Adds the HTTP_AUTHORIZATION header if the token should be revoked, …

…and before the rest of the middleware is called. Related to #5 Bump version to 0.5.0
scarhand · Aug 23, 2021 · 1c34efc · 1c34efc
1 parent 423d09f
commit 1c34efc
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/devise/jwt/cookie/middleware.rb b/lib/devise/jwt/cookie/middleware.rb
@@ -12,11 +12,19 @@ def initialize(app)
         end
 
         def call(env)
+          token_should_be_revoked = token_should_be_revoked?(env)
+          if token_should_be_revoked
+            # add the Authorization header, devise-jwt needs this to revoke tokens
+            # we need to make sure this is done before the other middleware is run
+            request = ActionDispatch::Request.new(env)
+            env['HTTP_AUTHORIZATION'] = "Bearer #{CookieHelper.new.read_from(request.cookies)}"
+          end
+
           status, headers, response = app.call(env)
           if headers['Authorization'] && env[ENV_KEY]
             name, cookie = CookieHelper.new.build(env[ENV_KEY])
             Rack::Utils.set_cookie_header!(headers, name, cookie)
-          elsif token_should_be_revoked?(env)
+          elsif token_should_be_revoked
             name, cookie = CookieHelper.new.build(nil)
             Rack::Utils.set_cookie_header!(headers, name, cookie)
           end

diff --git a/lib/devise/jwt/cookie/version.rb b/lib/devise/jwt/cookie/version.rb
@@ -1,7 +1,7 @@
 module Devise
   module JWT
     module Cookie
-      VERSION = '0.4.0'
+      VERSION = '0.5.0'
     end
   end
 end