module JWTSessions::Authorization
Constants
- CSRF_SAFE_METHODS
- TOKEN_TYPES
Protected Instance Methods
Private Instance Methods
check_csrf(token_type)
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 61 def check_csrf(token_type) invalid_authorization if should_check_csrf? && @_csrf_check && !valid_csrf_token?(retrieve_csrf, token_type) end
claimless_payload()
click to toggle source
retrieves tokens payload without JWT claims validation
# File lib/jwt_sessions/authorization.rb, line 128 def claimless_payload @_claimless_payload ||= Token.decode!(found_token).first end
found_token()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 118 def found_token @_raw_token end
payload()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 122 def payload claims = respond_to?(:token_claims) ? token_claims : {} @_payload ||= Token.decode(found_token, claims).first end
refresh_by_access_invalid?()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 57 def refresh_by_access_invalid? should_check_csrf? && @_csrf_check && !JWTSessions::Session.new.valid_access_request?(retrieve_csrf, claimless_payload) end
request_headers()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 69 def request_headers raise Errors::Malconfigured, "request_headers is not implemented" end
request_method()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 77 def request_method raise Errors::Malconfigured, "request_method is not implemented" end
retrieve_csrf()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 99 def retrieve_csrf token = request_headers[JWTSessions.csrf_header] raise Errors::Unauthorized, "CSRF token is not found" unless token token end
session_exists?(token_type)
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 85 def session_exists?(token_type) JWTSessions::Session.new.session_exists?(found_token, token_type) end
should_check_csrf?()
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 65 def should_check_csrf? !CSRF_SAFE_METHODS.include?(request_method) end
token_from_headers(token_type)
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 105 def token_from_headers(token_type) raw_token = request_headers[JWTSessions.header_by(token_type)] || "" token = raw_token.split(" ")[-1] raise Errors::Unauthorized, "Token is not found" unless token token end
valid_csrf_token?(csrf_token, token_type)
click to toggle source
# File lib/jwt_sessions/authorization.rb, line 81 def valid_csrf_token?(csrf_token, token_type) JWTSessions::Session.new.valid_csrf?(found_token, csrf_token, token_type) end