Class: SignIn::RefreshTokenDecryptor

Inherits:
Object
  • Object
show all
Defined in:
app/services/sign_in/refresh_token_decryptor.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(encrypted_refresh_token:) ⇒ RefreshTokenDecryptor

Returns a new instance of RefreshTokenDecryptor.



7
8
9
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 7

def initialize(encrypted_refresh_token:)
  @encrypted_refresh_token = encrypted_refresh_token
end

Instance Attribute Details

#encrypted_refresh_tokenObject (readonly)

Returns the value of attribute encrypted_refresh_token.



5
6
7
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 5

def encrypted_refresh_token
  @encrypted_refresh_token
end

Instance Method Details

#decrypt_refresh_token(encrypted_part) ⇒ Object (private) 



50
51
52
53
54
55
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 50

def decrypt_refresh_token(encrypted_part)
  message_encryptor.decrypt(encrypted_part)
rescue KmsEncrypted::DecryptionError
  Rails.logger.info("[RefreshTokenDecryptor] Token cannot be decrypted, refresh_token: #{encrypted_refresh_token}")
  raise Errors::RefreshTokenDecryptionError.new message: 'Refresh token cannot be decrypted'
end

#deserialize_token(decrypted_string) ⇒ Object (private) 



57
58
59
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 57

def deserialize_token(decrypted_string)
  JSON.parse(decrypted_string, object_class: OpenStruct)
end

#get_decrypted_componentObject (private) 



37
38
39
40
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 37

def get_decrypted_component
  decrypted_string = decrypt_refresh_token(split_token_array[Constants::RefreshToken::ENCRYPTED_POSITION])
  deserialize_token(decrypted_string)
end

#message_encryptorObject (private) 



65
66
67
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 65

def message_encryptor
  KmsEncrypted::Box.new
end

#nonce_from_split_tokenObject (private) 



42
43
44
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 42

def nonce_from_split_token
  split_token_array[Constants::RefreshToken::NONCE_POSITION]
end

#performObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 11

def perform
  decrypted_component = get_decrypted_component
  validate_token!(decrypted_component)

  RefreshToken.new(
    session_handle: decrypted_component.session_handle,
    uuid: decrypted_component.uuid,
    user_uuid: decrypted_component.user_uuid,
    parent_refresh_token_hash: decrypted_component.parent_refresh_token_hash,
    anti_csrf_token: decrypted_component.anti_csrf_token,
    nonce: decrypted_component.nonce,
    version: decrypted_component.version
  )
end

#split_token_arrayObject (private) 



61
62
63
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 61

def split_token_array
  @split_token_array ||= encrypted_refresh_token.split('.', Constants::RefreshToken::ENCRYPTED_ARRAY.length)
end

#validate_token!(decrypted_component) ⇒ Object (private) 



28
29
30
31
32
33
34
35
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 28

def validate_token!(decrypted_component)
  if decrypted_component.version != version_from_split_token
    raise Errors::RefreshVersionMismatchError.new message: 'Refresh token version is invalid'
  end
  if decrypted_component.nonce != nonce_from_split_token
    raise Errors::RefreshNonceMismatchError.new message: 'Refresh nonce is invalid'
  end
end

#version_from_split_tokenObject (private) 



46
47
48
 
# File 'app/services/sign_in/refresh_token_decryptor.rb', line 46

def version_from_split_token
  split_token_array[Constants::RefreshToken::VERSION_POSITION]
end