module ApiGuard::JwtAuth::Authentication
Common module for API authentication
Public Instance Methods
authenticate_and_set_resource(resource_name)
click to toggle source
Authenticate the JWT token and set resource
# File lib/api_guard/jwt_auth/authentication.rb, line 24 def authenticate_and_set_resource(resource_name) @resource_name = resource_name @token = request.headers['Authorization']&.split('Bearer ')&.last return render_error(401, message: I18n.t('api_guard.access_token.missing')) unless @token authenticate_token # Render error response only if no resource found and no previous render happened render_error(401, message: I18n.t('api_guard.access_token.invalid')) if !current_resource && !performed? rescue JWT::DecodeError => e if e.message == 'Signature has expired' render_error(401, message: I18n.t('api_guard.access_token.expired')) else render_error(401, message: I18n.t('api_guard.access_token.invalid')) end end
authenticate_token()
click to toggle source
Authenticate the resource with the '{{resource_name}}_id' in the decoded JWT token and also, check for valid issued at time and not blacklisted
Also, set “current_{{resource_name}}” method and “@current_{{resource_name}}” instance variable for accessing the authenticated resource
# File lib/api_guard/jwt_auth/authentication.rb, line 72 def authenticate_token return unless decode_token resource = find_resource_from_token(@resource_name.classify.constantize) if resource && valid_issued_at?(resource) && !blacklisted?(resource) define_current_resource_accessors(resource) else render_error(401, message: I18n.t('api_guard.access_token.invalid')) end end
current_resource()
click to toggle source
# File lib/api_guard/jwt_auth/authentication.rb, line 91 def current_resource return unless respond_to?("current_#{@resource_name}") public_send("current_#{@resource_name}") end
decode_token()
click to toggle source
Decode the JWT token and don't verify token expiry for refresh token API request
# File lib/api_guard/jwt_auth/authentication.rb, line 44 def decode_token # TODO: Set token refresh controller dynamic verify_token = (controller_name != 'tokens' || action_name != 'create') @decoded_token = decode(@token, verify_token) end
define_current_resource_accessors(resource)
click to toggle source
Defines “current_{{resource_name}}” method and “@current_{{resource_name}}” instance variable that returns “resource” value
# File lib/api_guard/jwt_auth/authentication.rb, line 60 def define_current_resource_accessors(resource) define_singleton_method("current_#{@resource_name}") do instance_variable_get("@current_#{@resource_name}") || instance_variable_set("@current_#{@resource_name}", resource) end end
find_resource_from_token(resource_class)
click to toggle source
# File lib/api_guard/jwt_auth/authentication.rb, line 84 def find_resource_from_token(resource_class) resource_id = @decoded_token[:"#{@resource_name}_id"] return if resource_id.blank? resource_class.find_by(id: resource_id) end
method_missing(name, *args)
click to toggle source
Handle authentication of the resource dynamically
Calls superclass method
# File lib/api_guard/jwt_auth/authentication.rb, line 8 def method_missing(name, *args) method_name = name.to_s if method_name.start_with?('authenticate_and_set_') resource_name = method_name.split('authenticate_and_set_')[1] authenticate_and_set_resource(resource_name) else super end end
respond_to_missing?(method_name, include_private = false)
click to toggle source
Calls superclass method
# File lib/api_guard/jwt_auth/authentication.rb, line 19 def respond_to_missing?(method_name, include_private = false) method_name.to_s.start_with?('authenticate_and_set_') || super end
valid_issued_at?(resource)
click to toggle source
Returns whether the JWT token is issued after the last password change Returns true if password hasn't changed by the user
# File lib/api_guard/jwt_auth/authentication.rb, line 52 def valid_issued_at?(resource) return true unless ApiGuard.invalidate_old_tokens_on_password_change !resource.token_issued_at || @decoded_token[:iat] >= resource.token_issued_at.to_i end