researchable_jwt-authenticable 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/lib/jwt_authenticable/auth.rb +10 -5
  4. data/lib/jwt_authenticable/version.rb +1 -1
  5. data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: abeaaf5f3a590567cc0e31b701204f3fea0ef6598fddfa03eb97dcb34beb4436
4
- data.tar.gz: e72942114fc0c82482d01d8a6e9b8c4083fc2223466290de06e2b6ffb4c4397e
3
+ metadata.gz: 774ef8d7205e1cb743e03ad7f658e0df91db3c77b349accbc3dd62b02ac3d7df
4
+ data.tar.gz: cca34a23985fa690828759f2d85e7175a980aabccdc578b31d795d109daa604f
5
5
  SHA512:
6
- metadata.gz: '00519275b196a8d5b2dd2d75c1a1951ed8b91076e937ed34285f768eec98365468aaa4881c9a7084c03b5d0d495b0ce70bc7ffc6ebd19148f8335a3def579ef9'
7
- data.tar.gz: ba644ed5e3a31da8d29ca334d393857ae3abf97e9d694613b850d9ee98ddb4d27e16be5113450d9859dda256fafbb582594a9af78c07275a50d33cb4305ab63f
6
+ metadata.gz: 773a8d193f54f53cf254224ea1db9b1a720183abf9644c36b9734139b6dd497dd52d610b3d1b45d5932d9732f7c8027f73b911aade2968acf32291c476f1f1b5
7
+ data.tar.gz: 7276f611cf981d9752a634b9ecc6e270f50f7c397804184ccc632d3db9d948fad33911929133e856adcf2878a4075abad76d5d246ff889dd8956ce70eef8f4ed
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ # [1.2.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.1.0...v1.2.0) (2023-10-11)
2
+
3
+
4
+ ### Features
5
+
6
+ * allow skipping 2fa ([541de8a](https://gitlab.com/researchable/general/gems/jwt-authenticable/commit/541de8a7ac4cc2029c00b44f30dde2486b4dfb06))
7
+
1
8
  # [1.1.0](https://gitlab.com/researchable/general/gems/jwt-authenticable/compare/v1.0.1...v1.1.0) (2023-06-30)
2
9
 
3
10
 
data/lib/jwt_authenticable/auth.rb CHANGED
@@ -11,28 +11,33 @@ module JwtAuthenticable
11
11
 
12
12
  # Authenticates a user.
13
13
  # @raise MissingAuthScope if the jwt does not have the right scope
14
- def authenticate_user!
15
- validate_jwt_token! token: authorization_token!
14
+ def authenticate_user!(skip_2fa: false)
15
+ validate_jwt_token! token: authorization_token!, skip_2fa: skip_2fa
16
16
  rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, TwoFANotEnabledError, JWT::VerificationError,
17
17
  JWT::ExpiredSignature => e
18
18
  unauthorized(e.message)
19
19
  end
20
20
 
21
+ def authenticate_user_without_2fa!
22
+ authenticate_user!(skip_2fa: true)
23
+ end
24
+
21
25
  # Consider any method below as private and not meant to be used by including classes
22
26
 
23
27
  # Validate that the JWT token signature and the following claims are valid:
24
28
  # - exp
25
29
  # - scope
26
30
  # @param token [String] JWT token string (just the token, with the header, payload and signature separated by '.')
27
- # @param is_researcher [Boolean] Whether to validate the token as a researcher's or a participant's
31
+ # @param skip_2fa [Boolean] When set to true it will not raise a TwoFANotEnabledError if the jwt payload does not
32
+ # contain the 2fa claim.
28
33
  # @raise AuthorizationError if the user is trying to login with the incorrect rights.
29
34
  # @return [Hash] the JWT payload
30
- def validate_jwt_token!(token:)
35
+ def validate_jwt_token!(token:, skip_2fa: false)
31
36
  # NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
32
37
  payload = JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
33
38
  { algorithm: algorithm }).first
34
39
 
35
- raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa']
40
+ raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa'] && !skip_2fa
36
41
 
37
42
  payload
38
43
  end
data/lib/jwt_authenticable/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JwtAuthenticable
4
- VERSION = '1.1.0'
4
+ VERSION = '1.2.0'
5
5
  end
data/node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TestGem
4
- VERSION = '1.1.0'
4
+ VERSION = '1.2.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: researchable_jwt-authenticable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Researchable
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-06-30 00:00:00.000000000 Z
11
+ date: 2023-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dry-configurable
@@ -67,7 +67,7 @@ files:
67
67
  - node_modules/semantic-release-rubygem/src/__tests__/fixtures/prerelease/lib/test-gem/version.rb
68
68
  - node_modules/semantic-release-rubygem/src/__tests__/fixtures/valid/lib/test-gem/version.rb
69
69
  - sig/jwt_authenticable.rbs
70
- homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.1.0/README.md
70
+ homepage: https://gitlab.com/researchable/general/gems/jwt-authenticable/-/blob/v1.2.0/README.md
71
71
  licenses:
72
72
  - MIT
73
73
  metadata: