zaikio-jwt_auth 0.2.0 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +18 -3
- data/config/initializers/inflections.rb +3 -0
- data/lib/zaikio/jwt_auth.rb +5 -4
- data/lib/zaikio/jwt_auth/configuration.rb +1 -1
- data/lib/zaikio/jwt_auth/test_helper.rb +1 -1
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +11 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c12ee3b69a3ce0152c39d0af1a5af71bc79ac24651b622e7cfa411c851c8d35f
|
|
4
|
+
data.tar.gz: 48e86c7cf283611de01b8754b5125f16545107c576a544c0c91c9d78be8ebac7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 22cbcb8445e7c8a7bc56aff7516a4dbce5f5763b41a37599fd123957950883af076f5138d40ceef37ee9a0d8d121e36adb924ac1d9d06aaf4f1df4e762cede4d
|
|
7
|
+
data.tar.gz: 1d2d5d926d21a79eb734b6ddfd1b4c03f8b7b17b4fc8261bc11dba58722adea46340cb2901c24ac0588553a5d78048145d4ded1e84333246db4e9dfa023b8ca3
|
data/README.md
CHANGED
|
@@ -61,6 +61,8 @@ class API::ResourcesController < API::ApplicationController
|
|
|
61
61
|
end
|
|
62
62
|
```
|
|
63
63
|
|
|
64
|
+
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
|
65
|
+
|
|
64
66
|
### 6. Optionally, if you are using SSO: Check revoked tokens
|
|
65
67
|
|
|
66
68
|
Additionally, the API provides a method called `revoked_jwt?` which expects the `jti` of the JWT.
|
|
@@ -73,10 +75,23 @@ Zaikio::JWTAuth.revoked_jwt?('jti-of-token') # returns true if token was revoked
|
|
|
73
75
|
|
|
74
76
|
```rb
|
|
75
77
|
# in your test_helper.rb
|
|
76
|
-
|
|
78
|
+
class ActiveSupport::TestCase
|
|
79
|
+
# ...
|
|
80
|
+
include Zaikio::JWTAuth::TestHelper
|
|
81
|
+
# ...
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
# in your integration tests you can use:
|
|
85
|
+
class ResourcesControllerTest < ActionDispatch::IntegrationTest
|
|
86
|
+
def setup
|
|
87
|
+
mock_jwt(sub: 'Organization/123', scope: ['directory.organization.r'])
|
|
88
|
+
end
|
|
77
89
|
|
|
78
|
-
|
|
79
|
-
|
|
90
|
+
test "do a request with a mocked jwt" do
|
|
91
|
+
get resources_path
|
|
92
|
+
# test the actual business logic
|
|
93
|
+
end
|
|
94
|
+
end
|
|
80
95
|
```
|
|
81
96
|
|
|
82
97
|
## Advanced
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -32,9 +32,10 @@ module Zaikio
|
|
|
32
32
|
def self.blacklisted_token_ids
|
|
33
33
|
return [] if mocked_jwt_payload
|
|
34
34
|
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
35
|
+
configuration.blacklisted_token_ids || DirectoryCache.fetch(
|
|
36
|
+
"api/v1/blacklisted_access_tokens.json",
|
|
37
|
+
expires_after: 60.minutes
|
|
38
|
+
)["blacklisted_token_ids"]
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
def self.included(base)
|
|
@@ -76,7 +77,7 @@ module Zaikio
|
|
|
76
77
|
|
|
77
78
|
return if show_error_if_authorize_by_jwt_scopes_fails(token_data)
|
|
78
79
|
|
|
79
|
-
send(:after_jwt_auth, token_data) if respond_to?(:after_jwt_auth)
|
|
80
|
+
send(:after_jwt_auth, token_data) if respond_to?(:after_jwt_auth, true)
|
|
80
81
|
rescue JWT::ExpiredSignature
|
|
81
82
|
render_error("jwt_expired") && (return)
|
|
82
83
|
rescue JWT::DecodeError
|
metadata
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- crispymtn
|
|
8
|
+
- Jalyna Schröder
|
|
9
|
+
- Martin Spickermann
|
|
8
10
|
autorequire:
|
|
9
11
|
bindir: bin
|
|
10
12
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
13
|
+
date: 2020-06-04 00:00:00.000000000 Z
|
|
12
14
|
dependencies:
|
|
13
15
|
- !ruby/object:Gem::Dependency
|
|
14
16
|
name: oj
|
|
@@ -30,14 +32,14 @@ dependencies:
|
|
|
30
32
|
requirements:
|
|
31
33
|
- - ">="
|
|
32
34
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
35
|
+
version: 5.0.0
|
|
34
36
|
type: :runtime
|
|
35
37
|
prerelease: false
|
|
36
38
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
39
|
requirements:
|
|
38
40
|
- - ">="
|
|
39
41
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
42
|
+
version: 5.0.0
|
|
41
43
|
- !ruby/object:Gem::Dependency
|
|
42
44
|
name: jwt
|
|
43
45
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -54,7 +56,9 @@ dependencies:
|
|
|
54
56
|
version: 2.2.1
|
|
55
57
|
description: JWT-Based authentication and authorization with zaikio.
|
|
56
58
|
email:
|
|
59
|
+
- op@crispymtn.com
|
|
57
60
|
- js@crispymtn.com
|
|
61
|
+
- spickermann@gmail.com
|
|
58
62
|
executables: []
|
|
59
63
|
extensions: []
|
|
60
64
|
extra_rdoc_files: []
|
|
@@ -63,6 +67,7 @@ files:
|
|
|
63
67
|
- README.md
|
|
64
68
|
- Rakefile
|
|
65
69
|
- app/jobs/zaikio/jwt_auth/revoke_access_token_job.rb
|
|
70
|
+
- config/initializers/inflections.rb
|
|
66
71
|
- lib/tasks/zaikio/jwt_auth_tasks.rake
|
|
67
72
|
- lib/zaikio/jwt_auth.rb
|
|
68
73
|
- lib/zaikio/jwt_auth/configuration.rb
|
|
@@ -92,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
92
97
|
- !ruby/object:Gem::Version
|
|
93
98
|
version: '0'
|
|
94
99
|
requirements: []
|
|
95
|
-
rubygems_version: 3.
|
|
100
|
+
rubygems_version: 3.0.3
|
|
96
101
|
signing_key:
|
|
97
102
|
specification_version: 4
|
|
98
103
|
summary: JWT-Based authentication and authorization with zaikio
|