researchable_jwt-authenticable 1.0.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4e4b4d435b56dec20b1d25bb55500516d5e2087159b7645bdba55eaa7208a7fb
-  data.tar.gz: c8456c71943a94ab2d7d1539ea187f1ececfdb90e23394134e4c1a1ad1667221
+  metadata.gz: 774ef8d7205e1cb743e03ad7f658e0df91db3c77b349accbc3dd62b02ac3d7df
+  data.tar.gz: cca34a23985fa690828759f2d85e7175a980aabccdc578b31d795d109daa604f
 SHA512:
-  metadata.gz: 469c94c6b1b18896508d2b4657e81780c252eb226eecb82416bae2eb8bed7b1e6beadc19daf98d9490bd057b537d590cd1503781f2564d08761a5e6dd11c0e43
-  data.tar.gz: 5955c0be8af0285233e47f060962266edd047e4481f53e96ae3ecc144ce32461377cde35becba9e897300aeeac3e1b7c6bc07726b56d8bbe3f2e000cff13d4dc
+  metadata.gz: 773a8d193f54f53cf254224ea1db9b1a720183abf9644c36b9734139b6dd497dd52d610b3d1b45d5932d9732f7c8027f73b911aade2968acf32291c476f1f1b5
+  data.tar.gz: 7276f611cf981d9752a634b9ecc6e270f50f7c397804184ccc632d3db9d948fad33911929133e856adcf2878a4075abad76d5d246ff889dd8956ce70eef8f4ed

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [1.2.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.1.0...v1.2.0) (2023-10-11)
+
+
+### Features
+
+* allow skipping 2fa ([541de8a](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/541de8a7ac4cc2029c00b44f30dde2486b4dfb06))
+
+# [1.1.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.1...v1.1.0) (2023-06-30)
+
+
+### Features
+
+* enforce 2fa ([a65aed5](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/a65aed5e2ae0ad180239e51aa20dd9d2aa588e81))
+
 ## [1.0.1](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.0...v1.0.1) (2023-06-14)
 
 

data/lib/jwt_authenticable/auth.rb

@@ -11,25 +11,35 @@ module JwtAuthenticable
 
     # Authenticates a user.
     # @raise MissingAuthScope if the jwt does not have the right scope
-    def authenticate_user!
-      validate_jwt_token! token: authorization_token!
-    rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, JWT::VerificationError, JWT::ExpiredSignature => e
+    def authenticate_user!(skip_2fa: false)
+      validate_jwt_token! token: authorization_token!, skip_2fa: skip_2fa
+    rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, TwoFANotEnabledError, JWT::VerificationError,
+           JWT::ExpiredSignature => e
       unauthorized(e.message)
     end
 
+    def authenticate_user_without_2fa!
+      authenticate_user!(skip_2fa: true)
+    end
+
     # Consider any method below as private and not meant to be used by including classes
 
     # Validate that the JWT token signature and the following claims are valid:
     #  - exp
     #  - scope
     # @param token [String] JWT token string (just the token, with the header, payload and signature separated by '.')
-    # @param is_researcher [Boolean] Whether to validate the token as a researcher's or a participant's
+    # @param skip_2fa [Boolean] When set to true it will not raise a TwoFANotEnabledError if the jwt payload does not
+    #                           contain the 2fa claim.
     # @raise AuthorizationError if the user is trying to login with the incorrect rights.
     # @return [Hash] the JWT payload
-    def validate_jwt_token!(token:)
+    def validate_jwt_token!(token:, skip_2fa: false)
       # NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
-      JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
-                 { algorithm: algorithm }).first
+      payload = JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
+                           { algorithm: algorithm }).first
+
+      raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa'] && !skip_2fa
+
+      payload
     end
 
     # Extracts the authorization token from the Authorization header

data/lib/jwt_authenticable/exceptions.rb

@@ -47,5 +47,12 @@ module JwtAuthenticable
         "Authorization error: #{@msg}"
       end
     end
+
+    # Exception to raise when 2fa enforce is enabled but user has not enabled 2fa
+    class TwoFANotEnabledError < StandardError
+      def message
+        '2FA must be enabled'
+      end
+    end
   end
 end

data/lib/jwt_authenticable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module JwtAuthenticable
-  VERSION = '1.0.1'
+  VERSION = '1.2.0'
 end

data/lib/jwt_authenticable.rb

@@ -11,6 +11,9 @@ module JwtAuthenticable
   # Note that for RSA algorithms this will actually be the public key
   setting :jwt_secret_key, default: nil
 
+  # If set to true, a jwt will only be considered valid if 2fa has been enabled
+  setting :enforce_2fa, default: false
+
   SUPPORTED_ALGOS = [JWT::Algos::Hmac, JWT::Algos::Rsa].freeze
 
   class Error < StandardError; end

data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TestGem
-  VERSION = '1.0.1'
+  VERSION = '1.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: researchable_jwt-authenticable
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Researchable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-06-14 00:00:00.000000000 Z
+date: 2023-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-configurable
@@ -67,7 +67,7 @@ files:
 - node_modules/semantic-release-rubygem/src/__tests__/fixtures/prerelease/lib/test-gem/version.rb
 - node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb
 - sig/jwt_authenticable.rbs
-homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.0.1/README.md
+homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.2.0/README.md
 licenses:
 - MIT
 metadata: