gokul595 / api_guard Goto Github PK
View Code? Open in Web Editor NEWJWT authentication solution for Rails APIs
License: MIT License
JWT authentication solution for Rails APIs
License: MIT License
Currently, I'd like to be able to use the api_guard gem to do the user authentication. However, I do not want users to be able to delete their accounts.
Is there anyway to configure this through the initializer? Or do I have to override the RegistrationController and use an empty def destroy
action to prevent users from deleting their accounts?
Or should I be removing the routes dynamically in an initializer?
I would like a configuration option allowing to have a guest access. If no bearer token was sent, then authenticate_and_set_user
should just return without any error and current_user
would be left as nil
. The line to change is this: https://github.com/Gokul595/api_guard/blob/master/lib/api_guard/jwt_auth/authentication.rb#L28
I managed myself to create a different before_action
based on authenticate_and_set_resources
doing exactly what I want, but a configuration for letting both behaviours would be great. Tell me if you need this in your gem, I will do a PR.
Is there a way to implement expiring refresh tokens? From the docs, it looks like refresh tokens are valid forever unless explicitly blacklisted (and therefore have to enable blacklisting)?
Most JWT implementations I have seen have a short expiry (eg 1 day) for the access token and a long-lived expiry (eg 200 days) for the refresh token.
This doesn't seem to be an option with this gem, unfortunately, unless I am missing something? Are there any solutions to cover the use case of implementing an expiring refresh token?
Hey - brilliant gem - was initially looking at Doorkeeper but was extremely pleased to find this one as its precisely what we needed.
I do have a use case I wanted to ask a question about, though. We need to authenticate a partner on a machine-to-machine type basis and my thinking was the best way to do this would be using a public/private key. I notice it says
Currently API Guard supports only HS256 algorithm for cryptographic signing
on the readme, but wanted to know if there was any material reason such a security, non compatibility with some of the code? I'm hoping it's more that you haven't had the need to implement it?
Having had a poke around at the code it looks (potentially) as simple as extending this class: https://github.com/Gokul595/api_guard/blob/66937cc56aaa62af987751e4b95fc673ab82a7fd/lib/api_guard/jwt_auth/json_web_token.rb - is that right?
Thanks in advance!
Our app scopes our user model to Users::User
. How can we configure API Guard's routes to work with this? (We are also using Devise.)
This seems to be the only combination of for:
, as:
, and path:
options that doesn't raise an error when starting the server. But when POSTing to /api/users/sign_in
I get the following error.
NameError (`@api_guard_Users::User' is not allowed as an instance variable name)
# API Guard Routes
scope path: :api do
api_guard_routes for: "Users::User", as: "users", path: "users", controller: {
authentication: "users/authentication"
}
end
# Devise / Auth Routes
devise_for :users, class_name: "Users::User", controllers: {
sessions: "users/sessions",
registrations: "users/registrations",
masquerades: "users/admin/masquerades"
}
I'm assuming (hoping!) this can be fixed in the route configuration. Any help would be greatly appreciated!
hey, when I try to sign in or sign up, I suppose to get the access token and refresh token and the expiration, but I don't see when I sign in the refresh token, I just see the access token
Hi Gokul,
I followed your tutorial and tried to integrate api_guard on my rails api on an existing User
model.
Everything goes well regarding the installation but when trying to create my first user with postman :
POST http://localhost:3000/users/sign_up
{
"email": "[email protected]",
"password": "test",
"password_confirmation": "test",
"birthdate": "Mar, 28 Mar 1991",
"description": "Web Developer",
"profilePictureUrl": "https://www.docker.com/sites/default/files/social/docker_facebook_share.png",
"inscriptionDate": "Mar, 28 Mar 1991",
"firstname": "Canavaggio",
"lastname": "Lorenzo"
}
I get this error :
{
"status": 422,
"error": "Unprocessable Entity",
"exception": "#<ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken>",
"traces": {
"Application Trace": [],
"Framework Trace": [
{
"id": 0,
"trace": "actionpack (5.2.3) lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'"
},
...
So I guess the endpoint is correctly mapped but I may have missed something nor i'm not experienced enough to understand the issue. Could you help me out ?
Currently refreshing an access token with a refresh token will create a new refresh token.
# frozen_string_literal: true
require_dependency 'api_guard/application_controller'
module ApiGuard
class TokensController < ApplicationController
before_action :authenticate_resource, only: [:create]
before_action :find_refresh_token, only: [:create]
def create
create_token_and_set_header(current_resource, resource_name)
@refresh_token.destroy
blacklist_token if ApiGuard.blacklist_token_after_refreshing
render_success(message: I18n.t('api_guard.access_token.refreshed'))
end
This means if a user has their refresh token leaked, the refresh token can be used forever.
Correct me if I'm wrong, but the correct behavior should be just letting the refresh tokens expire.
Refreshing an access token should not renew the refresh token.
I'm building a hybrid app with Turbo and want to set the session cookie when signing in via the API. The client will then pass this cookie to the web view to sign in there.
I've wired up my custom controller via routes but am running into an issue when using #sign_in
from Devise. Here's my controller, the only line that is different is the call to #sign_in
.
module Users
class AuthenticationController < ApiGuard::AuthenticationController
before_action :find_resource, only: [:create]
def create
if resource.authenticate(params[:password])
create_token_and_set_header(resource, resource_name)
sign_in("User", resource) # This line is the only change.
render_success(message: I18n.t("api_guard.authentication.signed_in"))
else
render_error(422, message: I18n.t("api_guard.authentication.invalid_login_credentials"))
end
end
private
def find_resource
self.resource = resource_class.find_by(email: params[:email].downcase.strip) if params[:email].present?
render_error(422, message: I18n.t("api_guard.authentication.invalid_login_credentials")) unless resource
end
end
end
Successfully authenticating raises the following error:
RuntimeError (Could not find a valid mapping for #<User id: 1, email: "[email protected]", created_at: "2021-03-14 04:34:15.068574000 +0000", updated_at: "2021-03-17 00:03:05.959170000 +0000">):
app/controllers/users/authentication_controller.rb:8:in `create'
Is it not possible to use Devise methods here? I feel like I'm missing something obvious and any help would be greatly appreciated!
Is your feature request related to a problem? Please describe.
As far as I understand the current features of this api_guard gem, there is no real functionality to reset a user password if it was forgotten. I would like to have such a feature, in my opinion its close to a must-have-feature.
Describe the solution you'd like
A tip on how to implement a password forgotten feature with the api_guard gem and devise.
Describe alternatives you've considered
Currently I am implementing a password reset feature, but I don't know if it is going to work.
Additional context
The change password feature is nice. But I would like to have the ability for users to reset their passwords before they are logged in. E.g. the user want's to login with his already created account. But before he does, he notices, that he has forgotten his password. After that, he clicks on the (self made) password forgotten Link and get's to a new View where he can enter his email. Then the user clicks submit. He receives an Email with a link + token to reset the password. Then a request with a body containing the users email and passwords gets sent and after that, the password has been resetted and all Tokens refreshed.
Started POST "/users/sign_up" for 127.0.0.1 at 2019-03-18 12:46:42 +0545
(0.1ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ /var/lib/gems/2.5.0/gems/activerecord-5.2.2.1/lib/active_record/log_subscriber.rb:98
Processing by ApiGuard::RegistrationController#create as */*
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
(0.1ms) begin transaction
↳ /var/lib/gems/2.5.0/gems/activerecord-5.2.2.1/lib/active_record/log_subscriber.rb:98
User Create (0.2ms) INSERT INTO "users" ("email", "password_digest", "created_at", "updated_at") VALUES (?, ?, ?, ?) [["email", "[email protected]"], ["password_digest", "$2a$10$0jckG96Q3WUPczek.EoRhuJfVM853aIzBwk/1tw3NUG7.l78tYYji"], ["created_at", "2019-03-18 07:01:42.286906"], ["updated_at", "2019-03-18 07:01:42.286906"]]
↳ /var/lib/gems/2.5.0/gems/activerecord-5.2.2.1/lib/active_record/log_subscriber.rb:98
(107.6ms) commit transaction
↳ /var/lib/gems/2.5.0/gems/activerecord-5.2.2.1/lib/active_record/log_subscriber.rb:98
Completed 500 Internal Server Error in 175ms (ActiveRecord: 108.6ms)
TypeError (no implicit conversion of nil into String):
jwt (2.1.0) lib/jwt/algos/hmac.rb:14:in `digest'
jwt (2.1.0) lib/jwt/algos/hmac.rb:14:in `sign'
jwt (2.1.0) lib/jwt/signature.rb:35:in `sign'
jwt (2.1.0) lib/jwt/encode.rb:39:in `encoded_signature'
jwt (2.1.0) lib/jwt/encode.rb:47:in `encode_segments'
jwt (2.1.0) lib/jwt/encode.rb:20:in `initialize'
jwt (2.1.0) lib/jwt.rb:21:in `new'
jwt (2.1.0) lib/jwt.rb:21:in `encode'
api_guard (0.1.1) lib/api_guard/jwt_auth/json_web_token.rb:21:in `encode'
api_guard (0.1.1) lib/api_guard/jwt_auth/json_web_token.rb:36:in `jwt_and_refresh_token'
api_guard (0.1.1) lib/api_guard/jwt_auth/json_web_token.rb:47:in `create_token_and_set_header'
api_guard (0.1.1) app/controllers/api_guard/registration_controller.rb:10:in `create'
actionpack (5.2.2.1) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
actionpack (5.2.2.1) lib/abstract_controller/base.rb:194:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/rendering.rb:30:in `process_action'
actionpack (5.2.2.1) lib/abstract_controller/callbacks.rb:42:in `block in process_action'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:132:in `run_callbacks'
actionpack (5.2.2.1) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
activesupport (5.2.2.1) lib/active_support/notifications.rb:168:in `block in instrument'
activesupport (5.2.2.1) lib/active_support/notifications/instrumenter.rb:23:in `instrument'
activesupport (5.2.2.1) lib/active_support/notifications.rb:168:in `instrument'
actionpack (5.2.2.1) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
activerecord (5.2.2.1) lib/active_record/railties/controller_runtime.rb:24:in `process_action'
actionpack (5.2.2.1) lib/abstract_controller/base.rb:134:in `process'
actionview (5.2.2.1) lib/action_view/rendering.rb:32:in `process'
actionpack (5.2.2.1) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (5.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:34:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'
actionpack (5.2.2.1) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:52:in `block in serve'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:35:in `each'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:35:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:840:in `call'
rack (2.0.6) lib/rack/etag.rb:25:in `call'
rack (2.0.6) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.6) lib/rack/head.rb:12:in `call'
activerecord (5.2.2.1) lib/active_record/migration.rb:559:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (5.2.2.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (5.2.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (5.2.2.1) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:71:in `block in tagged'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:71:in `tagged'
railties (5.2.2.1) lib/rails/rack/logger.rb:26:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.6) lib/rack/runtime.rb:22:in `call'
activesupport (5.2.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/static.rb:127:in `call'
rack (2.0.6) lib/rack/sendfile.rb:111:in `call'
railties (5.2.2.1) lib/rails/engine.rb:524:in `call'
puma (3.12.0) lib/puma/configuration.rb:225:in `call'
puma (3.12.0) lib/puma/server.rb:658:in `handle_request'
puma (3.12.0) lib/puma/server.rb:472:in `process_client'
puma (3.12.0) lib/puma/server.rb:332:in `block in run'
puma (3.12.0) lib/puma/thread_pool.rb:133:in `block in spawn_thread'
user.rb
class User < ApplicationRecord
has_secure_password
end
routes.rb
Rails.application.routes.draw do
api_guard_routes for: 'users'
end
gemfile
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }
ruby '2.5.1'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '~> 5.2.2', '>= 5.2.2.1'
# Use sqlite3 as the database for Active Record
gem 'sqlite3', '~>1.3.6'
# Use Puma as the app server
gem 'puma', '~> 3.11'
# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
# gem 'jbuilder', '~> 2.5'
# Use Redis adapter to run Action Cable in production
# gem 'redis', '~> 4.0'
# Use ActiveModel has_secure_password
gem 'bcrypt', '~> 3.1.7'
gem 'api_guard'
# Use ActiveStorage variant
# gem 'mini_magick', '~> 4.8'
# Use Capistrano for deployment
# gem 'capistrano-rails', group: :development
# Reduces boot times through caching; required in config/boot.rb
gem 'bootsnap', '>= 1.1.0', require: false
# Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible
gem 'rack-cors'
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
end
group :development do
gem 'listen', '>= 3.0.5', '< 3.2'
# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
gem 'spring-watcher-listen', '~> 2.0.0'
end
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
Hi,
I have an API service app with rails.
I'm getting Access-Token and Refresh-Token Once I had sign_in.
Every request I'm sending Authorization and Refresh-Token. Here I want to new access token before the current access token expire.
In the current situation automatically I'm getting Access token expired.
How can I auto-renew a new access token?
Describe the bug
undefined method 'day' for 1:Integer
error is raised while running one of the following commands :
Gem version (please complete the following information):
Hello, I'll appreciate your help, I'm trying to use sign_up but I can't write anything but nil type.
#Front-end request
const signUp = async data => {
console.log(data);
const apiUrl = 'http://localhost:3002/users/sign_up';
const response = await fetch(apiUrl, {
method: 'POST',
body: JSON.stringify(data),
});
return response.json();
};
RESPONSE:
//What I'm sending
Object { email: "[email protected]", name: "jessica", password: "password", password_confirmation: "password" }
loginRequest.js:2
//response
Object { status: "success", message: "Signed up successfully" }
//Database
#<User id: 2, name: nil, email: nil, password_digest: nil, created_at: "2021-03-14 18:56:47", updated_at: "2021-03-14 18:56:47">,
Hey, I'ma tryin to use this gem to auth ActionCable connection, but I cant manage it to work.
I'm kinda fresh user of rails websockets so I dont know if I'm doing all right but I think I do.
Also I'm doing own sort of auth as I made it with #38 to allow guest connections aswell.
on connection.rb I included helper that reads JWT (from cookies or params, doesnt matter here) and I pass it successfully in any possible way but after that I'm getting error.
There was an exception - NameError(undefined local variable or method
decode_token' for #ApplicationCable::Connection:xxxxxxxxxxxx`
And I did try include ApiGuard and ApiGuard:JwAuth etc for helper, or for connection.rb, nothing worked
Example code of connection.rb that should work if decode_token would be defined
module ApplicationCable
class Connection < ActionCable::Connection::Base
# include ApiGuard::JwtAuth
# include ApplicationHelper
identified_by :current_user
def connect
# puts cookie_jwt_auth
self.current_user = jwt_auth
end
private
def jwt_auth
@token = request.params[:token]
@user = nil
if @token
begin
user = decode_token
puts user
@user = User.find(user['user_id'])
rescue Exception => e
raise Exception, "JWT Token is not valid or user don't exist"
end
end
end
end
end
Hi,
I have been using api_guard for many years and love it!
Starting a new project and of course reach for api_guard, but noticed it hasn't received any updates in 2 years, and seems like a risk to start a new project on a potentially unmaintained project.
Are you looking for contributors and/or actively maintaining this project?
I'm implementing a signup/login feature using Facebook. I want to issue a token to the client to allow the user to sign in. Is there's a way to issue a token for a different controller?
full error log
Started POST "/users/tokens" for 127.0.0.1 at 2019-03-27 09:38:06 +0545
Processing by ApiGuard::TokensController#create as */*
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 10], ["LIMIT", 1]]
↳ /var/lib/gems/2.5.0/gems/activerecord-5.2.2.1/lib/active_record/log_subscriber.rb:98
Completed 500 Internal Server Error in 10ms (ActiveRecord: 0.2ms)
NoMethodError (undefined method `blacklisted_tokens' for #<User:0x00007f144823d850>):
activemodel (5.2.2.1) lib/active_model/attribute_methods.rb:430:in `method_missing'
api_guard (0.1.3) lib/api_guard/jwt_auth/blacklist_token.rb:15:in `blacklisted_tokens_for'
api_guard (0.1.3) lib/api_guard/jwt_auth/blacklist_token.rb:21:in `blacklisted?'
api_guard (0.1.3) lib/api_guard/jwt_auth/authentication.rb:65:in `authenticate_token'
api_guard (0.1.3) lib/api_guard/jwt_auth/authentication.rb:24:in `authenticate_and_set_resource'
api_guard (0.1.3) lib/api_guard/jwt_auth/authentication.rb:11:in `method_missing'
api_guard (0.1.3) app/controllers/api_guard/application_controller.rb:4:in `public_send'
api_guard (0.1.3) app/controllers/api_guard/application_controller.rb:4:in `authenticate_resource'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:426:in `block in make_lambda'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:179:in `block (2 levels) in halting_and_conditional'
actionpack (5.2.2.1) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:180:in `block in halting_and_conditional'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:513:in `block in invoke_before'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:513:in `each'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:513:in `invoke_before'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:131:in `run_callbacks'
actionpack (5.2.2.1) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
activesupport (5.2.2.1) lib/active_support/notifications.rb:168:in `block in instrument'
activesupport (5.2.2.1) lib/active_support/notifications/instrumenter.rb:23:in `instrument'
activesupport (5.2.2.1) lib/active_support/notifications.rb:168:in `instrument'
actionpack (5.2.2.1) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
activerecord (5.2.2.1) lib/active_record/railties/controller_runtime.rb:24:in `process_action'
actionpack (5.2.2.1) lib/abstract_controller/base.rb:134:in `process'
actionview (5.2.2.1) lib/action_view/rendering.rb:32:in `process'
actionpack (5.2.2.1) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (5.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:34:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'
actionpack (5.2.2.1) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:52:in `block in serve'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:35:in `each'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:35:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:840:in `call'
rack (2.0.6) lib/rack/etag.rb:25:in `call'
rack (2.0.6) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.6) lib/rack/head.rb:12:in `call'
activerecord (5.2.2.1) lib/active_record/migration.rb:559:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (5.2.2.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (5.2.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (5.2.2.1) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:71:in `block in tagged'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:71:in `tagged'
railties (5.2.2.1) lib/rails/rack/logger.rb:26:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.6) lib/rack/runtime.rb:22:in `call'
activesupport (5.2.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/static.rb:127:in `call'
rack (2.0.6) lib/rack/sendfile.rb:111:in `call'
rack-cors (1.0.3) lib/rack/cors.rb:95:in `call'
railties (5.2.2.1) lib/rails/engine.rb:524:in `call'
puma (3.12.1) lib/puma/configuration.rb:227:in `call'
puma (3.12.1) lib/puma/server.rb:660:in `handle_request'
puma (3.12.1) lib/puma/server.rb:474:in `process_client'
puma (3.12.1) lib/puma/server.rb:334:in `block in run'
puma (3.12.1) lib/puma/thread_pool.rb:135:in `block in spawn_thread'
Hello,
In my project, I need a custom logout route.
Here is my SessionsController including that route:
module Api
class SessionsController < Api::BaseController
def destroy
authenticate_and_set_user
blacklist_token
render json: { success: true }
end
end
end
I can see in the log that the user is loaded, then the token is blacklisted but just after that, for whatever reason, I get JWT::InvalidJtiError (Missing jti)
which raise a 500 error. I don't know why i get that, any idea ?
Thanks a lot for this awesome lib
The resource is shared by multiple requests of the same controller.
That is because when the current_<resource>
method is created, it's created for all instances of the controller, and the resource
loaded by one authentication is shared to all via the closure in define_current_resource_accessors
:
api_guard/lib/api_guard/jwt_auth/authentication.rb
Lines 60 to 65 in 6c7a1f7
How to reproduce
Add a hook to your controller for debug(that would run before authenticate_and_set_resource
):
before_action :debug_resource
def debug_resource
puts "My resource: #{respond_to?(:current_resource) ? current_resource : nil}"
end
Then send two requests:
401 Unauthorized
)Result: Second request had resource 1 in current_resource
Expectation
current_resource
should only contain the current request's authenticated resource, otherwise nil
current_resource
shouldn't change during the execution of a request - with this bug it might, due to a race conditionGem version:
Hi,
Can it support Mongoid?
undefined method
'refresh_token_association' for User:Class (NoMethodError) /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:48:in
generate_routes'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:18:inblock (2 levels) in api_guard_routes' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:879:in
scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:17:inblock in api_guard_routes' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:32:in
block in api_guard_scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:1008:inblock in constraints' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:879:in
scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:1008:inconstraints' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:31:in
api_guard_scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:16:inapi_guard_routes' /srv/http/example.com/config/routes.rb:2:in
block in
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/route_set.rb:432:ininstance_exec' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/route_set.rb:432:in
eval_block'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/route_set.rb:414:indraw' /srv/http/example.com/config/routes.rb:1:in
'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/bootsnap-1.4.3/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:inload' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/bootsnap-1.4.3/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:in
load'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/dependencies.rb:285:inblock in load' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/dependencies.rb:257:in
load_dependency'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/dependencies.rb:285:inload' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:41:in
block in load_paths'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:41:ineach' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:41:in
load_paths'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:20:inreload!' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:30:in
block in updater'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/file_update_checker.rb:83:inexecute' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:10:in
execute'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/finisher.rb:130:inblock in <module:Finisher>' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:32:in
instance_exec'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:32:inrun' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:61:in
block in run_initializers'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:228:inblock in tsort_each' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:350:in
block (2 levels) in each_strongly_connected_component'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:431:ineach_strongly_connected_component_from' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:349:in
block in each_strongly_connected_component'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:347:ineach' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:347:in
call'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:347:ineach_strongly_connected_component' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:226:in
tsort_each'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:205:intsort_each' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:60:in
run_initializers'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application.rb:361:ininitialize!' /srv/http/example.com/config/environment.rb:5:in
<top (required)>'
config.ru:3:inrequire_relative' config.ru:3:in
block in '
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/builder.rb:55:ininstance_eval' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/builder.rb:55:in
initialize'
config.ru:1:innew' config.ru:1:in
'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:101:ineval' /usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:101:in
preload_app'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:189:inblock in <module:App>' /usr/local/Cellar/passenger/6.0.2_2/libexec/src/ruby_supportlib/phusion_passenger/loader_shared_helpers.rb:380:in
run_block_and_record_step_progress'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:188:in<module:App>' /usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:30:in
module:PhusionPassenger'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:29:in `'
The stdout/stderr output of the subprocess so far is:Error: The application encountered the following error: undefined method
'refresh_token_association' for User:Class (NoMethodError) /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:48:in
generate_routes'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:18:inblock (2 levels) in api_guard_routes' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:879:in
scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:17:inblock in api_guard_routes' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:32:in
block in api_guard_scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:1008:inblock in constraints' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:879:in
scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/mapper.rb:1008:inconstraints' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:31:in
api_guard_scope'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/api_guard-0.1.3/lib/api_guard/route_mapper.rb:16:inapi_guard_routes' /srv/http/example.com/config/routes.rb:2:in
block in
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/route_set.rb:432:ininstance_exec' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/route_set.rb:432:in
eval_block'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/routing/route_set.rb:414:indraw' /srv/http/example.com/config/routes.rb:1:in
'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/bootsnap-1.4.3/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:inload' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/bootsnap-1.4.3/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:in
load'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/dependencies.rb:285:inblock in load' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/dependencies.rb:257:in
load_dependency'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/dependencies.rb:285:inload' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:41:in
block in load_paths'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:41:ineach' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:41:in
load_paths'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:20:inreload!' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:30:in
block in updater'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/file_update_checker.rb:83:inexecute' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/routes_reloader.rb:10:in
execute'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application/finisher.rb:130:inblock in <module:Finisher>' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:32:in
instance_exec'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:32:inrun' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:61:in
block in run_initializers'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:228:inblock in tsort_each' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:350:in
block (2 levels) in each_strongly_connected_component'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:431:ineach_strongly_connected_component_from' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:349:in
block in each_strongly_connected_component'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:347:ineach' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:347:in
call'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:347:ineach_strongly_connected_component' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:226:in
tsort_each'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/2.6.0/tsort.rb:205:intsort_each' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/initializable.rb:60:in
run_initializers'
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/application.rb:361:ininitialize!' /srv/http/example.com/config/environment.rb:5:in
<top (required)>'
config.ru:3:inrequire_relative' config.ru:3:in
block in '
/srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/builder.rb:55:ininstance_eval' /srv/http/example.com/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/builder.rb:55:in
initialize'
config.ru:1:innew' config.ru:1:in
'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:101:ineval' /usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:101:in
preload_app'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:189:inblock in <module:App>' /usr/local/Cellar/passenger/6.0.2_2/libexec/src/ruby_supportlib/phusion_passenger/loader_shared_helpers.rb:380:in
run_block_and_record_step_progress'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:188:in<module:App>' /usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:30:in
module:PhusionPassenger'
/usr/local/Cellar/passenger/6.0.2_2/libexec/src/helper-scripts/rack-preloader.rb:29:in `'
I can also get:
undefined method `api_guard_associations' for User:Class (NoMethodError)
Problem:
If access jwt token expired we can't refresh token no more. So there is no point in making refresh token with much longer lifespan.
My idea:
How about just using refresh token? I think there is no point in blacklisting them then.
My code example:
Bilanuk@b66920d
Describe the bug
I have configured api_guard and I can sign in fine, get the token and use it to browse a controller action view but after I sign out successfully, I can still go to the same controller action and still view the erb output. I am doing all this in Postman.
Gem version (please complete the following information):
I get " unauthorized " status response, from the " authenticate_and_set_user" method. I have the Access token in my request header.
The response.
Error log
Started POST "/advertisements" for 127.0.0.1 at 2019-03-27 09:42:41 +0545
Processing by AdvertisementsController#create as */*
Parameters: {"title"=>"mobile for sale", "description"=>"as good asnew s7 for sale"}
Filter chain halted as :authenticate_and_set_user rendered or redirected
Completed 401 Unauthorized in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms)
before_action: athenticate_and_set_user gives undefined method error
full error log
Started POST "/advertisements" for 127.0.0.1 at 2019-03-26 10:08:05 +0545
Processing by AdvertisementsController#create as */*
Parameters: {"title"=>"mobile for sale", "description"=>"as good asnew s7 for sale"}
Completed 500 Internal Server Error in 42ms (ActiveRecord: 0.0ms)
NoMethodError (undefined method `authenticate_or_request_with_http_token' for #<AdvertisementsController:0x00005647fc6b77f0>
Did you mean? authenticate_and_set_resource):
api_guard (0.1.2) lib/api_guard/jwt_auth/authentication.rb:13:in `method_missing'
api_guard (0.1.2) lib/api_guard/jwt_auth/authentication.rb:21:in `authenticate_and_set_resource'
api_guard (0.1.2) lib/api_guard/jwt_auth/authentication.rb:11:in `method_missing'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:426:in `block in make_lambda'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:198:in `block (2 levels) in halting'
actionpack (5.2.2.1) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:199:in `block in halting'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:513:in `block in invoke_before'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:513:in `each'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:513:in `invoke_before'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:131:in `run_callbacks'
actionpack (5.2.2.1) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
activesupport (5.2.2.1) lib/active_support/notifications.rb:168:in `block in instrument'
activesupport (5.2.2.1) lib/active_support/notifications/instrumenter.rb:23:in `instrument'
activesupport (5.2.2.1) lib/active_support/notifications.rb:168:in `instrument'
actionpack (5.2.2.1) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (5.2.2.1) lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
activerecord (5.2.2.1) lib/active_record/railties/controller_runtime.rb:24:in `process_action'
actionpack (5.2.2.1) lib/abstract_controller/base.rb:134:in `process'
actionpack (5.2.2.1) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (5.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:34:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:52:in `block in serve'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:35:in `each'
actionpack (5.2.2.1) lib/action_dispatch/journey/router.rb:35:in `serve'
actionpack (5.2.2.1) lib/action_dispatch/routing/route_set.rb:840:in `call'
rack (2.0.6) lib/rack/etag.rb:25:in `call'
rack (2.0.6) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.6) lib/rack/head.rb:12:in `call'
activerecord (5.2.2.1) lib/active_record/migration.rb:559:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (5.2.2.1) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (5.2.2.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (5.2.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (5.2.2.1) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:71:in `block in tagged'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (5.2.2.1) lib/active_support/tagged_logging.rb:71:in `tagged'
railties (5.2.2.1) lib/rails/rack/logger.rb:26:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.6) lib/rack/runtime.rb:22:in `call'
activesupport (5.2.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.2.1) lib/action_dispatch/middleware/static.rb:127:in `call'
rack (2.0.6) lib/rack/sendfile.rb:111:in `call'
rack-cors (1.0.3) lib/rack/cors.rb:95:in `call'
railties (5.2.2.1) lib/rails/engine.rb:524:in `call'
puma (3.12.1) lib/puma/configuration.rb:227:in `call'
puma (3.12.1) lib/puma/server.rb:660:in `handle_request'
puma (3.12.1) lib/puma/server.rb:474:in `process_client'
puma (3.12.1) lib/puma/server.rb:334:in `block in run'
puma (3.12.1) lib/puma/thread_pool.rb:135:in `block in spawn_thread'
Implemented this gem for JWT auth and it works like a charm, even with GraphQL.
However, using localstorage to store the Bearer token isn't very secure. Using HTTP Only Cookies seem to be a reasonable solution to that security issue. However, it seems that api_guard only supports the use of HTTP Headers to retrieve the tokens (including the refresh tokens)
Would it be possible to override the controllers to implement support for using HTTP Only cookies to retrieve the bearer and refresh tokens?
Hi,
I try to use this gem with this route setup:
`
Rails.application.routes.draw do
Rails.application.routes.draw do
namespace :api do
namespace :v1 do
api_guard_routes for: 'users'
But when I try to use any resource I get this error:
<ActionController::RoutingError: uninitialized constant Api::V1::ApiGuard. Object.const_get(camel_cased_word). raise MissingController.new(error.message, error.name)
How can I do to use with gem this nested routes?
Thanks,
I'm using with my projects GraphQL, recently implemented your api_guard. Honestly its pretty good but I dont see option to like authenticate user but despite that user is logged allow to pass through just leaving current user nil.
It's needed to me as all graphql requests passes through one controller that passes user info to all queries. When I'm logged in all works well but in other way it dont stopping on unauthorized error on all queries.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.