Module: JWTSessions

Extended by:

JWTSessions

Included in:

JWTSessions

Defined in:

lib/jwt_sessions.rb,
lib/jwt_sessions/token.rb,
lib/jwt_sessions/errors.rb,
lib/jwt_sessions/session.rb,
lib/jwt_sessions/version.rb,
lib/jwt_sessions/csrf_token.rb,
lib/jwt_sessions/access_token.rb,
lib/jwt_sessions/authorization.rb,
lib/jwt_sessions/refresh_token.rb,
lib/jwt_sessions/store_adapters.rb,
lib/jwt_sessions/rails_authorization.rb,
lib/jwt_sessions/store_adapters/redis_store_adapter.rb,
lib/jwt_sessions/store_adapters/memory_store_adapter.rb,
lib/jwt_sessions/store_adapters/abstract_store_adapter.rb

Defined Under Namespace

Modules: Authorization, Errors, RailsAuthorization, StoreAdapters Classes: AccessToken, CSRFToken, RefreshToken, Session, Token

Constant Summary

NONE =

"none"

DEFAULT_SETTINGS_KEYS =

%i[access_cookie
access_exp_time
access_header
csrf_header
redis_db_name
redis_host
redis_port
refresh_cookie
refresh_exp_time
refresh_header
token_prefix].freeze

DEFAULT_REDIS_HOST =

"127.0.0.1"

DEFAULT_REDIS_PORT =

"6379"

DEFAULT_REDIS_DB_NAME =

"0"

DEFAULT_TOKEN_PREFIX =

"jwt_"

DEFAULT_ALGORITHM =

"HS256"

DEFAULT_ACCESS_EXP_TIME =

1 hour in seconds

3600

DEFAULT_REFRESH_EXP_TIME =

1 week in seconds

604800

DEFAULT_ACCESS_COOKIE =

"jwt_access"

DEFAULT_ACCESS_HEADER =

"Authorization"

DEFAULT_REFRESH_COOKIE =

"jwt_refresh"

DEFAULT_REFRESH_HEADER =

"X-Refresh-Token"

DEFAULT_CSRF_HEADER =

"X-CSRF-Token"

VERSION =

"3.2.4"

Instance Attribute Summary

• #redis_url ⇒ Object

  Returns the value of attribute redis_url.

Instance Method Summary

• #access_expiration ⇒ Object
• #algorithm ⇒ Object
• #algorithm=(algo) ⇒ Object
• #cookie_by(token_type) ⇒ Object
• #custom_access_expiration(time) ⇒ Object
• #custom_refresh_expiration(time) ⇒ Object
• #header_by(token_type) ⇒ Object
• #jwt_options ⇒ Object
• #refresh_expiration ⇒ Object
• #signing_key=(key) ⇒ Object (also: #encryption_key=)

  should be used for hmac only.

• #token_store ⇒ Object
• #token_store=(args) ⇒ Object
• #validate? ⇒ Boolean

Instance Attribute Details

#redis_url ⇒ Object

Returns the value of attribute redis_url.

# File 'lib/jwt_sessions.rb', line 20

def redis_url
  @redis_url
end

Instance Method Details

#access_expiration ⇒ Object

# File 'lib/jwt_sessions.rb', line 132

def access_expiration
  Time.now.to_i + access_exp_time.to_i
end

#algorithm ⇒ Object

# File 'lib/jwt_sessions.rb', line 76

def algorithm
  @algorithm ||= DEFAULT_ALGORITHM
end

#algorithm=(algo) ⇒ Object

Raises:

• (Errors::Malconfigured)

# File 'lib/jwt_sessions.rb', line 70

def algorithm=(algo)
  raise Errors::Malconfigured, "algorithm #{algo} is not supported" unless JWT::JWA.resolve(algo)

  @algorithm = algo
end

#cookie_by(token_type) ⇒ Object

# File 'lib/jwt_sessions.rb', line 152

def cookie_by(token_type)
  send("#{token_type}_cookie")
end

#custom_access_expiration(time) ⇒ Object

# File 'lib/jwt_sessions.rb', line 140

def custom_access_expiration(time)
  Time.now.to_i + (time || access_exp_time).to_i
end

#custom_refresh_expiration(time) ⇒ Object

# File 'lib/jwt_sessions.rb', line 144

def custom_refresh_expiration(time)
  Time.now.to_i + (time || refresh_exp_time).to_i
end

#header_by(token_type) ⇒ Object

# File 'lib/jwt_sessions.rb', line 148

def header_by(token_type)
  send("#{token_type}_header")
end

#jwt_options ⇒ Object

# File 'lib/jwt_sessions.rb', line 66

def jwt_options
  @jwt_options ||= JWT::Configuration::Container.new.decode.to_h
end

#refresh_expiration ⇒ Object

# File 'lib/jwt_sessions.rb', line 136

def refresh_expiration
  Time.now.to_i + refresh_exp_time.to_i
end

#signing_key=(key) ⇒ Object Also known as: encryption_key=

should be used for hmac only

# File 'lib/jwt_sessions.rb', line 125

def signing_key=(key)
  @public_key  = key
  @private_key = key
end

#token_store ⇒ Object

# File 'lib/jwt_sessions.rb', line 87

def token_store
  unless instance_variable_defined?(:@token_store)
    begin
      self.token_store = :redis
    rescue LoadError
      warn <<~MSG
        Warning! JWTSessions uses in-memory token store.
        Unless token store is specified explicitly, JWTSessions uses Redis by default and fallbacks to in-memory token store.

        To get rid of this message specify the memory store explicitly in the settings or make sure 'redis' gem is present in your Gemfile.
      MSG

      self.token_store = :memory
    end
  end

  @token_store
end

#token_store=(args) ⇒ Object

# File 'lib/jwt_sessions.rb', line 80

def token_store=(args)
  adapter, options = Array(args)
  @token_store = StoreAdapters.build_by_name(adapter, options)
rescue NameError => e
  raise e.class, "Token store adapter for :#{adapter} haven't been found", e.backtrace
end

#validate? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jwt_sessions.rb', line 106

def validate?
  algorithm != NONE
end