jwt_sessions 2.2.1 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/jwt_sessions/session.rb +23 -13
  3. data/lib/jwt_sessions/version.rb +1 -1
  4. data/test/units/jwt_sessions/test_session.rb +93 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7b04e83f8dac3d2546364665988101a1a1fd6193
4
- data.tar.gz: 9a84c2705ec41817a6ed79a5bdface8f5da48dba
3
+ metadata.gz: b7c7b8333b5fc365bfefa54f8ca7681f11d869e6
4
+ data.tar.gz: 24d2abe310c66c6a8752b9540edb589706d13d91
5
5
  SHA512:
6
- metadata.gz: fc621aa40e3c9f4b5807655ee4198f8881cdb00814d32fa159fbf815f1061c47190456316606b67e4c4743b13a2c74a7fb1b1bea99219f8b4207beb693f263a2
7
- data.tar.gz: c1bfcd3b9198dbdc641aa71dffaa8d0f9a1866dcb3ed800e690b967466a6f0d509daece7a3f58f45104d763aa4a7aafad0cb136608f91659f4d13db2fa64fc9a
6
+ metadata.gz: 8d2ddc5d2b470ad74d450ba96259bb3c22ffe5ad442455d6f0ceef95afd929cbbe9bf79439323ca03e74557520f5c360465eba6ee5c3c808efa37ba25a75061b
7
+ data.tar.gz: 9bd0aa2b726c9d23f503e8c9983b5ac163874f184fbeadedce870bf5b8c36fb68e985d7c8766cb87d992fb911243774d64312d942426dbf60637a49a1b701ec0
data/lib/jwt_sessions/session.rb CHANGED
@@ -52,14 +52,17 @@ module JWTSessions
52
52
 
53
53
  def refresh_by_access_payload(&block)
54
54
  raise Errors::InvalidPayload if payload.nil?
55
- ruid = retrive_ruid_from(payload)
55
+ ruid = retrieve_val_from(payload, :access, 'ruid', 'refresh uid')
56
56
  retrieve_refresh_token(ruid)
57
+
58
+ check_access_uid_within_refresh_token(&block) if block_given?
59
+
57
60
  refresh_by_uid(&block)
58
61
  end
59
62
 
60
63
  def flush_by_access_payload
61
64
  raise Errors::InvalidPayload if payload.nil?
62
- ruid = retrive_ruid_from(payload)
65
+ ruid = retrieve_val_from(payload, :access, 'ruid', 'refresh uid')
63
66
  flush_by_uid(ruid)
64
67
  end
65
68
 
@@ -83,6 +86,8 @@ module JWTSessions
83
86
  tokens = RefreshToken.all(namespace, store)
84
87
  tokens.each do |token|
85
88
  AccessToken.destroy(token.access_uid, store)
89
+ # unlink refresh token from the current access token
90
+ token.update(nil, nil, token.csrf)
86
91
  end.count
87
92
  end
88
93
 
@@ -104,12 +109,9 @@ module JWTSessions
104
109
  end
105
110
 
106
111
  def valid_access_request?(external_csrf_token, external_payload)
107
- ruid = external_payload.fetch('ruid', nil)
108
- uid = external_payload.fetch('uid', nil)
109
- if ruid.nil? || uid.nil?
110
- message = 'Token payload is invalid'
111
- raise Errors::InvalidPayload, message
112
- end
112
+ ruid = retrieve_val_from(external_payload, :access, 'ruid', 'refresh uid')
113
+ uid = retrieve_val_from(external_payload, :access, 'uid', 'access uid')
114
+
113
115
  refresh_token = RefreshToken.find(ruid, JWTSessions.token_store)
114
116
  return false unless uid == refresh_token.access_uid
115
117
 
@@ -164,13 +166,13 @@ module JWTSessions
164
166
  uid
165
167
  end
166
168
 
167
- def retrive_ruid_from(token_payload)
168
- ruid = token_payload.fetch('ruid', nil)
169
- if ruid.nil?
170
- message = "Access token payload does not contain refresh uid"
169
+ def retrieve_val_from(token_payload, type, val_key, val_name)
170
+ val = token_payload.fetch(val_key, nil)
171
+ if val.nil?
172
+ message = "#{type.to_s.capitalize} token payload does not contain #{val_name}"
171
173
  raise Errors::InvalidPayload, message
172
174
  end
173
- ruid
175
+ val
174
176
  end
175
177
 
176
178
  def retrieve_refresh_token(uid)
@@ -197,9 +199,17 @@ module JWTSessions
197
199
 
198
200
  def check_refresh_on_time
199
201
  expiration = @_refresh.access_expiration
202
+ return if expiration.size.zero?
200
203
  yield @_refresh.uid, expiration if expiration.to_i > Time.now.to_i
201
204
  end
202
205
 
206
+ def check_access_uid_within_refresh_token
207
+ uid = retrieve_val_from(payload, :access, 'uid', 'access uid')
208
+ access_uid = @_refresh.access_uid
209
+ return if access_uid.size.zero?
210
+ yield @_refresh.uid, @_refresh.access_expiration if access_uid != uid
211
+ end
212
+
203
213
  def issue_tokens_after_refresh
204
214
  create_csrf_token
205
215
  create_access_token
data/lib/jwt_sessions/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JWTSessions
4
- VERSION = '2.2.1'
4
+ VERSION = '2.2.2'
5
5
  end
data/test/units/jwt_sessions/test_session.rb CHANGED
@@ -84,6 +84,74 @@ class TestSession < Minitest::Test
84
84
  end
85
85
  end
86
86
 
87
+ def test_refresh_by_access_payload_invalid_uid
88
+ session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
89
+ session.login
90
+ access1 = session.instance_variable_get('@_access')
91
+ # should execute the code block for the cases when access UID within the refresh token
92
+ # does not match access UID from the session payload
93
+ session2 = JWTSessions::Session.new(payload: access1.payload, refresh_by_access_allowed: true)
94
+ assert_raises JWTSessions::Errors::Unauthorized do
95
+ session2.refresh_by_access_payload do
96
+ raise JWTSessions::Errors::Unauthorized
97
+ end
98
+ end
99
+ end
100
+
101
+ def test_refresh_by_access_payload_invalid_uid_with_multiple_refreshes
102
+ JWTSessions.access_exp_time = 0
103
+ session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
104
+ session.login
105
+ sleep(1)
106
+ JWTSessions.access_exp_time = 3600
107
+ session.refresh_by_access_payload do
108
+ raise JWTSessions::Errors::Unauthorized
109
+ end
110
+ assert_raises JWTSessions::Errors::Unauthorized do
111
+ session.refresh_by_access_payload do
112
+ raise JWTSessions::Errors::Unauthorized
113
+ end
114
+ end
115
+ end
116
+
117
+ def test_refresh_by_access_payload_invalid_uid_outdated_access_token
118
+ JWTSessions.access_exp_time = 0
119
+ session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
120
+ original_tokens = session.login
121
+ session.refresh_by_access_payload do
122
+ raise JWTSessions::Errors::Unauthorized
123
+ end
124
+ decoded_access = JWTSessions::Token.decode!(original_tokens[:access]).first
125
+ session2 = JWTSessions::Session.new(payload: decoded_access, refresh_by_access_allowed: true)
126
+ JWTSessions.access_exp_time = 3600
127
+ assert_raises JWTSessions::Errors::Unauthorized do
128
+ session2.refresh_by_access_payload do
129
+ raise JWTSessions::Errors::Unauthorized
130
+ end
131
+ end
132
+ end
133
+
134
+ def test_refresh_by_access_payload_with_valid_uid
135
+ JWTSessions.access_exp_time = 0
136
+ session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
137
+ session.login
138
+ refreshed_tokens = session.refresh_by_access_payload do
139
+ raise JWTSessions::Errors::Unauthorized
140
+ end
141
+
142
+ decoded_access = JWTSessions::Token.decode!(refreshed_tokens[:access]).first
143
+ session2 = JWTSessions::Session.new(payload: decoded_access, refresh_by_access_allowed: true)
144
+ JWTSessions.access_exp_time = 3600
145
+
146
+ session2.refresh_by_access_payload do
147
+ raise JWTSessions::Errors::Unauthorized
148
+ end
149
+
150
+ assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
151
+ assert_equal payload[:test], decoded_access['test']
152
+ assert_equal session.instance_variable_get('@_refresh').uid, decoded_access['ruid']
153
+ end
154
+
87
155
  def test_refresh_with_block_not_expired
88
156
  assert_raises JWTSessions::Errors::Unauthorized do
89
157
  session.refresh(tokens[:refresh]) do
@@ -186,6 +254,31 @@ class TestSession < Minitest::Test
186
254
  assert_equal ruid, JWTSessions::RefreshToken.find(ruid, JWTSessions.token_store, namespace).uid
187
255
  end
188
256
 
257
+ def test_refresh_after_flush_namespaced_access_tokens
258
+ namespace = 'test_namespace'
259
+ session = JWTSessions::Session.new(payload: payload, namespace: namespace, refresh_by_access_allowed: true)
260
+ session.login
261
+
262
+ session.flush_namespaced_access_tokens
263
+ ruid = session.instance_variable_get(:"@_refresh").uid
264
+ refresh_token = JWTSessions::RefreshToken.find(ruid, JWTSessions.token_store, nil)
265
+ assert_equal '', refresh_token.access_uid
266
+ assert_equal '', refresh_token.access_expiration
267
+
268
+ # allows to refresh with un-expired but flushed access token payload
269
+ session.refresh_by_access_payload do
270
+ raise JWTSessions::Errors::Unauthorized
271
+ end
272
+ auid = session.instance_variable_get(:"@_access").uid
273
+ access_token = JWTSessions::AccessToken.find(auid, JWTSessions.token_store)
274
+ refresh_token = JWTSessions::RefreshToken.find(ruid, JWTSessions.token_store, nil)
275
+
276
+ assert_equal false, access_token.uid.size.zero?
277
+ assert_equal false, access_token.expiration.size.zero?
278
+ assert_equal access_token.uid.to_s, refresh_token.access_uid
279
+ assert_equal access_token.expiration.to_s, refresh_token.access_expiration
280
+ end
281
+
189
282
  def test_flush_all
190
283
  refresh_token = @session.instance_variable_get(:"@_refresh")
191
284
  flushed_count = JWTSessions::Session.flush_all
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_sessions
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yulia Oletskaya
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-27 00:00:00.000000000 Z
11
+ date: 2018-10-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt