researchable_jwt-authenticable 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/lib/jwt_authenticable/auth.rb +10 -5
  4. data/lib/jwt_authenticable/version.rb +1 -1
  5. data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: abeaaf5f3a590567cc0e31b701204f3fea0ef6598fddfa03eb97dcb34beb4436
4
- data.tar.gz: e72942114fc0c82482d01d8a6e9b8c4083fc2223466290de06e2b6ffb4c4397e
3
+ metadata.gz: 774ef8d7205e1cb743e03ad7f658e0df91db3c77b349accbc3dd62b02ac3d7df
4
+ data.tar.gz: cca34a23985fa690828759f2d85e7175a980aabccdc578b31d795d109daa604f
5
5
  SHA512:
6
- metadata.gz: '00519275b196a8d5b2dd2d75c1a1951ed8b91076e937ed34285f768eec98365468aaa4881c9a7084c03b5d0d495b0ce70bc7ffc6ebd19148f8335a3def579ef9'
7
- data.tar.gz: ba644ed5e3a31da8d29ca334d393857ae3abf97e9d694613b850d9ee98ddb4d27e16be5113450d9859dda256fafbb582594a9af78c07275a50d33cb4305ab63f
6
+ metadata.gz: 773a8d193f54f53cf254224ea1db9b1a720183abf9644c36b9734139b6dd497dd52d610b3d1b45d5932d9732f7c8027f73b911aade2968acf32291c476f1f1b5
7
+ data.tar.gz: 7276f611cf981d9752a634b9ecc6e270f50f7c397804184ccc632d3db9d948fad33911929133e856adcf2878a4075abad76d5d246ff889dd8956ce70eef8f4ed
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ # [1.2.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.1.0...v1.2.0) (2023-10-11)
2
+
3
+
4
+ ### Features
5
+
6
+ * allow skipping 2fa ([541de8a](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/541de8a7ac4cc2029c00b44f30dde2486b4dfb06))
7
+
1
8
  # [1.1.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.1...v1.1.0) (2023-06-30)
2
9
 
3
10
 
data/lib/jwt_authenticable/auth.rb CHANGED
@@ -11,28 +11,33 @@ module JwtAuthenticable
11
11
 
12
12
  # Authenticates a user.
13
13
  # @raise MissingAuthScope if the jwt does not have the right scope
14
- def authenticate_user!
15
- validate_jwt_token! token: authorization_token!
14
+ def authenticate_user!(skip_2fa: false)
15
+ validate_jwt_token! token: authorization_token!, skip_2fa: skip_2fa
16
16
  rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, TwoFANotEnabledError, JWT::VerificationError,
17
17
  JWT::ExpiredSignature => e
18
18
  unauthorized(e.message)
19
19
  end
20
20
 
21
+ def authenticate_user_without_2fa!
22
+ authenticate_user!(skip_2fa: true)
23
+ end
24
+
21
25
  # Consider any method below as private and not meant to be used by including classes
22
26
 
23
27
  # Validate that the JWT token signature and the following claims are valid:
24
28
  # - exp
25
29
  # - scope
26
30
  # @param token [String] JWT token string (just the token, with the header, payload and signature separated by '.')
27
- # @param is_researcher [Boolean] Whether to validate the token as a researcher's or a participant's
31
+ # @param skip_2fa [Boolean] When set to true it will not raise a TwoFANotEnabledError if the jwt payload does not
32
+ # contain the 2fa claim.
28
33
  # @raise AuthorizationError if the user is trying to login with the incorrect rights.
29
34
  # @return [Hash] the JWT payload
30
- def validate_jwt_token!(token:)
35
+ def validate_jwt_token!(token:, skip_2fa: false)
31
36
  # NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
32
37
  payload = JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
33
38
  { algorithm: algorithm }).first
34
39
 
35
- raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa']
40
+ raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa'] && !skip_2fa
36
41
 
37
42
  payload
38
43
  end
data/lib/jwt_authenticable/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JwtAuthenticable
4
- VERSION = '1.1.0'
4
+ VERSION = '1.2.0'
5
5
  end
data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TestGem
4
- VERSION = '1.1.0'
4
+ VERSION = '1.2.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: researchable_jwt-authenticable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Researchable
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-06-30 00:00:00.000000000 Z
11
+ date: 2023-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dry-configurable
@@ -67,7 +67,7 @@ files:
67
67
  - node_modules/semantic-release-rubygem/src/__tests__/fixtures/prerelease/lib/test-gem/version.rb
68
68
  - node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb
69
69
  - sig/jwt_authenticable.rbs
70
- homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.1.0/README.md
70
+ homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.2.0/README.md
71
71
  licenses:
72
72
  - MIT
73
73
  metadata: