From 1c34efc47184ff08a826890aa319fad914192159 Mon Sep 17 00:00:00 2001
From: Niels van der Zanden <niels@pharynx.nl>
Date: Mon, 23 Aug 2021 12:23:09 +0200
Subject: [PATCH] Adds the `HTTP_AUTHORIZATION` header if the token should be
 revoked, and before the rest of the middleware is called. Related to #5

Bump version to 0.5.0
---
 lib/devise/jwt/cookie/middleware.rb | 10 +++++++++-
 lib/devise/jwt/cookie/version.rb    |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/devise/jwt/cookie/middleware.rb b/lib/devise/jwt/cookie/middleware.rb
index ef97895..d497dd2 100644
--- a/lib/devise/jwt/cookie/middleware.rb
+++ b/lib/devise/jwt/cookie/middleware.rb
@@ -12,11 +12,19 @@ def initialize(app)
         end
 
         def call(env)
+          token_should_be_revoked = token_should_be_revoked?(env)
+          if token_should_be_revoked
+            # add the Authorization header, devise-jwt needs this to revoke tokens
+            # we need to make sure this is done before the other middleware is run
+            request = ActionDispatch::Request.new(env)
+            env['HTTP_AUTHORIZATION'] = "Bearer #{CookieHelper.new.read_from(request.cookies)}"
+          end
+
           status, headers, response = app.call(env)
           if headers['Authorization'] && env[ENV_KEY]
             name, cookie = CookieHelper.new.build(env[ENV_KEY])
             Rack::Utils.set_cookie_header!(headers, name, cookie)
-          elsif token_should_be_revoked?(env)
+          elsif token_should_be_revoked
             name, cookie = CookieHelper.new.build(nil)
             Rack::Utils.set_cookie_header!(headers, name, cookie)
           end
diff --git a/lib/devise/jwt/cookie/version.rb b/lib/devise/jwt/cookie/version.rb
index a88fb30..8d06bf5 100644
--- a/lib/devise/jwt/cookie/version.rb
+++ b/lib/devise/jwt/cookie/version.rb
@@ -1,7 +1,7 @@
 module Devise
   module JWT
     module Cookie
-      VERSION = '0.4.0'
+      VERSION = '0.5.0'
     end
   end
 end