class JWTSessions::Session

Attributes

access_token[R]
csrf_token[R]
namespace[RW]
payload[RW]
refresh_by_access_allowed[RW]
refresh_payload[RW]
refresh_token[R]
store[RW]

Public Class Methods

flush_all(store = JWTSessions.token_store) click to toggle source
# File lib/jwt_sessions/session.rb, line 105
def self.flush_all(store = JWTSessions.token_store)
  tokens = RefreshToken.all(nil, store)
  tokens.each do |token|
    AccessToken.destroy(token.access_uid, store)
    token.destroy
  end.count
end
new(options = {}) click to toggle source
# File lib/jwt_sessions/session.rb, line 15
def initialize(options = {})
  @store                     = options.fetch(:store, JWTSessions.token_store)
  @refresh_payload           = options.fetch(:refresh_payload, {})
  @payload                   = options.fetch(:payload, {})
  @access_claims             = options.fetch(:access_claims, {})
  @refresh_claims            = options.fetch(:refresh_claims, {})
  @namespace                 = options.fetch(:namespace, nil)
  @refresh_by_access_allowed = options.fetch(:refresh_by_access_allowed, false)
  @_access_exp               = options.fetch(:access_exp, nil)
  @_refresh_exp              = options.fetch(:refresh_exp, nil)
end

Public Instance Methods

flush_by_access_payload() click to toggle source
# File lib/jwt_sessions/session.rb, line 65
def flush_by_access_payload
  raise Errors::InvalidPayload if payload.nil?
  ruid = retrieve_val_from(payload, :access, "ruid", "refresh uid")
  flush_by_uid(ruid)
end
flush_by_token(token) click to toggle source

flush the session by refresh token

# File lib/jwt_sessions/session.rb, line 72
def flush_by_token(token)
  uid = token_uid(token, :refresh, @refresh_claims)
  flush_by_uid(uid)
end
flush_by_uid(uid) click to toggle source

flush the session by refresh token uid

# File lib/jwt_sessions/session.rb, line 78
def flush_by_uid(uid)
  token = retrieve_refresh_token(uid)

  AccessToken.destroy(token.access_uid, store)
  token.destroy
end
flush_namespaced() click to toggle source
# File lib/jwt_sessions/session.rb, line 96
def flush_namespaced
  return 0 unless namespace
  tokens = RefreshToken.all(namespace, store)
  tokens.each do |token|
    AccessToken.destroy(token.access_uid, store)
    token.destroy
  end.count
end
flush_namespaced_access_tokens() click to toggle source

flush access tokens only and keep refresh

# File lib/jwt_sessions/session.rb, line 86
def flush_namespaced_access_tokens
  return 0 unless namespace
  tokens = RefreshToken.all(namespace, store)
  tokens.each do |token|
    AccessToken.destroy(token.access_uid, store)
    # unlink refresh token from the current access token
    token.update(nil, nil, token.csrf)
  end.count
end
login() click to toggle source
# File lib/jwt_sessions/session.rb, line 27
def login
  create_csrf_token
  create_access_token
  create_refresh_token

  tokens_hash
end
masked_csrf(access_token) click to toggle source
# File lib/jwt_sessions/session.rb, line 46
def masked_csrf(access_token)
  csrf(access_token).token
end
refresh(refresh_token, &block) click to toggle source
# File lib/jwt_sessions/session.rb, line 50
def refresh(refresh_token, &block)
  refresh_token_data(refresh_token)
  refresh_by_uid(&block)
end
refresh_by_access_payload(&block) click to toggle source
# File lib/jwt_sessions/session.rb, line 55
def refresh_by_access_payload(&block)
  raise Errors::InvalidPayload if payload.nil?
  ruid = retrieve_val_from(payload, :access, "ruid", "refresh uid")
  retrieve_refresh_token(ruid)

  check_access_uid_within_refresh_token(&block) if block_given?

  refresh_by_uid(&block)
end
session_exists?(token, token_type = :access) click to toggle source
# File lib/jwt_sessions/session.rb, line 39
def session_exists?(token, token_type = :access)
  send(:"#{token_type}_token_data", token, true)
  true
rescue Errors::Unauthorized
  false
end
valid_access_request?(external_csrf_token, external_payload) click to toggle source
# File lib/jwt_sessions/session.rb, line 113
def valid_access_request?(external_csrf_token, external_payload)
  ruid = retrieve_val_from(external_payload, :access, "ruid", "refresh uid")
  uid  = retrieve_val_from(external_payload, :access, "uid", "access uid")

  refresh_token = RefreshToken.find(ruid, JWTSessions.token_store, first_match: true)
  return false unless uid == refresh_token.access_uid

  CSRFToken.new(refresh_token.csrf).valid_authenticity_token?(external_csrf_token)
end
valid_csrf?(token, csrf_token, token_type = :access) click to toggle source
# File lib/jwt_sessions/session.rb, line 35
def valid_csrf?(token, csrf_token, token_type = :access)
  send(:"valid_#{token_type}_csrf?", token, csrf_token)
end

Private Instance Methods

access_token_data(token, _first_match = false) click to toggle source
# File lib/jwt_sessions/session.rb, line 149
def access_token_data(token, _first_match = false)
  uid = token_uid(token, :access, @access_claims)
  data = store.fetch_access(uid)
  raise Errors::Unauthorized, "Access token not found" if data.empty?
  data
end
check_access_uid_within_refresh_token() { |uid, access_expiration| ... } click to toggle source
# File lib/jwt_sessions/session.rb, line 208
def check_access_uid_within_refresh_token
  uid = retrieve_val_from(payload, :access, "uid", "access uid")
  access_uid = @_refresh.access_uid
  return if access_uid.size.zero?
  yield @_refresh.uid, @_refresh.access_expiration if access_uid != uid
end
check_refresh_on_time() { |uid, expiration| ... } click to toggle source
# File lib/jwt_sessions/session.rb, line 202
def check_refresh_on_time
  expiration = @_refresh.access_expiration
  return if expiration.size.zero?
  yield @_refresh.uid, expiration if expiration.to_i > Time.now.to_i
end
create_access_token() click to toggle source
# File lib/jwt_sessions/session.rb, line 255
def create_access_token
  @_access = AccessToken.create(
    @_csrf.encoded,
    payload,
    store,
    JWTSessions.custom_access_expiration(@_access_exp)
  )
  @access_token = @_access.token
end
create_csrf_token() click to toggle source
# File lib/jwt_sessions/session.rb, line 236
def create_csrf_token
  @_csrf = CSRFToken.new
  @csrf_token = @_csrf.token
end
create_refresh_token() click to toggle source
# File lib/jwt_sessions/session.rb, line 241
def create_refresh_token
  @_refresh = RefreshToken.create(
    @_csrf.encoded,
    @_access.uid,
    @_access.expiration,
    store,
    refresh_payload,
    namespace,
    JWTSessions.custom_refresh_expiration(@_refresh_exp)
  )
  @refresh_token = @_refresh.token
  link_access_to_refresh
end
csrf(access_token) click to toggle source
# File lib/jwt_sessions/session.rb, line 139
def csrf(access_token)
  token_data = access_token_data(access_token)
  CSRFToken.new(token_data[:csrf])
end
issue_tokens_after_refresh() click to toggle source
# File lib/jwt_sessions/session.rb, line 215
def issue_tokens_after_refresh
  create_csrf_token
  create_access_token
  update_refresh_token

  refresh_tokens_hash
end
refresh_by_uid(&block) click to toggle source
# File lib/jwt_sessions/session.rb, line 133
def refresh_by_uid(&block)
  check_refresh_on_time(&block) if block_given?
  AccessToken.destroy(@_refresh.access_uid, store)
  issue_tokens_after_refresh
end
refresh_csrf(refresh_token) click to toggle source
# File lib/jwt_sessions/session.rb, line 144
def refresh_csrf(refresh_token)
  refresh_token_instance = refresh_token_data(refresh_token, true)
  CSRFToken.new(refresh_token_instance.csrf)
end
refresh_token_data(token, first_match = false) click to toggle source
# File lib/jwt_sessions/session.rb, line 156
def refresh_token_data(token, first_match = false)
  uid = token_uid(token, :refresh, @refresh_claims)
  retrieve_refresh_token(uid, first_match: first_match)
end
refresh_tokens_hash() click to toggle source
# File lib/jwt_sessions/session.rb, line 194
def refresh_tokens_hash
  {
    csrf: csrf_token,
    access: access_token,
    access_expires_at: Time.at(@_access.expiration.to_i)
  }
end
retrieve_refresh_token(uid, first_match: false) click to toggle source
# File lib/jwt_sessions/session.rb, line 180
def retrieve_refresh_token(uid, first_match: false)
  @_refresh = RefreshToken.find(uid, store, namespace, first_match: first_match)
end
retrieve_val_from(token_payload, type, val_key, val_name) click to toggle source
# File lib/jwt_sessions/session.rb, line 171
def retrieve_val_from(token_payload, type, val_key, val_name)
  val = token_payload.fetch(val_key, nil)
  if val.nil?
    message = "#{type.to_s.capitalize} token payload does not contain #{val_name}"
    raise Errors::InvalidPayload, message
  end
  val
end
token_uid(token, type, claims) click to toggle source
# File lib/jwt_sessions/session.rb, line 161
def token_uid(token, type, claims)
  token_payload = JWTSessions::Token.decode(token, claims).first
  uid           = token_payload.fetch("uid", nil)
  if uid.nil?
    message = "#{type.to_s.capitalize} token payload does not contain token uid"
    raise Errors::InvalidPayload, message
  end
  uid
end
tokens_hash() click to toggle source
# File lib/jwt_sessions/session.rb, line 184
def tokens_hash
  {
    csrf: csrf_token,
    access: access_token,
    access_expires_at: Time.at(@_access.expiration.to_i),
    refresh: refresh_token,
    refresh_expires_at: Time.at(@_refresh.expiration.to_i)
  }
end
update_refresh_token() click to toggle source
# File lib/jwt_sessions/session.rb, line 223
def update_refresh_token
  @_refresh.update(@_access.uid, @_access.expiration, @_csrf.encoded)
  @refresh_token = @_refresh.token
  link_access_to_refresh
end
valid_access_csrf?(access_token, csrf_token) click to toggle source
# File lib/jwt_sessions/session.rb, line 125
def valid_access_csrf?(access_token, csrf_token)
  csrf(access_token).valid_authenticity_token?(csrf_token)
end
valid_refresh_csrf?(refresh_token, csrf_token) click to toggle source
# File lib/jwt_sessions/session.rb, line 129
def valid_refresh_csrf?(refresh_token, csrf_token)
  refresh_csrf(refresh_token).valid_authenticity_token?(csrf_token)
end