slots-jwt 0.0.4

data/lib/slots/slokens.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+require 'jwt'
+module Slots
+  class Slokens
+    attr_reader :token, :exp, :iat, :extra_payload, :authentication_model_values, :session
+    def initialize(decode: false, encode: false, token: nil, authentication_record: nil, extra_payload: nil, session: nil)
+      if decode
+        @token = token
+        decode()
+      elsif encode
+        @authentication_model_values = authentication_record.as_json
+        @extra_payload = extra_payload.as_json
+        @session = session
+        update_iat
+        update_exp
+        encode()
+        @valid = true
+      else
+        raise 'must encode or decode'
+      end
+    end
+    def self.decode(token)
+      self.new(decode: true, token: token)
+    end
+    def self.encode(authentication_record, session = '', extra_payload)
+      self.new(encode: true, authentication_record: authentication_record, session: session, extra_payload: extra_payload)
+    end
+
+    def expired?
+      @expired
+    end
+
+    def valid?
+      @valid
+    end
+
+    def valid!
+      raise InvalidToken, "Invalid Token" unless valid?
+      self
+    end
+
+    def update_token_data(authentication_record, extra_payload)
+      @authentication_model_values = authentication_record.as_json
+      @extra_payload = extra_payload.as_json
+      update_iat
+      encode
+    end
+
+    def update_token(authentication_record, extra_payload)
+      update_exp
+      update_token_data(authentication_record, extra_payload)
+    end
+
+    def payload
+      {
+        authentication_model_key => @authentication_model_values,
+        'exp' => @exp,
+        'iat' => @iat,
+        'session' => @session,
+        'extra_payload' => @extra_payload,
+      }
+    end
+
+    private
+      def authentication_model_key
+        Slots.configuration.authentication_model.name.underscore
+      end
+
+      def default_expected_keys
+        ['exp', 'iat', 'session', authentication_model_key]
+      end
+      def secret
+        Slots.configuration.secret(@iat)
+      end
+      def update_iat
+        @iat = Time.now.to_i
+      end
+      def update_exp
+        @exp = Slots.configuration.token_lifetime.from_now.to_i
+      end
+      def encode
+        @token = JWT.encode self.payload, secret, 'HS256'
+        @expired = false
+        @valid = true
+      end
+
+      def decode
+        begin
+          set_payload
+          JWT.decode @token, secret, true, verify_iat: true, algorithm: 'HS256'
+        rescue JWT::ExpiredSignature
+          @expired = true
+        rescue JWT::InvalidIatError, JWT::VerificationError, JWT::DecodeError, Slots::InvalidSecret, NoMethodError, JSON::ParserError
+          @valid = false
+        else
+          @valid = payload.slice(*default_expected_keys).compact.length == default_expected_keys.length
+        end
+      end
+
+      def set_payload
+        encoded64 = @token.split('.')[1] || ''
+        string_payload = Base64.decode64(encoded64)
+        local_payload = JSON.parse(string_payload)
+        raise JSON::ParserError unless local_payload.is_a?(Hash)
+        @exp = local_payload['exp']&.to_i
+        @iat = local_payload['iat']&.to_i
+        @session = local_payload['session']
+        @authentication_model_values = local_payload[authentication_model_key]
+        @extra_payload = local_payload['extra_payload']
+      end
+  end
+end

data/lib/slots/tests.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Slots
+  module Tests
+    def authorized_get(current_user, url, headers: {}, **options)
+      authorized_protocal :get, current_user, url, headers: headers, **options
+    end
+    def authorized_post(current_user, url, headers: {}, **options)
+      authorized_protocal :post, current_user, url, headers: headers, **options
+    end
+    def authorized_patch(current_user, url, headers: {}, **options)
+      authorized_protocal :patch, current_user, url, headers: headers, **options
+    end
+    def authorized_put(current_user, url, headers: {}, **options)
+      authorized_protocal :put, current_user, url, headers: headers, **options
+    end
+    def authorized_delete(current_user, url, headers: {}, **options)
+      authorized_protocal :delete, current_user, url, headers: headers, **options
+    end
+
+    def authorized_protocal(type, current_user, url, headers: {}, session: false, **options)
+      @token = current_user&.create_token(session)
+      headers = headers.merge(token_header(@token)) if @token
+      send(type, url, headers: headers, **options)
+    end
+
+    def current_token
+      @token
+    end
+
+    def token_header(token)
+      {'authorization' => %{Bearer token="#{token}"}}
+    end
+  end
+end

data/lib/slots/tokens.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+module Slots
+  module Tokens
+    extend ActiveSupport::Concern
+
+    included do
+    end
+
+    def jwt_identifier
+      send(self.class.jwt_identifier_column)
+    end
+
+    def create_token(have_session)
+      session = ''
+      if have_session && Slots.configuration.session_lifetime
+        @new_session = self.sessions.new(jwt_iat: 0)
+        # Session should never be invalid since its all programmed
+        raise 'Session not valid' unless @new_session.valid?
+        session = @new_session.session
+      end
+      @slots_jwt = Slots::Slokens.encode(self, session, extra_payload)
+      if @new_session
+        @new_session.jwt_iat = @slots_jwt.iat
+        @new_session.save!
+      end
+      @new_token = true
+      run_token_created_callback
+      token
+    end
+
+    def extra_payload
+      @extra_payload || {}
+    end
+
+    def token
+      @slots_jwt&.token
+    end
+
+    def jwt
+      @slots_jwt
+    end
+    def set_token!(slots_jwt)
+      @slots_jwt = slots_jwt
+      self
+    end
+
+    def update_session
+      return false unless valid_in_database?
+      return false unless allowed_new_token?
+      # Need to check if allowed new token after loading
+      session = self.sessions.matches_jwt(jwt)
+      return false unless session
+      old_iat = jwt.iat
+      jwt.update_token(self, extra_payload)
+      if session.jwt_iat == old_iat
+        # if old_iat == previous_jwt_iat dont update and return token
+        session.update(previous_jwt_iat: old_iat, jwt_iat: jwt.iat)
+        @new_token = true
+      end
+    end
+
+    def update_token
+      # This will only update the data in the token
+      # not the experation data or anything else
+      return false unless valid_in_database?
+      return false unless allowed_new_token?
+
+      session = self.sessions.matches_jwt(jwt)
+      old_iat = jwt.iat
+      jwt.update_token_data(self, extra_payload)
+      # Dont worry if session isnt there because exp not updated
+      session&.update(previous_jwt_iat: old_iat, jwt_iat: jwt.iat)
+      @new_token = true
+    end
+
+    def new_token?
+      @new_token
+    end
+
+    def valid_in_database?
+      begin
+        jwt_identifier_was = self.jwt_identifier
+        self.reload
+        return false if jwt_identifier_was != self.jwt_identifier
+      rescue ActiveRecord::RecordNotFound
+        return false
+      end
+      true
+    end
+
+    module ClassMethods
+      def from_sloken(slots_jwt)
+        self.new(slots_jwt.authentication_model_values).set_token!(slots_jwt)
+      end
+
+      def jwt_identifier_column
+        Slots.configuration.logins.keys.first
+      end
+    end
+  end
+end

data/lib/slots/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Slots
+  VERSION = "0.0.4"
+end

data/lib/tasks/slots_tasks.rake

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+namespace :slots do
+  desc "Creates or prepends secret in config/lots_secrets.yml"
+  task :new_secret do
+    FileUtils.touch(Slots.secret_yaml_file)
+    secret_keys = YAML.load_file(Slots.secret_yaml_file) || []
+    # DO 1 minute from now so has time to restart server
+    secret_keys.prepend('SECRET' => SecureRandom.hex(64), 'CREATED_AT' => 1.minute.from_now.to_i)
+
+    # TODO this might not always work
+    slots_initilizer = Rails.root.join('config', 'initializers', 'slots.rb')
+    require slots_initilizer if File.file?(slots_initilizer)
+
+    remove_old_secrets = Slots.configuration.session_lifetime.ago.to_i
+    secret_keys.reject! { |value| remove_old_secrets > value['CREATED_AT'] }
+    File.open(Slots.secret_yaml_file, "w") do |file|
+      file.write secret_keys.to_yaml
+    end
+    Rake::Task["restart"].invoke
+  end
+  desc "Clears config/lots_secrets.yml"
+  task :clear_secrets do
+    File.open(Slots.secret_yaml_file, "w") do |file|
+      file.write [].to_yaml
+    end
+  end
+end

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification
+name: slots-jwt
+version: !ruby/object:Gem::Version
+  version: 0.0.4
+platform: ruby
+authors:
+- Jonathon Gardner
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-08-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Token Authentication for Rails using JWT. Slots is designed to keep JWT
+  stateless and minimize database calls. This is done by storing (none sensitive)
+  data in the JWT and populating current_user with the JWT data. This allows for things
+  like `current_user.teams` or other assocations to be called on the user. Unless
+  explicitly told slots will only load the user from the database when creating (or
+  updating an expired) token.
+email:
+- TheAppGardner@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/slots/sessions_controller.rb
+- app/mailers/slots/application_mailer.rb
+- app/models/slots/application_record.rb
+- app/models/slots/session.rb
+- config/routes.rb
+- lib/generators/slots/install/USAGE
+- lib/generators/slots/install/install_generator.rb
+- lib/generators/slots/install/templates/create_slots_sessions.rb
+- lib/generators/slots/install/templates/slots.rb
+- lib/generators/slots/model/USAGE
+- lib/generators/slots/model/model_generator.rb
+- lib/generators/slots/model/templates/create_models.rb
+- lib/generators/slots/model/templates/model.rb
+- lib/generators/slots/model/templates/model_test.rb
+- lib/slots.rb
+- lib/slots/authentication_helper.rb
+- lib/slots/configuration.rb
+- lib/slots/database_authentication.rb
+- lib/slots/engine.rb
+- lib/slots/extra_classes.rb
+- lib/slots/generic_methods.rb
+- lib/slots/generic_validations.rb
+- lib/slots/slokens.rb
+- lib/slots/tests.rb
+- lib/slots/tokens.rb
+- lib/slots/version.rb
+- lib/tasks/slots_tasks.rake
+homepage: https://github.com/jonathongardner/slots
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.1
+signing_key: 
+specification_version: 4
+summary: Token Authentication for Rails using JWT.
+test_files: []