warden-jwt_auth 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/CHANGELOG.md +4 -0
- data/README.md +7 -2
- data/lib/warden/jwt_auth/strategy.rb +2 -3
- data/lib/warden/jwt_auth/token_decoder.rb +3 -0
- data/lib/warden/jwt_auth/version.rb +1 -1
- data/warden-jwt_auth.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4082fce67deba19f7d0b8b1adf411676b7b30c4f
|
|
4
|
+
data.tar.gz: 8b48402434ee8634dd7c06e359a4b4a9621df9b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 274bf114481da6a87e527e51a3721053c3f094432fc59b4761a031d4972cf9dcf2eedbb657ab2ea490065cd2d218f10326ab7ca897d65d08249352688afe1113
|
|
7
|
+
data.tar.gz: b0815f82470d23d7d06e6a3921196e907c2b6655bc1e9cc9303dbdf4e38c0d11e613cbccd1231ba4091cfecd1a7ab8d6820cc2f48282bd784b9cc46e3425d602
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.1.4] - 2017-11-21
|
|
8
|
+
### Fixed
|
|
9
|
+
- Update `jwt` dependency
|
|
10
|
+
|
|
7
11
|
## [0.1.3] - 2017-04-15
|
|
8
12
|
### Fixed
|
|
9
13
|
- Coerce `sub` to string to conform with JWT specification
|
data/README.md
CHANGED
|
@@ -7,10 +7,15 @@
|
|
|
7
7
|
|
|
8
8
|
`warden-jwt_auth` is a [warden](https://github.com/hassox/warden) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
|
|
9
9
|
|
|
10
|
+
This gem is just a replacement for cookies when these can't be used. As
|
|
11
|
+
cookies, a token expired with `warden-jwt_auth` will mandatorily have an
|
|
12
|
+
expiration time. If you need that your users never sign out, you will be better
|
|
13
|
+
off with a solution using refresh tokens, like some implementation of OAuth2.
|
|
14
|
+
|
|
10
15
|
You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
|
|
11
16
|
|
|
12
17
|
- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
|
|
13
|
-
- [JWT
|
|
18
|
+
- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
|
|
14
19
|
- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
|
|
15
20
|
- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails/)
|
|
16
21
|
|
|
@@ -19,7 +24,7 @@ If what you need is a JWT authentication library for [devise](https://github.com
|
|
|
19
24
|
## Installation
|
|
20
25
|
|
|
21
26
|
```ruby
|
|
22
|
-
gem 'warden-jwt_auth', '~> 0.1.
|
|
27
|
+
gem 'warden-jwt_auth', '~> 0.1.4'
|
|
23
28
|
```
|
|
24
29
|
|
|
25
30
|
And then execute:
|
|
@@ -6,10 +6,9 @@ module Warden
|
|
|
6
6
|
module JWTAuth
|
|
7
7
|
# Warden strategy to authenticate an user through a JWT token in the
|
|
8
8
|
# `Authorization` request header
|
|
9
|
-
# :reek:
|
|
9
|
+
# :reek:PrimaDonnaMethod
|
|
10
10
|
class Strategy < Warden::Strategies::Base
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
# :reek:NeelCheck
|
|
13
12
|
def valid?
|
|
14
13
|
!token.nil?
|
|
15
14
|
end
|
|
@@ -8,6 +8,9 @@ module Warden
|
|
|
8
8
|
|
|
9
9
|
# Decodes the payload from a JWT as a hash
|
|
10
10
|
#
|
|
11
|
+
# @see JWT.decode for all the exceptions than can be raised when given
|
|
12
|
+
# token is invalid
|
|
13
|
+
#
|
|
11
14
|
# @param token [String] a JWT
|
|
12
15
|
# @return [Hash] payload decoded from the JWT
|
|
13
16
|
def call(token)
|
data/warden-jwt_auth.gemspec
CHANGED
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
|
|
22
22
|
spec.add_dependency 'dry-configurable', '~> 0.5'
|
|
23
23
|
spec.add_dependency 'dry-auto_inject', '~> 0.4'
|
|
24
|
-
spec.add_dependency 'jwt', '~> 1
|
|
24
|
+
spec.add_dependency 'jwt', '~> 2.1'
|
|
25
25
|
spec.add_dependency 'warden', '~> 1.2'
|
|
26
26
|
|
|
27
27
|
spec.add_development_dependency "bundler", "~> 1.12"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: warden-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dry-configurable
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '1
|
|
47
|
+
version: '2.1'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '1
|
|
54
|
+
version: '2.1'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: warden
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|