warden-jwt_auth 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +2 -1
- data/lib/warden/jwt_auth/hooks.rb +21 -0
- data/lib/warden/jwt_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a9782cdbdf76a6eb2713519f95119793dfe5a394
|
4
|
+
data.tar.gz: 7440380db752d295344edb0f99f174ecd59b8fe4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b32d3633a45e59021721bcd22ddd4368e54b0a5170273bc70c7a3f9899dd51dce637eac2f0a48946e73f72b06ed4b008c1aa5677d2bb176dfdb55489dc85181e
|
7
|
+
data.tar.gz: f0565c6480919c4b39e44034b8e352b806661f18bc25da17989b0c1e670bda9759a6ea255525d91d4f2085980fc24228131bc9e32edd64b935e249f8cbf505ec
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
6
6
|
|
7
|
+
## [0.3.1] - 2017-12-11
|
8
|
+
### Added
|
9
|
+
- Ensure JWT scopes are not fetched from session. Workaround for
|
10
|
+
https://github.com/hassox/warden/pull/118
|
11
|
+
|
7
12
|
## [0.3.0] - 2017-12-06
|
8
13
|
### Added
|
9
14
|
- Add and call hook method `on_jwt_dispatch` on user instance
|
data/README.md
CHANGED
@@ -24,7 +24,7 @@ If what you need is a JWT authentication library for [devise](https://github.com
|
|
24
24
|
## Installation
|
25
25
|
|
26
26
|
```ruby
|
27
|
-
gem 'warden-jwt_auth', '~> 0.3.
|
27
|
+
gem 'warden-jwt_auth', '~> 0.3.1'
|
28
28
|
```
|
29
29
|
|
30
30
|
And then execute:
|
@@ -106,6 +106,7 @@ Just when a token is going to be dispatched to a client, a hook method `on_jwt_d
|
|
106
106
|
def on_jwt_dispatch(token, payload)
|
107
107
|
# Do something
|
108
108
|
end
|
109
|
+
```
|
109
110
|
|
110
111
|
### Middlewares addition
|
111
112
|
|
@@ -18,6 +18,17 @@ module Warden
|
|
18
18
|
new.send(:prepare_token, user, auth, opts)
|
19
19
|
end
|
20
20
|
|
21
|
+
# Sign out a JWT scope if it comes from the session.
|
22
|
+
#
|
23
|
+
# If a user is meant to be authenticated via JWT, then if it is fetched
|
24
|
+
# from the session it must be something not intended to happen and a
|
25
|
+
# security threat.
|
26
|
+
#
|
27
|
+
# Workaround until https://github.com/hassox/warden/pull/118 is fixed
|
28
|
+
def self.after_fetch(_user, auth, opts)
|
29
|
+
new.send(:logout_scope, auth, opts)
|
30
|
+
end
|
31
|
+
|
21
32
|
private
|
22
33
|
|
23
34
|
def prepare_token(user, auth, opts)
|
@@ -27,6 +38,12 @@ module Warden
|
|
27
38
|
add_token_to_env(user, scope, env)
|
28
39
|
end
|
29
40
|
|
41
|
+
def logout_scope(auth, opts)
|
42
|
+
scope = opts[:scope]
|
43
|
+
return unless jwt_scope?(scope)
|
44
|
+
auth.logout(scope)
|
45
|
+
end
|
46
|
+
|
30
47
|
def token_should_be_added?(scope, env)
|
31
48
|
path_info = EnvHelper.path_info(env)
|
32
49
|
method = EnvHelper.request_method(env)
|
@@ -62,3 +79,7 @@ end
|
|
62
79
|
Warden::Manager.after_set_user do |user, auth, opts|
|
63
80
|
Warden::JWTAuth::Hooks.after_set_user(user, auth, opts)
|
64
81
|
end
|
82
|
+
|
83
|
+
Warden::Manager.after_fetch do |user, auth, opts|
|
84
|
+
Warden::JWTAuth::Hooks.after_fetch(user, auth, opts)
|
85
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warden-jwt_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marc Busqué
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-12-
|
11
|
+
date: 2017-12-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dry-configurable
|