Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240

Closed
glarrai1 opened this issue Oct 3, 2017 · 3 comments
Closed

Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240

glarrai1 opened this issue Oct 3, 2017 · 3 comments

Comments

@glarrai1
Copy link

glarrai1 commented Oct 3, 2017

I just "bundle update", and the this error starts appearing while invoking: before_action :authenticate_user!

Im' using device 4.3.0 and jwt gems for authentication.

My code is:

class UsersController < ApplicationController
  before_action :authenticate_user!

  (...)
end
# Helper module for you to use on your app and in your Strategy
# Don't add "Helper" to its name and rails won't load it has a view helper module.
# "app/helpers/jwt_wrapper.rb"

module JWTWrapper
  extend self

  def encode(payload, expiration = nil)
    expiration ||= Rails.application.secrets.jwt_expiration_minutes

    payload = payload.dup
    payload['exp'] = expiration.to_i.minutes.from_now.to_i

    JWT.encode payload, Rails.application.secrets.secret_key_base
  end

  def decode(token)
    begin
      decoded_token = JWT.decode token, Rails.application.secrets.secret_key_base

      decoded_token.first
    rescue
      nil
    end
  end
end
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
  (...)

  config.warden do |manager|
    # Registering your new Strategy
    manager.strategies.add(:jwt, Devise::Strategies::JsonWebToken)

    # Adding the new JWT Strategy to the top of Warden's list,
    # Scoped by what Devise would scope (typically :user)
    manager.default_strategies(scope: :user).unshift :jwt
  end

  (...)
end
# Your actual JWT Strategy
# "config/initializers/core_extensions/devise/strategies/json_web_token.rb"

module Devise
  module Strategies
    class JsonWebToken < Base
      def valid?
        request.headers['Authorization'].present?
      end

      def authenticate!
        return fail! unless claims
        return fail! unless claims.has_key?('user_id')

        success! User.find_by_id claims['user_id']
      end

      protected ######################## PROTECTED #############################

      def claims
        strategy, token = request.headers['Authorization'].split(' ')

        return nil if (strategy || '').downcase != 'bearer'

        JWTWrapper.decode(token) rescue nil
      end
    end
  end
end
@glarrai1
Copy link
Author

glarrai1 commented Oct 4, 2017

Any idea?, thanks!

@excpt
Copy link
Member

excpt commented Oct 4, 2017

Hi @glarrai1,

thanks for the detailed report. Please make sure your exp claim is an unix timestamp and the decode method no longer provides a default algorithm. Please make sure to set a algorithm when decoding the token.

For further debugging help I recommend to open a ticket on the devise repository.

Sorry to hear that you run into troubles.

@glarrai1
Copy link
Author

glarrai1 commented Oct 4, 2017

Thanks @excpt , including the algorithm explicit (using the default one anyway; 'HS256'); now the last 2.0.0 version works ;)

@glarrai1 glarrai1 closed this as completed Oct 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@excpt @glarrai1