warden-jwt_auth 0.9.0 → 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +2 -2
- data/lib/warden/jwt_auth/env_helper.rb +17 -7
- data/lib/warden/jwt_auth/header_parser.rb +3 -3
- data/lib/warden/jwt_auth/version.rb +1 -1
- data/lib/warden/jwt_auth.rb +3 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 60f3a20e896744f9907bae893ef869cebf5240e3250c98ea9e642aee65f69971
|
4
|
+
data.tar.gz: c3fcb1ebf73d1553d8b91c2195b465095ed9b0cf888ccf0a4474f6ccbba7329e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a7a29ff7471a33da771a5a5ace1906e7e017aa3640f79779d1cd42c8edf1e52d2c3470489021c4826eefa7bf4023135260347cc004a2df9ddfcdb639a3fa0dfe
|
7
|
+
data.tar.gz: d9192d67594cc4f86392b5d45b3f41ed13e7321cc52406168f9edb073bcc985c384252000713c20294c6a38ed8fe8960ff544216cd73f9a3c74447050c8176a7
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
6
6
|
|
7
|
+
## [0.10.1] - 2024-12-15
|
8
|
+
- Fix version mismatch
|
9
|
+
|
7
10
|
## [0.8.0] - 2024-06-28
|
8
11
|
- Add support for issue claim ([56](https://github.com/waiting-for-dev/warden-jwt_auth/pull/56))
|
9
12
|
|
data/README.md
CHANGED
@@ -145,7 +145,7 @@ config.dispatch_requests = [
|
|
145
145
|
|
146
146
|
**Important**: You are encouraged to delimit your regular expression with `^` and `$` to avoid unintentional matches.
|
147
147
|
|
148
|
-
Tokens will be returned in the `Authorization` response header, with format `Bearer #{token}`.
|
148
|
+
Tokens will be returned in the `Authorization` response header (configurable via `config.token_header`), with format `Bearer #{token}`.
|
149
149
|
|
150
150
|
### Requests authentication
|
151
151
|
|
@@ -175,7 +175,7 @@ config.revocation_strategies = { user: RevocationStrategy }
|
|
175
175
|
|
176
176
|
The implementation of the revocation strategy is also on your side. They just need to implement two methods: `jwt_revoked?` and `revoke_jwt`, both of them accepting as parameters the JWT payload and the user record, in this order.
|
177
177
|
|
178
|
-
You can read about which [JWT recovation strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies
|
178
|
+
You can read about which [JWT recovation strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies) can be implement with their pros and cons.
|
179
179
|
|
180
180
|
```ruby
|
181
181
|
module RevocationStrategy
|
@@ -25,16 +25,17 @@ module Warden
|
|
25
25
|
env['REQUEST_METHOD']
|
26
26
|
end
|
27
27
|
|
28
|
-
# Returns
|
28
|
+
# Returns header configured through `token_header` option
|
29
29
|
#
|
30
30
|
# @param env [Hash] Rack env
|
31
31
|
# @return [String]
|
32
32
|
def self.authorization_header(env)
|
33
|
-
|
33
|
+
header_env_name = env_name(JWTAuth.config.token_header)
|
34
|
+
env[header_env_name]
|
34
35
|
end
|
35
36
|
|
36
|
-
# Returns a copy of `env` with value added to the
|
37
|
-
#
|
37
|
+
# Returns a copy of `env` with value added to the environment variable
|
38
|
+
# configured through `token_header` option
|
38
39
|
#
|
39
40
|
# Be aware than `env` is not modified in place and still an updated copy
|
40
41
|
# is returned.
|
@@ -44,7 +45,8 @@ module Warden
|
|
44
45
|
# @return [Hash] modified rack env
|
45
46
|
def self.set_authorization_header(env, value)
|
46
47
|
env = env.dup
|
47
|
-
|
48
|
+
header_env_name = env_name(JWTAuth.config.token_header)
|
49
|
+
env[header_env_name] = value
|
48
50
|
env
|
49
51
|
end
|
50
52
|
|
@@ -53,8 +55,16 @@ module Warden
|
|
53
55
|
# @param env [Hash] Rack env
|
54
56
|
# @return [String]
|
55
57
|
def self.aud_header(env)
|
56
|
-
|
57
|
-
env[
|
58
|
+
header_env_name = env_name(JWTAuth.config.aud_header)
|
59
|
+
env[header_env_name]
|
60
|
+
end
|
61
|
+
|
62
|
+
# Returns the ENV name for a given header
|
63
|
+
#
|
64
|
+
# @param header [String] Header name
|
65
|
+
# @return [String]
|
66
|
+
def self.env_name(header)
|
67
|
+
('HTTP_' + header.upcase).tr('-', '_')
|
58
68
|
end
|
59
69
|
end
|
60
70
|
end
|
@@ -21,8 +21,8 @@ module Warden
|
|
21
21
|
method == METHOD ? token : nil
|
22
22
|
end
|
23
23
|
|
24
|
-
# Returns a copy of `env` with token added to the
|
25
|
-
#
|
24
|
+
# Returns a copy of `env` with token added to the header configured through
|
25
|
+
# `token_header` option. Be aware than `env` is not modified in place.
|
26
26
|
#
|
27
27
|
# @param env [Hash] rack env hash
|
28
28
|
# @param token [String] JWT token
|
@@ -39,7 +39,7 @@ module Warden
|
|
39
39
|
# @return [Hash] response headers with the token added
|
40
40
|
def self.to_headers(headers, token)
|
41
41
|
headers = headers.dup
|
42
|
-
headers[
|
42
|
+
headers[JWTAuth.config.token_header] = "#{METHOD} #{token}"
|
43
43
|
headers
|
44
44
|
end
|
45
45
|
end
|
data/lib/warden/jwt_auth.rb
CHANGED
@@ -53,6 +53,9 @@ module Warden
|
|
53
53
|
# Expiration time for tokens
|
54
54
|
setting :expiration_time, default: 3600
|
55
55
|
|
56
|
+
# Request header that will be used for receiving and returning the token.
|
57
|
+
setting :token_header, default: 'Authorization'
|
58
|
+
|
56
59
|
# The issuer claims associated with the tokens
|
57
60
|
#
|
58
61
|
# Will be used to only apply the warden strategy when the issuer matches.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warden-jwt_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marc Busqué
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-12-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dry-auto_inject
|