sorcery-jwt 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: d27895837d9ceaa14e2ff6ff3c1e1d777f11efdea02a73fa375ec843d34a14a0
4
+ data.tar.gz: 6cdf0bd7276e50ee4110ee8d337449811b37ff5d1740e952074df88b055253d7
5
+ SHA512:
6
+ metadata.gz: cf2f8a5f31ee92c84ddae6d511363b3fd8cd19eda0ce307ae9a3c864f899cf1e1640a3d50c5a38a0d6e6cb29a8e9af9f5c9b240e20d5b0e4baee1c72d2638e2e
7
+ data.tar.gz: b6f54c44bb8702cb4232632fedb90d1deb1d7ded569320c2f0c4e03af61498dd9d0c906c991a2316f381c8df457f78e87237694fdb405c9ca0e5abacd17e9853
data/.gitignore ADDED
@@ -0,0 +1,11 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.5.1
5
+ before_install: gem install bundler -v 1.16.2
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at hluckenb@gmail.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in sorcery-jwt.gemspec
6
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,64 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ sorcery-jwt (0.1.0)
5
+ jwt (~> 1.0)
6
+ sorcery (~> 0.12.0)
7
+
8
+ GEM
9
+ remote: https://rubygems.org/
10
+ specs:
11
+ bcrypt (3.1.12)
12
+ coderay (1.1.2)
13
+ diff-lcs (1.3)
14
+ faraday (0.15.3)
15
+ multipart-post (>= 1.2, < 3)
16
+ jwt (1.5.6)
17
+ method_source (0.8.2)
18
+ multi_json (1.13.1)
19
+ multi_xml (0.6.0)
20
+ multipart-post (2.0.0)
21
+ oauth (0.5.4)
22
+ oauth2 (1.4.1)
23
+ faraday (>= 0.8, < 0.16.0)
24
+ jwt (>= 1.0, < 3.0)
25
+ multi_json (~> 1.3)
26
+ multi_xml (~> 0.5)
27
+ rack (>= 1.2, < 3)
28
+ pry (0.10.4)
29
+ coderay (~> 1.1.0)
30
+ method_source (~> 0.8.1)
31
+ slop (~> 3.4)
32
+ rack (2.0.5)
33
+ rake (10.5.0)
34
+ rspec (3.8.0)
35
+ rspec-core (~> 3.8.0)
36
+ rspec-expectations (~> 3.8.0)
37
+ rspec-mocks (~> 3.8.0)
38
+ rspec-core (3.8.0)
39
+ rspec-support (~> 3.8.0)
40
+ rspec-expectations (3.8.2)
41
+ diff-lcs (>= 1.2.0, < 2.0)
42
+ rspec-support (~> 3.8.0)
43
+ rspec-mocks (3.8.0)
44
+ diff-lcs (>= 1.2.0, < 2.0)
45
+ rspec-support (~> 3.8.0)
46
+ rspec-support (3.8.0)
47
+ slop (3.6.0)
48
+ sorcery (0.12.0)
49
+ bcrypt (~> 3.1)
50
+ oauth (~> 0.4, >= 0.4.4)
51
+ oauth2 (~> 1.0, >= 0.8.0)
52
+
53
+ PLATFORMS
54
+ ruby
55
+
56
+ DEPENDENCIES
57
+ bundler (~> 1.16)
58
+ pry (~> 0.10.0)
59
+ rake (~> 10.0)
60
+ rspec (~> 3.0)
61
+ sorcery-jwt!
62
+
63
+ BUNDLED WITH
64
+ 1.16.2
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2018 Hayden Luckenbach
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,79 @@
1
+ # Sorcery::Jwt
2
+
3
+ Jwt extension for the Sorcery authentication library
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'sorcery-jwt'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install sorcery-jwt
20
+
21
+ ## Usage
22
+
23
+ First, include the `:jwt` submodule in your list of configured Sorcery submodules:
24
+
25
+ ```
26
+ Rails.application.config.sorcery.submodules = [:jwt, ...]
27
+ ```
28
+
29
+ Next, in the Sorcery `user_config`, set the secret and algorithm that will be used to sign your tokens:
30
+
31
+ ```
32
+ Rails.application.config.sorcery.configure do |config|
33
+ # ...
34
+ config.user_config do |user|
35
+ # ...
36
+ user.jwt_secret = Rails.application.secrets.secret_key_base
37
+ user.jwt_algorithm = "HS256" # HS256 is used by default.
38
+ end
39
+ end
40
+ ```
41
+
42
+ Available algorithms are listed at https://github.com/jwt/ruby-jwt.
43
+
44
+ You're now ready to start using the library. By including the submodule, each request will check for an authorization header with a JWT as the value. If the JWT is valid, it will set the `current_user` in the controller to the matching user. It is up to you to handle what happens when a token is invalid or JWTs need to be revoked. Some ideas here: http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/.
45
+
46
+ To login a user and issue a token, use the `login_and_issue_token` method from a controller. This method takes the same `email` and `password` arguments that the Sorcery `authenticate` method does.
47
+
48
+ Example:
49
+
50
+ ```
51
+ def login
52
+ token = login_and_issue_token(params[:email], params[:password])
53
+
54
+ render json: {
55
+ user: serialize(current_user),
56
+ token: token
57
+ }
58
+ end
59
+ ```
60
+
61
+ By using `login_and_issue_token` with valid credentials, you're also setting `current_user` in your controller.
62
+
63
+ ## Development
64
+
65
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
66
+
67
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
68
+
69
+ ## Contributing
70
+
71
+ Bug reports and pull requests are welcome on GitHub at https://github.com/hayfever/sorcery-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
72
+
73
+ ## License
74
+
75
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
76
+
77
+ ## Code of Conduct
78
+
79
+ Everyone interacting in the Sorcery::Jwt project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/hayfever/sorcery-jwt/blob/master/CODE_OF_CONDUCT.md).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "sorcery/jwt"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,49 @@
1
+ module Sorcery
2
+ module Controller
3
+ module Submodules
4
+ module Jwt
5
+ def self.included(base)
6
+ base.send(:include, InstanceMethods)
7
+ Config.login_sources << :login_from_jwt
8
+ end
9
+
10
+ module InstanceMethods
11
+ protected
12
+
13
+ def login_from_jwt
14
+ user = decoded_token.first
15
+
16
+ @current_user = user_class.find_by(user)
17
+ auto_login(@current_user) if @current_user
18
+ @current_user
19
+ rescue JWT::DecodeError
20
+ @current_user = false
21
+ end
22
+
23
+ def login_and_issue_token(*credentials)
24
+ return unless (user = user_class.authenticate(*credentials))
25
+
26
+ @current_user = user
27
+ auto_login(@current_user)
28
+ user_class.issue_token(id: @current_user.id, email: @current_user.email)
29
+ end
30
+
31
+ private
32
+
33
+ def token
34
+ return nil unless authorization_header
35
+ authorization_header.split(" ").last
36
+ end
37
+
38
+ def authorization_header
39
+ @authorization_header ||= request.headers["Authorization"]
40
+ end
41
+
42
+ def decoded_token
43
+ user_class.decode_token(token)
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,5 @@
1
+ module Sorcery
2
+ module Jwt
3
+ VERSION = "0.1.0".freeze
4
+ end
5
+ end
@@ -0,0 +1,15 @@
1
+ require "sorcery/jwt/version"
2
+
3
+ module Sorcery
4
+ module Controller
5
+ module Submodules
6
+ require "sorcery/controller/submodules/jwt"
7
+ end
8
+ end
9
+
10
+ module Model
11
+ module Submodules
12
+ require "sorcery/model/submodules/jwt"
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,51 @@
1
+ require "sorcery/jwt/version"
2
+ require "jwt"
3
+
4
+ module Sorcery
5
+ module Model
6
+ module Submodules
7
+ module Jwt
8
+ def self.included(base)
9
+ base.sorcery_config.class_eval do
10
+ # Secret used to encode JWTs. Should correspond to the type needed by the algorithm used.
11
+ attr_accessor :jwt_secret
12
+ # Type of the algorithm used to encode JWTs. Corresponds to the options available in jwt/ruby-jwt.
13
+ attr_accessor :jwt_algorithm
14
+ end
15
+
16
+ base.sorcery_config.instance_eval do
17
+ @defaults[:@jwt_algorithm] = "HS256"
18
+
19
+ reset!
20
+ end
21
+
22
+ base.sorcery_config.after_config << :validate_secret_defined
23
+
24
+ base.extend(ClassMethods)
25
+ base.send(:include, InstanceMethods)
26
+ end
27
+
28
+ module ClassMethods
29
+ def issue_token(payload)
30
+ JWT.encode(payload, @sorcery_config.jwt_secret, @sorcery_config.jwt_algorithm)
31
+ end
32
+
33
+ def decode_token(token)
34
+ JWT.decode(token, @sorcery_config.jwt_secret, true, algorithm: @sorcery_config.jwt_algorithm)
35
+ end
36
+
37
+ def token_valid?(token)
38
+ decode_token(token).present?
39
+ end
40
+
41
+ protected
42
+
43
+ def validate_secret_defined
44
+ message = "A secret must be configured when using the Sorcery::Jwt extension."
45
+ raise ArgumentError, message if @sorcery_config.jwt_secret.nil?
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,36 @@
1
+ lib = File.expand_path("../lib", __FILE__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+ require "sorcery/jwt/version"
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "sorcery-jwt"
7
+ spec.version = Sorcery::Jwt::VERSION
8
+ spec.authors = ["Hayden Luckenbach"]
9
+ spec.email = ["hluckenb@gmail.com"]
10
+
11
+ spec.summary = "Jwt extension for the Sorcery authentication library"
12
+ spec.description = ""
13
+ spec.homepage = "https://github.com/hayfever/sorcery-jwt"
14
+ spec.license = "MIT"
15
+
16
+ # Specify which files should be added to the gem when it is released.
17
+ # The `git ls-files -z` loads the files in the RubyGem that have been
18
+ # added into git.
19
+ spec.files = Dir.chdir(File.expand_path("..", __FILE__)) do
20
+ `git ls-files -z`.split("\x0").reject do |f|
21
+ f.match(%r{^(test|spec|features)/})
22
+ end
23
+ end
24
+
25
+ spec.bindir = "exe"
26
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
27
+ spec.require_paths = ["lib"]
28
+
29
+ spec.add_development_dependency "bundler", "~> 1.16"
30
+ spec.add_development_dependency "pry", "~> 0.10.0"
31
+ spec.add_development_dependency "rake", "~> 10.0"
32
+ spec.add_development_dependency "rspec", "~> 3.0"
33
+
34
+ spec.add_runtime_dependency "jwt", "~> 1.0"
35
+ spec.add_runtime_dependency "sorcery", "~> 0.12.0"
36
+ end
metadata ADDED
@@ -0,0 +1,144 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sorcery-jwt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Hayden Luckenbach
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2018-10-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.16'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.16'
27
+ - !ruby/object:Gem::Dependency
28
+ name: pry
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.10.0
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.10.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: jwt
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: sorcery
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: 0.12.0
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: 0.12.0
97
+ description: ''
98
+ email:
99
+ - hluckenb@gmail.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - ".gitignore"
105
+ - ".rspec"
106
+ - ".travis.yml"
107
+ - CODE_OF_CONDUCT.md
108
+ - Gemfile
109
+ - Gemfile.lock
110
+ - LICENSE.txt
111
+ - README.md
112
+ - Rakefile
113
+ - bin/console
114
+ - bin/setup
115
+ - lib/sorcery/controller/submodules/jwt.rb
116
+ - lib/sorcery/jwt.rb
117
+ - lib/sorcery/jwt/version.rb
118
+ - lib/sorcery/model/submodules/jwt.rb
119
+ - sorcery-jwt.gemspec
120
+ homepage: https://github.com/hayfever/sorcery-jwt
121
+ licenses:
122
+ - MIT
123
+ metadata: {}
124
+ post_install_message:
125
+ rdoc_options: []
126
+ require_paths:
127
+ - lib
128
+ required_ruby_version: !ruby/object:Gem::Requirement
129
+ requirements:
130
+ - - ">="
131
+ - !ruby/object:Gem::Version
132
+ version: '0'
133
+ required_rubygems_version: !ruby/object:Gem::Requirement
134
+ requirements:
135
+ - - ">="
136
+ - !ruby/object:Gem::Version
137
+ version: '0'
138
+ requirements: []
139
+ rubyforge_project:
140
+ rubygems_version: 2.7.6
141
+ signing_key:
142
+ specification_version: 4
143
+ summary: Jwt extension for the Sorcery authentication library
144
+ test_files: []