warden-jwt_auth 0.3.6 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16389e83d59158a9bdc25ed6b00032ae06f9e11fd1bc4f2423354378c9666ca4
-  data.tar.gz: 6154a01b1e2bbb9d072819e711148535c6b2104dfa028afb1c10e9ad6bff0004
+  metadata.gz: '08fbf8be1ea2562fdf818a1903e0c7a7a1bf2ec10de9915de41f419edb48b75c'
+  data.tar.gz: 7e12556b1273851e036659028c319399322757a4ba84d5f5ded65081e2e2297a
 SHA512:
-  metadata.gz: c5fd71f3387c981a676968e118523a9a28ff0b2dc22e610133bc78a6128539a7ca4094927388fe66aea3cfddaffb3cd95c17a46ca10032aea29c2095675c82b5
-  data.tar.gz: bc48403765c5e3dc6426559b793b3f8e78a51e6e2953262b42a2b8d0cec0a09380e3fa610ec8bb2efe2c27e29d7eec332f187e88d896b0371a6d7b3bf9155fe9
+  metadata.gz: 32022229cd5c21e19f677d4272c09b70a4e551df4ea37dc267f3a935ce428361fc2e3b9e89a8c6976f1f6aee1710e5d8c3e849632d91c18601b76a758b85e149
+  data.tar.gz: '028fab1a3abf352782f8d0492a4a5154ab20a0b9f7ae58f921f171582aa935f44e09d68359ad24c731b50af5715105c2fce3f837c537bd0d7012e055dc832281'

data/.rubocop.yml

@@ -13,3 +13,5 @@ Metrics/BlockLength:
     - "spec/**/*.rb"
 Metrics/LineLength:
   Max: 100
+Naming/RescuedExceptionsVariableName:
+  PreferredName: exception

data/CHANGELOG.md

@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## [0.3.6] - 2019-04-29
+## [0.4.0] - 2019-08-01
+### Added
+- Allow configuration of the signing algorithm ([19](https://github.com/waiting-for-dev/warden-jwt_auth/pull/19)].
+
+## [0.3.6] - 2019-03-29
 ### Fixed
 - Update depencies.
 

data/README.md

@@ -24,7 +24,7 @@ If what you need is a JWT authentication library for [devise](https://github.com
 ## Installation
 
 ```ruby
-gem 'warden-jwt_auth', '~> 0.3.5'
+gem 'warden-jwt_auth', '~> 0.3.6'
 ```
 
 And then execute:
@@ -59,7 +59,14 @@ end
 
 **Important:** You are encouraged to use a dedicated secret key, different than others in use in your application. If several components share the same secret key, chances that a vulnerability in one of them has a wider impact increase. Also, never share your secrets pushing it to a remote repository, you are better off using an environment variable like in the example.
 
-Currently, HS256 algorithm is the one in use.
+Currently, HS256 algorithm is the default.
+Configure the matching secret and algorithm name to use a different one (e.g. RS256)
+```ruby
+Warden::JWTAuth.configure do |config|
+  config.secret = OpenSSL::PKey::RSA.new(ENV['WARDEN_JWT_SECRET_KEY'])
+  config.algorithm = ENV['WARDEN_JWT_ALGORITHM']
+end
+```
 
 ### Warden scopes configuration
 

data/lib/warden/jwt_auth.rb

@@ -22,6 +22,9 @@ module Warden
     # The secret used to encode the token
     setting :secret
 
+    # The algorithm used to encode the token
+    setting :algorithm, 'HS256'
+
     # Expiration time for tokens
     setting :expiration_time, 3600
 

data/lib/warden/jwt_auth/token_decoder.rb

@@ -4,7 +4,7 @@ module Warden
   module JWTAuth
     # Decodes a JWT into a hash payload into a JWT token
     class TokenDecoder
-      include JWTAuth::Import['secret']
+      include JWTAuth::Import['secret', 'algorithm']
 
       # Decodes the payload from a JWT as a hash
       #
@@ -17,7 +17,7 @@ module Warden
         JWT.decode(token,
                    secret,
                    true,
-                   algorithm: TokenEncoder::ALG,
+                   algorithm: algorithm,
                    verify_jti: true)[0]
       end
     end

data/lib/warden/jwt_auth/token_encoder.rb

@@ -7,10 +7,7 @@ module Warden
     # Encodes a payload into a JWT token, adding some configurable
     # claims
     class TokenEncoder
-      include JWTAuth::Import['secret', 'expiration_time']
-
-      # Algorithm used to encode
-      ALG = 'HS256'
+      include JWTAuth::Import['secret', 'algorithm', 'expiration_time']
 
       # Encodes a payload into a JWT
       #
@@ -18,7 +15,7 @@ module Warden
       # @return [String] JWT
       def call(payload)
         payload_to_encode = merge_with_default_claims(payload)
-        JWT.encode(payload_to_encode, secret, ALG)
+        JWT.encode(payload_to_encode, secret, algorithm)
       end
 
       private

data/lib/warden/jwt_auth/version.rb

@@ -2,6 +2,6 @@
 
 module Warden
   module JWTAuth
-    VERSION = '0.3.6'
+    VERSION = '0.4.0'
   end
 end

data/warden-jwt_auth.gemspec

@@ -1,35 +1,36 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'warden/jwt_auth/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "warden-jwt_auth"
+  spec.name          = 'warden-jwt_auth'
   spec.version       = Warden::JWTAuth::VERSION
-  spec.authors       = ["Marc Busqué"]
-  spec.email         = ["marc@lamarciana.com"]
+  spec.authors       = ['Marc Busqué']
+  spec.email         = ['marc@lamarciana.com']
 
-  spec.summary       = %q{JWT authentication for Warden.}
-  spec.description   = %q{JWT authentication for Warden, ORM agnostic and accepting the implementation of token revocation strategies.}
-  spec.homepage      = "https://github.com/waiting-for-dev/warden-jwt_auth"
-  spec.license       = "MIT"
+  spec.summary       = 'JWT authentication for Warden.'
+  spec.description   = 'JWT authentication for Warden, ORM agnostic and accepting the implementation of token revocation strategies.'
+  spec.homepage      = 'https://github.com/waiting-for-dev/warden-jwt_auth'
+  spec.license       = 'MIT'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_dependency 'dry-configurable', '~> 0.8'
   spec.add_dependency 'dry-auto_inject', '~> 0.6'
+  spec.add_dependency 'dry-configurable', '~> 0.8'
   spec.add_dependency 'jwt', '~> 2.1'
   spec.add_dependency 'warden', '~> 1.2'
 
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.8"
-  spec.add_development_dependency "rack-test", "~> 1.1"
-  spec.add_development_dependency "pry-byebug", "~> 3.7"
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'pry-byebug', '~> 3.7'
+  spec.add_development_dependency 'rack-test', '~> 1.1'
+  spec.add_development_dependency 'rake', '~> 12.3'
+  spec.add_development_dependency 'rspec', '~> 3.8'
   # Test reporting
-  spec.add_development_dependency 'simplecov', '~> 0.16'
   spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
-end
+  spec.add_development_dependency 'simplecov', '~> 0.16'
+end

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: warden-jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.4.0
 platform: ruby
 authors:
 - Marc Busqué
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-03-29 00:00:00.000000000 Z
+date: 2019-08-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: dry-configurable
+  name: dry-auto_inject
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.6'
 - !ruby/object:Gem::Dependency
-  name: dry-auto_inject
+  name: dry-configurable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -81,89 +81,89 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
-  name: pry-byebug
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.8'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0.16'
 description: JWT authentication for Warden, ORM agnostic and accepting the implementation
   of token revocation strategies.
 email: