Class: JWTKeeper::Token

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt_keeper/token.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(private_claims = {}, cookie_secret = nil) ⇒ Token

Initalizes a new web token

Parameters:

  • private_claims (Hash) (defaults to: {})

    the custom claims to encode


7
8
9
10
11
12
13
14
15
16
# File 'lib/jwt_keeper/token.rb', line 7

def initialize(private_claims = {}, cookie_secret = nil)
  @cookie_secret = cookie_secret
  @claims = {
    nbf: DateTime.now.to_i, # not before
    iat: DateTime.now.to_i, # issued at
    jti: SecureRandom.uuid  # JWT ID
  }
  @claims.merge!(JWTKeeper.configuration.base_claims)
  @claims.merge!(private_claims)
end

Instance Attribute Details

#claimsObject

Returns the value of attribute claims


3
4
5
# File 'lib/jwt_keeper/token.rb', line 3

def claims
  @claims
end

Returns the value of attribute cookie_secret


3
4
5
# File 'lib/jwt_keeper/token.rb', line 3

def cookie_secret
  @cookie_secret
end

Class Method Details

.create(private_claims) ⇒ Token

Creates a new web token

Parameters:

  • private_claims (Hash)

    the custom claims to encode

Returns:

  • (Token)

    token object


21
22
23
24
# File 'lib/jwt_keeper/token.rb', line 21

def self.create(private_claims)
  cookie_secret = SecureRandom.hex(16) if JWTKeeper.configuration.cookie_lock
  new(private_claims, cookie_secret)
end

.find(raw_token, cookie_secret = nil) ⇒ Token

Decodes and validates an existing token

Parameters:

  • raw_token (String)

    the raw token

Returns:

  • (Token)

    token object


29
30
31
32
33
34
35
36
# File 'lib/jwt_keeper/token.rb', line 29

def self.find(raw_token, cookie_secret = nil)
  claims = decode(raw_token, cookie_secret)
  return nil if claims.nil?

  new_token = new(claims, cookie_secret)
  return nil if new_token.revoked?
  new_token
end

.revoke(token_jti) ⇒ Object

Revokes a web token

Parameters:

  • token_jti (String)

    the token unique id


48
49
50
# File 'lib/jwt_keeper/token.rb', line 48

def self.revoke(token_jti)
  Datastore.revoke(token_jti, JWTKeeper.configuration.expiry.from_now.to_i)
end

.rotate(token_jti) ⇒ Object

Sets a token to the pending rotation state. The expire is set to the maxium possible time but is inherently ignored by the token's exp check and then rewritten with the revokation on rotate.

Parameters:

  • token_jti (String)

    the token unique id


42
43
44
# File 'lib/jwt_keeper/token.rb', line 42

def self.rotate(token_jti)
  Datastore.rotate(token_jti, JWTKeeper.configuration.expiry.from_now.to_i)
end

Instance Method Details

#idString

Easy interface for using the token's id

Returns:

  • (String)

    token's uuid


54
55
56
# File 'lib/jwt_keeper/token.rb', line 54

def id
  claims[:jti]
end

#invalid?Boolean

Checks if the token invalid?

Returns:

  • (Boolean)

104
105
106
# File 'lib/jwt_keeper/token.rb', line 104

def invalid?
  self.class.decode(encode, cookie_secret).nil? || revoked?
end

#pending?Boolean

Checks if a web token is pending a rotation

Returns:

  • (Boolean)

80
81
82
# File 'lib/jwt_keeper/token.rb', line 80

def pending?
  Datastore.pending?(id)
end

#revokeObject

Revokes a web token


73
74
75
76
# File 'lib/jwt_keeper/token.rb', line 73

def revoke
  return if invalid?
  Datastore.revoke(id, claims[:exp] - DateTime.now.to_i)
end

#revoked?Boolean

Checks if a web token has been revoked

Returns:

  • (Boolean)

92
93
94
# File 'lib/jwt_keeper/token.rb', line 92

def revoked?
  Datastore.revoked?(id)
end

#rotate(new_claims = nil) ⇒ String

Revokes and creates a new web token

Parameters:

  • new_claims (Hash) (defaults to: nil)

    Used to override and update claims during rotation

Returns:

  • (String)

    new token


61
62
63
64
65
66
67
68
69
70
# File 'lib/jwt_keeper/token.rb', line 61

def rotate(new_claims = nil)
  revoke

  new_claims ||= claims.except(:iss, :aud, :exp, :nbf, :iat, :jti)
  new_token = self.class.create(new_claims)

  @claims = new_token.claims
  @cookie_secret = new_token.cookie_secret
  self
end

Encodes the cookie

Returns:

  • (Hash)

117
118
119
120
121
122
# File 'lib/jwt_keeper/token.rb', line 117

def to_cookie
  {
    value: cookie_secret,
    expires: Time.at(claims[:exp])
  }.merge(JWTKeeper.configuration.cookie_options)
end

#to_jwtString Also known as: to_s

Encodes the jwt

Returns:

  • (String)

110
111
112
# File 'lib/jwt_keeper/token.rb', line 110

def to_jwt
  encode
end

#valid?Boolean

Checks if the token valid?

Returns:

  • (Boolean)

98
99
100
# File 'lib/jwt_keeper/token.rb', line 98

def valid?
  !invalid?
end

#version_mismatch?Boolean

Checks if a web token is pending a global rotation

Returns:

  • (Boolean)

86
87
88
# File 'lib/jwt_keeper/token.rb', line 86

def version_mismatch?
  claims[:ver] != JWTKeeper.configuration.version
end