rack-jwt-auth 1.0.3 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/jwt/auth/auth_token.rb +4 -3
- data/lib/rack/jwt/auth/authenticate.rb +18 -1
- data/lib/rack/jwt/auth/version.rb +1 -1
- data/rack-jwt-auth.gemspec +1 -1
- data/spec/auth_token_spec.rb +8 -3
- data/spec/authenticate_options_spec.rb +17 -0
- metadata +7 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a30126acfa855fa96bf9301d4141ab28e0b193a7
|
|
4
|
+
data.tar.gz: 84d54966020a130732a478fb3d6c69281ec1896b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d25d8914a8cf610d936cd39d8f37ab36ef44186cb03d2f965aa624933dfffcaaffdac68f92c4ba2ed6e470cb27273d2d7fb3b1b4933acb8259ca4df394a56185
|
|
7
|
+
data.tar.gz: 4de4cfcb04045c6f23dccb5d2edadcc8352bd6964594f4f7745042df2014f2b89761cffbad3dc244b803438b2325c42d1eda3d042cae87d6bef1d0f5ce34b4d5
|
|
@@ -4,13 +4,14 @@ module Rack
|
|
|
4
4
|
|
|
5
5
|
module AuthToken
|
|
6
6
|
|
|
7
|
+
# Note: this method is only used by specs
|
|
7
8
|
def self.issue_token(payload, secret)
|
|
8
9
|
JWT.encode(payload, secret)
|
|
9
10
|
end
|
|
10
11
|
|
|
11
|
-
def self.valid?(token, secret)
|
|
12
|
+
def self.valid?(token, secret, opts = {})
|
|
12
13
|
begin
|
|
13
|
-
JWT.decode(token, secret)
|
|
14
|
+
JWT.decode(token, secret, true, opts)
|
|
14
15
|
rescue
|
|
15
16
|
false
|
|
16
17
|
end
|
|
@@ -20,4 +21,4 @@ module Rack
|
|
|
20
21
|
|
|
21
22
|
end
|
|
22
23
|
end
|
|
23
|
-
end
|
|
24
|
+
end
|
|
@@ -4,6 +4,19 @@ module Rack
|
|
|
4
4
|
|
|
5
5
|
class Authenticate
|
|
6
6
|
|
|
7
|
+
DECODE_OPTIONS = Set.new([:algorithm,
|
|
8
|
+
:verify_expiration,
|
|
9
|
+
:verify_not_before,
|
|
10
|
+
:verify_iss,
|
|
11
|
+
:iss,
|
|
12
|
+
:verify_iat,
|
|
13
|
+
:verify_aud,
|
|
14
|
+
:aud,
|
|
15
|
+
:verify_sub,
|
|
16
|
+
:sub,
|
|
17
|
+
:verify_jti,
|
|
18
|
+
:jti]).freeze
|
|
19
|
+
|
|
7
20
|
def initialize(app, opts = {})
|
|
8
21
|
@app = app
|
|
9
22
|
@opts = opts
|
|
@@ -33,6 +46,10 @@ module Rack
|
|
|
33
46
|
end
|
|
34
47
|
end
|
|
35
48
|
|
|
49
|
+
def extract_decode_options(opts)
|
|
50
|
+
opts.select { |k, _| DECODE_OPTIONS.include?(k) }
|
|
51
|
+
end
|
|
52
|
+
|
|
36
53
|
def with_authorization(env)
|
|
37
54
|
if authenticated_route?(env)
|
|
38
55
|
header = env['HTTP_AUTHORIZATION']
|
|
@@ -43,7 +60,7 @@ module Rack
|
|
|
43
60
|
|
|
44
61
|
return [401, {}, [{message: 'Format is Authorization: Bearer [token]'}.to_json]] unless scheme.match(/^Bearer$/i) && !token.nil?
|
|
45
62
|
|
|
46
|
-
payload = AuthToken.valid?(token, @secret)
|
|
63
|
+
payload = AuthToken.valid?(token, @secret, extract_decode_options(@opts))
|
|
47
64
|
|
|
48
65
|
return [401, {}, [{message: 'Invalid Authorization'}.to_json]] unless payload
|
|
49
66
|
end
|
data/rack-jwt-auth.gemspec
CHANGED
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
spec.add_dependency "jwt", "
|
|
21
|
+
spec.add_dependency "jwt", ">= 1.5.2"
|
|
22
22
|
|
|
23
23
|
spec.add_development_dependency "bundler", "~> 1.3"
|
|
24
24
|
spec.add_development_dependency "rake", "~> 10.3"
|
data/spec/auth_token_spec.rb
CHANGED
|
@@ -28,15 +28,20 @@ describe Rack::Jwt::Auth::AuthToken do
|
|
|
28
28
|
expect(data['username']).to eql(data[:username])
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
it 'supports options to verify the token' do
|
|
32
|
+
token = JWT.encode(data, secret, 'HS256')
|
|
33
|
+
payload = subject.valid?(token, secret, { algorithm: 'RS256' })
|
|
34
|
+
|
|
35
|
+
expect(payload).not_to be
|
|
36
|
+
end
|
|
37
|
+
|
|
31
38
|
it 'checks if the provided token is invalid when decoded with other secret' do
|
|
32
39
|
token = subject.issue_token(data, secret)
|
|
33
40
|
payload = subject.valid?(token, 'secret')
|
|
34
41
|
|
|
35
|
-
meta, data = payload
|
|
36
|
-
|
|
37
42
|
expect(payload).not_to be
|
|
38
43
|
end
|
|
39
44
|
|
|
40
45
|
end
|
|
41
46
|
|
|
42
|
-
end
|
|
47
|
+
end
|
|
@@ -116,5 +116,22 @@ describe Rack::Jwt::Auth::Authenticate do
|
|
|
116
116
|
|
|
117
117
|
end
|
|
118
118
|
|
|
119
|
+
context "with options for decode" do
|
|
120
|
+
let(:secret) { 'supertestsecret' }
|
|
121
|
+
let(:app) do
|
|
122
|
+
main_app = lambda { |env| [200, env, ['Hello']] }
|
|
123
|
+
described_class.new(main_app, { secret: secret, algorithm: 'RS256' })
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
it 'calls AuthToken.valid? with decode options' do
|
|
127
|
+
allow(Rack::Jwt::Auth::AuthToken).to receive(:valid?).and_call_original
|
|
128
|
+
token = JWT.encode({user_id: 1, username: 'test'}, secret, 'HS256')
|
|
129
|
+
get('/', {}, {'HTTP_AUTHORIZATION' => "Bearer #{token}"})
|
|
130
|
+
|
|
131
|
+
expect(Rack::Jwt::Auth::AuthToken).to have_received(:valid?)
|
|
132
|
+
.with(token, secret, { algorithm: 'RS256' })
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
|
|
119
136
|
|
|
120
137
|
end
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-jwt-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- João Almeida
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-01-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - '>='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 1.5.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- -
|
|
24
|
+
- - '>='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 1.5.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -121,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
121
121
|
version: '0'
|
|
122
122
|
requirements: []
|
|
123
123
|
rubyforge_project:
|
|
124
|
-
rubygems_version: 2.
|
|
124
|
+
rubygems_version: 2.2.2
|
|
125
125
|
signing_key:
|
|
126
126
|
specification_version: 4
|
|
127
127
|
summary: Rack jwt auth middleware
|
|
@@ -130,4 +130,3 @@ test_files:
|
|
|
130
130
|
- spec/authenticate_options_spec.rb
|
|
131
131
|
- spec/authenticate_spec.rb
|
|
132
132
|
- spec/spec_helper.rb
|
|
133
|
-
has_rdoc:
|