module JWTSessions::Authorization

Constants

CSRF_SAFE_METHODS
TOKEN_TYPES

Protected Instance Methods

authorize_refresh_by_access_header!() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 47
def authorize_refresh_by_access_header!
  cookieless_auth(:access)
end
authorize_refresh_by_access_request!() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 32
def authorize_refresh_by_access_request!
  begin
    cookieless_auth(:access)
  rescue Errors::Unauthorized
    cookie_based_auth(:access)
  end

  invalid_authorization if refresh_by_access_invalid?
end

Private Instance Methods

authorize_request(token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 132
def authorize_request(token_type)
  # triggers token decode and jwt claim checks
  payload

  invalid_authorization unless session_exists?(token_type)
  check_csrf(token_type)
end
check_csrf(token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 61
def check_csrf(token_type)
  invalid_authorization if should_check_csrf? && @_csrf_check && !valid_csrf_token?(retrieve_csrf, token_type)
end
claimless_payload() click to toggle source

retrieves tokens payload without JWT claims validation

# File lib/jwt_sessions/authorization.rb, line 128
def claimless_payload
  @_claimless_payload ||= Token.decode!(found_token).first
end
cookieless_auth(token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 89
def cookieless_auth(token_type)
  @_csrf_check = false
  @_raw_token = token_from_headers(token_type)
end
found_token() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 118
def found_token
  @_raw_token
end
invalid_authorization() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 53
def invalid_authorization
  raise Errors::Unauthorized
end
payload() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 122
def payload
  claims = respond_to?(:token_claims) ? token_claims : {}
  @_payload ||= Token.decode(found_token, claims).first
end
refresh_by_access_invalid?() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 57
def refresh_by_access_invalid?
  should_check_csrf? && @_csrf_check && !JWTSessions::Session.new.valid_access_request?(retrieve_csrf, claimless_payload)
end
request_cookies() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 73
def request_cookies
  raise Errors::Malconfigured, "request_cookies is not implemented"
end
request_headers() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 69
def request_headers
  raise Errors::Malconfigured, "request_headers is not implemented"
end
request_method() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 77
def request_method
  raise Errors::Malconfigured, "request_method is not implemented"
end
retrieve_csrf() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 99
def retrieve_csrf
  token = request_headers[JWTSessions.csrf_header]
  raise Errors::Unauthorized, "CSRF token is not found" unless token
  token
end
session_exists?(token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 85
def session_exists?(token_type)
  JWTSessions::Session.new.session_exists?(found_token, token_type)
end
should_check_csrf?() click to toggle source
# File lib/jwt_sessions/authorization.rb, line 65
def should_check_csrf?
  !CSRF_SAFE_METHODS.include?(request_method)
end
token_from_cookies(token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 112
def token_from_cookies(token_type)
  token = request_cookies[JWTSessions.cookie_by(token_type)]
  raise Errors::Unauthorized, "Token is not found" unless token
  token
end
token_from_headers(token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 105
def token_from_headers(token_type)
  raw_token = request_headers[JWTSessions.header_by(token_type)] || ""
  token = raw_token.split(" ")[-1]
  raise Errors::Unauthorized, "Token is not found" unless token
  token
end
valid_csrf_token?(csrf_token, token_type) click to toggle source
# File lib/jwt_sessions/authorization.rb, line 81
def valid_csrf_token?(csrf_token, token_type)
  JWTSessions::Session.new.valid_csrf?(found_token, csrf_token, token_type)
end