Class: Clerk::ProxyV2

Inherits:
Object
  • Object
show all
Defined in:
lib/clerk/rack_middleware_v2.rb

Constant Summary collapse

CACHE_TTL =

seconds

60

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(session_claims: nil, session_token: nil) ⇒ ProxyV2

Returns a new instance of ProxyV2.



9
10
11
12
13
 
# File 'lib/clerk/rack_middleware_v2.rb', line 9

def initialize(session_claims: nil, session_token: nil)
  @session_claims = session_claims
  @session_token = session_token
  @session = nil
end

Instance Attribute Details

#session_claimsObject (readonly)

Returns the value of attribute session_claims.



7
8
9
 
# File 'lib/clerk/rack_middleware_v2.rb', line 7

def session_claims
  @session_claims
end

#session_tokenObject (readonly)

Returns the value of attribute session_token.



7
8
9
 
# File 'lib/clerk/rack_middleware_v2.rb', line 7

def session_token
  @session_token
end

Instance Method Details

#is_user_reverified?(params) ⇒ Boolean

Returns true if the session needs to perform step up verification

Returns:

  • (Boolean) 


64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/clerk/rack_middleware_v2.rb', line 64

def is_user_reverified?(params)
  return false if session_claims.nil?

  fva           = session_claims["fva"]
  level         = params[:level]
  after_minutes = Integer(params[:after_minutes])

  # the feature is disabled
  return true if fva.nil?

  return false if after_minutes.nil? || level.nil?

  factor1_age, factor2_age = fva
  is_valid_factor1 = factor1_age != -1 && after_minutes > factor1_age
  is_valid_factor2 = factor2_age != -1 && after_minutes > factor2_age

  case level
  when :first_factor
    is_valid_factor1
  when :second_factor
    factor2_age == -1 ? is_valid_factor1 : is_valid_factor2
  when :multi_factor
    factor2_age == -1 ? is_valid_factor1 : is_valid_factor1 && is_valid_factor2
  end
end

#orgObject 



39
40
41
42
43
 
# File 'lib/clerk/rack_middleware_v2.rb', line 39

def org
  return nil if org_id.nil?

  @org ||= fetch_org(org_id)
end

#org_idObject 



45
46
47
48
49
 
# File 'lib/clerk/rack_middleware_v2.rb', line 45

def org_id
  return nil if user_id.nil?

  @session_claims["org_id"]
end

#org_permissionsObject 



57
58
59
60
61
 
# File 'lib/clerk/rack_middleware_v2.rb', line 57

def org_permissions
  return nil if @session_claims.nil?

  @session_claims["org_permissions"]
end

#org_roleObject 



51
52
53
54
55
 
# File 'lib/clerk/rack_middleware_v2.rb', line 51

def org_role
  return nil if @session_claims.nil?

  @session_claims["org_role"]
end

#reverification_error_payload(missing_config) ⇒ Object 



90
91
92
93
94
95
96
97
98
 
# File 'lib/clerk/rack_middleware_v2.rb', line 90

def reverification_error_payload(missing_config)
  {
    clerk_error: {
      type:     "forbidden",
      reason:   "reverification-error",
      metadata: { reverification: missing_config, }
    }
  }
end

#reverification_response(missing_config = nil) ⇒ Object 



100
101
102
103
104
105
106
 
# File 'lib/clerk/rack_middleware_v2.rb', line 100

def reverification_response(missing_config=nil)
  [
    403,
    { "Content-Type" => "application/json" },
    [reverification_error_payload(missing_config).to_json],
  ]
end

#sessionObject 



15
16
17
18
19
 
# File 'lib/clerk/rack_middleware_v2.rb', line 15

def session
  return nil if @session_claims.nil?

  @session ||= verify_session
end

#userObject 



27
28
29
30
31
 
# File 'lib/clerk/rack_middleware_v2.rb', line 27

def user
  return nil if user_id.nil?

  @user ||= fetch_user(user_id)
end

#user_idObject 



33
34
35
36
37
 
# File 'lib/clerk/rack_middleware_v2.rb', line 33

def user_id
  return nil if @session_claims.nil?

  @session_claims["sub"]
end

#verify_sessionObject 



21
22
23
24
25
 
# File 'lib/clerk/rack_middleware_v2.rb', line 21

def verify_session
  return nil if @session_claims.nil?

  sdk.sessions.verify_token(@session_claims["sid"], @session_token)
end