slots-jwt 0.0.4 → 0.1.0

data/lib/slots/configuration.rb

@@ -1,82 +0,0 @@
-# frozen_string_literal: true
-
-require 'yaml'
-
-module Slots
-  class Configuration
-    attr_accessor :login_regex_validations, :token_lifetime, :session_lifetime, :previous_jwt_lifetime
-    attr_reader :logins
-    attr_writer :authentication_model
-
-    # raise_no_error is used for rake to load
-    def initialize
-      @logins = {email: //}
-      @login_regex_validations = true
-      @authentication_model = 'User'
-      @secret_keys = [{created_at: 0, secret: ENV['SLOT_SECRET']}]
-      @token_lifetime = 1.hour
-      @session_lifetime = 2.weeks # Set to nil if you dont want sessions
-      @previous_jwt_lifetime = 5.seconds # Set to nil if you dont want sessions
-      @manage_callbacks = Proc.new { }
-    end
-
-    def logins=(value)
-      if value.is_a? Symbol
-        @logins = {value => //}
-      elsif value.is_a?(Hash)
-        # Should do most inclusive regex last
-        raise 'must be hash of symbols => regex' unless value.length > 0 && value.all? { |k, v| k.is_a?(Symbol) && v.is_a?(Regexp) }
-        @logins = value
-      else
-        raise 'must be a symbol or hash'
-      end
-    end
-
-    def authentication_model
-      @authentication_model.to_s.constantize rescue nil
-    end
-
-    def secret=(v)
-      @secret_keys = [{created_at: 0, secret: v}]
-    end
-
-    def secret_yaml=(file_path_string)
-      secret_keys = YAML.load_file(Slots.secret_yaml_file)
-      @secret_keys = []
-      secret_keys.each do |secret_key|
-        raise ArgumentError, 'Need CREATED_AT' unless (created_at = secret_key['CREATED_AT']&.to_i)
-        raise ArgumentError, 'Need SECRET' unless (secret = secret_key['SECRET'])
-        previous_created_at = @secret_keys[-1]&.dig(:created_at) || Time.now.to_i
-
-        raise ArgumentError, 'CREATED_AT must be newest to latest' unless previous_created_at > created_at
-        @secret_keys.push(
-          created_at: created_at,
-          secret: secret
-        )
-      end
-    end
-
-    def secret(at = Time.now.to_i)
-      @secret_keys.each do |secret_hash|
-        return secret_hash[:secret] if at > secret_hash[:created_at]
-      end
-      raise InvalidSecret, 'Invalid Secret'
-    end
-  end
-
-  class << self
-    attr_writer :configuration
-
-    def configuration
-      @configuration ||= Configuration.new
-    end
-
-    def configure
-      yield configuration
-    end
-
-    def secret_yaml_file
-      Rails.root.join('config', 'slots_secrets.yml')
-    end
-  end
-end

data/lib/slots/database_authentication.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  module DatabaseAuthentication
-    extend ActiveSupport::Concern
-
-    included do
-      has_secure_password
-    end
-
-    # TODO allow super
-    def as_json(*)
-      super.except('password_digest')
-    end
-
-    module ClassMethods
-    end
-  end
-end

data/lib/slots/engine.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  class Engine < ::Rails::Engine
-    isolate_namespace Slots
-  end
-end

data/lib/slots/extra_classes.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  class AuthenticationFailed < StandardError
-  end
-  class InvalidToken < StandardError
-  end
-  class AccessDenied < StandardError
-  end
-  class InvalidSecret < StandardError
-  end
-end

data/lib/slots/generic_methods.rb

@@ -1,51 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  module GenericMethods
-    extend ActiveSupport::Concern
-
-    included do
-    end
-
-    def allowed_new_token?
-      !(self.class._reject_new_token?(self))
-    end
-
-    def run_token_created_callback
-      self.class._token_created_callback(self)
-    end
-
-    def authenticate?(password)
-      password.present? && persisted? && respond_to?(:authenticate) && authenticate(password) && allowed_new_token?
-    end
-
-    def authenticate!(password)
-      raise Slots::AuthenticationFailed unless self.authenticate?(password)
-      true
-    end
-
-    module ClassMethods
-      def find_for_authentication(login)
-        Slots.configuration.logins.each do |k, v|
-          next unless login&.match(v)
-          return find_by(arel_table[k].lower.eq(login.downcase)) || new
-        end
-        new
-      end
-
-      def reject_new_token(&block)
-        (@_reject_new_token ||= []).push(block)
-      end
-      def _reject_new_token?(user)
-        (@_reject_new_token ||= []).any? { |b| user.instance_eval &b }
-      end
-
-      def token_created_callback(&block)
-        (@_token_created_callback ||= []).push(block)
-      end
-      def _token_created_callback(user)
-        (@_token_created_callback ||= []).each { |b| user.instance_eval &b }
-      end
-    end
-  end
-end

data/lib/slots/generic_validations.rb

@@ -1,51 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  module GenericValidations
-    extend ActiveSupport::Concern
-
-    included do
-      validate :unique_and_present, :logins_meets_criteria
-    end
-
-    def logins_meets_criteria
-      return if self.errors.any?
-      return unless Slots.configuration.login_regex_validations
-      logins = Slots.configuration.logins
-      login_c = logins.keys
-      logins.each do |col, reg|
-        login_c.delete(col) # Login columns left
-        column_match(reg, col)
-        column_dont_match(reg, col, login_c)
-      end
-    end
-
-    def unique_and_present
-      # Use this rather than validates because logins in configure might not be set yet on include
-      Slots.configuration.logins.each do |column, _|
-        value = self.send(column)
-        next self.errors.add(column, "can't be blank") unless value.present?
-
-        pk_value = self.send(self.class.primary_key)
-        lower_case = self.class.arel_table[column].lower.eq(value.downcase)
-        next unless self.class.where.not(self.class.primary_key => pk_value).where(lower_case).exists?
-        self.errors.add(column, "has already been taken")
-      end
-    end
-
-    def column_match(regex, column)
-      # TODO change error message to use locals? or something configurable
-      self.errors.add(column, "didn't match login criteria") unless self.send(column).match(regex)
-    end
-
-    def column_dont_match(regex, column_not_to_match, columns)
-      columns.each do |c|
-        # Since we check if any errors should be present
-        self.errors.add(c, "matched #{column_not_to_match} login criteria") if self.send(c).match(regex)
-      end
-    end
-
-    module ClassMethods
-    end
-  end
-end

data/lib/slots/slokens.rb

@@ -1,113 +0,0 @@
-# frozen_string_literal: true
-
-require 'jwt'
-module Slots
-  class Slokens
-    attr_reader :token, :exp, :iat, :extra_payload, :authentication_model_values, :session
-    def initialize(decode: false, encode: false, token: nil, authentication_record: nil, extra_payload: nil, session: nil)
-      if decode
-        @token = token
-        decode()
-      elsif encode
-        @authentication_model_values = authentication_record.as_json
-        @extra_payload = extra_payload.as_json
-        @session = session
-        update_iat
-        update_exp
-        encode()
-        @valid = true
-      else
-        raise 'must encode or decode'
-      end
-    end
-    def self.decode(token)
-      self.new(decode: true, token: token)
-    end
-    def self.encode(authentication_record, session = '', extra_payload)
-      self.new(encode: true, authentication_record: authentication_record, session: session, extra_payload: extra_payload)
-    end
-
-    def expired?
-      @expired
-    end
-
-    def valid?
-      @valid
-    end
-
-    def valid!
-      raise InvalidToken, "Invalid Token" unless valid?
-      self
-    end
-
-    def update_token_data(authentication_record, extra_payload)
-      @authentication_model_values = authentication_record.as_json
-      @extra_payload = extra_payload.as_json
-      update_iat
-      encode
-    end
-
-    def update_token(authentication_record, extra_payload)
-      update_exp
-      update_token_data(authentication_record, extra_payload)
-    end
-
-    def payload
-      {
-        authentication_model_key => @authentication_model_values,
-        'exp' => @exp,
-        'iat' => @iat,
-        'session' => @session,
-        'extra_payload' => @extra_payload,
-      }
-    end
-
-    private
-      def authentication_model_key
-        Slots.configuration.authentication_model.name.underscore
-      end
-
-      def default_expected_keys
-        ['exp', 'iat', 'session', authentication_model_key]
-      end
-      def secret
-        Slots.configuration.secret(@iat)
-      end
-      def update_iat
-        @iat = Time.now.to_i
-      end
-      def update_exp
-        @exp = Slots.configuration.token_lifetime.from_now.to_i
-      end
-      def encode
-        @token = JWT.encode self.payload, secret, 'HS256'
-        @expired = false
-        @valid = true
-      end
-
-      def decode
-        begin
-          set_payload
-          JWT.decode @token, secret, true, verify_iat: true, algorithm: 'HS256'
-        rescue JWT::ExpiredSignature
-          @expired = true
-        rescue JWT::InvalidIatError, JWT::VerificationError, JWT::DecodeError, Slots::InvalidSecret, NoMethodError, JSON::ParserError
-          @valid = false
-        else
-          @valid = payload.slice(*default_expected_keys).compact.length == default_expected_keys.length
-        end
-      end
-
-      def set_payload
-        encoded64 = @token.split('.')[1] || ''
-        string_payload = Base64.decode64(encoded64)
-        local_payload = JSON.parse(string_payload)
-        raise JSON::ParserError unless local_payload.is_a?(Hash)
-        @exp = local_payload['exp']&.to_i
-        @iat = local_payload['iat']&.to_i
-        @session = local_payload['session']
-        @authentication_model_values = local_payload[authentication_model_key]
-        @extra_payload = local_payload['extra_payload']
-      end
-  end
-end

data/lib/slots/tests.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  module Tests
-    def authorized_get(current_user, url, headers: {}, **options)
-      authorized_protocal :get, current_user, url, headers: headers, **options
-    end
-    def authorized_post(current_user, url, headers: {}, **options)
-      authorized_protocal :post, current_user, url, headers: headers, **options
-    end
-    def authorized_patch(current_user, url, headers: {}, **options)
-      authorized_protocal :patch, current_user, url, headers: headers, **options
-    end
-    def authorized_put(current_user, url, headers: {}, **options)
-      authorized_protocal :put, current_user, url, headers: headers, **options
-    end
-    def authorized_delete(current_user, url, headers: {}, **options)
-      authorized_protocal :delete, current_user, url, headers: headers, **options
-    end
-
-    def authorized_protocal(type, current_user, url, headers: {}, session: false, **options)
-      @token = current_user&.create_token(session)
-      headers = headers.merge(token_header(@token)) if @token
-      send(type, url, headers: headers, **options)
-    end
-
-    def current_token
-      @token
-    end
-
-    def token_header(token)
-      {'authorization' => %{Bearer token="#{token}"}}
-    end
-  end
-end

data/lib/slots/tokens.rb

@@ -1,102 +0,0 @@
-# frozen_string_literal: true
-
-module Slots
-  module Tokens
-    extend ActiveSupport::Concern
-
-    included do
-    end
-
-    def jwt_identifier
-      send(self.class.jwt_identifier_column)
-    end
-
-    def create_token(have_session)
-      session = ''
-      if have_session && Slots.configuration.session_lifetime
-        @new_session = self.sessions.new(jwt_iat: 0)
-        # Session should never be invalid since its all programmed
-        raise 'Session not valid' unless @new_session.valid?
-        session = @new_session.session
-      end
-      @slots_jwt = Slots::Slokens.encode(self, session, extra_payload)
-      if @new_session
-        @new_session.jwt_iat = @slots_jwt.iat
-        @new_session.save!
-      end
-      @new_token = true
-      run_token_created_callback
-      token
-    end
-
-    def extra_payload
-      @extra_payload || {}
-    end
-
-    def token
-      @slots_jwt&.token
-    end
-
-    def jwt
-      @slots_jwt
-    end
-    def set_token!(slots_jwt)
-      @slots_jwt = slots_jwt
-      self
-    end
-
-    def update_session
-      return false unless valid_in_database?
-      return false unless allowed_new_token?
-      # Need to check if allowed new token after loading
-      session = self.sessions.matches_jwt(jwt)
-      return false unless session
-      old_iat = jwt.iat
-      jwt.update_token(self, extra_payload)
-      if session.jwt_iat == old_iat
-        # if old_iat == previous_jwt_iat dont update and return token
-        session.update(previous_jwt_iat: old_iat, jwt_iat: jwt.iat)
-        @new_token = true
-      end
-    end
-
-    def update_token
-      # This will only update the data in the token
-      # not the experation data or anything else
-      return false unless valid_in_database?
-      return false unless allowed_new_token?
-
-      session = self.sessions.matches_jwt(jwt)
-      old_iat = jwt.iat
-      jwt.update_token_data(self, extra_payload)
-      # Dont worry if session isnt there because exp not updated
-      session&.update(previous_jwt_iat: old_iat, jwt_iat: jwt.iat)
-      @new_token = true
-    end
-
-    def new_token?
-      @new_token
-    end
-
-    def valid_in_database?
-      begin
-        jwt_identifier_was = self.jwt_identifier
-        self.reload
-        return false if jwt_identifier_was != self.jwt_identifier
-      rescue ActiveRecord::RecordNotFound
-        return false
-      end
-      true
-    end
-
-    module ClassMethods
-      def from_sloken(slots_jwt)
-        self.new(slots_jwt.authentication_model_values).set_token!(slots_jwt)
-      end
-
-      def jwt_identifier_column
-        Slots.configuration.logins.keys.first
-      end
-    end
-  end
-end