slots-jwt 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +29 -3
- data/lib/slots/jwt/generic_methods.rb +25 -1
- data/lib/slots/jwt/tokens.rb +1 -0
- data/lib/slots/jwt/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f9ef8bc2c373d7fd9558bdf34f137778f20554f1569a6cab5bc71360a219c9ba
|
|
4
|
+
data.tar.gz: e63b72c4ff710c3f632eb799aa5339038717ab6a6285c6a46c2f0b7b7baffe4f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 42247e6c390d46dedc038a9cb85eed133ce6ff8951d2d0a882c5bdc4e73aec5b336fb5e96d20b770e2e463718bd57995e6dea42b7da26a0c76a9437b344fd10f
|
|
7
|
+
data.tar.gz: 600d9578cf4e4e819d71a851dbf7d4ed40a7776c209474daf4d398729ec927df0ed2325041241e3b5d48e36863294308558a2f33d4cef88d413306783ce9fa61
|
data/README.md
CHANGED
|
@@ -12,6 +12,7 @@ Token authentication solution for rails 5 API. Slots use JSON Web Tokens for aut
|
|
|
12
12
|
- [Testing](#testing)
|
|
13
13
|
- [Configurations](#configurations)
|
|
14
14
|
- [Routes](#routes)
|
|
15
|
+
- [Login Hooks](#login-hooks)
|
|
15
16
|
- [Contributing](#contributing)
|
|
16
17
|
- [License](#license)
|
|
17
18
|
|
|
@@ -104,10 +105,11 @@ ignore_login!
|
|
|
104
105
|
```
|
|
105
106
|
This takes all the same options as `require_login!`.
|
|
106
107
|
|
|
108
|
+
### Reject new tokens
|
|
107
109
|
To not allow a user to sign in the following can be used in the authentication model:
|
|
108
110
|
```ruby
|
|
109
111
|
class User < ApplicationRecord
|
|
110
|
-
|
|
112
|
+
...
|
|
111
113
|
|
|
112
114
|
reject_new_token do
|
|
113
115
|
!self.approved # Return true if they cannot get a new token
|
|
@@ -116,6 +118,29 @@ end
|
|
|
116
118
|
```
|
|
117
119
|
This will not allow unapproved users to get a new token (login or update_session_token).
|
|
118
120
|
|
|
121
|
+
### Login Hooks
|
|
122
|
+
To run certain methods on failed/successful logins there are hooks:
|
|
123
|
+
```ruby
|
|
124
|
+
class User < ApplicationRecord
|
|
125
|
+
...
|
|
126
|
+
|
|
127
|
+
failed_login do
|
|
128
|
+
# This method will be called on failed logins even if they
|
|
129
|
+
# do not have valid login identifier so might need to check
|
|
130
|
+
# if its an actual user by:
|
|
131
|
+
# next if new_record?
|
|
132
|
+
some_failed_login_stuff
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
successful_login do
|
|
136
|
+
# Do something with
|
|
137
|
+
some_successful_login_stuff
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
```
|
|
141
|
+
NOTE: `failed_login` will get called if `reject_new_token` is true
|
|
142
|
+
|
|
143
|
+
|
|
119
144
|
## Authorization
|
|
120
145
|
Sometimes when dealing with authentication you also need authorization. While in most cases you should use another gem to handle this, if it is simple (like an admin or approved user) slots can handle it. Just add the following:
|
|
121
146
|
```ruby
|
|
@@ -143,9 +168,10 @@ A custom message or status can be returned using the following:
|
|
|
143
168
|
catch_invalid_token(response: {my_message: 'Some custom message'}, status: :im_a_teapot)
|
|
144
169
|
```
|
|
145
170
|
NOTE: If you want the token to be rejected for all tokens (i.e. require all routes to have an approved user) add the above to the `ApplicationController`. You can then also add more specific requirements to a controller by also adding it in the controller like requiring an admin. To ignore a `reject_token` use `skip_callback!` which again takes the same params as `before_action`.
|
|
171
|
+
WARNING: If you do not require the user to be loaded from the DB the `admin` field will be from the JWT.
|
|
146
172
|
|
|
147
173
|
## Sessions
|
|
148
|
-
If sessions are allowed (`session_lifetime` is not nil) `session: true` can be passed along when signing in to receive a session token. A session tokens has
|
|
174
|
+
If sessions are allowed (`session_lifetime` is not nil) `session: true` can be passed along when signing in to receive a session token. A session tokens has the session id in the payload of the JWT. This is kept in the JWT so the front-end only has to track one token. There are two ways to get a new token after a session token has expired.
|
|
149
175
|
1. The first is by sending the token to `MOUNT_LOCATION/update_session_token`. This method will always return a new token even if the token has not expired. This will return the same information as `sign_in` (user information and with the token in the header).
|
|
150
176
|
2. The second is by adding `update_expired_session_tokens!` (which takes the usual options of a `before_action` `only`, `except`, etc). This method will allow any route to take a valid expired token and it will return a new token in the headers with usual route information in the body. A token will only be returned in the header if the token passed is expired. When using this method a problem can arise were two request are made at the same time with the same expired token. The first request processed would return a new token but the second request would fail because the expired token does not match the information of the session anymore (since it was just updated) and would therefore return unauthorized. To fix this there is a previous jwt lifetime (which defaults to 5 seconds and can be changed in the config). This will allow the previous token to be valid for 5 seconds (or whatever is set in config). If a previous token is sent that is within the previous lifetime it will be a valid token but it will not return a new token (since one was already returned in the earlier request).
|
|
151
177
|
|
|
@@ -210,7 +236,7 @@ end
|
|
|
210
236
|
### Filter
|
|
211
237
|
Filter must be used with at least one of the above.
|
|
212
238
|
```ruby
|
|
213
|
-
class PermissionFilter < Slots::PermissionFilter
|
|
239
|
+
class PermissionFilter < Slots::JWT::PermissionFilter
|
|
214
240
|
def allowed?
|
|
215
241
|
# available methods schema_member, current_user, required_permission, valid_loaded_user
|
|
216
242
|
return true if required_permission == :anyone
|
|
@@ -12,12 +12,22 @@ module Slots
|
|
|
12
12
|
!(self.class._reject_new_token?(self))
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
+
def failed_login
|
|
16
|
+
!(self.class._failed_login(self))
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def successful_login
|
|
20
|
+
!(self.class._successful_login(self))
|
|
21
|
+
end
|
|
22
|
+
|
|
15
23
|
def run_token_created_callback
|
|
16
24
|
self.class._token_created_callback(self)
|
|
17
25
|
end
|
|
18
26
|
|
|
19
27
|
def authenticate?(password)
|
|
20
|
-
password.present? && persisted? && respond_to?(:authenticate) && authenticate(password) && allowed_new_token?
|
|
28
|
+
to_return = password.present? && persisted? && respond_to?(:authenticate) && authenticate(password) && allowed_new_token?
|
|
29
|
+
to_return ? successful_login : failed_login
|
|
30
|
+
to_return
|
|
21
31
|
end
|
|
22
32
|
|
|
23
33
|
def authenticate!(password)
|
|
@@ -41,6 +51,20 @@ module Slots
|
|
|
41
51
|
(@_reject_new_token ||= []).any? { |b| user.instance_eval(&b) }
|
|
42
52
|
end
|
|
43
53
|
|
|
54
|
+
def failed_login(&block)
|
|
55
|
+
(@_failed_login ||= []).push(block)
|
|
56
|
+
end
|
|
57
|
+
def _failed_login(user)
|
|
58
|
+
(@_failed_login ||= []).any? { |b| user.instance_eval(&b) }
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def successful_login(&block)
|
|
62
|
+
(@_successful_login ||= []).push(block)
|
|
63
|
+
end
|
|
64
|
+
def _successful_login(user)
|
|
65
|
+
(@_successful_login ||= []).any? { |b| user.instance_eval(&b) }
|
|
66
|
+
end
|
|
67
|
+
|
|
44
68
|
def token_created_callback(&block)
|
|
45
69
|
(@_token_created_callback ||= []).push(block)
|
|
46
70
|
end
|
data/lib/slots/jwt/tokens.rb
CHANGED
data/lib/slots/jwt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: slots-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathon Gardner
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-04-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -130,8 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
131
|
version: '0'
|
|
132
132
|
requirements: []
|
|
133
|
-
|
|
134
|
-
rubygems_version: 2.7.6
|
|
133
|
+
rubygems_version: 3.0.1
|
|
135
134
|
signing_key:
|
|
136
135
|
specification_version: 4
|
|
137
136
|
summary: Token Authentication for Rails using JWT.
|