warden-jwt_auth 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3792baa44346d5f08fdf21da1af6df6e0400ac8e
4
- data.tar.gz: cae4999199e844a67da81ca6a9c2c1934c97c878
3
+ metadata.gz: 581e544d6b6fccb8635aac2719efefbbb5b760e8
4
+ data.tar.gz: e36d38d069f456bccc0b8eece033c7419da005ac
5
5
  SHA512:
6
- metadata.gz: 3a5685a38e2c21a7d005e57ee5e2b5b73f94eb801118a9faae685e69f5e723e41e27bc17cfdc296f220ec2a5250614f33981ae154b57885ca88fd86507dd3989
7
- data.tar.gz: aa63cee9efe1e7f4a7f408d0a6257c5fd61d42d19aaf21da700f26bd1c877415548c571cf155182b072981de1096b17683eafb64c3b70045afded744145ec6ce
6
+ metadata.gz: e8b1e212fa604ed3b2af19aa44392c625f6192869750d479be7af50f0c426c5961fa91497d95385d5bfa452b528fadf474283f744880debba8547c7d16329177
7
+ data.tar.gz: 67a9837cc9c55f1fd4cf1970d1891e68c3e59a8262e4161835e398b827fc1074b5f8df9ba3121196dec197e51237c024b0f708139e633437e4c0ba547c101385
data/CHANGELOG.md CHANGED
@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
4
4
  The format is based on [Keep a Changelog](http://keepachangelog.com/)
5
5
  and this project adheres to [Semantic Versioning](http://semver.org/).
6
6
 
7
- ## [0.3.4] - 2018-12-09
7
+ ## [0.3.5] - 2018-01-30
8
+ ### Fixed
9
+ - Do not disallow fetching JWT scopes from session
10
+
11
+ ## [0.3.4] - 2018-01-09
8
12
  ### Fixed
9
13
  - Do not log out from session for standard AJAX requests
10
14
 
data/README.md CHANGED
@@ -24,7 +24,7 @@ If what you need is a JWT authentication library for [devise](https://github.com
24
24
  ## Installation
25
25
 
26
26
  ```ruby
27
- gem 'warden-jwt_auth', '~> 0.3.4'
27
+ gem 'warden-jwt_auth', '~> 0.3.5'
28
28
  ```
29
29
 
30
30
  And then execute:
@@ -56,18 +56,6 @@ module Warden
56
56
  env_name = ('HTTP_' + JWTAuth.config.aud_header.upcase).tr('-', '_')
57
57
  env[env_name]
58
58
  end
59
-
60
- # Heuristic to determinate whether the request is not meant to be consumed
61
- # by an API endpoint
62
- #
63
- # @param env [Hash] Rack env
64
- # @return [Boolean]
65
- def self.no_api_request?(env)
66
- accept = env['HTTP_ACCEPT']
67
- return false unless accept
68
- accept.include?('text/html') ||
69
- accept.include?('text/javascript')
70
- end
71
59
  end
72
60
  end
73
61
  end
@@ -18,18 +18,6 @@ module Warden
18
18
  new.send(:prepare_token, user, auth, opts)
19
19
  end
20
20
 
21
- # Sign out a JWT scope if it comes from the session unless it is an HTML
22
- # request
23
- #
24
- # If a user is meant to be authenticated via JWT, then if it is fetched
25
- # from the session during an API request it must be something not intended
26
- # to happen and a security threat.
27
- #
28
- # Workaround until https://github.com/hassox/warden/pull/118 is fixed
29
- def self.after_fetch(_user, auth, opts)
30
- new.send(:logout_scope, auth, opts)
31
- end
32
-
33
21
  private
34
22
 
35
23
  def prepare_token(user, auth, opts)
@@ -39,14 +27,6 @@ module Warden
39
27
  add_token_to_env(user, scope, env)
40
28
  end
41
29
 
42
- # :reek:FeatureEnvy
43
- def logout_scope(auth, opts)
44
- env = auth.env
45
- scope = opts[:scope]
46
- return if !jwt_scope?(scope) || EnvHelper.no_api_request?(env)
47
- auth.logout(scope)
48
- end
49
-
50
30
  def token_should_be_added?(scope, env)
51
31
  path_info = EnvHelper.path_info(env)
52
32
  method = EnvHelper.request_method(env)
@@ -83,7 +63,3 @@ end
83
63
  Warden::Manager.after_set_user do |user, auth, opts|
84
64
  Warden::JWTAuth::Hooks.after_set_user(user, auth, opts)
85
65
  end
86
-
87
- Warden::Manager.after_fetch do |user, auth, opts|
88
- Warden::JWTAuth::Hooks.after_fetch(user, auth, opts)
89
- end
@@ -17,6 +17,7 @@ module Warden
17
17
  # rubocop:disable Lint/HandleExceptions
18
18
  rescue JWT::ExpiredSignature
19
19
  end
20
+ # rubocop:enable Lint/HandleExceptions
20
21
  end
21
22
  end
22
23
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Warden
4
4
  module JWTAuth
5
- VERSION = '0.3.4'
5
+ VERSION = '0.3.5'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: warden-jwt_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.4
4
+ version: 0.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marc Busqué
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-01-09 00:00:00.000000000 Z
11
+ date: 2018-01-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dry-configurable