jwt_sessions 2.5.0 → 2.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -0
- data/README.md +1 -1
- data/lib/jwt_sessions/token.rb +5 -3
- data/lib/jwt_sessions/version.rb +1 -1
- data/test/units/jwt_sessions/test_token.rb +3 -3
- metadata +8 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8fe59582c2a9d3d581ce7ab57a0356ef6ec9e016649a629b03d28154e4e0b375
|
4
|
+
data.tar.gz: 0f12ca584291b8570ce2191973542a4e7f114202940c0ed0562968a20362edca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26d4ad5a14429700ddab2f37324485543010e7658d18bdfa63dddbc8dff6e1911acf69823584c19b47ec0af4ac6dc043d37b638477fe33f003e957a14fa48f1c
|
7
|
+
data.tar.gz: 6d4faa18e5abe1ca845d9e4c36fdc2638143c0fc7da65d0c3d04d2570ca31da0477f545aa234d1b54c59378e511076ef40dfad23bfc5f994dc512049ea715c42
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
## 2.5.1 (April 20, 2020)
|
2
|
+
|
3
|
+
Features:
|
4
|
+
|
5
|
+
- added changelog
|
6
|
+
|
7
|
+
Bugfixes:
|
8
|
+
|
9
|
+
- fixed double exp key in payload
|
10
|
+
|
11
|
+
Support:
|
12
|
+
|
13
|
+
- moved decode error text to a constant within token class
|
14
|
+
|
15
|
+
## 2.5.0 (April 12, 2020)
|
16
|
+
|
17
|
+
Features:
|
18
|
+
|
19
|
+
- added new error class `JWTSessions::Errors::Expired`
|
20
|
+
|
21
|
+
## 2.4.3 (September 19, 2019)
|
22
|
+
|
23
|
+
Bugfixes:
|
24
|
+
|
25
|
+
- fixed lookup for refresh token for namespaced sessions
|
26
|
+
|
27
|
+
Support:
|
28
|
+
|
29
|
+
- updated sqlite to ~> 1.4 in `dummy_api`
|
30
|
+
- added 2.6.3 Ruby to CI
|
data/README.md
CHANGED
@@ -449,7 +449,7 @@ It is defined globally, but can be overridden on a session level. See `JWTSessio
|
|
449
449
|
`JWTSessions::Errors::InvalidPayload` - token's payload doesn't contain required keys or they are invalid. \
|
450
450
|
`JWTSessions::Errors::Unauthorized` - token can't be decoded or JWT claims are invalid. \
|
451
451
|
`JWTSessions::Errors::ClaimsVerification` - JWT claims are invalid (inherited from `JWTSessions::Errors::Unauthorized`). \
|
452
|
-
`JWTSessions::Errors::Expired` - token is expired (inherited from `JWTSessions::Errors::
|
452
|
+
`JWTSessions::Errors::Expired` - token is expired (inherited from `JWTSessions::Errors::ClaimsVerification`).
|
453
453
|
|
454
454
|
#### CSRF and cookies
|
455
455
|
|
data/lib/jwt_sessions/token.rb
CHANGED
@@ -4,6 +4,8 @@ require "jwt"
|
|
4
4
|
|
5
5
|
module JWTSessions
|
6
6
|
class Token
|
7
|
+
DECODE_ERROR = "cannot decode the token"
|
8
|
+
|
7
9
|
class << self
|
8
10
|
def encode(payload)
|
9
11
|
exp_payload = meta.merge(payload)
|
@@ -20,18 +22,18 @@ module JWTSessions
|
|
20
22
|
rescue JWT::DecodeError => e
|
21
23
|
raise Errors::Unauthorized, e.message
|
22
24
|
rescue StandardError
|
23
|
-
raise Errors::Unauthorized,
|
25
|
+
raise Errors::Unauthorized, DECODE_ERROR
|
24
26
|
end
|
25
27
|
|
26
28
|
def decode!(token)
|
27
29
|
decode_options = { algorithm: JWTSessions.algorithm }
|
28
30
|
JWT.decode(token, JWTSessions.public_key, false, decode_options)
|
29
31
|
rescue StandardError
|
30
|
-
raise Errors::Unauthorized,
|
32
|
+
raise Errors::Unauthorized, DECODE_ERROR
|
31
33
|
end
|
32
34
|
|
33
35
|
def meta
|
34
|
-
{ exp
|
36
|
+
{ "exp" => JWTSessions.access_expiration }
|
35
37
|
end
|
36
38
|
end
|
37
39
|
end
|
data/lib/jwt_sessions/version.rb
CHANGED
@@ -110,11 +110,11 @@ class TestToken < Minitest::Test
|
|
110
110
|
def test_token_leeway_decode
|
111
111
|
JWTSessions.encryption_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
112
112
|
JWTSessions.jwt_options.leeway = 50
|
113
|
-
token = JWTSessions::Token.encode(payload.merge(exp
|
113
|
+
token = JWTSessions::Token.encode(payload.merge("exp" => Time.now.to_i - 20))
|
114
114
|
decoded = JWTSessions::Token.decode(token).first
|
115
115
|
assert_equal payload["user_id"], decoded["user_id"]
|
116
116
|
assert_equal payload["secret"], decoded["secret"]
|
117
|
-
token = JWTSessions::Token.encode(payload.merge(exp
|
117
|
+
token = JWTSessions::Token.encode(payload.merge("exp" => Time.now.to_i - 100))
|
118
118
|
assert_raises JWTSessions::Errors::Unauthorized do
|
119
119
|
JWTSessions::Token.decode(token)
|
120
120
|
end
|
@@ -141,7 +141,7 @@ class TestToken < Minitest::Test
|
|
141
141
|
end
|
142
142
|
|
143
143
|
def test_payload_exp_time
|
144
|
-
token = JWTSessions::Token.encode(payload.merge(exp
|
144
|
+
token = JWTSessions::Token.encode(payload.merge("exp" => Time.now.to_i - (3600 * 24)))
|
145
145
|
assert_raises JWTSessions::Errors::Expired do
|
146
146
|
JWTSessions::Token.decode(token)
|
147
147
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt_sessions
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.5.
|
4
|
+
version: 2.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yulia Oletskaya
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-04-
|
11
|
+
date: 2020-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|
@@ -92,6 +92,7 @@ executables: []
|
|
92
92
|
extensions: []
|
93
93
|
extra_rdoc_files: []
|
94
94
|
files:
|
95
|
+
- CHANGELOG.md
|
95
96
|
- LICENSE
|
96
97
|
- README.md
|
97
98
|
- lib/jwt_sessions.rb
|
@@ -120,7 +121,11 @@ files:
|
|
120
121
|
homepage: http://rubygems.org/gems/jwt_sessions
|
121
122
|
licenses:
|
122
123
|
- MIT
|
123
|
-
metadata:
|
124
|
+
metadata:
|
125
|
+
homepage_uri: https://github.com/tuwukee/jwt_sessions
|
126
|
+
changelog_uri: https://github.com/tuwukee/jwt_sessions/blob/master/CHANGELOG.md
|
127
|
+
source_code_uri: https://github.com/tuwukee/jwt_sessions
|
128
|
+
bug_tracker_uri: https://github.com/tuwukee/jwt_sessions/issues
|
124
129
|
post_install_message:
|
125
130
|
rdoc_options: []
|
126
131
|
require_paths:
|