module JWTSessions
           @storage = redis_client
         else
           begin
-            require "redis"
+            require "redis-client"
             @storage = configure_redis_client(**options)
           rescue LoadError => e
-            msg = "Could not load the 'redis' gem, please add it to your gemfile or " \
+            msg = "Could not load the 'redis-client' gem, please add it to your gemfile or " \
                   "configure a different adapter (e.g. JWTSessions.store_adapter = :memory)"
             raise e.class, msg, e.backtrace
           end
@@ -25,21 +26,22 @@ module JWTSessions
       end
 
       def fetch_access(uid)
-        csrf = storage.get(access_key(uid))
+        csrf = storage.call("GET", access_key(uid))
         csrf.nil? ? {} : { csrf: csrf }
       end
 
       def persist_access(uid, csrf, expiration)
         key = access_key(uid)
-        storage.set(key, csrf)
-        storage.expireat(key, expiration)
+        storage.call("SET", key, csrf, ex: expiration)
       end
 
       def fetch_refresh(uid, namespace, first_match = false)
         key    = first_match ? first_refresh_key(uid) : full_refresh_key(uid, namespace)
-        values = storage.hmget(key, *REFRESH_KEYS).compact
+        return {} if key.nil?
 
+        values = storage.call("HMGET", key, *REFRESH_KEYS).compact
         return {} if values.length != REFRESH_KEYS.length
+
         REFRESH_KEYS
           .each_with_index
           .each_with_object({}) { |(key, index), acc| acc[key] = values[index] }
@@ -55,12 +57,12 @@ module JWTSessions
           csrf: csrf,
           namespace: namespace
         )
-        storage.hset(key, :expiration, expiration)
-        storage.expireat(key, expiration)
+        storage.call("HSET", key, :expiration, expiration)
+        storage.call("EXPIREAT", key, expiration)
       end
 
       def update_refresh(uid:, access_expiration:, access_uid:, csrf:, namespace: nil)
-        storage.hmset(
+        storage.call("HMSET",
           full_refresh_key(uid, namespace),
           :csrf, csrf,
           :access_expiration, access_expiration,
@@ -81,11 +83,11 @@ module JWTSessions
 
       def destroy_refresh(uid, namespace)
         key = full_refresh_key(uid, namespace)
-        storage.del(key)
+        storage.call("DEL", key)
       end
 
       def destroy_access(uid)
-        storage.del(access_key(uid))
+        storage.call("DEL", access_key(uid))
       end
 
       private
@@ -100,8 +102,10 @@ module JWTSessions
           redis_port: redis_port,
           redis_db_name: redis_db_name
         )
-
-        Redis.new(options.merge(url: redis_url))
+        pool_size = options.delete(:pool_size) || DEFAULT_POOL_SIZE
+        RedisClient.
+          config(**options.merge(url: redis_url)).
+          new_pool(size: pool_size)
       end
 
       def build_redis_url(redis_host: nil, redis_port: nil, redis_db_name: nil)
@@ -150,7 +154,7 @@ module JWTSessions
         all_keys = []
 
         loop do
-          cursor, keys = storage.scan(cursor, match: key_pattern, count: 1000)
+          cursor, keys = storage.call("SCAN", cursor, match: key_pattern, count: 1000)
           all_keys |= keys
 
           break if cursor == "0"

data/lib/jwt_sessions/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JWTSessions
-  VERSION = "2.7.3"
+  VERSION = "3.0.0"
 end

data/test/units/jwt_sessions/store_adapters/test_redis_store_adapter.rb

@@ -24,29 +24,28 @@ class TestRedisStoreAdapter < Minitest::Test
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(
       redis_url: "redis://127.0.0.1:6379",
       ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
-      reconnect_delay: 2,
       timeout: 8
     )
-    options = adapter.storage.instance_variable_get(:@options)
+    config = adapter.storage.config
 
-    assert_equal 8, options[:timeout]
-    assert_equal 2, options[:reconnect_delay]
-    assert_equal 0, options[:ssl_params][:verify_mode]
+    assert_equal 8, config.instance_variable_get(:@connect_timeout)
+    assert_equal 0, config.instance_variable_get(:@ssl_params)[:verify_mode]
   end
 
   def test_default_url
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal "redis://127.0.0.1:6379/0", adapter.storage.connection[:id]
+
+    assert_equal "redis://127.0.0.1:6379/0", adapter.storage.config.server_url
   end
 
   def test_url_with_env_var
     ENV["REDIS_URL"] = "redis://locallol:2018/"
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal "redis://locallol:2018/0", adapter.storage.connection[:id]
+    assert_equal "redis://locallol:2018/0", adapter.storage.config.server_url
 
     ENV.delete("REDIS_URL")
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal "redis://127.0.0.1:6379/0", adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.1:6379/0", adapter.storage.config.server_url
   end
 
   def test_configuration_via_host_port_and_db
@@ -55,7 +54,7 @@ class TestRedisStoreAdapter < Minitest::Test
       redis_port: "6372",
       redis_db_name: "2"
     )
-    assert_equal "redis://127.0.0.2:6372/2", adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6372/2", adapter.storage.config.server_url
   end
 
   def test_configuration_via_host_port_and_db_in_module
@@ -64,18 +63,18 @@ class TestRedisStoreAdapter < Minitest::Test
     JWTSessions.redis_db_name = "2"
 
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal "redis://127.0.0.2:6372/2", adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6372/2", adapter.storage.config.server_url
   end
 
   def test_configuration_via_redis_url
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(redis_url: "redis://127.0.0.2:6322")
-    assert_equal "redis://127.0.0.2:6322/0", adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6322/0", adapter.storage.config.server_url
   end
 
   def test_configuration_via_redis_url_in_module
     JWTSessions.redis_url = "redis://127.0.0.2:6322"
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal "redis://127.0.0.2:6322/0", adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6322/0", adapter.storage.config.server_url
   end
 
   def test_configuration_via_redis_client
@@ -83,4 +82,12 @@ class TestRedisStoreAdapter < Minitest::Test
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(redis_client: client)
     assert_equal client, adapter.storage
   end
+
+  def test_redis_pool_size
+    default_adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
+    assert_equal 5, default_adapter.storage.instance_variable_get(:@pool).size
+
+    adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(pool_size: 10)
+    assert_equal 10, adapter.storage.instance_variable_get(:@pool).size
+  end
 end

data/test/units/jwt_sessions/test_session.rb

@@ -16,9 +16,9 @@ class TestSession < Minitest::Test
   end
 
   def teardown
-    redis = Redis.new
-    keys = redis.keys("jwt_*")
-    keys.each { |k| redis.del(k) }
+    redis = RedisClient.new
+    keys = redis.call("KEYS", "jwt_*")
+    keys.each { |k| redis.call("DEL", k) }
   end
 
   def test_login
@@ -309,8 +309,8 @@ class TestSession < Minitest::Test
     session.flush_namespaced_access_tokens
     ruid = session.instance_variable_get(:"@_refresh").uid
     refresh_token = JWTSessions::RefreshToken.find(ruid, JWTSessions.token_store, namespace)
-    assert_equal "", refresh_token.access_uid
-    assert_equal "", refresh_token.access_expiration
+    assert_equal "0", refresh_token.access_uid
+    assert_equal "0", refresh_token.access_expiration
 
     # allows to refresh with un-expired but flushed access token payload
     session.refresh_by_access_payload do
@@ -320,8 +320,8 @@ class TestSession < Minitest::Test
     access_token = JWTSessions::AccessToken.find(auid, JWTSessions.token_store)
     refresh_token = JWTSessions::RefreshToken.find(ruid, JWTSessions.token_store, namespace)
 
-    assert_equal false, access_token.uid.size.zero?
-    assert_equal false, access_token.expiration.size.zero?
+    assert "0" != access_token.uid
+    assert "0" != access_token.expiration
     assert_equal access_token.uid.to_s, refresh_token.access_uid
     assert_equal access_token.expiration.to_s, refresh_token.access_expiration
   end

data/test/units/jwt_sessions/test_token.rb

@@ -51,14 +51,20 @@ class TestToken < Minitest::Test
   end
 
   def test_ecdsa_token_decode
+    # temp: the test is failling for ruby 3 because of openssl-3 issue
+    # https://github.com/ruby/openssl/issues/369
+    skip if RUBY_VERSION.to_i > 2
+
     JWTSessions.algorithm   = "ES256"
     JWTSessions.private_key = OpenSSL::PKey::EC.new "prime256v1"
     JWTSessions.private_key.generate_key
-    JWTSessions.public_key             = OpenSSL::PKey::EC.new JWTSessions.private_key
-    JWTSessions.public_key.private_key = nil
+
+    JWTSessions.public_key = OpenSSL::PKey::EC.new JWTSessions.private_key
+    JWTSessions.public_key.private_key = nil 
 
     token   = JWTSessions::Token.encode(payload)
     decoded = JWTSessions::Token.decode(token).first
+
     assert_equal payload["user_id"], decoded["user_id"]
     assert_equal payload["secret"], decoded["secret"]
   end

data/test/units/test_token_store.rb

@@ -30,7 +30,7 @@ class TestTokenStore < Minitest::Test
     JWTSessions.redis_port = 6378
     JWTSessions.token_store = :redis
 
-    assert_equal "redis://127.0.0.1:6378/0", JWTSessions.token_store.storage.connection[:id]
+    assert_equal "redis://127.0.0.1:6378/0", JWTSessions.token_store.storage.config.server_url
   end
 
   def test_setting_redis_token_store_without_options

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt_sessions
 version: !ruby/object:Gem::Version
-  version: 2.7.3
+  version: 3.0.0
 platform: ruby
 authors:
 - Yulia Oletskaya
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-26 00:00:00.000000000 Z
+date: 2022-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.5'
+        version: '2.6'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.5'
+        version: '2.6'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -112,7 +112,7 @@ metadata:
   changelog_uri: https://github.com/tuwukee/jwt_sessions/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/tuwukee/jwt_sessions
   bug_tracker_uri: https://github.com/tuwukee/jwt_sessions/issues
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -127,17 +127,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: JWT Sessions
 test_files:
 - test/units/test_jwt_sessions.rb
 - test/units/test_token_store.rb
-- test/units/jwt_sessions/test_csrf_token.rb
-- test/units/jwt_sessions/test_access_token.rb
-- test/units/jwt_sessions/store_adapters/test_redis_store_adapter.rb
 - test/units/jwt_sessions/store_adapters/test_memory_store_adapter.rb
-- test/units/jwt_sessions/test_token.rb
+- test/units/jwt_sessions/store_adapters/test_redis_store_adapter.rb
+- test/units/jwt_sessions/test_access_token.rb
+- test/units/jwt_sessions/test_csrf_token.rb
 - test/units/jwt_sessions/test_refresh_token.rb
 - test/units/jwt_sessions/test_session.rb
+- test/units/jwt_sessions/test_token.rb