researchable_jwt-authenticable 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29e69720db718107838d0d590f9e3f0e7b7bef17232f3f3fa7fb0e2ba750fa5e
-  data.tar.gz: e5964dae9cad2b5af854fda60d509dd0891f60a6f6bf562c5c012d54243ac064
+  metadata.gz: abeaaf5f3a590567cc0e31b701204f3fea0ef6598fddfa03eb97dcb34beb4436
+  data.tar.gz: e72942114fc0c82482d01d8a6e9b8c4083fc2223466290de06e2b6ffb4c4397e
 SHA512:
-  metadata.gz: 47347676d2cb240d3d085a9fda217dbc47312a547ed2eda2953cf44e731b97defb18da07c7ccc4ed7f9977fdf2361fd7747ceed4639670b3d51af7c453963625
-  data.tar.gz: c05395fd58a2c0cbeaca4a7345fb69e1ed51972bc91ddbc4bb1e216fc66d9bd40dc966993a1c9fbed744a23fd59db4420df7af3a3a5b81dab013bc4fc40601ea
+  metadata.gz: '00519275b196a8d5b2dd2d75c1a1951ed8b91076e937ed34285f768eec98365468aaa4881c9a7084c03b5d0d495b0ce70bc7ffc6ebd19148f8335a3def579ef9'
+  data.tar.gz: ba644ed5e3a31da8d29ca334d393857ae3abf97e9d694613b850d9ee98ddb4d27e16be5113450d9859dda256fafbb582594a9af78c07275a50d33cb4305ab63f

data/CHANGELOG.md

@@ -0,0 +1,25 @@
+# [1.1.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.1...v1.1.0) (2023-06-30)
+
+
+### Features
+
+* enforce 2fa ([a65aed5](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/a65aed5e2ae0ad180239e51aa20dd9d2aa588e81))
+
+## [1.0.1](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.0...v1.0.1) (2023-06-14)
+
+
+### Bug Fixes
+
+* algorithm configuration parameter not being used ([b41ad24](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/b41ad24a5c9e58c3237160b531c8eab351c389eb))
+
+# 1.0.0 (2023-04-14)
+
+
+### Bug Fixes
+
+* added a small info function for debugging ([f9428a8](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/f9428a8e77f9a52634d536327a78f771943fa226))
+
+
+### Features
+
+* **init:** initialize gem ([42c2c85](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/42c2c853ca705343c55b5f31edac394fab6b9237))

data/Gemfile

@@ -10,3 +10,7 @@ gem 'rake', '~> 13.0'
 gem 'rspec', '~> 3.0'
 
 gem 'ruboguide', '~> 1.0'
+
+group :development, :test do
+  gem 'byebug'
+end

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    researchable_jwt-authenticable (0.1.1)
+    researchable_jwt-authenticable (1.0.0)
       dry-configurable (~> 0.16)
       jwt (~> 2.6)
 
@@ -14,7 +14,11 @@ GEM
       minitest (>= 5.1)
       tzinfo (~> 2.0)
     ast (2.4.2)
+    byebug (11.1.3)
     concurrent-ruby (1.2.2)
+    debase (0.2.5.beta2)
+      debase-ruby_core_source (>= 0.10.12)
+    debase-ruby_core_source (3.2.1)
     diff-lcs (1.5.0)
     dry-configurable (0.16.1)
       dry-core (~> 0.6)
@@ -75,6 +79,8 @@ GEM
       rubocop-rails (= 2.12.4)
       rubocop-rake (= 0.6.0)
       rubocop-rspec (= 2.6.0)
+    ruby-debug-ide (0.7.3)
+      rake (>= 0.8.1)
     ruby-progressbar (1.13.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
@@ -85,10 +91,13 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  byebug
+  debase
   rake (~> 13.0)
   researchable_jwt-authenticable!
   rspec (~> 3.0)
   ruboguide (~> 1.0)
+  ruby-debug-ide
 
 BUNDLED WITH
-   2.3.7
+   2.4.6

data/README.md

@@ -1,15 +1,13 @@
 # JwtAuthenticable
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/jwt_authenticable`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+Researchable's JWT Authenticable gem. This gem provides a standard way of authenticating users using JWT tokens.
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'jwt_authenticable'
+gem 'researchable_jwt-authenticable'
 ```
 
 And then execute:
@@ -18,12 +16,36 @@ And then execute:
 
 Or install it yourself as:
 
-    $ gem install jwt_authenticable
+    $ gem researchable_jwt-authenticable
 
 ## Usage
 
-TODO: Write usage instructions here
+Simply add the following to your `ApplicationController`:
 
+```ruby
+class ApplicationController < ActionController::API
+  include JwtAuthenticable::Auth
+
+  before_action :authenticate_user!
+  before_action :set_profile!
+  
+  attr_accessor :current_profile
+  
+  # rest of your controller
+  
+  private
+
+  # @note authorization_token! will raise an error if the token is invalid, but this is called after
+  #   authenticate_user! which will raise the same error. Therefore we don't need to rescue the error here.
+  def set_profile!
+    uuid = authorization_token!['sub']
+    @current_profile = Profile.find_by uuid: uuid
+    # If current_profile is nil, it is the first time the user is talking to base-backend. If the token is valid we
+    # can simply create a new profile.
+    @current_profile ||= Profile.create uuid: uuid
+  end
+end
+```
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/jwt_authenticable/auth.rb

@@ -9,13 +9,12 @@ module JwtAuthenticable
     include Exceptions
     include Responses
 
-    ALGORITHM = JwtAuthenticable.config.algorithm
-
     # Authenticates a user.
     # @raise MissingAuthScope if the jwt does not have the right scope
     def authenticate_user!
       validate_jwt_token! token: authorization_token!
-    rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, JWT::VerificationError, JWT::ExpiredSignature => e
+    rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, TwoFANotEnabledError, JWT::VerificationError,
+           JWT::ExpiredSignature => e
       unauthorized(e.message)
     end
 
@@ -30,7 +29,12 @@ module JwtAuthenticable
     # @return [Hash] the JWT payload
     def validate_jwt_token!(token:)
       # NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
-      JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true, { algorithm: ALGORITHM }).first
+      payload = JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
+                           { algorithm: algorithm }).first
+
+      raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa']
+
+      payload
     end
 
     # Extracts the authorization token from the Authorization header
@@ -49,5 +53,13 @@ module JwtAuthenticable
 
       auth_token[7..]
     end
+
+    def algorithm
+      supported_algos.find { |algo| algo == JwtAuthenticable.config.algorithm } || 'HS256'
+    end
+
+    def supported_algos
+      SUPPORTED_ALGOS.flat_map { |algo_class| algo_class.const_get(:SUPPORTED) }
+    end
   end
 end

data/lib/jwt_authenticable/exceptions.rb

@@ -47,5 +47,12 @@ module JwtAuthenticable
         "Authorization error: #{@msg}"
       end
     end
+
+    # Exception to raise when 2fa enforce is enabled but user has not enabled 2fa
+    class TwoFANotEnabledError < StandardError
+      def message
+        '2FA must be enabled'
+      end
+    end
   end
 end

data/lib/jwt_authenticable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JwtAuthenticable
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

data/lib/jwt_authenticable.rb

@@ -1,14 +1,21 @@
 # frozen_string_literal: true
 
 require 'dry-configurable'
+require 'jwt'
 
 # The module 'JwtAuth' provides jwt authentication for rails using the jwt gem
 # @author Researchable
 module JwtAuthenticable
   extend Dry::Configurable
   setting :algorithm
+  # Note that for RSA algorithms this will actually be the public key
   setting :jwt_secret_key, default: nil
 
+  # If set to true, a jwt will only be considered valid if 2fa has been enabled
+  setting :enforce_2fa, default: false
+
+  SUPPORTED_ALGOS = [JWT::Algos::Hmac, JWT::Algos::Rsa].freeze
+
   class Error < StandardError; end
 end
 

data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/invalid-version-file/lib/test-gem/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TestGem
+  SOME_CONST = '1.1.2'
+end

data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/prerelease/lib/test-gem/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TestGem
+  VERSION = '0.1.0.alpha.1'
+end

data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TestGem
+  VERSION = '1.1.0'
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: researchable_jwt-authenticable
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Researchable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-14 00:00:00.000000000 Z
+date: 2023-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-configurable
@@ -51,6 +51,7 @@ files:
 - ".rubocop.yml"
 - ".ruby-gemset"
 - ".ruby-version"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -62,8 +63,11 @@ files:
 - lib/jwt_authenticable/info.rb
 - lib/jwt_authenticable/responses.rb
 - lib/jwt_authenticable/version.rb
+- node_modules/semantic-release-rubygem/src/__tests__/fixtures/invalid-version-file/lib/test-gem/version.rb
+- node_modules/semantic-release-rubygem/src/__tests__/fixtures/prerelease/lib/test-gem/version.rb
+- node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb
 - sig/jwt_authenticable.rbs
-homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.0.0/README.md
+homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.1.0/README.md
 licenses:
 - MIT
 metadata:
@@ -83,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Researchable's gem to deal with JWT authentication