search

janko / rodauth-rails

Rails integration for Rodauth authentication framework
https://github.com/jeremyevans/rodauth
MIT License
565 stars 40 forks source link

Verify account grace period generator fix #173

Closed vlado closed 1 year ago

vlado commented 1 year ago

Providing verify_account_grace_period as ActiveSupport::Duration does not work withjwt feature enabled.

During JWT encode/decode process it will be converted to string

token = JWT.encode({ unverified_account: 3.days }, Rails.application.secret_key_base)
JWT.decode(token, Rails.application.secret_key_base)
# => [{"unverified_account"=>"259200"}, {"alg"=>"HS256"}]

token = JWT.encode({ unverified_account: 3.days.to_i }, Rails.application.secret_key_base)
JWT.decode(token, Rails.application.secret_key_base)
# => [{"unverified_account"=>259200}, {"alg"=>"HS256"}]

while Rodauth expects integer.

I was thinking about adding this to generator only if jwt feature is enabled but I think it could lead to unexpected situations if jwt is enabled after grace period is already set with ActiveSupport::Duration.

I've also added .ruby-version to .gitignore to make it easier for contributors to select ruby version in development. Hope that is ok?

janko commented 1 year ago

Looks good, thanks for the fix!