Class: SignIn::AccessTokenJwtDecoder

Inherits:
Object
  • Object
show all
Defined in:
app/services/sign_in/access_token_jwt_decoder.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(access_token_jwt:) ⇒ AccessTokenJwtDecoder

Returns a new instance of AccessTokenJwtDecoder.



7
8
9
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 7

def initialize(access_token_jwt:)
  @access_token_jwt = access_token_jwt
end

Instance Attribute Details

#access_token_jwtObject (readonly)

Returns the value of attribute access_token_jwt.



5
6
7
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 5

def access_token_jwt
  @access_token_jwt
end

Instance Method Details

#decode_key_arrayObject (private) 



51
52
53
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 51

def decode_key_array
  [public_key, public_key_old].compact
end

#jwt_decode_access_token(with_validation) ⇒ Object (private) 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 32

def jwt_decode_access_token(with_validation)
  decoded_jwt = JWT.decode(
    access_token_jwt,
    decode_key_array,
    with_validation,
    {
      verify_expiration: with_validation,
      algorithm: Constants::AccessToken::JWT_ENCODE_ALGORITHM
    }
  )&.first
  OpenStruct.new(decoded_jwt)
rescue JWT::VerificationError
  raise Errors::AccessTokenSignatureMismatchError.new message: 'Access token body does not match signature'
rescue JWT::ExpiredSignature
  raise Errors::AccessTokenExpiredError.new message: 'Access token has expired'
rescue JWT::DecodeError
  raise Errors::AccessTokenMalformedJWTError.new message: 'Access token JWT is malformed'
end

#perform(with_validation: true) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 11

def perform(with_validation: true)
  decoded_token = jwt_decode_access_token(with_validation)
  AccessToken.new(
    uuid: decoded_token.jti,
    session_handle: decoded_token.session_handle,
    client_id: decoded_token.client_id,
    user_uuid: decoded_token.sub,
    audience: decoded_token.aud,
    refresh_token_hash: decoded_token.refresh_token_hash,
    device_secret_hash: decoded_token.device_secret_hash,
    anti_csrf_token: decoded_token.anti_csrf_token,
    last_regeneration_time: Time.zone.at(decoded_token.last_regeneration_time),
    parent_refresh_token_hash: decoded_token.parent_refresh_token_hash,
    version: decoded_token.version,
    expiration_time: Time.zone.at(decoded_token.exp),
    created_time: Time.zone.at(decoded_token.iat)
  )
end

#public_keyObject (private) 



55
56
57
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 55

def public_key
  OpenSSL::PKey::RSA.new(File.read(Settings..jwt_encode_key)).public_key
end

#public_key_oldObject (private) 



59
60
61
62
63
 
# File 'app/services/sign_in/access_token_jwt_decoder.rb', line 59

def public_key_old
  return unless Settings..jwt_old_encode_key

  OpenSSL::PKey::RSA.new(File.read(Settings..jwt_old_encode_key)).public_key
end