thecore_backend_commons 3.2.3 → 3.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/config/initializers/concern_cable_connection.rb +11 -6
  3. data/lib/thecore_backend_commons/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d49cad14dab24e49c18b425a25ba02bf80183ac74626cf3ef7858bfb71b969f6
4
- data.tar.gz: 923b24b8fcaf1b5dd36f5afdea8ec045074be9d9ca397b89b076cb1768c14a93
3
+ metadata.gz: 5cc9f4d227b130ad6e8690995a4ae462d2c5057f6165cf22b01b8d4c5e925a92
4
+ data.tar.gz: dfeec1c2c1813b6037016ac37d67477bdc3eab3e7b1f31e4ee7f5f4f10465853
5
5
  SHA512:
6
- metadata.gz: f8a94044a00da96909a6003d672eb2945dc25792640002684581d305f02c1b1a1c8afede032b9340a73f0687b53a076bbfe4cdfc9b8f99361a078010df39db28
7
- data.tar.gz: 88ff40875bde193b3b88c226f56e922f40a2251ed8403864e0b5203f564e5d4bffe087a258aef8494a91479face853b2a6e951c8a35d884f349f9d34106e3dbd
6
+ metadata.gz: 1439fbd5039ca4b2266e2ec5a5d2ce161fc3198824de0a5c755e093bff224b0b7811ae0181df4256b53a5ba0575e709d50aa22f843ba2d05a417e0b6051ba059
7
+ data.tar.gz: f14d63913cad95459d5e8c963b766346da10936e5f9d10662fbabcbeeccedd3f39690d4f232ecda34ecc1d612dec95eb1acc892c5ea6122d34981225b710bc22
data/config/initializers/concern_cable_connection.rb CHANGED
@@ -16,12 +16,17 @@ module CableConnectionConcern
16
16
  # It looks for a token in the query parameters, or in the headers
17
17
  m = request.query_parameters["token"].presence || request.headers["Authorization"].split(" ").second.strip rescue nil
18
18
 
19
- body = ::HashWithIndifferentAccess.new(::JWT.decode(m, ::Rails.application.credentials.dig(:secret_key_base).presence||ENV["SECRET_KEY_BASE"], false)[0]) rescue nil
20
- if verified_user = (env['warden'].user.presence || User.find_by(id: body[:user_id]) rescue false)
21
- verified_user
22
- else
23
- reject_unauthorized_connection
24
- end
19
+ # check for m2m token
20
+ user = User.where.not(encrypted_access_token: nil).find { |u| BCrypt::Password.new(u.encrypted_access_token) == m } rescue false
21
+ return user if user
22
+
23
+ # check for JWT token
24
+ body = (::HashWithIndifferentAccess.new(::JWT.decode(m, ::Rails.application.credentials.dig(:secret_key_base).presence||ENV["SECRET_KEY_BASE"], false)[0]) rescue nil)
25
+ verified_user = env['warden'].user.presence || User.find_by(id: body[:user_id]) rescue false
26
+ return verified_user if verified_user
27
+
28
+ # The Token is not m2m nor JWT, fail
29
+ return reject_unauthorized_connection
25
30
  end
26
31
  end
27
32
  end
data/lib/thecore_backend_commons/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ThecoreBackendCommons
2
- VERSION = "3.2.3"
2
+ VERSION = "3.2.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: thecore_backend_commons
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.3
4
+ version: 3.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gabriele Tassoni
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-11 00:00:00.000000000 Z
11
+ date: 2024-10-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thecore_auth_commons