Update CI to add compatibility with rails 8 (#283)

* Update CI to use recent Rails versions

* Override registrations controller to disable session storing

Author: chaadow

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: CI 
+name: CI
 
 on: [push, pull_request]
 
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['3.0', '3.1', '3.2', '3.3', ruby-head]
+        ruby-version: ['3.2', '3.3', '3.4', ruby-head]
 
     steps:
     - uses: actions/checkout@v4
@@ -16,6 +16,7 @@ jobs:
       with:
         ruby-version: ${{ matrix.ruby-version }}
         bundler-cache: true # 'bundle install' and cache
-    - name: Run specs 
+    - name: Run specs
       run: |
+        cd spec/fixtures/rails_app && bundle && bundle exec rails db:setup && cd -
         bundle exec rspec

.github/workflows/lint.yml

@@ -10,8 +10,8 @@ jobs:
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7 
+        ruby-version: 3.4
         bundler-cache: true # 'bundle install' and cache
-    - name: Run specs 
+    - name: Run specs
       run: |
         bundle exec rubocop

.gitignore

@@ -6,7 +6,11 @@
 /doc/
 /pkg/
 /spec/reports/
+/spec/fixtures/rails_app/db/test.sqlite3*
+/spec/fixtures/rails_app/db/development.sqlite3*
+/spec/fixtures/rails_app/tmp
 /tmp/
 .overcommit_gems.rb.lock
 *.log
 *sqlite3-journal
+/tags

devise-jwt.gemspec

@@ -28,13 +28,13 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec"
   # Needed to test the rails fixture application
-  spec.add_development_dependency 'rails', '~> 6.0'
-  spec.add_development_dependency 'sqlite3', '~> 1.3'
-  spec.add_development_dependency 'rspec-rails', '~> 4.0'
+  spec.add_development_dependency 'rails'
+  spec.add_development_dependency 'sqlite3'
+  spec.add_development_dependency 'rspec-rails'
   # Cops
-  spec.add_development_dependency 'rubocop', '~> 0.87'
-  spec.add_development_dependency 'rubocop-rspec', '~> 1.42'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rubocop-rspec'
   # Test reporting
-  spec.add_development_dependency 'simplecov', '0.17'
-  spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'codeclimate-test-reporter'
 end

spec/devise/jwt/defaults_generator_spec.rb

@@ -125,7 +125,7 @@
     it 'adds strategies configured for each devise model with jwt' do
       expect(defaults[:revocation_strategies]).to eq(
         jwt_with_jti_matcher_user: 'JwtWithJtiMatcherUser',
-        jwt_with_denylist_user: 'JWTDenylist',
+        jwt_with_denylist_user: 'JwtDenylist',
         jwt_with_allowlist_user: 'JwtWithAllowlistUser',
         jwt_with_null_user: 'Devise::JWT::RevocationStrategies::Null'
       )

spec/devise/jwt/mapping_inspector_spec.rb

@@ -24,45 +24,45 @@
   describe '#jwt?' do
     context 'when jwt_authenticatable module is included' do
       it 'returns true' do
-        expect(jwt_with_jti_matcher_inspector.jwt?).to eq(true)
+        expect(jwt_with_jti_matcher_inspector.jwt?).to be(true)
       end
     end
 
     context 'when jwt_authenticatable module is not included' do
       it 'returns false' do
-        expect(no_jwt_inspector.jwt?).to eq(false)
+        expect(no_jwt_inspector.jwt?).to be(false)
       end
     end
   end
 
   describe '#session?' do
     context 'when session routes are included' do
       it 'returns true' do
-        expect(jwt_with_jti_matcher_inspector.session?).to eq(true)
+        expect(jwt_with_jti_matcher_inspector.session?).to be(true)
       end
     end
 
     context 'when session routes are not included' do
       it 'returns true' do
         jwt_with_jti_matcher_inspector.mapping.routes.delete(:session)
 
-        expect(jwt_with_jti_matcher_inspector.session?).to eq(false)
+        expect(jwt_with_jti_matcher_inspector.session?).to be(false)
       end
     end
   end
 
   describe '#registration?' do
     context 'when registration routes are included' do
       it 'returns true' do
-        expect(jwt_with_jti_matcher_inspector.registration?).to eq(true)
+        expect(jwt_with_jti_matcher_inspector.registration?).to be(true)
       end
     end
 
     context 'when registration routes are not included' do
       it 'returns true' do
         jwt_with_jti_matcher_inspector.mapping.routes.delete(:registration)
 
-        expect(jwt_with_jti_matcher_inspector.registration?).to eq(false)
+        expect(jwt_with_jti_matcher_inspector.registration?).to be(false)
       end
     end
   end

spec/devise/jwt/revocation_strategies/allowlist_spec.rb

@@ -20,13 +20,13 @@
       before { user.allowlisted_jwts.create(payload) }
 
       it 'returns false' do
-        expect(strategy.jwt_revoked?(payload, user)).to eq(false)
+        expect(strategy.jwt_revoked?(payload, user)).to be(false)
       end
     end
 
     context 'when jti and aud payload does not exist on jwt_allowlist' do
       it 'returns true' do
-        expect(strategy.jwt_revoked?(payload, user)).to eq(true)
+        expect(strategy.jwt_revoked?(payload, user)).to be(true)
       end
     end
   end
@@ -40,9 +40,11 @@
     end
 
     it 'does not crash when token has already been revoked' do
-      strategy.revoke_jwt(payload, user)
+      expect do
+        strategy.revoke_jwt(payload, user)
 
-      strategy.revoke_jwt(payload, user)
+        strategy.revoke_jwt(payload, user)
+      end.not_to raise_error
     end
   end
 
@@ -52,7 +54,7 @@
 
       expect(
         jwt_with_allowlist_user.allowlisted_jwts.exists?(payload)
-      ).to eq(true)
+      ).to be(true)
     end
   end
 end

spec/devise/jwt/revocation_strategies/denylist_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 describe Devise::JWT::RevocationStrategies::Denylist do
-  subject(:strategy) { JWTDenylist }
+  subject(:strategy) { JwtDenylist }
 
   let(:payload) { { 'jti' => '123', 'exp' => '1501717440' } }
 
@@ -12,13 +12,13 @@
       it 'returns true' do
         strategy.create(jti: '123')
 
-        expect(strategy.jwt_revoked?(payload, :whatever)).to eq(true)
+        expect(strategy.jwt_revoked?(payload, :whatever)).to be(true)
       end
     end
 
     context 'when payload jti is not in the denylist' do
       it 'returns true' do
-        expect(strategy.jwt_revoked?(payload, :whatever)).to eq(false)
+        expect(strategy.jwt_revoked?(payload, :whatever)).to be(false)
       end
     end
   end
@@ -34,13 +34,15 @@
       strategy.revoke_jwt(payload, :whatever)
 
       exp = strategy.find_by(jti: '123').exp
-      expect(exp).equal? Time.at(payload['exp'].to_i)
+      expect(exp).to eq(Time.at(payload['exp'].to_i))
     end
 
     it 'does not crash when token has already been revoked' do
-      strategy.revoke_jwt(payload, :whatever)
+      expect do
+        strategy.revoke_jwt(payload, :whatever)
 
-      strategy.revoke_jwt(payload, :whatever)
+        strategy.revoke_jwt(payload, :whatever)
+      end.not_to raise_error
     end
   end
 end

spec/devise/jwt/revocation_strategies/jti_matcher_spec.rb

@@ -26,15 +26,15 @@
       let(:jti) { user.jti }
 
       it 'returns false' do
-        expect(strategy.jwt_revoked?(payload, user)).to eq(false)
+        expect(strategy.jwt_revoked?(payload, user)).to be(false)
       end
     end
 
     context 'when jti in payload does not match user jti column' do
       let(:jti) { '123' }
 
       it 'returns true' do
-        expect(strategy.jwt_revoked?(payload, user)).to eq(true)
+        expect(strategy.jwt_revoked?(payload, user)).to be(true)
       end
     end
   end

spec/devise/jwt/revocation_strategies/null_spec.rb

@@ -7,7 +7,7 @@
 
   describe '#jwt_revoked?(payload, user)' do
     it 'returns false' do
-      expect(strategy.jwt_revoked?(:whatever, :whatever)).to eq(false)
+      expect(strategy.jwt_revoked?(:whatever, :whatever)).to be(false)
     end
   end
 end