lp_token_auth 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +12 -10
- data/README.md +4 -0
- data/lib/generators/lp_token_auth/rsa_generator.rb +17 -0
- data/lib/lp_token_auth/core.rb +16 -2
- data/lib/lp_token_auth/version.rb +1 -1
- data/lp_token_auth.gemspec +2 -1
- data/migration-guide.md +20 -0
- metadata +25 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c9ad11f1250f5fe138d57dd234bd1be887dd681c180c9c845fa47e2e105bd523
|
4
|
+
data.tar.gz: ca8ceee02fcb2a82bf8f8674aa2f512178ff8b4c1803dd436eaa295ea3b94e3b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ce31eea46cef645deeef72b92dce9b26844f407edc87190304bdd2eb39dfcbc39d0fc3b6fa69149df591c345c5aee06254facabd433aa63202a0e1435f4fa710
|
7
|
+
data.tar.gz: 84f50dca0334a2fb83a9efa1a93145fffe5e544a83cde1d24bec7e8d3ecb2a6f5d307755d10e3d598c82a1a069bdc33e09ac3de764f1b10d43e264605d3d647e
|
data/Gemfile.lock
CHANGED
@@ -1,24 +1,26 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
lp_token_auth (0.
|
4
|
+
lp_token_auth (2.0.0)
|
5
|
+
jwe (~> 0.4.0)
|
5
6
|
jwt (>= 1.5.6)
|
6
7
|
|
7
8
|
GEM
|
8
9
|
remote: https://rubygems.org/
|
9
10
|
specs:
|
10
|
-
codeclimate-test-reporter (1.0.
|
11
|
-
simplecov
|
11
|
+
codeclimate-test-reporter (1.0.9)
|
12
|
+
simplecov (<= 0.13)
|
12
13
|
docile (1.1.5)
|
13
|
-
json (2.
|
14
|
-
|
15
|
-
|
16
|
-
|
14
|
+
json (2.5.1)
|
15
|
+
jwe (0.4.0)
|
16
|
+
jwt (2.2.3)
|
17
|
+
minitest (5.14.4)
|
18
|
+
rake (12.3.3)
|
17
19
|
simplecov (0.13.0)
|
18
20
|
docile (~> 1.1.0)
|
19
21
|
json (>= 1.8, < 3)
|
20
22
|
simplecov-html (~> 0.10.0)
|
21
|
-
simplecov-html (0.10.
|
23
|
+
simplecov-html (0.10.2)
|
22
24
|
|
23
25
|
PLATFORMS
|
24
26
|
ruby
|
@@ -27,8 +29,8 @@ DEPENDENCIES
|
|
27
29
|
codeclimate-test-reporter (~> 1.0.0)
|
28
30
|
lp_token_auth!
|
29
31
|
minitest (~> 5.10, >= 5.10.1)
|
30
|
-
rake (~>
|
32
|
+
rake (~> 12.3, >= 12.3.3)
|
31
33
|
simplecov
|
32
34
|
|
33
35
|
BUNDLED WITH
|
34
|
-
|
36
|
+
2.2.17
|
data/README.md
CHANGED
@@ -9,6 +9,7 @@ Simple token authentication logic with JWTs for Rails apps. No baked in routing,
|
|
9
9
|
* [Installation](#installation)
|
10
10
|
* [Usage](#usage)
|
11
11
|
* [Examples](#examples)
|
12
|
+
* [Migration Guide](#migration-guide)
|
12
13
|
|
13
14
|
## Installation
|
14
15
|
Add this line to your application's Gemfile:
|
@@ -46,6 +47,9 @@ Or install it yourself as:
|
|
46
47
|
+ `current_user` - This returns the current user identified by `authenticate!`. It is available after logging in the user or authenticating.
|
47
48
|
3. All errors will return an instance of `LpTokenAuth::Error`
|
48
49
|
|
50
|
+
## Migration Guide
|
51
|
+
[Migration Guide](https://github.com/LaunchPadLab/lp_token_auth/blob/master/migration-guide.md)
|
52
|
+
|
49
53
|
## Examples
|
50
54
|
### Controller
|
51
55
|
```
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
3
|
+
module LpTokenAuth
|
4
|
+
module Generators
|
5
|
+
class RsaGenerator < Rails::Generators::Base
|
6
|
+
desc 'Generate an RSA key and add to Gemfile'
|
7
|
+
|
8
|
+
def generate_rsa
|
9
|
+
key = OpenSSL::PKey::RSA.generate(2048)
|
10
|
+
arr = key.to_s.split("\n")
|
11
|
+
str = arr.join("\\n")
|
12
|
+
|
13
|
+
puts str
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
data/lib/lp_token_auth/core.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'jwt'
|
2
|
+
require 'jwe'
|
2
3
|
require 'lp_token_auth/error'
|
3
4
|
|
4
5
|
module LpTokenAuth
|
@@ -21,19 +22,22 @@ module LpTokenAuth
|
|
21
22
|
payload[:exp] = (Time.now + LpTokenAuth.config.get_option(:expires) * 60 * 60).to_i
|
22
23
|
end
|
23
24
|
|
24
|
-
JWT.encode(
|
25
|
+
jwt = JWT.encode(
|
25
26
|
payload,
|
26
27
|
LpTokenAuth.config.get_option(:secret),
|
27
28
|
LpTokenAuth.config.get_option(:algorithm)
|
28
29
|
)
|
30
|
+
|
31
|
+
JWE.encrypt(jwt, private_key, enc: ENV['JWE_ENCRYPTION'] || 'A256GCM')
|
29
32
|
end
|
30
33
|
|
31
34
|
# Decodes the JWT token
|
32
35
|
# @param [String] token the token to decode
|
33
36
|
# @raise [LpTokenAuth::Error] if the token is expired, or if any errors occur during decoding
|
34
37
|
# @return [Array] decoded token
|
35
|
-
def decode!(
|
38
|
+
def decode!(encrypted_token)
|
36
39
|
begin
|
40
|
+
token = JWE.decrypt(encrypted_token, private_key)
|
37
41
|
JWT.decode(
|
38
42
|
token,
|
39
43
|
LpTokenAuth.config.get_option(:secret),
|
@@ -56,5 +60,15 @@ module LpTokenAuth
|
|
56
60
|
raise LpTokenAuth::Error, "id must be a string or integer, you provided #{id}"
|
57
61
|
end
|
58
62
|
end
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def private_key
|
67
|
+
raise LpTokenAuth::Error, 'You do not have a private key.' if ENV['JWE_PRIVATE_KEY'].nil?
|
68
|
+
|
69
|
+
OpenSSL::PKey::RSA.new(ENV['JWE_PRIVATE_KEY'].split("\\n").join("\n"))
|
70
|
+
rescue OpenSSL::PKey::RSAError => msg
|
71
|
+
raise LpTokenAuth::Error, 'Your private key is formatted incorrectly.'
|
72
|
+
end
|
59
73
|
end
|
60
74
|
end
|
data/lp_token_auth.gemspec
CHANGED
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
|
|
16
16
|
s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
17
17
|
|
18
18
|
s.add_dependency 'jwt', '>= 1.5.6'
|
19
|
-
s.
|
19
|
+
s.add_dependency 'jwe', '~> 0.4.0'
|
20
|
+
s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
|
20
21
|
s.add_development_dependency 'minitest', '~> 5.10', '>= 5.10.1'
|
21
22
|
end
|
data/migration-guide.md
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# Migration Guide
|
2
|
+
*Note: this guide assumes you are upgrading from LP Token Auth from v1 to v2. This update pertains to the gem `lp_token_auth`. If you want to continue using the previous version of the gem, point the gem to the correct github branch, as found here: https://bundler.io/guides/git.html*
|
3
|
+
|
4
|
+
The purpose of this update is to increase the security of our JWT payloads by using JWE.
|
5
|
+
|
6
|
+
This version change will end all user sessions. This will requre users to sign in upon implementing the changes. All other features of previous authentication, such as duration are not affected. Aside from re-signing in, users will not be affected.
|
7
|
+
|
8
|
+
This version contains the following breaking changes:
|
9
|
+
|
10
|
+
1. Includes the [jwe](https://github.com/jwt/ruby-jwe) gem. This will require a `bundle update` to install this gem.
|
11
|
+
|
12
|
+
2. Requires 1 new environment variable and an optional environment variable to specify the encryption.
|
13
|
+
`JWE_PRIVATE_KEY` contains an RSA key.
|
14
|
+
`JWE_ENCRYPTION` is optional and specifies the encryption used. The default encryption is `A256GCM`.
|
15
|
+
|
16
|
+
The RSA key is generated by running `bundle exec rails generate lp_token_auth:rsa`. This rake task will output a formatted RSA key to your console.
|
17
|
+
|
18
|
+
**Common Pitfalls in Copy and Pasting RSA Keys**
|
19
|
+
The generated RSA key is formatted as a string on a single line with newline characters (\n) at the end of each line. Commonly, there are errors in copy and pasting a string without explicit newline characters. The single line string with newline characters included should avoid most of these errors.
|
20
|
+
Please keep in mind this is for the most common use case of using the `JWE_PRIVATE_KEY` in the `.env.[environment]` file. If you are encountering an error during your migration, consider the format of your RSA string.
|
metadata
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lp_token_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dave Corwin
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
date: 2017-02-03 00:00:00.000000000 Z
|
@@ -24,26 +24,40 @@ dependencies:
|
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 1.5.6
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: jwe
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.4.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.4.0
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
42
|
name: rake
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
45
|
- - "~>"
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
47
|
+
version: '12.3'
|
34
48
|
- - ">="
|
35
49
|
- !ruby/object:Gem::Version
|
36
|
-
version:
|
50
|
+
version: 12.3.3
|
37
51
|
type: :development
|
38
52
|
prerelease: false
|
39
53
|
version_requirements: !ruby/object:Gem::Requirement
|
40
54
|
requirements:
|
41
55
|
- - "~>"
|
42
56
|
- !ruby/object:Gem::Version
|
43
|
-
version: '
|
57
|
+
version: '12.3'
|
44
58
|
- - ">="
|
45
59
|
- !ruby/object:Gem::Version
|
46
|
-
version:
|
60
|
+
version: 12.3.3
|
47
61
|
- !ruby/object:Gem::Dependency
|
48
62
|
name: minitest
|
49
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +94,7 @@ files:
|
|
80
94
|
- README.md
|
81
95
|
- Rakefile
|
82
96
|
- lib/generators/lp_token_auth/install_generator.rb
|
97
|
+
- lib/generators/lp_token_auth/rsa_generator.rb
|
83
98
|
- lib/generators/lp_token_auth/templates/initializer.rb.erb
|
84
99
|
- lib/lp_token_auth.rb
|
85
100
|
- lib/lp_token_auth/config.rb
|
@@ -88,11 +103,12 @@ files:
|
|
88
103
|
- lib/lp_token_auth/error.rb
|
89
104
|
- lib/lp_token_auth/version.rb
|
90
105
|
- lp_token_auth.gemspec
|
106
|
+
- migration-guide.md
|
91
107
|
homepage: https://github.com/launchpadlab/lp_token_auth
|
92
108
|
licenses:
|
93
109
|
- MIT
|
94
110
|
metadata: {}
|
95
|
-
post_install_message:
|
111
|
+
post_install_message:
|
96
112
|
rdoc_options: []
|
97
113
|
require_paths:
|
98
114
|
- lib
|
@@ -107,8 +123,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
107
123
|
- !ruby/object:Gem::Version
|
108
124
|
version: '0'
|
109
125
|
requirements: []
|
110
|
-
rubygems_version: 3.
|
111
|
-
signing_key:
|
126
|
+
rubygems_version: 3.2.17
|
127
|
+
signing_key:
|
112
128
|
specification_version: 4
|
113
129
|
summary: Auth!
|
114
130
|
test_files: []
|