RubyGems - rack-jwt-auth - Versions diffs - 0.0.3 → 1.0.3 - Mend

rack-jwt-auth 0.0.3 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/rack/jwt/auth/authenticate.rb +8 -4
data/lib/rack/jwt/auth/version.rb +1 -1
data/spec/authenticate_options_spec.rb +39 -1
data/spec/authenticate_spec.rb +29 -5
metadata +16 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d6a2052e477acf5027ed8dedce21869b2780c497
-  data.tar.gz: b3103b770c27029fc0c6d9eb865d8d8c8a2577cf
+  metadata.gz: bbe873d8ecf67c8398c5de86881ccb16e64b23d8
+  data.tar.gz: 82d3627695fa803b3c714481f55865e941045d9d
 SHA512:
-  metadata.gz: 049bc6f3a49f25795a765ce22415378d46a79458de78d7c1f4096e4a2cf077e3e6546d95fcb31f69ac23892eb520bac0c0ba4a405298163de95dd68b51cdb96c
-  data.tar.gz: bbd0aa5a7f5d032c1c7cedf4b9e209110e267df9745bc4649b79d67bc03d401613181589be80a8df462824eabb1aa5b8a5ba56a874a5b698861932f04a816ef6
+  metadata.gz: 9177c3e1e77145ba05f565bc23e41ec6a1b594ad28061575b2c714037fb4bd0f8a9b12b5eb5cb9f3c59980ac6b1b74e85f1d66c1ee3b439fb6d03b168170cdfa
+  data.tar.gz: 65df06c77cbf4f507020418c8ddb8348201937556ea6db17cdf3caecb41f5902cd5ca9b9403cdcc5f3903fb0d8a714ec6d93780bc8e427780309c5f475cf4988

data/lib/rack/jwt/auth/authenticate.rb CHANGED Viewed

@@ -37,11 +37,15 @@ module Rack
           if authenticated_route?(env)
             header  = env['HTTP_AUTHORIZATION']
-            return [401, {}, ['Missing Authorization header']] if header.nil?
+            return [401, {}, [{message: 'Missing Authorization header'}.to_json]] if header.nil?
-            payload = AuthToken.valid?(header, @secret)
+            scheme, token = header.split(" ")
-            return [401, {}, ['Invalid Authorization']] unless payload
+            return [401, {}, [{message: 'Format is Authorization: Bearer [token]'}.to_json]] unless scheme.match(/^Bearer$/i) && !token.nil?
+            payload = AuthToken.valid?(token, @secret)
+            return [401, {}, [{message: 'Invalid Authorization'}.to_json]] unless payload
           end
           yield payload
@@ -80,4 +84,4 @@ module Rack
     end
   end
-end
+end

data/lib/rack/jwt/auth/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Rack
   module Jwt
     module Auth
-      VERSION = "0.0.3"
+      VERSION = "1.0.3"
     end
   end
 end

data/spec/authenticate_options_spec.rb CHANGED Viewed

@@ -79,4 +79,42 @@ describe Rack::Jwt::Auth::Authenticate do
   end
-end
+  context "Only with except routes" do
+    let(:app) do
+      main_app = lambda { |env| [200, env, ['Hello']] }
+      Rack::Jwt::Auth::Authenticate.new(main_app, {only: ['/authenticated', '/authenticated/*'], secret: 'supertestsecret'})
+    end
+    it 'returns 200 ok if the request is for a route that is not authenticated' do
+      get('/not_authenticated')
+      expect(last_response.status).to eql(200)
+      expect(last_response.body).to   eql('Hello')
+      get('/not_authenticated/other')
+      expect(last_response.status).to eql(200)
+      expect(last_response.body).to   eql('Hello')
+      get('/not_authenticated/other/test')
+      expect(last_response.status).to eql(200)
+      expect(last_response.body).to   eql('Hello')
+    end
+    it 'returns 401 ok if the request is for a route that is authenticated' do
+      get('/authenticated')
+      expect(last_response.status).to eql(401)
+      get('/authenticated/other')
+      expect(last_response.status).to eql(401)
+      get('/authenticated/other/test')
+      expect(last_response.status).to eql(401)
+    end
+  end
+end

data/spec/authenticate_spec.rb CHANGED Viewed

@@ -16,7 +16,7 @@ describe Rack::Jwt::Auth::Authenticate do
   it 'returns 200 ok if the request is authenticated' do
     token = issuer.issue_token({user_id: 1, username: 'test'}, 'supertestsecret')
-    get('/', {}, {'HTTP_AUTHORIZATION' => token})
+    get('/', {}, {'HTTP_AUTHORIZATION' => "Bearer #{token}"})
     expect(last_response.status).to eql(200)
     expect(last_response.body).to   eql('Hello')
@@ -30,16 +30,40 @@ describe Rack::Jwt::Auth::Authenticate do
   it 'returns 401 if the authorization header is missing' do
     get('/')
+    jsonResponse = JSON.parse(last_response.body)
     expect(last_response.status).to eql(401)
-    expect(last_response.body).to   eql('Missing Authorization header')
+    expect(jsonResponse["message"]).to eql("Missing Authorization header")
   end
   it 'returns 401 if the authorization header signature is invalid' do
     token = issuer.issue_token({user_id: 1}, 'invalid_secret')
-    get('/', {}, {'HTTP_AUTHORIZATION' => token})
+    get('/', {}, {'HTTP_AUTHORIZATION' => "Bearer #{token}"})
+    jsonResponse = JSON.parse(last_response.body)
+    expect(last_response.status).to eql(401)
+    expect(jsonResponse["message"]).to eql("Invalid Authorization")
+  end
+  it 'returns 401 if the header format is not Authorization: Bearer [token]' do
+    token = issuer.issue_token({user_id: 1}, 'supertestsecret')
+    get('/', {}, {'HTTP_AUTHORIZATION' => "#{token}"})
+    jsonResponse = JSON.parse(last_response.body)
+    expect(last_response.status).to eql(401)
+    expect(jsonResponse["message"]).to eql("Format is Authorization: Bearer [token]")
+  end
+  it 'returns 401 if authorization scheme is not Bearer' do
+    token = issuer.issue_token({user_id: 1}, 'supertestsecret')
+    get('/', {}, {'HTTP_AUTHORIZATION' => "WrongScheme #{token}"})
+    jsonResponse = JSON.parse(last_response.body)
     expect(last_response.status).to eql(401)
-    expect(last_response.body).to   eql('Invalid Authorization')
+    expect(jsonResponse["message"]).to eql("Format is Authorization: Bearer [token]")
   end
-end
+end

metadata CHANGED Viewed

@@ -1,83 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: rack-jwt-auth
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 1.0.3
 platform: ruby
 authors:
 - João Almeida
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-11-28 00:00:00.000000000 Z
+date: 2015-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.6'
 description: Rack jwt auth middleware
@@ -87,7 +87,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
+- .gitignore
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -111,17 +111,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.2
+rubygems_version: 2.0.14
 signing_key:
 specification_version: 4
 summary: Rack jwt auth middleware