Class: ApiEngineBase::Jwt::AuthenticateUser

Inherits:
ServiceBase
  • Object
show all
Defined in:
app/services/api_engine_base/jwt/authenticate_user.rb

Constant Summary

Constants inherited from ServiceBase

ServiceBase::ON_ARGUMENT_VALIDATION

Instance Method Summary collapse

Methods inherited from ServiceBase

inherited, #internal_validate, #service_base_logging, #validate!

Methods included from ArgumentValidation

included

Methods included from ServiceLogging

#aletered_message, #class_name, #log, #log_error, #log_info, #log_prefix, #log_warn, #logger, #service_id

Instance Method Details

#callObject 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'app/services/api_engine_base/jwt/authenticate_user.rb', line 10

def call
  result = Decode.(token:)

  if result.failure?
    context.fail!(msg: "Unauthorized Access. Invalid Authorization token")
  end
  payload = result.payload

  expires_at = validate_generated_at!(generated_at: payload[:generated_at])

  user = User.find(payload[:user_id]) rescue nil
  if user.nil?
    log_warn("user_id [#{payload[:user_id]}] was not found. Cannot Continue")
    context.fail!(msg: "Unauthorized Access. Invalid Authorization token")
  end

  if user.verifier_token == payload[:verifier_token]
    context.user = user
  else
    context.fail!(msg: "Unauthorized Access. Token is no longer valid")
  end

  email_validation_required!(user:)

  if with_reset
    context.generated_token = ApiEngineBase::Jwt::LoginCreate.(user:).token
    expires_at = ApiEngineBase.config.jwt.ttl.from_now.to_time
  end

  context.expires_at = expires_at.to_s
end

#email_validation_required!(user:) ⇒ Object 



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'app/services/api_engine_base/jwt/authenticate_user.rb', line 68

def email_validation_required!(user:)
  return unless ApiEngineBase.config..plain_text.email_verify?

  if bypass_email_validation
    log_info("Bypassing email validation without checking if user should be able to continue")
    return
  end

  return if user.email_validated

  log_info("User's email is not yet validated.")
  result = ApiEngineBase::LoginStrategy::PlainText::EmailVerification::Required.(user:)

  if result.required
    context.fail!(msg: "User's Email must be validated before they can continue")
  end
end

#validate_generated_at!(generated_at:) ⇒ Object 



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'app/services/api_engine_base/jwt/authenticate_user.rb', line 42

def validate_generated_at!(generated_at:)
  if generated_at.nil?
    log_warn("generated_at payload is missing from the JWT token. Cannot continue")
    context.fail!(msg: "Unauthorized Access. Invalid Authorization token")
  end

  expires_time = begin
    time = Time.at(generated_at)
    time + ApiEngineBase.config.jwt.ttl
  rescue
    nil
  end

  if expires_time.nil?
    log_warn("generated_at payload cannot be parsed. Cannot continue")
    context.fail!(msg: "Unauthorized Access. Invalid Authorization token")
  end

  if expires_time < Time.now
    log_warn("generated_at is no longer valid. Must request new token")
    context.fail!(msg: "Unauthorized Access. Invalid Authorization token")
  end

  expires_time
end