diff --git a/examples/ruby-on-rails-api/Gemfile b/examples/ruby-on-rails-api/Gemfile index ee80f780..911cb457 100644 --- a/examples/ruby-on-rails-api/Gemfile +++ b/examples/ruby-on-rails-api/Gemfile @@ -1,17 +1,17 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '4.2.5.1' +gem 'rails', '5.0.0.1' # Use sqlite3 as the database for Active Record gem 'sqlite3', groups: [:development, :test] gem 'pg' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0.4' +gem 'sass-rails', '~> 5.0.6' # Use Uglifier as compressor for JavaScript assets -gem 'uglifier', '>= 2.7.2' +gem 'uglifier', '>= 3.0.3' # Use CoffeeScript for .js.coffee assets and views -gem 'coffee-rails', '~> 4.1.1' +gem 'coffee-rails', '~> 4.2.1' # See https://github.com/sstephenson/execjs#readme for more supported runtimes # gem 'therubyracer', platforms: :ruby @@ -20,11 +20,11 @@ gem 'jquery-rails' # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks gem 'turbolinks' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder -gem 'jbuilder', '~> 2.4.1' +gem 'jbuilder', '~> 2.6.0' # bundle exec rake doc:rails generates the API under doc/api. -gem 'sdoc', '~> 0.4.1', group: :doc +gem 'sdoc', '~> 0.4.2', group: :doc # knock dependency -gem 'knock', '~> 1.4.2' +gem 'knock', '~> 2.0' # Dot env gem 'dotenv-rails', groups: [:development, :test] diff --git a/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb b/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb index d9c2ce95..6c75bb75 100644 --- a/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb +++ b/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb @@ -1,11 +1,11 @@ # Secured ping Controller class SecuredPingController < ApplicationController - before_action :authenticate + before_action :authenticate_user def ping render json: { message: "All good. You only get this message if you're authenticated.", - user: @current_user + user: current_user } end end diff --git a/examples/ruby-on-rails-api/app/models/User.rb b/examples/ruby-on-rails-api/app/models/User.rb new file mode 100644 index 00000000..1bdc59fb --- /dev/null +++ b/examples/ruby-on-rails-api/app/models/User.rb @@ -0,0 +1,5 @@ +class User < ActiveRecord::Base + def self.from_token_payload payload + payload["sub"] + end +end \ No newline at end of file diff --git a/examples/ruby-on-rails-api/config/initializers/knock.rb b/examples/ruby-on-rails-api/config/initializers/knock.rb index b84c792c..bad5b84d 100644 --- a/examples/ruby-on-rails-api/config/initializers/knock.rb +++ b/examples/ruby-on-rails-api/config/initializers/knock.rb @@ -1,19 +1,5 @@ require 'base64' Knock.setup do |config| - ## Current user retrieval when validating token - ## -------------------------------------------- - ## - ## This is how you can tell Knock how to retrieve the current_user. - ## By default, it assumes you have a model called `User` and that - ## the user_id is stored in the 'sub' claim. - ## - ## Default: - # config.current_user_from_token = -> (claims) { User.find claims['sub'] } - - # !!! - # This is only to make the example test cases pass, you should use a real - # user model in your app instead. - config.current_user_from_token = -> (claims) { { id: claims['sub'] } } ## Expiration claim ## ---------------- @@ -44,10 +30,6 @@ # config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base } ## If using Auth0, uncomment the line below - # config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret } - config.token_secret_signature_key = lambda { - secret = Rails.application.secrets.auth0_client_secret - secret += '=' * (4 - secret.length.modulo(4)) - Base64.decode64(secret.tr('-_', '+/')) - } + config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret } + end