Class: JWTKeeper::Token
- Inherits:
-
Object
- Object
- JWTKeeper::Token
- Defined in:
- lib/jwt_keeper/token.rb
Overview
This class acts as the main interface to wrap the concerns of JWTs. Handling everything from encoding to invalidation.
Instance Attribute Summary collapse
-
#claims ⇒ Object
Returns the value of attribute claims.
-
#cookie_secret ⇒ Object
Returns the value of attribute cookie_secret.
-
#secret ⇒ Object
Returns the value of attribute secret.
Class Method Summary collapse
-
.create(options) ⇒ Token
Creates a new web token.
-
.find(raw_token, secret: nil, cookie_secret: nil, iss: nil) ⇒ Token
Decodes and validates an existing token.
-
.revoke(token_jti) ⇒ void
Revokes a web token.
-
.rotate(token_jti) ⇒ void
Sets a token to the pending rotation state.
Instance Method Summary collapse
-
#id ⇒ String
Easy interface for using the token’s id.
-
#initialize(options = {}) ⇒ void
constructor
Initalizes a new web token.
-
#invalid? ⇒ Boolean
Checks if the token invalid?.
-
#pending? ⇒ Boolean
Checks if a web token is pending a rotation.
-
#revoke ⇒ void
Revokes a web token.
-
#revoked? ⇒ Boolean
Checks if a web token has been revoked.
-
#rotate(new_claims = nil) ⇒ Token
Revokes and creates a new web token.
-
#to_cookie ⇒ Hash
Encodes the cookie.
-
#to_jwt ⇒ String
(also: #to_s)
Encodes the jwt.
-
#valid? ⇒ Boolean
Checks if the token valid?.
-
#version_mismatch? ⇒ Boolean
Checks if a web token is pending a global rotation.
Constructor Details
#initialize(options = {}) ⇒ void
Initalizes a new web token
12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/jwt_keeper/token.rb', line 12 def initialize( = {}) @secret = .delete(:secret) || JWTKeeper.configuration.secret @cookie_secret = .delete(:cookie_secret) @claims = { nbf: DateTime.now.to_i, # not before iat: DateTime.now.to_i, # issued at jti: SecureRandom.uuid # JWT ID } @claims.merge!(JWTKeeper.configuration.base_claims) @claims.merge!() @claims[:exp] = @claims[:exp].to_i if @claims[:exp].is_a?(Time) end |
Instance Attribute Details
#claims ⇒ Object
Returns the value of attribute claims.
5 6 7 |
# File 'lib/jwt_keeper/token.rb', line 5 def claims @claims end |
#cookie_secret ⇒ Object
Returns the value of attribute cookie_secret.
5 6 7 |
# File 'lib/jwt_keeper/token.rb', line 5 def @cookie_secret end |
#secret ⇒ Object
Returns the value of attribute secret.
5 6 7 |
# File 'lib/jwt_keeper/token.rb', line 5 def secret @secret end |
Class Method Details
.create(options) ⇒ Token
Creates a new web token
30 31 32 33 |
# File 'lib/jwt_keeper/token.rb', line 30 def self.create() = SecureRandom.hex(16) if JWTKeeper.configuration. new(.merge(cookie_secret: )) end |
.find(raw_token, secret: nil, cookie_secret: nil, iss: nil) ⇒ Token
Decodes and validates an existing token
39 40 41 42 43 44 45 46 47 48 |
# File 'lib/jwt_keeper/token.rb', line 39 def self.find(raw_token, secret: nil, cookie_secret: nil, iss: nil) claims = decode(raw_token, secret: secret, cookie_secret: , iss: iss) return nil if claims.nil? new_token = new(secret: secret, cookie_secret: , iss: iss) new_token.claims = claims return nil if new_token.revoked? new_token end |
.revoke(token_jti) ⇒ void
This method returns an undefined value.
Revokes a web token
62 63 64 |
# File 'lib/jwt_keeper/token.rb', line 62 def self.revoke(token_jti) Datastore.revoke(token_jti, JWTKeeper.configuration.expiry.from_now.to_i) end |
.rotate(token_jti) ⇒ void
This method returns an undefined value.
Sets a token to the pending rotation state. The expire is set to the maxium possible time but is inherently ignored by the token’s exp check and then rewritten with the revokation on rotate.
55 56 57 |
# File 'lib/jwt_keeper/token.rb', line 55 def self.rotate(token_jti) Datastore.rotate(token_jti, JWTKeeper.configuration.expiry.from_now.to_i) end |
Instance Method Details
#id ⇒ String
Easy interface for using the token’s id
68 69 70 |
# File 'lib/jwt_keeper/token.rb', line 68 def id claims[:jti] end |
#invalid? ⇒ Boolean
Checks if the token invalid?
120 121 122 123 124 125 126 |
# File 'lib/jwt_keeper/token.rb', line 120 def invalid? self.class.decode( encode, secret: secret, cookie_secret: ).nil? || revoked? end |
#pending? ⇒ Boolean
Checks if a web token is pending a rotation
96 97 98 |
# File 'lib/jwt_keeper/token.rb', line 96 def pending? Datastore.pending?(id) end |
#revoke ⇒ void
This method returns an undefined value.
Revokes a web token
89 90 91 92 |
# File 'lib/jwt_keeper/token.rb', line 89 def revoke return if invalid? Datastore.revoke(id, claims[:exp] - DateTime.now.to_i) end |
#revoked? ⇒ Boolean
Checks if a web token has been revoked
108 109 110 |
# File 'lib/jwt_keeper/token.rb', line 108 def revoked? Datastore.revoked?(id) end |
#rotate(new_claims = nil) ⇒ Token
Revokes and creates a new web token
75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/jwt_keeper/token.rb', line 75 def rotate(new_claims = nil) return self if claims[:iss] != JWTKeeper.configuration.issuer revoke new_claims ||= claims.except(:iss, :aud, :exp, :nbf, :iat, :jti) new_token = self.class.create(new_claims) @claims = new_token.claims @cookie_secret = new_token. self end |
#to_cookie ⇒ Hash
Encodes the cookie
137 138 139 140 141 142 |
# File 'lib/jwt_keeper/token.rb', line 137 def { value: , expires: Time.at(claims[:exp]) }.merge(JWTKeeper.configuration.) end |
#to_jwt ⇒ String Also known as: to_s
Encodes the jwt
130 131 132 |
# File 'lib/jwt_keeper/token.rb', line 130 def to_jwt encode end |
#valid? ⇒ Boolean
Checks if the token valid?
114 115 116 |
# File 'lib/jwt_keeper/token.rb', line 114 def valid? !invalid? end |
#version_mismatch? ⇒ Boolean
Checks if a web token is pending a global rotation
102 103 104 |
# File 'lib/jwt_keeper/token.rb', line 102 def version_mismatch? claims[:ver] != JWTKeeper.configuration.version end |