jwt_sessions 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +7 -7
- data/lib/jwt_sessions/store_adapters/redis_store_adapter.rb +2 -1
- data/lib/jwt_sessions/version.rb +1 -1
- data/lib/jwt_sessions.rb +3 -1
- data/test/units/jwt_sessions/store_adapters/test_redis_store_adapter.rb +9 -0
- data/test/units/jwt_sessions/test_access_token.rb +1 -1
- data/test/units/jwt_sessions/test_refresh_token.rb +1 -1
- data/test/units/jwt_sessions/test_session.rb +1 -1
- data/test/units/jwt_sessions/test_token.rb +6 -6
- data/test/units/test_jwt_sessions.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7740c76d1bba04e91c960b59d8dd248d09adbecbea3359e09e49b9ec82cd4a98
|
|
4
|
+
data.tar.gz: 43192bbcb08751f07216e84939a2b025239cb13b641c4563567b551626df79ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c96b79c7ba0a8952766d3d5501a34e5877f0f8bcebb9a3210318b42e86eaf3370c15b0a534e980cbb699493633fe2b7652ec1797f8c467a1838e76fdb246530c
|
|
7
|
+
data.tar.gz: aa1d46b6890bf7d5907ad9a190598c91855db0f90e3f6f5522d4b0390ccc92a797d8977162980a072db8fc0fb9553961683eb59896c1cc7881111fe48413f1e6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
## 3.1.0 (February 18, 20222)
|
|
2
|
+
|
|
3
|
+
Features:
|
|
4
|
+
|
|
5
|
+
- rename `encryption_key=` to `signing_key=` (keep the alias for backward compatibility)
|
|
6
|
+
|
|
7
|
+
## 3.0.1 (December 28, 2022)
|
|
8
|
+
|
|
9
|
+
Support:
|
|
10
|
+
|
|
11
|
+
- fix bug with expire/expireat
|
|
12
|
+
|
|
1
13
|
## 3.0.0 (December 27, 2022)
|
|
2
14
|
|
|
3
15
|
Features:
|
data/README.md
CHANGED
|
@@ -60,10 +60,10 @@ bundle install
|
|
|
60
60
|
|
|
61
61
|
## Getting Started
|
|
62
62
|
|
|
63
|
-
You should configure an
|
|
63
|
+
You should configure an algorithm and specify the signing key. By default the gem uses the `HS256` signing algorithm.
|
|
64
64
|
|
|
65
65
|
```ruby
|
|
66
|
-
JWTSessions.
|
|
66
|
+
JWTSessions.signing_key = "secret"
|
|
67
67
|
```
|
|
68
68
|
|
|
69
69
|
`Authorization` mixin provides helper methods which are used to retrieve the access and refresh tokens from incoming requests and verify the CSRF token if needed. It assumes that a token can be found either in a cookie or in a header (cookie and header names are configurable). It tries to retrieve the token from headers first and then from cookies (CSRF check included) if the header check fails.
|
|
@@ -152,15 +152,15 @@ class ApplicationController < ActionController::API
|
|
|
152
152
|
end
|
|
153
153
|
```
|
|
154
154
|
|
|
155
|
-
Specify
|
|
155
|
+
Specify a signing key for JSON Web Tokens in `config/initializers/jwt_session.rb` \
|
|
156
156
|
It is advisable to store the key itself in a secure way, f.e. within app credentials.
|
|
157
157
|
|
|
158
158
|
```ruby
|
|
159
159
|
JWTSessions.algorithm = "HS256"
|
|
160
|
-
JWTSessions.
|
|
160
|
+
JWTSessions.signing_key = Rails.application.credentials.secret_jwt_signing_key
|
|
161
161
|
```
|
|
162
162
|
|
|
163
|
-
Most of the
|
|
163
|
+
Most of the algorithms require private and public keys to sign a token. However, HMAC requires only a single key and you can use the `signing_key` shortcut to sign the token. For other algorithms you must specify private and public keys separately.
|
|
164
164
|
|
|
165
165
|
```ruby
|
|
166
166
|
JWTSessions.algorithm = "RS256"
|
|
@@ -294,7 +294,7 @@ require "sinatra/base"
|
|
|
294
294
|
JWTSessions.access_header = "authorization"
|
|
295
295
|
JWTSessions.refresh_header = "x_refresh_token"
|
|
296
296
|
JWTSessions.csrf_header = "x_csrf_token"
|
|
297
|
-
JWTSessions.
|
|
297
|
+
JWTSessions.signing_key = "secret key"
|
|
298
298
|
|
|
299
299
|
class SimpleApp < Sinatra::Base
|
|
300
300
|
include JWTSessions::Authorization
|
|
@@ -395,7 +395,7 @@ JWTSessions.algorithm = "HS256"
|
|
|
395
395
|
You need to specify a secret to use for HMAC as this setting does not have a default value.
|
|
396
396
|
|
|
397
397
|
```ruby
|
|
398
|
-
JWTSessions.
|
|
398
|
+
JWTSessions.signing_key = "secret"
|
|
399
399
|
```
|
|
400
400
|
|
|
401
401
|
If you are using another algorithm like RSA/ECDSA/EDDSA you should specify private and public keys.
|
|
@@ -32,7 +32,8 @@ module JWTSessions
|
|
|
32
32
|
|
|
33
33
|
def persist_access(uid, csrf, expiration)
|
|
34
34
|
key = access_key(uid)
|
|
35
|
-
storage.call("SET", key, csrf
|
|
35
|
+
storage.call("SET", key, csrf)
|
|
36
|
+
storage.call("EXPIREAT", key, expiration)
|
|
36
37
|
end
|
|
37
38
|
|
|
38
39
|
def fetch_refresh(uid, namespace, first_match = false)
|
data/lib/jwt_sessions/version.rb
CHANGED
data/lib/jwt_sessions.rb
CHANGED
|
@@ -121,10 +121,12 @@ module JWTSessions
|
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
# should be used for hmac only
|
|
124
|
-
def
|
|
124
|
+
def signing_key=(key)
|
|
125
125
|
@public_key = key
|
|
126
126
|
@private_key = key
|
|
127
127
|
end
|
|
128
|
+
# alias for backward compatibility
|
|
129
|
+
alias encryption_key= signing_key=
|
|
128
130
|
|
|
129
131
|
def access_expiration
|
|
130
132
|
Time.now.to_i + access_exp_time.to_i
|
|
@@ -90,4 +90,13 @@ class TestRedisStoreAdapter < Minitest::Test
|
|
|
90
90
|
adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(pool_size: 10)
|
|
91
91
|
assert_equal 10, adapter.storage.instance_variable_get(:@pool).size
|
|
92
92
|
end
|
|
93
|
+
|
|
94
|
+
def test_persist_access
|
|
95
|
+
adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
|
|
96
|
+
expire_at = Time.now.to_i + 10
|
|
97
|
+
adapter.persist_access("test_access_token_exp", "test_csrf", expire_at)
|
|
98
|
+
ttl = adapter.storage.call("TTL", "jwt__access_test_access_token_exp")
|
|
99
|
+
assert_operator ttl, :<=, 10
|
|
100
|
+
adapter.storage.call("DEL", "jwt__access_test_access_token_exp")
|
|
101
|
+
end
|
|
93
102
|
end
|
|
@@ -7,7 +7,7 @@ class TestAccessToken < Minitest::Test
|
|
|
7
7
|
attr_reader :access_token, :uid
|
|
8
8
|
|
|
9
9
|
def setup
|
|
10
|
-
JWTSessions.
|
|
10
|
+
JWTSessions.signing_key = "secret key"
|
|
11
11
|
@payload = { user_id: 1 }
|
|
12
12
|
@csrf = JWTSessions::CSRFToken.new
|
|
13
13
|
@uid = SecureRandom.uuid
|
|
@@ -9,7 +9,7 @@ class TestRefreshToken < Minitest::Test
|
|
|
9
9
|
def setup
|
|
10
10
|
JWTSessions::Session.flush_all
|
|
11
11
|
|
|
12
|
-
JWTSessions.
|
|
12
|
+
JWTSessions.signing_key = "secure key"
|
|
13
13
|
@access_uid = SecureRandom.uuid
|
|
14
14
|
@csrf = JWTSessions::CSRFToken.new
|
|
15
15
|
@token = JWTSessions::RefreshToken.create(@csrf.encoded,
|
|
@@ -9,7 +9,7 @@ class TestSession < Minitest::Test
|
|
|
9
9
|
REFRESH_KEYS = %i[access access_expires_at csrf].freeze
|
|
10
10
|
|
|
11
11
|
def setup
|
|
12
|
-
JWTSessions.
|
|
12
|
+
JWTSessions.signing_key = "security"
|
|
13
13
|
@payload = { test: "secret" }
|
|
14
14
|
@session = JWTSessions::Session.new(payload: payload)
|
|
15
15
|
@tokens = session.login
|
|
@@ -19,7 +19,7 @@ class TestToken < Minitest::Test
|
|
|
19
19
|
|
|
20
20
|
def setup
|
|
21
21
|
@payload = { "user_id" => 1, "secret" => "mystery" }
|
|
22
|
-
JWTSessions.
|
|
22
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def teardown
|
|
@@ -70,7 +70,7 @@ class TestToken < Minitest::Test
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
def test_hmac_token_decode
|
|
73
|
-
JWTSessions.
|
|
73
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
74
74
|
token = JWTSessions::Token.encode(payload)
|
|
75
75
|
decoded = JWTSessions::Token.decode(token).first
|
|
76
76
|
assert_equal payload["user_id"], decoded["user_id"]
|
|
@@ -78,7 +78,7 @@ class TestToken < Minitest::Test
|
|
|
78
78
|
end
|
|
79
79
|
|
|
80
80
|
def test_token_sub_claim
|
|
81
|
-
JWTSessions.
|
|
81
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
82
82
|
JWTSessions.jwt_options[:verify_sub] = true
|
|
83
83
|
token = JWTSessions::Token.encode(payload.merge(sub: "subject"))
|
|
84
84
|
decoded = JWTSessions::Token.decode(token, { sub: "subject" }).first
|
|
@@ -90,7 +90,7 @@ class TestToken < Minitest::Test
|
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
def test_token_iss_claim
|
|
93
|
-
JWTSessions.
|
|
93
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
94
94
|
JWTSessions.jwt_options[:verify_iss] = true
|
|
95
95
|
token = JWTSessions::Token.encode(payload.merge(iss: "Me"))
|
|
96
96
|
decoded = JWTSessions::Token.decode(token, { iss: "Me" }).first
|
|
@@ -102,7 +102,7 @@ class TestToken < Minitest::Test
|
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
def test_token_aud_claim
|
|
105
|
-
JWTSessions.
|
|
105
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
106
106
|
JWTSessions.jwt_options[:verify_aud] = true
|
|
107
107
|
token = JWTSessions::Token.encode(payload.merge(aud: ["young", "old"]))
|
|
108
108
|
decoded = JWTSessions::Token.decode(token, { aud: ["young"] }).first
|
|
@@ -114,7 +114,7 @@ class TestToken < Minitest::Test
|
|
|
114
114
|
end
|
|
115
115
|
|
|
116
116
|
def test_token_leeway_decode
|
|
117
|
-
JWTSessions.
|
|
117
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
118
118
|
JWTSessions.jwt_options[:leeway] = 50
|
|
119
119
|
token = JWTSessions::Token.encode(payload.merge("exp" => Time.now.to_i - 20))
|
|
120
120
|
decoded = JWTSessions::Token.decode(token).first
|
|
@@ -18,7 +18,7 @@ class TestJWTSessions < Minitest::Test
|
|
|
18
18
|
assert_equal JWTSessions::DEFAULT_CSRF_HEADER, JWTSessions.csrf_header
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def
|
|
21
|
+
def test_signing_key
|
|
22
22
|
JWTSessions.encryption_key = nil
|
|
23
23
|
assert_raises JWTSessions::Errors::Malconfigured do
|
|
24
24
|
JWTSessions.private_key
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt_sessions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- Julija Alieckaja
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-02-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
|
-
rubygems_version: 3.
|
|
130
|
+
rubygems_version: 3.4.6
|
|
131
131
|
signing_key:
|
|
132
132
|
specification_version: 4
|
|
133
133
|
summary: JWT Sessions
|