researchable_jwt-authenticable 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29e69720db718107838d0d590f9e3f0e7b7bef17232f3f3fa7fb0e2ba750fa5e
4
- data.tar.gz: e5964dae9cad2b5af854fda60d509dd0891f60a6f6bf562c5c012d54243ac064
3
+ metadata.gz: abeaaf5f3a590567cc0e31b701204f3fea0ef6598fddfa03eb97dcb34beb4436
4
+ data.tar.gz: e72942114fc0c82482d01d8a6e9b8c4083fc2223466290de06e2b6ffb4c4397e
5
5
  SHA512:
6
- metadata.gz: 47347676d2cb240d3d085a9fda217dbc47312a547ed2eda2953cf44e731b97defb18da07c7ccc4ed7f9977fdf2361fd7747ceed4639670b3d51af7c453963625
7
- data.tar.gz: c05395fd58a2c0cbeaca4a7345fb69e1ed51972bc91ddbc4bb1e216fc66d9bd40dc966993a1c9fbed744a23fd59db4420df7af3a3a5b81dab013bc4fc40601ea
6
+ metadata.gz: '00519275b196a8d5b2dd2d75c1a1951ed8b91076e937ed34285f768eec98365468aaa4881c9a7084c03b5d0d495b0ce70bc7ffc6ebd19148f8335a3def579ef9'
7
+ data.tar.gz: ba644ed5e3a31da8d29ca334d393857ae3abf97e9d694613b850d9ee98ddb4d27e16be5113450d9859dda256fafbb582594a9af78c07275a50d33cb4305ab63f
data/CHANGELOG.md ADDED
@@ -0,0 +1,25 @@
1
+ # [1.1.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.1...v1.1.0) (2023-06-30)
2
+
3
+
4
+ ### Features
5
+
6
+ * enforce 2fa ([a65aed5](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/a65aed5e2ae0ad180239e51aa20dd9d2aa588e81))
7
+
8
+ ## [1.0.1](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.0...v1.0.1) (2023-06-14)
9
+
10
+
11
+ ### Bug Fixes
12
+
13
+ * algorithm configuration parameter not being used ([b41ad24](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/b41ad24a5c9e58c3237160b531c8eab351c389eb))
14
+
15
+ # 1.0.0 (2023-04-14)
16
+
17
+
18
+ ### Bug Fixes
19
+
20
+ * added a small info function for debugging ([f9428a8](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/f9428a8e77f9a52634d536327a78f771943fa226))
21
+
22
+
23
+ ### Features
24
+
25
+ * **init:** initialize gem ([42c2c85](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/42c2c853ca705343c55b5f31edac394fab6b9237))
data/Gemfile CHANGED
@@ -10,3 +10,7 @@ gem 'rake', '~> 13.0'
10
10
  gem 'rspec', '~> 3.0'
11
11
 
12
12
  gem 'ruboguide', '~> 1.0'
13
+
14
+ group :development, :test do
15
+ gem 'byebug'
16
+ end
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- researchable_jwt-authenticable (0.1.1)
4
+ researchable_jwt-authenticable (1.0.0)
5
5
  dry-configurable (~> 0.16)
6
6
  jwt (~> 2.6)
7
7
 
@@ -14,7 +14,11 @@ GEM
14
14
  minitest (>= 5.1)
15
15
  tzinfo (~> 2.0)
16
16
  ast (2.4.2)
17
+ byebug (11.1.3)
17
18
  concurrent-ruby (1.2.2)
19
+ debase (0.2.5.beta2)
20
+ debase-ruby_core_source (>= 0.10.12)
21
+ debase-ruby_core_source (3.2.1)
18
22
  diff-lcs (1.5.0)
19
23
  dry-configurable (0.16.1)
20
24
  dry-core (~> 0.6)
@@ -75,6 +79,8 @@ GEM
75
79
  rubocop-rails (= 2.12.4)
76
80
  rubocop-rake (= 0.6.0)
77
81
  rubocop-rspec (= 2.6.0)
82
+ ruby-debug-ide (0.7.3)
83
+ rake (>= 0.8.1)
78
84
  ruby-progressbar (1.13.0)
79
85
  tzinfo (2.0.6)
80
86
  concurrent-ruby (~> 1.0)
@@ -85,10 +91,13 @@ PLATFORMS
85
91
  x86_64-linux
86
92
 
87
93
  DEPENDENCIES
94
+ byebug
95
+ debase
88
96
  rake (~> 13.0)
89
97
  researchable_jwt-authenticable!
90
98
  rspec (~> 3.0)
91
99
  ruboguide (~> 1.0)
100
+ ruby-debug-ide
92
101
 
93
102
  BUNDLED WITH
94
- 2.3.7
103
+ 2.4.6
data/README.md CHANGED
@@ -1,15 +1,13 @@
1
1
  # JwtAuthenticable
2
2
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/jwt_authenticable`. To experiment with that code, run `bin/console` for an interactive prompt.
4
-
5
- TODO: Delete this and the text above, and describe your gem
3
+ Researchable's JWT Authenticable gem. This gem provides a standard way of authenticating users using JWT tokens.
6
4
 
7
5
  ## Installation
8
6
 
9
7
  Add this line to your application's Gemfile:
10
8
 
11
9
  ```ruby
12
- gem 'jwt_authenticable'
10
+ gem 'researchable_jwt-authenticable'
13
11
  ```
14
12
 
15
13
  And then execute:
@@ -18,12 +16,36 @@ And then execute:
18
16
 
19
17
  Or install it yourself as:
20
18
 
21
- $ gem install jwt_authenticable
19
+ $ gem researchable_jwt-authenticable
22
20
 
23
21
  ## Usage
24
22
 
25
- TODO: Write usage instructions here
23
+ Simply add the following to your `ApplicationController`:
26
24
 
25
+ ```ruby
26
+ class ApplicationController < ActionController::API
27
+ include JwtAuthenticable::Auth
28
+
29
+ before_action :authenticate_user!
30
+ before_action :set_profile!
31
+
32
+ attr_accessor :current_profile
33
+
34
+ # rest of your controller
35
+
36
+ private
37
+
38
+ # @note authorization_token! will raise an error if the token is invalid, but this is called after
39
+ # authenticate_user! which will raise the same error. Therefore we don't need to rescue the error here.
40
+ def set_profile!
41
+ uuid = authorization_token!['sub']
42
+ @current_profile = Profile.find_by uuid: uuid
43
+ # If current_profile is nil, it is the first time the user is talking to base-backend. If the token is valid we
44
+ # can simply create a new profile.
45
+ @current_profile ||= Profile.create uuid: uuid
46
+ end
47
+ end
48
+ ```
27
49
  ## Development
28
50
 
29
51
  After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -9,13 +9,12 @@ module JwtAuthenticable
9
9
  include Exceptions
10
10
  include Responses
11
11
 
12
- ALGORITHM = JwtAuthenticable.config.algorithm
13
-
14
12
  # Authenticates a user.
15
13
  # @raise MissingAuthScope if the jwt does not have the right scope
16
14
  def authenticate_user!
17
15
  validate_jwt_token! token: authorization_token!
18
- rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, JWT::VerificationError, JWT::ExpiredSignature => e
16
+ rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, TwoFANotEnabledError, JWT::VerificationError,
17
+ JWT::ExpiredSignature => e
19
18
  unauthorized(e.message)
20
19
  end
21
20
 
@@ -30,7 +29,12 @@ module JwtAuthenticable
30
29
  # @return [Hash] the JWT payload
31
30
  def validate_jwt_token!(token:)
32
31
  # NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
33
- JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true, { algorithm: ALGORITHM }).first
32
+ payload = JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
33
+ { algorithm: algorithm }).first
34
+
35
+ raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa']
36
+
37
+ payload
34
38
  end
35
39
 
36
40
  # Extracts the authorization token from the Authorization header
@@ -49,5 +53,13 @@ module JwtAuthenticable
49
53
 
50
54
  auth_token[7..]
51
55
  end
56
+
57
+ def algorithm
58
+ supported_algos.find { |algo| algo == JwtAuthenticable.config.algorithm } || 'HS256'
59
+ end
60
+
61
+ def supported_algos
62
+ SUPPORTED_ALGOS.flat_map { |algo_class| algo_class.const_get(:SUPPORTED) }
63
+ end
52
64
  end
53
65
  end
@@ -47,5 +47,12 @@ module JwtAuthenticable
47
47
  "Authorization error: #{@msg}"
48
48
  end
49
49
  end
50
+
51
+ # Exception to raise when 2fa enforce is enabled but user has not enabled 2fa
52
+ class TwoFANotEnabledError < StandardError
53
+ def message
54
+ '2FA must be enabled'
55
+ end
56
+ end
50
57
  end
51
58
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JwtAuthenticable
4
- VERSION = '1.0.0'
4
+ VERSION = '1.1.0'
5
5
  end
@@ -1,14 +1,21 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'dry-configurable'
4
+ require 'jwt'
4
5
 
5
6
  # The module 'JwtAuth' provides jwt authentication for rails using the jwt gem
6
7
  # @author Researchable
7
8
  module JwtAuthenticable
8
9
  extend Dry::Configurable
9
10
  setting :algorithm
11
+ # Note that for RSA algorithms this will actually be the public key
10
12
  setting :jwt_secret_key, default: nil
11
13
 
14
+ # If set to true, a jwt will only be considered valid if 2fa has been enabled
15
+ setting :enforce_2fa, default: false
16
+
17
+ SUPPORTED_ALGOS = [JWT::Algos::Hmac, JWT::Algos::Rsa].freeze
18
+
12
19
  class Error < StandardError; end
13
20
  end
14
21
 
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module TestGem
4
+ SOME_CONST = '1.1.2'
5
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module TestGem
4
+ VERSION = '0.1.0.alpha.1'
5
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module TestGem
4
+ VERSION = '1.1.0'
5
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: researchable_jwt-authenticable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Researchable
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-04-14 00:00:00.000000000 Z
11
+ date: 2023-06-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dry-configurable
@@ -51,6 +51,7 @@ files:
51
51
  - ".rubocop.yml"
52
52
  - ".ruby-gemset"
53
53
  - ".ruby-version"
54
+ - CHANGELOG.md
54
55
  - Gemfile
55
56
  - Gemfile.lock
56
57
  - LICENSE.txt
@@ -62,8 +63,11 @@ files:
62
63
  - lib/jwt_authenticable/info.rb
63
64
  - lib/jwt_authenticable/responses.rb
64
65
  - lib/jwt_authenticable/version.rb
66
+ - node_modules/semantic-release-rubygem/src/__tests__/fixtures/invalid-version-file/lib/test-gem/version.rb
67
+ - node_modules/semantic-release-rubygem/src/__tests__/fixtures/prerelease/lib/test-gem/version.rb
68
+ - node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb
65
69
  - sig/jwt_authenticable.rbs
66
- homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.0.0/README.md
70
+ homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.1.0/README.md
67
71
  licenses:
68
72
  - MIT
69
73
  metadata:
@@ -83,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
83
87
  - !ruby/object:Gem::Version
84
88
  version: '0'
85
89
  requirements: []
86
- rubygems_version: 3.3.26
90
+ rubygems_version: 3.4.10
87
91
  signing_key:
88
92
  specification_version: 4
89
93
  summary: Researchable's gem to deal with JWT authentication