jwt_sessions 3.0.1 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +7 -7
- data/lib/jwt_sessions/version.rb +1 -1
- data/lib/jwt_sessions.rb +3 -1
- data/test/units/jwt_sessions/test_access_token.rb +1 -1
- data/test/units/jwt_sessions/test_refresh_token.rb +1 -1
- data/test/units/jwt_sessions/test_session.rb +1 -1
- data/test/units/jwt_sessions/test_token.rb +6 -6
- data/test/units/test_jwt_sessions.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7740c76d1bba04e91c960b59d8dd248d09adbecbea3359e09e49b9ec82cd4a98
|
|
4
|
+
data.tar.gz: 43192bbcb08751f07216e84939a2b025239cb13b641c4563567b551626df79ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c96b79c7ba0a8952766d3d5501a34e5877f0f8bcebb9a3210318b42e86eaf3370c15b0a534e980cbb699493633fe2b7652ec1797f8c467a1838e76fdb246530c
|
|
7
|
+
data.tar.gz: aa1d46b6890bf7d5907ad9a190598c91855db0f90e3f6f5522d4b0390ccc92a797d8977162980a072db8fc0fb9553961683eb59896c1cc7881111fe48413f1e6
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -60,10 +60,10 @@ bundle install
|
|
|
60
60
|
|
|
61
61
|
## Getting Started
|
|
62
62
|
|
|
63
|
-
You should configure an
|
|
63
|
+
You should configure an algorithm and specify the signing key. By default the gem uses the `HS256` signing algorithm.
|
|
64
64
|
|
|
65
65
|
```ruby
|
|
66
|
-
JWTSessions.
|
|
66
|
+
JWTSessions.signing_key = "secret"
|
|
67
67
|
```
|
|
68
68
|
|
|
69
69
|
`Authorization` mixin provides helper methods which are used to retrieve the access and refresh tokens from incoming requests and verify the CSRF token if needed. It assumes that a token can be found either in a cookie or in a header (cookie and header names are configurable). It tries to retrieve the token from headers first and then from cookies (CSRF check included) if the header check fails.
|
|
@@ -152,15 +152,15 @@ class ApplicationController < ActionController::API
|
|
|
152
152
|
end
|
|
153
153
|
```
|
|
154
154
|
|
|
155
|
-
Specify
|
|
155
|
+
Specify a signing key for JSON Web Tokens in `config/initializers/jwt_session.rb` \
|
|
156
156
|
It is advisable to store the key itself in a secure way, f.e. within app credentials.
|
|
157
157
|
|
|
158
158
|
```ruby
|
|
159
159
|
JWTSessions.algorithm = "HS256"
|
|
160
|
-
JWTSessions.
|
|
160
|
+
JWTSessions.signing_key = Rails.application.credentials.secret_jwt_signing_key
|
|
161
161
|
```
|
|
162
162
|
|
|
163
|
-
Most of the
|
|
163
|
+
Most of the algorithms require private and public keys to sign a token. However, HMAC requires only a single key and you can use the `signing_key` shortcut to sign the token. For other algorithms you must specify private and public keys separately.
|
|
164
164
|
|
|
165
165
|
```ruby
|
|
166
166
|
JWTSessions.algorithm = "RS256"
|
|
@@ -294,7 +294,7 @@ require "sinatra/base"
|
|
|
294
294
|
JWTSessions.access_header = "authorization"
|
|
295
295
|
JWTSessions.refresh_header = "x_refresh_token"
|
|
296
296
|
JWTSessions.csrf_header = "x_csrf_token"
|
|
297
|
-
JWTSessions.
|
|
297
|
+
JWTSessions.signing_key = "secret key"
|
|
298
298
|
|
|
299
299
|
class SimpleApp < Sinatra::Base
|
|
300
300
|
include JWTSessions::Authorization
|
|
@@ -395,7 +395,7 @@ JWTSessions.algorithm = "HS256"
|
|
|
395
395
|
You need to specify a secret to use for HMAC as this setting does not have a default value.
|
|
396
396
|
|
|
397
397
|
```ruby
|
|
398
|
-
JWTSessions.
|
|
398
|
+
JWTSessions.signing_key = "secret"
|
|
399
399
|
```
|
|
400
400
|
|
|
401
401
|
If you are using another algorithm like RSA/ECDSA/EDDSA you should specify private and public keys.
|
data/lib/jwt_sessions/version.rb
CHANGED
data/lib/jwt_sessions.rb
CHANGED
|
@@ -121,10 +121,12 @@ module JWTSessions
|
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
# should be used for hmac only
|
|
124
|
-
def
|
|
124
|
+
def signing_key=(key)
|
|
125
125
|
@public_key = key
|
|
126
126
|
@private_key = key
|
|
127
127
|
end
|
|
128
|
+
# alias for backward compatibility
|
|
129
|
+
alias encryption_key= signing_key=
|
|
128
130
|
|
|
129
131
|
def access_expiration
|
|
130
132
|
Time.now.to_i + access_exp_time.to_i
|
|
@@ -7,7 +7,7 @@ class TestAccessToken < Minitest::Test
|
|
|
7
7
|
attr_reader :access_token, :uid
|
|
8
8
|
|
|
9
9
|
def setup
|
|
10
|
-
JWTSessions.
|
|
10
|
+
JWTSessions.signing_key = "secret key"
|
|
11
11
|
@payload = { user_id: 1 }
|
|
12
12
|
@csrf = JWTSessions::CSRFToken.new
|
|
13
13
|
@uid = SecureRandom.uuid
|
|
@@ -9,7 +9,7 @@ class TestRefreshToken < Minitest::Test
|
|
|
9
9
|
def setup
|
|
10
10
|
JWTSessions::Session.flush_all
|
|
11
11
|
|
|
12
|
-
JWTSessions.
|
|
12
|
+
JWTSessions.signing_key = "secure key"
|
|
13
13
|
@access_uid = SecureRandom.uuid
|
|
14
14
|
@csrf = JWTSessions::CSRFToken.new
|
|
15
15
|
@token = JWTSessions::RefreshToken.create(@csrf.encoded,
|
|
@@ -9,7 +9,7 @@ class TestSession < Minitest::Test
|
|
|
9
9
|
REFRESH_KEYS = %i[access access_expires_at csrf].freeze
|
|
10
10
|
|
|
11
11
|
def setup
|
|
12
|
-
JWTSessions.
|
|
12
|
+
JWTSessions.signing_key = "security"
|
|
13
13
|
@payload = { test: "secret" }
|
|
14
14
|
@session = JWTSessions::Session.new(payload: payload)
|
|
15
15
|
@tokens = session.login
|
|
@@ -19,7 +19,7 @@ class TestToken < Minitest::Test
|
|
|
19
19
|
|
|
20
20
|
def setup
|
|
21
21
|
@payload = { "user_id" => 1, "secret" => "mystery" }
|
|
22
|
-
JWTSessions.
|
|
22
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def teardown
|
|
@@ -70,7 +70,7 @@ class TestToken < Minitest::Test
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
def test_hmac_token_decode
|
|
73
|
-
JWTSessions.
|
|
73
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
74
74
|
token = JWTSessions::Token.encode(payload)
|
|
75
75
|
decoded = JWTSessions::Token.decode(token).first
|
|
76
76
|
assert_equal payload["user_id"], decoded["user_id"]
|
|
@@ -78,7 +78,7 @@ class TestToken < Minitest::Test
|
|
|
78
78
|
end
|
|
79
79
|
|
|
80
80
|
def test_token_sub_claim
|
|
81
|
-
JWTSessions.
|
|
81
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
82
82
|
JWTSessions.jwt_options[:verify_sub] = true
|
|
83
83
|
token = JWTSessions::Token.encode(payload.merge(sub: "subject"))
|
|
84
84
|
decoded = JWTSessions::Token.decode(token, { sub: "subject" }).first
|
|
@@ -90,7 +90,7 @@ class TestToken < Minitest::Test
|
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
def test_token_iss_claim
|
|
93
|
-
JWTSessions.
|
|
93
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
94
94
|
JWTSessions.jwt_options[:verify_iss] = true
|
|
95
95
|
token = JWTSessions::Token.encode(payload.merge(iss: "Me"))
|
|
96
96
|
decoded = JWTSessions::Token.decode(token, { iss: "Me" }).first
|
|
@@ -102,7 +102,7 @@ class TestToken < Minitest::Test
|
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
def test_token_aud_claim
|
|
105
|
-
JWTSessions.
|
|
105
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
106
106
|
JWTSessions.jwt_options[:verify_aud] = true
|
|
107
107
|
token = JWTSessions::Token.encode(payload.merge(aud: ["young", "old"]))
|
|
108
108
|
decoded = JWTSessions::Token.decode(token, { aud: ["young"] }).first
|
|
@@ -114,7 +114,7 @@ class TestToken < Minitest::Test
|
|
|
114
114
|
end
|
|
115
115
|
|
|
116
116
|
def test_token_leeway_decode
|
|
117
|
-
JWTSessions.
|
|
117
|
+
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
|
|
118
118
|
JWTSessions.jwt_options[:leeway] = 50
|
|
119
119
|
token = JWTSessions::Token.encode(payload.merge("exp" => Time.now.to_i - 20))
|
|
120
120
|
decoded = JWTSessions::Token.decode(token).first
|
|
@@ -18,7 +18,7 @@ class TestJWTSessions < Minitest::Test
|
|
|
18
18
|
assert_equal JWTSessions::DEFAULT_CSRF_HEADER, JWTSessions.csrf_header
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def
|
|
21
|
+
def test_signing_key
|
|
22
22
|
JWTSessions.encryption_key = nil
|
|
23
23
|
assert_raises JWTSessions::Errors::Malconfigured do
|
|
24
24
|
JWTSessions.private_key
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt_sessions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- Julija Alieckaja
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-02-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
|
-
rubygems_version: 3.
|
|
130
|
+
rubygems_version: 3.4.6
|
|
131
131
|
signing_key:
|
|
132
132
|
specification_version: 4
|
|
133
133
|
summary: JWT Sessions
|