researchable_jwt-authenticable 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 29e69720db718107838d0d590f9e3f0e7b7bef17232f3f3fa7fb0e2ba750fa5e
+  data.tar.gz: e5964dae9cad2b5af854fda60d509dd0891f60a6f6bf562c5c012d54243ac064
+SHA512:
+  metadata.gz: 47347676d2cb240d3d085a9fda217dbc47312a547ed2eda2953cf44e731b97defb18da07c7ccc4ed7f9977fdf2361fd7747ceed4639670b3d51af7c453963625
+  data.tar.gz: c05395fd58a2c0cbeaca4a7345fb69e1ed51972bc91ddbc4bb1e216fc66d9bd40dc966993a1c9fbed744a23fd59db4420df7af3a3a5b81dab013bc4fc40601ea

data/.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,4 @@
+inherit_gem:
+  ruboguide:
+    - styles/rubocop-rails.yml
+

data/.ruby-gemset

@@ -0,0 +1 @@
+jwt_authenticable

data/.ruby-version

@@ -0,0 +1 @@
+3.1.2

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in jwt_authenticable.gemspec
+gemspec
+
+gem 'rake', '~> 13.0'
+
+gem 'rspec', '~> 3.0'
+
+gem 'ruboguide', '~> 1.0'

data/Gemfile.lock

@@ -0,0 +1,94 @@
+PATH
+  remote: .
+  specs:
+    researchable_jwt-authenticable (0.1.1)
+      dry-configurable (~> 0.16)
+      jwt (~> 2.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    ast (2.4.2)
+    concurrent-ruby (1.2.2)
+    diff-lcs (1.5.0)
+    dry-configurable (0.16.1)
+      dry-core (~> 0.6)
+      zeitwerk (~> 2.6)
+    dry-core (0.9.1)
+      concurrent-ruby (~> 1.0)
+      zeitwerk (~> 2.6)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    jwt (2.7.0)
+    minitest (5.18.0)
+    parallel (1.22.1)
+    parser (3.2.1.1)
+      ast (~> 2.4.1)
+    rack (3.0.7)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.7.0)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.4)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.23.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.12.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    rubocop-performance (1.12.0)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rails (2.12.4)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.7.0, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.6.0)
+      rubocop (~> 1.19)
+    ruboguide (1.0.0)
+      rubocop (= 1.23.0)
+      rubocop-performance (= 1.12.0)
+      rubocop-rails (= 2.12.4)
+      rubocop-rake (= 0.6.0)
+      rubocop-rspec (= 2.6.0)
+    ruby-progressbar (1.13.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    zeitwerk (2.6.7)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  rake (~> 13.0)
+  researchable_jwt-authenticable!
+  rspec (~> 3.0)
+  ruboguide (~> 1.0)
+
+BUNDLED WITH
+   2.3.7

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Frank Blaauw
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,43 @@
+# JwtAuthenticable
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/jwt_authenticable`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'jwt_authenticable'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install jwt_authenticable
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/frbl/jwt_authenticable. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/frbl/jwt_authenticable/blob/master/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the JwtAuthenticable project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/frbl/jwt_authenticable/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/lib/jwt_authenticable/auth.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+# This module implements JWT authentication
+module JwtAuthenticable
+  # Module that adds jwt authentication methods to the client
+  module Auth
+    include Exceptions
+    include Responses
+
+    ALGORITHM = JwtAuthenticable.config.algorithm
+
+    # Authenticates a user.
+    # @raise MissingAuthScope if the jwt does not have the right scope
+    def authenticate_user!
+      validate_jwt_token! token: authorization_token!
+    rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, JWT::VerificationError, JWT::ExpiredSignature => e
+      unauthorized(e.message)
+    end
+
+    # Consider any method below as private and not meant to be used by including classes
+
+    # Validate that the JWT token signature and the following claims are valid:
+    #  - exp
+    #  - scope
+    # @param token [String] JWT token string (just the token, with the header, payload and signature separated by '.')
+    # @param is_researcher [Boolean] Whether to validate the token as a researcher's or a participant's
+    # @raise AuthorizationError if the user is trying to login with the incorrect rights.
+    # @return [Hash] the JWT payload
+    def validate_jwt_token!(token:)
+      # NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
+      JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true, { algorithm: ALGORITHM }).first
+    end
+
+    # Extracts the authorization token from the Authorization header
+    # @note For now we only support Bearer schema with JWT
+    # @raise [Exceptions::MissingAuth] Authorization header not present or empty
+    # @raise [Exceptions::InvalidAuthScheme] Authorization scheme not understood or not supported
+    # @return [String] the JWT token string
+    def authorization_token!
+      raise InvalidIncluder unless defined? request
+
+      auth_token = request.headers['Authorization']
+      auth_token ||= request.cookies['bearer_token']
+
+      raise MissingAuth if auth_token.nil? || auth_token == ''
+      raise InvalidAuthScheme if auth_token[0..6] != 'Bearer '
+
+      auth_token[7..]
+    end
+  end
+end

data/lib/jwt_authenticable/exceptions.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+# Add here our custom exceptions
+module JwtAuthenticable
+  module Exceptions
+    # Exception for invalid auth schemes. E.g. users trying to authenticate with basic auth
+    class InvalidAuthScheme < StandardError
+      def message
+        'Invalid authentication scheme. Only Bearer is supported'
+      end
+    end
+
+    # Exception when the includer is not invalid
+    class InvalidIncluder < StandardError
+      def message
+        "The includer should export the 'request' method (i.e., it should be a rails controller)"
+      end
+    end
+
+    # Exception for missing Authentication header
+    class MissingAuth < StandardError
+      def message
+        'Authentication header must be present'
+      end
+    end
+
+    # Exception for missing scopes on the JWT
+    class MissingAuthScope < StandardError
+      def initialize(scope)
+        @scope = scope
+        super(scope)
+      end
+
+      def message
+        "Auth token must contain the #{@scope} scope"
+      end
+    end
+
+    # Generic exception during the authorization process
+    class AuthorizationError < StandardError
+      def initialize(msg = nil)
+        @msg = msg
+        super(msg)
+      end
+
+      def message
+        "Authorization error: #{@msg}"
+      end
+    end
+  end
+end

data/lib/jwt_authenticable/info.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# This module gives some information about the gem configuration
+module JwtAuthenticable
+  # This module gives some information about the gem configuration
+  module Info
+    # This method prints the gem configuration
+    def info
+      return Rails.logger.info JwtAuthenticable.config if defined?(Rails)
+
+      puts JwtAuthenticable.config # rubocop:disable Rails/Output
+    end
+  end
+end

data/lib/jwt_authenticable/responses.rb

@@ -0,0 +1,185 @@
+# frozen_string_literal: true
+
+module JwtAuthenticable
+  # Provides a suite of methods to return standardized JSON Http responses
+  module Responses
+    # renders a resource (eg json file) or rendes an error of there are errors in the resource
+    def render_resource(resource)
+      if resource.errors.empty?
+        render json: resource
+      else
+        validation_error(resource.errors)
+      end
+    end
+
+    # Method to render validation errors in a consistent way
+    # @param resource_errors the errors to render
+    def validation_error(resource_errors)
+      render json: {
+        errors: [
+          {
+            status: '400',
+            title: 'Bad Request',
+            detail: resource_errors,
+            code: '100'
+          }
+        ]
+      }, status: :bad_request
+    end
+
+    # Method to render access denied errors in a consistent way
+    # @param resource_errors the errors to render
+    def access_denied(resource_errors)
+      render json: {
+        errors: [
+          {
+            status: '403',
+            title: 'Access Denied',
+            detail: resource_errors,
+            code: '100'
+          }
+        ]
+      }, status: :forbidden
+    end
+
+    # Method to render not found errors in a consistent way
+    # @param resource_errors the errors to render
+    def not_found(resource_errors)
+      render json: {
+        errors: [
+          {
+            status: '404',
+            title: 'Not Found',
+            detail: resource_errors,
+            code: '100'
+          }
+        ]
+      }, status: :not_found
+    end
+
+    # Method to render created status in a consistent way
+    def created(instance = nil)
+      render json: {
+        result: [
+          {
+            status: '201',
+            title: 'created',
+            detail: 'resource created',
+            code: '100',
+            instance: instance
+          }
+        ]
+      }, status: :created
+    end
+
+    # Method to render success status in a consistent way
+    def render_success_resource(resource)
+      render json: {
+        result: [
+          {
+            status: '200',
+            title: 'Success',
+            detail: resource,
+            code: '100'
+          }
+        ]
+      }, status: :ok
+    end
+
+    # Method to render accepted status in a consistent way
+    def accepted
+      render json: {
+        result: [
+          {
+            status: '202',
+            title: 'Accepted',
+            detail: 'Your request will be processed',
+            code: '100'
+          }
+        ]
+      }, status: :accepted
+    end
+
+    # Method to render destroyed status in a consistent way
+    def destroyed
+      render json: {
+        result: [
+          {
+            status: '200',
+            title: 'destroyed',
+            detail: 'resource destroyed',
+            code: '100'
+          }
+        ]
+      }, status: :ok
+    end
+
+    # Method to render unprocessable entity errors in a consistent way
+    # @param resource_errors the errors to render
+    def unprocessable_entity(resource_errors)
+      render json: {
+        errors: [
+          {
+            status: '422',
+            title: 'unprocessable',
+            detail: resource_errors,
+            code: '100'
+          }
+        ]
+      }, status: :unprocessable_entity
+    end
+
+    # Method to render no content in a consistent way
+    def no_content
+      render json: {
+        result: [
+          {
+            status: '204',
+            title: 'no content',
+            detail: 'no content provided',
+            code: '100'
+          }
+        ]
+      }, status:  :no_content
+    end
+
+    def unauthorized(detail)
+      render json: {
+        result: [
+          {
+            status: '401',
+            title: 'unauthorized',
+            detail: detail || 'invalid or missing credentials',
+            code: '100'
+          }
+        ]
+      }, status: :unauthorized
+    end
+
+    def render_page(paginated_query, _config = {})
+      render json: {
+        data: paginated_query,
+        page: {
+          current_page: paginated_query.current_page,
+          next_page: paginated_query.next_page,
+          total_count: paginated_query.total_count,
+          total_pages: paginated_query.total_pages,
+          has_next: !paginated_query.last_page? && paginated_query.size.positive?
+        }
+      }
+    end
+
+    def payload_too_large(_details)
+      render json: {
+        result: [
+          {
+            status: '413',
+            title: 'payload too large',
+            details: nil,
+            code: '100'
+          }
+        ]
+      }, status: :payload_too_large
+    end
+  end
+end

data/lib/jwt_authenticable/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module JwtAuthenticable
+  VERSION = '1.0.0'
+end

data/lib/jwt_authenticable.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'dry-configurable'
+
+# The module 'JwtAuth' provides jwt authentication for rails using the jwt gem
+# @author Researchable
+module JwtAuthenticable
+  extend Dry::Configurable
+  setting :algorithm
+  setting :jwt_secret_key, default: nil
+
+  class Error < StandardError; end
+end
+
+require_relative 'jwt_authenticable/version'
+require_relative 'jwt_authenticable/exceptions'
+require_relative 'jwt_authenticable/responses'
+require_relative 'jwt_authenticable/auth'
+require_relative 'jwt_authenticable/info'

data/sig/jwt_authenticable.rbs

@@ -0,0 +1,4 @@
+module JwtAuthenticable
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: researchable_jwt-authenticable
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Researchable
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2023-04-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dry-configurable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+description: "    Researchable's JwtAuthenticable relies on Json Web Tokens to deal
+  with authentication.\n"
+email:
+- info@researchable.nl
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-gemset"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/jwt_authenticable.rb
+- lib/jwt_authenticable/auth.rb
+- lib/jwt_authenticable/exceptions.rb
+- lib/jwt_authenticable/info.rb
+- lib/jwt_authenticable/responses.rb
+- lib/jwt_authenticable/version.rb
+- sig/jwt_authenticable.rbs
+homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.0.0/README.md
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.26
+signing_key:
+specification_version: 4
+summary: Researchable's gem to deal with JWT authentication
+test_files: []