warden-jwt_auth 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +2 -1
- data/lib/warden/jwt_auth/hooks.rb +21 -0
- data/lib/warden/jwt_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a9782cdbdf76a6eb2713519f95119793dfe5a394
|
|
4
|
+
data.tar.gz: 7440380db752d295344edb0f99f174ecd59b8fe4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b32d3633a45e59021721bcd22ddd4368e54b0a5170273bc70c7a3f9899dd51dce637eac2f0a48946e73f72b06ed4b008c1aa5677d2bb176dfdb55489dc85181e
|
|
7
|
+
data.tar.gz: f0565c6480919c4b39e44034b8e352b806661f18bc25da17989b0c1e670bda9759a6ea255525d91d4f2085980fc24228131bc9e32edd64b935e249f8cbf505ec
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.3.1] - 2017-12-11
|
|
8
|
+
### Added
|
|
9
|
+
- Ensure JWT scopes are not fetched from session. Workaround for
|
|
10
|
+
https://github.com/hassox/warden/pull/118
|
|
11
|
+
|
|
7
12
|
## [0.3.0] - 2017-12-06
|
|
8
13
|
### Added
|
|
9
14
|
- Add and call hook method `on_jwt_dispatch` on user instance
|
data/README.md
CHANGED
|
@@ -24,7 +24,7 @@ If what you need is a JWT authentication library for [devise](https://github.com
|
|
|
24
24
|
## Installation
|
|
25
25
|
|
|
26
26
|
```ruby
|
|
27
|
-
gem 'warden-jwt_auth', '~> 0.3.
|
|
27
|
+
gem 'warden-jwt_auth', '~> 0.3.1'
|
|
28
28
|
```
|
|
29
29
|
|
|
30
30
|
And then execute:
|
|
@@ -106,6 +106,7 @@ Just when a token is going to be dispatched to a client, a hook method `on_jwt_d
|
|
|
106
106
|
def on_jwt_dispatch(token, payload)
|
|
107
107
|
# Do something
|
|
108
108
|
end
|
|
109
|
+
```
|
|
109
110
|
|
|
110
111
|
### Middlewares addition
|
|
111
112
|
|
|
@@ -18,6 +18,17 @@ module Warden
|
|
|
18
18
|
new.send(:prepare_token, user, auth, opts)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# Sign out a JWT scope if it comes from the session.
|
|
22
|
+
#
|
|
23
|
+
# If a user is meant to be authenticated via JWT, then if it is fetched
|
|
24
|
+
# from the session it must be something not intended to happen and a
|
|
25
|
+
# security threat.
|
|
26
|
+
#
|
|
27
|
+
# Workaround until https://github.com/hassox/warden/pull/118 is fixed
|
|
28
|
+
def self.after_fetch(_user, auth, opts)
|
|
29
|
+
new.send(:logout_scope, auth, opts)
|
|
30
|
+
end
|
|
31
|
+
|
|
21
32
|
private
|
|
22
33
|
|
|
23
34
|
def prepare_token(user, auth, opts)
|
|
@@ -27,6 +38,12 @@ module Warden
|
|
|
27
38
|
add_token_to_env(user, scope, env)
|
|
28
39
|
end
|
|
29
40
|
|
|
41
|
+
def logout_scope(auth, opts)
|
|
42
|
+
scope = opts[:scope]
|
|
43
|
+
return unless jwt_scope?(scope)
|
|
44
|
+
auth.logout(scope)
|
|
45
|
+
end
|
|
46
|
+
|
|
30
47
|
def token_should_be_added?(scope, env)
|
|
31
48
|
path_info = EnvHelper.path_info(env)
|
|
32
49
|
method = EnvHelper.request_method(env)
|
|
@@ -62,3 +79,7 @@ end
|
|
|
62
79
|
Warden::Manager.after_set_user do |user, auth, opts|
|
|
63
80
|
Warden::JWTAuth::Hooks.after_set_user(user, auth, opts)
|
|
64
81
|
end
|
|
82
|
+
|
|
83
|
+
Warden::Manager.after_fetch do |user, auth, opts|
|
|
84
|
+
Warden::JWTAuth::Hooks.after_fetch(user, auth, opts)
|
|
85
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: warden-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-12-
|
|
11
|
+
date: 2017-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dry-configurable
|