warden-jwt_auth 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/CHANGELOG.md +4 -0
- data/README.md +7 -2
- data/lib/warden/jwt_auth/strategy.rb +2 -3
- data/lib/warden/jwt_auth/token_decoder.rb +3 -0
- data/lib/warden/jwt_auth/version.rb +1 -1
- data/warden-jwt_auth.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4082fce67deba19f7d0b8b1adf411676b7b30c4f
|
|
4
|
+
data.tar.gz: 8b48402434ee8634dd7c06e359a4b4a9621df9b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 274bf114481da6a87e527e51a3721053c3f094432fc59b4761a031d4972cf9dcf2eedbb657ab2ea490065cd2d218f10326ab7ca897d65d08249352688afe1113
|
|
7
|
+
data.tar.gz: b0815f82470d23d7d06e6a3921196e907c2b6655bc1e9cc9303dbdf4e38c0d11e613cbccd1231ba4091cfecd1a7ab8d6820cc2f48282bd784b9cc46e3425d602
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.1.4] - 2017-11-21
|
|
8
|
+
### Fixed
|
|
9
|
+
- Update `jwt` dependency
|
|
10
|
+
|
|
7
11
|
## [0.1.3] - 2017-04-15
|
|
8
12
|
### Fixed
|
|
9
13
|
- Coerce `sub` to string to conform with JWT specification
|
data/README.md
CHANGED
|
@@ -7,10 +7,15 @@
|
|
|
7
7
|
|
|
8
8
|
`warden-jwt_auth` is a [warden](https://github.com/hassox/warden) extension which uses [JWT](https://jwt.io/) tokens for user authentication. It follows [secure by default](https://en.wikipedia.org/wiki/Secure_by_default) principle.
|
|
9
9
|
|
|
10
|
+
This gem is just a replacement for cookies when these can't be used. As
|
|
11
|
+
cookies, a token expired with `warden-jwt_auth` will mandatorily have an
|
|
12
|
+
expiration time. If you need that your users never sign out, you will be better
|
|
13
|
+
off with a solution using refresh tokens, like some implementation of OAuth2.
|
|
14
|
+
|
|
10
15
|
You can read about which security concerns this library takes into account and about JWT generic secure usage in the following series of posts:
|
|
11
16
|
|
|
12
17
|
- [Stand Up for JWT Revocation](http://waiting-for-dev.github.io/blog/2017/01/23/stand_up_for_jwt_revocation/)
|
|
13
|
-
- [JWT
|
|
18
|
+
- [JWT Revocation Strategies](http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies/)
|
|
14
19
|
- [JWT Secure Usage](http://waiting-for-dev.github.io/blog/2017/01/25/jwt_secure_usage/)
|
|
15
20
|
- [A secure JWT authentication implementation for Rack and Rails](http://waiting-for-dev.github.io/blog/2017/01/26/a_secure_jwt_authentication_implementation_for_rack_and_rails/)
|
|
16
21
|
|
|
@@ -19,7 +24,7 @@ If what you need is a JWT authentication library for [devise](https://github.com
|
|
|
19
24
|
## Installation
|
|
20
25
|
|
|
21
26
|
```ruby
|
|
22
|
-
gem 'warden-jwt_auth', '~> 0.1.
|
|
27
|
+
gem 'warden-jwt_auth', '~> 0.1.4'
|
|
23
28
|
```
|
|
24
29
|
|
|
25
30
|
And then execute:
|
|
@@ -6,10 +6,9 @@ module Warden
|
|
|
6
6
|
module JWTAuth
|
|
7
7
|
# Warden strategy to authenticate an user through a JWT token in the
|
|
8
8
|
# `Authorization` request header
|
|
9
|
-
# :reek:
|
|
9
|
+
# :reek:PrimaDonnaMethod
|
|
10
10
|
class Strategy < Warden::Strategies::Base
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
# :reek:NeelCheck
|
|
13
12
|
def valid?
|
|
14
13
|
!token.nil?
|
|
15
14
|
end
|
|
@@ -8,6 +8,9 @@ module Warden
|
|
|
8
8
|
|
|
9
9
|
# Decodes the payload from a JWT as a hash
|
|
10
10
|
#
|
|
11
|
+
# @see JWT.decode for all the exceptions than can be raised when given
|
|
12
|
+
# token is invalid
|
|
13
|
+
#
|
|
11
14
|
# @param token [String] a JWT
|
|
12
15
|
# @return [Hash] payload decoded from the JWT
|
|
13
16
|
def call(token)
|
data/warden-jwt_auth.gemspec
CHANGED
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
|
|
22
22
|
spec.add_dependency 'dry-configurable', '~> 0.5'
|
|
23
23
|
spec.add_dependency 'dry-auto_inject', '~> 0.4'
|
|
24
|
-
spec.add_dependency 'jwt', '~> 1
|
|
24
|
+
spec.add_dependency 'jwt', '~> 2.1'
|
|
25
25
|
spec.add_dependency 'warden', '~> 1.2'
|
|
26
26
|
|
|
27
27
|
spec.add_development_dependency "bundler", "~> 1.12"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: warden-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dry-configurable
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '1
|
|
47
|
+
version: '2.1'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '1
|
|
54
|
+
version: '2.1'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: warden
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|