api_guard_grape 0.5.1 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8fa6b87a02bcff0944fd185a949d84c63776d678928ca896fd66ea8b1ad4992a
-  data.tar.gz: 29f4c5f87ca08a83ed96ec88f1b186ff9e76e0759b6748e1a603534e2ab16bd4
+  metadata.gz: 5e667ff860411d0279873e75ec9a26d91021d77cc39b8fd4ff71b80064a9381c
+  data.tar.gz: bf6ce23224222985aff4c0ccfd1457b3983c26860611a4ffdc1dee67e300f6b4
 SHA512:
-  metadata.gz: 9981e401bbd55f0514320a1bf94aeba015f98c38c2b5a2d14cc10a745a487a52ccb134a4ce9043817fdc84c4974340a6bea9e682740c1ece82172ac9654cfae5
-  data.tar.gz: 03efd2036116ee5e4fd46b08e7ee08635a702b08e2d5ff9d2d7c36745ede88a89df8197b0db5a39a36b99a63a831d08c283b59e45cca68acc114587024fb8bf8
+  metadata.gz: 78be63e439d78752712a6aa7f1473c7af2baeed3e85a855caaed6d3816b3ac29afe51bcf7da3a0e0ab16aeffe59863abc9880aed0fb4496a79a2fe6c9cea7746
+  data.tar.gz: 07b3f3e2d4b4752b00892baab81720075e6b409dfbd7894e87b202c57b9fdb1dc303033d599885948fb2df36b232bf6b7953c535c36c575f234fd461e90c71d2

data/lib/api_guard/jwt_auth/authentication.rb

@@ -5,7 +5,7 @@ module ApiGuard
     # Common module for API authentication
     module Authentication
       # Handle authentication of the resource dynamically
-      def method_missing(name, *args)
+      def self.method_missing(name, *args)
         method_name = name.to_s
 
         if method_name.start_with?('authenticate_and_set_')
@@ -16,12 +16,12 @@ module ApiGuard
         end
       end
 
-      def respond_to_missing?(method_name, include_private = false)
+      def self.respond_to_missing?(method_name, include_private = false)
         method_name.to_s.start_with?('authenticate_and_set_') || super
       end
 
       # Authenticate the JWT token and set resource
-      def authenticate_and_set_resource(resource_name)
+      def self.authenticate_and_set_resource(resource_name)
         @resource_name = resource_name
 
         @token = request.headers['Authorization']&.split('Bearer ')&.last
@@ -41,7 +41,7 @@ module ApiGuard
 
       # Decode the JWT token
       # and don't verify token expiry for refresh token API request
-      def decode_token
+      def self.decode_token
         # TODO: Set token refresh controller dynamic
         verify_token = (controller_name != 'tokens' || action_name != 'create')
         @decoded_token = decode(@token, verify_token)
@@ -49,7 +49,7 @@ module ApiGuard
 
       # Returns whether the JWT token is issued after the last password change
       # Returns true if password hasn't changed by the user
-      def valid_issued_at?(resource)
+      def self.valid_issued_at?(resource)
         return true unless ApiGuard.invalidate_old_tokens_on_password_change
 
         !resource.token_issued_at || @decoded_token[:iat] >= resource.token_issued_at.to_i
@@ -57,7 +57,7 @@ module ApiGuard
 
       # Defines "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
       # that returns "resource" value
-      def define_current_resource_accessors(resource)
+      def self.define_current_resource_accessors(resource)
         define_singleton_method("current_#{@resource_name}") do
           instance_variable_get("@current_#{@resource_name}") ||
             instance_variable_set("@current_#{@resource_name}", resource)
@@ -69,7 +69,7 @@ module ApiGuard
       #
       # Also, set "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
       # for accessing the authenticated resource
-      def authenticate_token
+      def self.authenticate_token
         return unless decode_token
 
         resource = find_resource_from_token(@resource_name.classify.constantize)
@@ -81,14 +81,14 @@ module ApiGuard
         end
       end
 
-      def find_resource_from_token(resource_class)
+      def self.find_resource_from_token(resource_class)
         resource_id = @decoded_token[:"#{@resource_name}_id"]
         return if resource_id.blank?
 
         resource_class.find_by(id: resource_id)
       end
 
-      def current_resource
+      def self.current_resource
         return unless respond_to?("current_#{@resource_name}")
 
         public_send("current_#{@resource_name}")

data/lib/api_guard/jwt_auth/blacklist_token.rb

@@ -4,28 +4,28 @@ module ApiGuard
   module JwtAuth
     # Common module for token blacklisting functionality
     module BlacklistToken
-      def blacklisted_token_association(resource)
+      def self.blacklisted_token_association(resource)
         resource.class.blacklisted_token_association
       end
 
-      def token_blacklisting_enabled?(resource)
+      def self.token_blacklisting_enabled?(resource)
         blacklisted_token_association(resource).present?
       end
 
-      def blacklisted_tokens_for(resource)
+      def self.blacklisted_tokens_for(resource)
         blacklisted_token_association = blacklisted_token_association(resource)
         resource.send(blacklisted_token_association)
       end
 
       # Returns whether the JWT token is blacklisted or not
-      def blacklisted?(resource)
+      def self.blacklisted?(resource)
         return false unless token_blacklisting_enabled?(resource)
 
         blacklisted_tokens_for(resource).exists?(token: @token)
       end
 
       # Blacklist the current JWT token from future access
-      def blacklist_token
+      def self.blacklist_token
         return unless token_blacklisting_enabled?(current_resource)
 
         blacklisted_tokens_for(current_resource).create(token: @token, expire_at: Time.at(@decoded_token[:exp]).utc)

data/lib/api_guard/jwt_auth/json_web_token.rb

@@ -6,25 +6,25 @@ module ApiGuard
   module JwtAuth
     # Common module for JWT operations
     module JsonWebToken
-      def current_time
+      def self.current_time
         @current_time ||= Time.now.utc
       end
 
-      def token_expire_at
+      def self.token_expire_at
         @token_expire_at ||= (current_time + ApiGuard.token_validity).to_i
       end
 
-      def token_issued_at
+      def self.token_issued_at
         @token_issued_at ||= current_time.to_i
       end
 
       # Encode the payload with the secret key and return the JWT token
-      def encode(payload)
+      def self.encode(payload)
         JWT.encode(payload, ApiGuard.token_signing_secret)
       end
 
       # Decode the JWT token and return the payload
-      def decode(token, verify = true)
+      def self.decode(token, verify = true)
         HashWithIndifferentAccess.new(
           JWT.decode(token, ApiGuard.token_signing_secret, verify, verify_iat: true)[0]
         )
@@ -34,7 +34,7 @@ module ApiGuard
       # Also, create refresh token if enabled for the resource.
       #
       # This creates expired JWT token if the argument 'expired_token' is true which can be used for testing.
-      def jwt_and_refresh_token(resource, resource_name, expired_token = false)
+      def self.jwt_and_refresh_token(resource, resource_name, expired_token = false)
         payload = {
           "#{resource_name}_id": resource.id,
           exp: expired_token ? token_issued_at : token_expire_at,
@@ -48,13 +48,13 @@ module ApiGuard
       end
 
       # Create tokens and set response headers
-      def create_token_and_set_header(resource, resource_name)
+      def self.create_token_and_set_header(resource, resource_name)
         access_token, refresh_token = jwt_and_refresh_token(resource, resource_name)
         set_token_headers(access_token, refresh_token)
       end
 
       # Set token details in response headers
-      def set_token_headers(token, refresh_token = nil)
+      def self.set_token_headers(token, refresh_token = nil)
         response.headers['Access-Token'] = token
         response.headers['Refresh-Token'] = refresh_token if refresh_token
         response.headers['Expire-At'] = token_expire_at.to_s
@@ -62,11 +62,173 @@ module ApiGuard
 
       # Set token issued at to current timestamp
       # to restrict access to old access(JWT) tokens
-      def invalidate_old_jwt_tokens(resource)
+      def self.invalidate_old_jwt_tokens(resource)
         return unless ApiGuard.invalidate_old_tokens_on_password_change
 
         resource.token_issued_at = Time.at(token_issued_at).utc
       end
+
+    # =================================REFRESH JWT TOKEN================
+
+      def self.refresh_token_association(resource)
+        resource.class.refresh_token_association
+      end
+
+      def self.refresh_token_enabled?(resource)
+        refresh_token_association(resource).present?
+      end
+
+      def self.refresh_tokens_for(resource)
+        refresh_token_association = refresh_token_association(resource)
+        resource.send(refresh_token_association)
+      end
+
+      def self.find_refresh_token_of(resource, refresh_token)
+        refresh_tokens_for(resource).find_by_token(refresh_token)
+      end
+
+      # Generate and return unique refresh token for the resource
+      def self.uniq_refresh_token(resource)
+        loop do
+          random_token = SecureRandom.urlsafe_base64
+          return random_token unless refresh_tokens_for(resource).exists?(token: random_token)
+        end
+      end
+
+      # Create a new refresh_token for the current resource
+      def self.new_refresh_token(resource)
+        return unless refresh_token_enabled?(resource)
+
+        refresh_tokens_for(resource).create(token: uniq_refresh_token(resource)).token
+      end
+
+      def self.destroy_all_refresh_tokens(resource)
+        return unless refresh_token_enabled?(resource)
+
+        refresh_tokens_for(resource).destroy_all
+      end
+
+     # =================================BLACKLIST JWT TOKEN================  
+
+      def self.blacklisted_token_association(resource)
+        resource.class.blacklisted_token_association
+      end
+
+      def self.token_blacklisting_enabled?(resource)
+        blacklisted_token_association(resource).present?
+      end
+
+      def self.blacklisted_tokens_for(resource)
+        blacklisted_token_association = blacklisted_token_association(resource)
+        resource.send(blacklisted_token_association)
+      end
+
+      # Returns whether the JWT token is blacklisted or not
+      def self.blacklisted?(resource)
+        return false unless token_blacklisting_enabled?(resource)
+
+        blacklisted_tokens_for(resource).exists?(token: @token)
+      end
+
+      # Blacklist the current JWT token from future access
+      def self.blacklist_token
+        return unless token_blacklisting_enabled?(current_resource)
+
+        blacklisted_tokens_for(current_resource).create(token: @token, expire_at: Time.at(@decoded_token[:exp]).utc)
+      end
+
+     # =================================AUTHENTICATION JWT TOKEN================  
+
+
+      def self.method_missing(name, *args)
+        method_name = name.to_s
+
+        if method_name.start_with?('authenticate_and_set_')
+          resource_name = method_name.split('authenticate_and_set_')[1]
+          authenticate_and_set_resource(resource_name)
+        else
+          super
+        end
+      end
+
+      def self.respond_to_missing?(method_name, include_private = false)
+        method_name.to_s.start_with?('authenticate_and_set_') || super
+      end
+
+      # Authenticate the JWT token and set resource
+      def self.authenticate_and_set_resource(resource_name)
+        @resource_name = resource_name
+
+        @token = request.headers['Authorization']&.split('Bearer ')&.last
+        return render_error(401, message: I18n.t('api_guard.access_token.missing')) unless @token
+
+        authenticate_token
+
+        # Render error response only if no resource found and no previous render happened
+        render_error(401, message: I18n.t('api_guard.access_token.invalid')) if !current_resource && !performed?
+      rescue JWT::DecodeError => e
+        if e.message == 'Signature has expired'
+          render_error(401, message: I18n.t('api_guard.access_token.expired'))
+        else
+          render_error(401, message: I18n.t('api_guard.access_token.invalid'))
+        end
+      end
+
+      # Decode the JWT token
+      # and don't verify token expiry for refresh token API request
+      def self.decode_token
+        # TODO: Set token refresh controller dynamic
+        verify_token = (controller_name != 'tokens' || action_name != 'create')
+        @decoded_token = decode(@token, verify_token)
+      end
+
+      # Returns whether the JWT token is issued after the last password change
+      # Returns true if password hasn't changed by the user
+      def self.valid_issued_at?(resource)
+        return true unless ApiGuard.invalidate_old_tokens_on_password_change
+
+        !resource.token_issued_at || @decoded_token[:iat] >= resource.token_issued_at.to_i
+      end
+
+      # Defines "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
+      # that returns "resource" value
+      def self.define_current_resource_accessors(resource)
+        define_singleton_method("current_#{@resource_name}") do
+          instance_variable_get("@current_#{@resource_name}") ||
+            instance_variable_set("@current_#{@resource_name}", resource)
+        end
+      end
+
+      # Authenticate the resource with the '{{resource_name}}_id' in the decoded JWT token
+      # and also, check for valid issued at time and not blacklisted
+      #
+      # Also, set "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
+      # for accessing the authenticated resource
+      def self.authenticate_token
+        return unless decode_token
+
+        resource = find_resource_from_token(@resource_name.classify.constantize)
+
+        if resource && valid_issued_at?(resource) && !blacklisted?(resource)
+          define_current_resource_accessors(resource)
+        else
+          render_error(401, message: I18n.t('api_guard.access_token.invalid'))
+        end
+      end
+
+      def self.find_resource_from_token(resource_class)
+        resource_id = @decoded_token[:"#{@resource_name}_id"]
+        return if resource_id.blank?
+
+        resource_class.find_by(id: resource_id)
+      end
+
+      def self.current_resource
+        return unless respond_to?("current_#{@resource_name}")
+
+        public_send("current_#{@resource_name}")
+      end
+
     end
   end
 end

data/lib/api_guard/jwt_auth/refresh_jwt_token.rb

@@ -4,25 +4,25 @@ module ApiGuard
   module JwtAuth
     # Common module for refresh token functionality
     module RefreshJwtToken
-      def refresh_token_association(resource)
+      def self.refresh_token_association(resource)
         resource.class.refresh_token_association
       end
 
-      def refresh_token_enabled?(resource)
+      def self.refresh_token_enabled?(resource)
         refresh_token_association(resource).present?
       end
 
-      def refresh_tokens_for(resource)
+      def self.refresh_tokens_for(resource)
         refresh_token_association = refresh_token_association(resource)
         resource.send(refresh_token_association)
       end
 
-      def find_refresh_token_of(resource, refresh_token)
+      def self.find_refresh_token_of(resource, refresh_token)
         refresh_tokens_for(resource).find_by_token(refresh_token)
       end
 
       # Generate and return unique refresh token for the resource
-      def uniq_refresh_token(resource)
+      def self.uniq_refresh_token(resource)
         loop do
           random_token = SecureRandom.urlsafe_base64
           return random_token unless refresh_tokens_for(resource).exists?(token: random_token)
@@ -30,13 +30,13 @@ module ApiGuard
       end
 
       # Create a new refresh_token for the current resource
-      def new_refresh_token(resource)
+      def self.new_refresh_token(resource)
         return unless refresh_token_enabled?(resource)
 
         refresh_tokens_for(resource).create(token: uniq_refresh_token(resource)).token
       end
 
-      def destroy_all_refresh_tokens(resource)
+      def self.destroy_all_refresh_tokens(resource)
         return unless refresh_token_enabled?(resource)
 
         refresh_tokens_for(resource).destroy_all

data/lib/api_guard/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ApiGuard
-  VERSION = '0.5.1'
+  VERSION = '0.5.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: api_guard_grape
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.2
 platform: ruby
 authors:
 - Prateek Singh