Module: SignonStatusTokenService

Defined in:
app/services/signon_status_token_service.rb

Overview

Sign-on Status Tokens (SST) are credentials used for this SSO systen to verify if a specific user is currently signed-in to our service, in a form of JSON Web Token (JWT) signed by the core RSA private key that contains data about the current user. It will also be stored in the '_sst' cookie shared across all subdomains for other services to access.

About JSON Web Token (JWT): tools.ietf.org/html/draft-ietf-oauth-json-web-token

Class Method Summary collapse

Class Method Details

.decode(token) ⇒ Object

Decodes a sign-on status token


45
46
47
48
49
# File 'app/services/signon_status_token_service.rb', line 45

def decode(token)
  JWT.decode(token, CoreRSAKeyService.public_key, 'RS256')[0]
rescue
  nil
end

.generate(user) ⇒ Object

Generate an sign-on status token for a specific user


31
32
33
34
35
36
37
38
39
40
41
42
# File 'app/services/signon_status_token_service.rb', line 31

def generate(user)
  return nil if user.blank?
  token_data = {
    iat: Time.now.to_i,
    exp: 5.days.from_now.to_i,
    nbf: 3.seconds.ago.to_i,
    id: user.id,
    uuid: user.uuid,
    updated_at: user.updated_at.to_i
  }
  JWT.encode(token_data, CoreRSAKeyService.private_key, 'RS256')
end

Update out the sign-on status token in cookie


22
23
24
25
26
27
28
# File 'app/services/signon_status_token_service.rb', line 22

def update_cookie(cookies, user = current_user)
  if user
    write_to_cookie(cookies, user)
  else
    wipe_from_cookie(cookies)
  end
end

Wipe out the sign-on status token from cookie


17
18
19
# File 'app/services/signon_status_token_service.rb', line 17

def wipe_from_cookie(cookies)
  set_sst_cookie(cookies, '')
end

Write the sign-on status token to cookie


12
13
14
# File 'app/services/signon_status_token_service.rb', line 12

def write_to_cookie(cookies, user = current_user)
  set_sst_cookie(cookies, generate(user))
end