slots-jwt 0.0.4 → 0.1.0

data/lib/slots/jwt/tests.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Slots
+  module JWT
+    module Tests
+      def authorized_get(current_user, url, headers: {}, **options)
+        authorized_protocal :get, current_user, url, headers: headers, **options
+      end
+      def authorized_post(current_user, url, headers: {}, **options)
+        authorized_protocal :post, current_user, url, headers: headers, **options
+      end
+      def authorized_patch(current_user, url, headers: {}, **options)
+        authorized_protocal :patch, current_user, url, headers: headers, **options
+      end
+      def authorized_put(current_user, url, headers: {}, **options)
+        authorized_protocal :put, current_user, url, headers: headers, **options
+      end
+      def authorized_delete(current_user, url, headers: {}, **options)
+        authorized_protocal :delete, current_user, url, headers: headers, **options
+      end
+
+      def authorized_protocal(type, current_user, url, headers: {}, session: false, **options)
+        @token = current_user&.create_token(session)
+        headers = headers.merge(token_header(@token)) if @token
+        send(type, url, headers: headers, **options)
+      end
+
+      def current_token
+        @token
+      end
+
+      def token_header(token)
+        {'authorization' => %{Bearer token="#{token}"}}
+      end
+    end
+  end
+end

data/lib/slots/jwt/tokens.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+module Slots
+  module JWT
+    module Tokens
+      extend ActiveSupport::Concern
+
+      included do
+      end
+
+      def jwt_identifier
+        send(self.class.jwt_identifier_column)
+      end
+
+      def create_token(have_session)
+        session = ''
+        if have_session && Slots::JWT.configuration.session_lifetime
+          @new_session = self.sessions.new(jwt_iat: 0)
+          # Session should never be invalid since its all programmed
+          raise 'Session not valid' unless @new_session.valid?
+          session = @new_session.session
+        end
+        @slots_jwt = Slots::JWT::Slokens.encode(self, session, extra_payload)
+        if @new_session
+          @new_session.jwt_iat = @slots_jwt.iat
+          @new_session.save!
+        end
+        @new_token = true
+        run_token_created_callback
+        token
+      end
+
+      def extra_payload
+        @extra_payload || {}
+      end
+
+      def token
+        @slots_jwt&.token
+      end
+
+      def jwt
+        @slots_jwt
+      end
+      def set_token!(slots_jwt)
+        @slots_jwt = slots_jwt
+        self
+      end
+
+      def update_session
+        return false unless valid_in_database?
+        return false unless allowed_new_token?
+        # Need to check if allowed new token after loading
+        session = self.sessions.matches_jwt(jwt)
+        return false unless session
+        old_iat = jwt.iat
+        jwt.update_token(self, extra_payload)
+        if session.jwt_iat == old_iat
+          # if old_iat == previous_jwt_iat dont update and return token
+          session.update(previous_jwt_iat: old_iat, jwt_iat: jwt.iat)
+          @new_token = true
+        end
+      end
+
+      def update_token
+        # This will only update the data in the token
+        # not the experation data or anything else
+        return false unless valid_in_database?
+        return false unless allowed_new_token?
+
+        session = self.sessions.matches_jwt(jwt)
+        old_iat = jwt.iat
+        jwt.update_token_data(self, extra_payload)
+        # Dont worry if session isnt there because exp not updated
+        session&.update(previous_jwt_iat: old_iat, jwt_iat: jwt.iat)
+        @new_token = true
+      end
+
+      def new_token?
+        @new_token
+      end
+
+      def valid_in_database?
+        begin
+          jwt_identifier_was = self.jwt_identifier
+          self.reload
+          return false if jwt_identifier_was != self.jwt_identifier
+        rescue ActiveRecord::RecordNotFound
+          return false
+        end
+        true
+      end
+
+      module ClassMethods
+        def from_sloken(slots_jwt)
+          self.new(slots_jwt.authentication_model_values).set_token!(slots_jwt)
+        end
+
+        def jwt_identifier_column
+          Slots::JWT.configuration.logins.keys.first
+        end
+      end
+    end
+  end
+end

data/lib/slots/jwt/type_helper.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Slots
+  module JWT
+    module TypeHelper
+      def self.included(mod)
+        mod.module_eval do
+          def initialize(*args, required_permission: nil, **kwargs, &block)
+            required_permission(required_permission)
+            # Pass on the default args:
+            super(*args, **kwargs, &block)
+          end
+        end
+      end
+      # Call this method in an Object class to set the permission level:
+      def required_permission(permission_level)
+        @_required_permission = permission_level
+      end
+
+      # This method is overridden to customize object types:
+      def to_graphql
+        type_defn = super # returns a GraphQL::ObjectType
+        # Get a configured value and assign it to metadata
+        type_defn.metadata[:has_required_permission] = true
+        type_defn.metadata[:required_permission] = @_required_permission
+        type_defn
+      end
+    end
+  end
+end

data/lib/slots/{version.rb → jwt/version.rb}

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
 module Slots
-  VERSION = "0.0.4"
+  module JWT
+    VERSION = "0.1.0"
+  end
 end

data/lib/tasks/slots_tasks.rake

@@ -3,8 +3,8 @@
 namespace :slots do
   desc "Creates or prepends secret in config/lots_secrets.yml"
   task :new_secret do
-    FileUtils.touch(Slots.secret_yaml_file)
-    secret_keys = YAML.load_file(Slots.secret_yaml_file) || []
+    FileUtils.touch(Slots::JWT.secret_yaml_file)
+    secret_keys = YAML.load_file(Slots::JWT.secret_yaml_file) || []
     # DO 1 minute from now so has time to restart server
     secret_keys.prepend('SECRET' => SecureRandom.hex(64), 'CREATED_AT' => 1.minute.from_now.to_i)
 
@@ -12,16 +12,16 @@ namespace :slots do
     slots_initilizer = Rails.root.join('config', 'initializers', 'slots.rb')
     require slots_initilizer if File.file?(slots_initilizer)
 
-    remove_old_secrets = Slots.configuration.session_lifetime.ago.to_i
+    remove_old_secrets = Slots::JWT.configuration.session_lifetime.ago.to_i
     secret_keys.reject! { |value| remove_old_secrets > value['CREATED_AT'] }
-    File.open(Slots.secret_yaml_file, "w") do |file|
+    File.open(Slots::JWT.secret_yaml_file, "w") do |file|
       file.write secret_keys.to_yaml
     end
     Rake::Task["restart"].invoke
   end
   desc "Clears config/lots_secrets.yml"
   task :clear_secrets do
-    File.open(Slots.secret_yaml_file, "w") do |file|
+    File.open(Slots::JWT.secret_yaml_file, "w") do |file|
       file.write [].to_yaml
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: slots-jwt
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.1.0
 platform: ruby
 authors:
 - Jonathon Gardner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-26 00:00:00.000000000 Z
+date: 2019-11-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -81,10 +81,10 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
-- app/controllers/slots/sessions_controller.rb
-- app/mailers/slots/application_mailer.rb
-- app/models/slots/application_record.rb
-- app/models/slots/session.rb
+- app/controllers/slots/jwt/sessions_controller.rb
+- app/models/slots/jwt/application_record.rb
+- app/models/slots/jwt/session.rb
+- config/initializers/inflections.rb
 - config/routes.rb
 - lib/generators/slots/install/USAGE
 - lib/generators/slots/install/install_generator.rb
@@ -96,19 +96,22 @@ files:
 - lib/generators/slots/model/templates/model.rb
 - lib/generators/slots/model/templates/model_test.rb
 - lib/slots.rb
-- lib/slots/authentication_helper.rb
-- lib/slots/configuration.rb
-- lib/slots/database_authentication.rb
-- lib/slots/engine.rb
-- lib/slots/extra_classes.rb
-- lib/slots/generic_methods.rb
-- lib/slots/generic_validations.rb
-- lib/slots/slokens.rb
-- lib/slots/tests.rb
-- lib/slots/tokens.rb
-- lib/slots/version.rb
+- lib/slots/jwt.rb
+- lib/slots/jwt/authentication_helper.rb
+- lib/slots/jwt/configuration.rb
+- lib/slots/jwt/database_authentication.rb
+- lib/slots/jwt/engine.rb
+- lib/slots/jwt/extra_classes.rb
+- lib/slots/jwt/generic_methods.rb
+- lib/slots/jwt/generic_validations.rb
+- lib/slots/jwt/permission_filter.rb
+- lib/slots/jwt/slokens.rb
+- lib/slots/jwt/tests.rb
+- lib/slots/jwt/tokens.rb
+- lib/slots/jwt/type_helper.rb
+- lib/slots/jwt/version.rb
 - lib/tasks/slots_tasks.rake
-homepage: https://github.com/jonathongardner/slots
+homepage: https://github.com/jonathongardner/slots-jwt
 licenses:
 - MIT
 metadata: {}
@@ -127,7 +130,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubyforge_project: 
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Token Authentication for Rails using JWT.

data/app/controllers/slots/sessions_controller.rb

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  class SessionsController < ApplicationController
-    update_expired_session_tokens! only: :update_session_token # needed if token is expired
-    require_user_load! only: :update_session_token
-    require_login! only: [:update_session_token, :sign_out]
-    skip_callback!
-
-    def sign_in
-      @_current_user = _authentication_model.find_for_authentication(params[:login])
-
-      current_user.authenticate!(params[:password])
-
-      new_token!(ActiveModel::Type::Boolean.new.cast(params[:session]))
-      render json: current_user.as_json, status: :accepted
-    end
-
-    def sign_out
-      Slots::Session.find_by(session: jw_token.session)&.delete if jw_token.session.present?
-      head :ok
-    end
-
-    def update_session_token
-      # TODO think about not allowing user to get new token here because then there
-      current_user.update_token unless current_user.new_token?
-      render json: current_user.as_json, status: :accepted
-    end
-
-    private
-
-      def _authentication_model
-        Slots.configuration.authentication_model
-      end
-  end
-end

data/app/mailers/slots/application_mailer.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  class ApplicationMailer < ActionMailer::Base
-    default from: "from@example.com"
-    layout "mailer"
-  end
-end

data/app/models/slots/application_record.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  class ApplicationRecord < ActiveRecord::Base
-    self.abstract_class = true
-  end
-end

data/app/models/slots/session.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  class Session < ApplicationRecord
-    belongs_to :user, session_assocaition
-    before_validation :create_random_session, on: :create
-    validates :session, :jwt_iat, presence: true
-    validates :session, uniqueness: true
-
-    def update_random_session
-      self.session = SecureRandom.hex(32)
-    end
-
-    def self.expired
-      self.where(self.arel_table[:created_at].lte(Slots.configuration.session_lifetime.ago))
-    end
-
-    def self.not_expired
-      self.where(self.arel_table[:created_at].gt(Slots.configuration.session_lifetime.ago))
-    end
-
-    def self.matches_jwt(sloken_jws)
-      jwt_where = self.arel_table[:jwt_iat].eq(sloken_jws.iat)
-      if Slots.configuration.previous_jwt_lifetime
-        jwt_where = jwt_where.or(
-          Arel::Nodes::Grouping.new(
-            self.arel_table[:previous_jwt_iat].eq(sloken_jws.iat)
-              .and(self.arel_table[:jwt_iat].gt(Slots.configuration.previous_jwt_lifetime.ago.to_i))
-            )
-        )
-      end
-
-      self.not_expired
-        .where(jwt_where)
-        .find_by(session: sloken_jws.session)
-    end
-    private
-      def create_random_session
-        update_random_session unless self.session
-      end
-  end
-end

data/lib/slots/authentication_helper.rb

@@ -1,144 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  module AuthenticationHelper
-    ALL = Object.new
-
-    extend ActiveSupport::Concern
-
-    included do
-      include ActionController::HttpAuthentication::Token::ControllerMethods
-    end
-
-    def jw_token
-      return @_jw_token if @_jw_token&.valid!
-      @_jw_token = Slots::Slokens.decode(authenticate_with_http_token { |t, _| t })
-      @_jw_token.valid!
-    end
-
-    def update_expired_session_tokens
-      return false unless Slots.configuration.session_lifetime
-      @_jw_token = Slots::Slokens.decode(authenticate_with_http_token { |t, _| t })
-      return false unless @_jw_token.expired? && @_jw_token.session.present?
-      new_session_token
-    end
-
-    def new_session_token
-      _current_user = Slots.configuration.authentication_model.from_sloken(@_jw_token)
-      return false unless _current_user&.update_session
-      @_current_user = _current_user
-      true
-    end
-
-    def current_user
-      return @_current_user if instance_variable_defined?(:@_current_user)
-      current_user = Slots.configuration.authentication_model.from_sloken(jw_token)
-      # So if jw_token initalize current_user if expired
-      @_current_user ||= current_user
-    end
-    def load_user
-      current_user&.valid_in_database? && current_user.allowed_new_token?
-    end
-
-    def set_token_header!
-      # check if current user for logout
-      response.set_header('authorization', "Bearer token=#{current_user.token}") if current_user&.new_token?
-    end
-
-    def require_valid_user
-      # Load user will make sure it is in the database and valid in the database
-      raise Slots::InvalidToken, "User doesnt exist" if @_require_load_user && !load_user
-      access_denied! unless current_user && (@_ignore_callbacks || token_allowed?)
-    end
-    def require_load_user
-      # Use varaible so that if this action is prepended it will still only be called when checking for valid user,
-      # i.e. so its not called before update_expired_session_tokens if set
-      @_require_load_user = true
-    end
-    def ignore_callbacks
-      @_ignore_callbacks = true
-    end
-
-    def access_denied!
-      raise Slots::AccessDenied
-    end
-
-    def token_allowed?
-      !(self.class._reject_token?(self))
-    end
-
-    def new_token!(session)
-      current_user.create_token(session)
-      set_token_header!
-    end
-
-    def update_token!
-      current_user.update_token
-    end
-
-    module ClassMethods
-      def update_expired_session_tokens!(**options)
-        prepend_before_action :update_expired_session_tokens, **options
-        after_action :set_token_header!, **options
-      end
-
-      def require_login!(load_user: false, **options)
-        before_action :require_load_user, **options if load_user
-        before_action :require_valid_user, **options
-      end
-
-      def require_user_load!(**options)
-        prepend_before_action :require_load_user, **options
-      end
-
-      def skip_callback!(**options)
-        prepend_before_action :ignore_callbacks, **options
-      end
-
-      def ignore_login!(**options)
-        skip_before_action :require_valid_user, **options
-        skip_before_action :require_load_user, **options, raise: false
-        skip_before_action :update_expired_session_tokens, **options, raise: false
-        skip_after_action :set_token_header!, **options, raise: false
-      end
-
-      def catch_invalid_login(response: {errors: {authentication: ['login or password is invalid']}}, status: :unauthorized)
-        rescue_from Slots::AuthenticationFailed do |exception|
-          render json: response, status: status
-        end
-      end
-
-      def catch_invalid_token(response: {errors: {authentication: ['invalid or missing token']}}, status: :unauthorized)
-        rescue_from Slots::InvalidToken do |exception|
-          render json: response, status: status
-        end
-      end
-
-      def catch_access_denied(response: {errors: {authorization: ["can't access"]}}, status: :forbidden)
-        rescue_from Slots::AccessDenied do |exception|
-          render json: response, status: status
-        end
-      end
-
-      def reject_token(only: ALL, except: ALL, &block)
-        raise 'Cant pass both only and except' unless only == ALL || except == ALL
-        only = Array(only) if only != ALL
-        except = Array(except) if except != ALL
-
-        (@_reject_token ||= []).push([only, except, block])
-      end
-      def _reject_token?(con)
-        (@_reject_token ||= []).any? { |o, e, b| _check_to_reject?(con, o, e, b) } || _superclass_reject_token?(con)
-      end
-      def _check_to_reject?(con, only, except, block)
-        return false unless only == ALL || only.any? { |o| o.to_sym == con.action_name.to_sym }
-        return false if except != ALL && except.any? { |e| e.to_sym == con.action_name.to_sym }
-        (con.instance_eval &block)
-      end
-
-      def _superclass_reject_token?(con)
-        self.superclass.respond_to?('_reject_token?') && self.superclass._reject_token?(con)
-      end
-    end
-  end
-end