Class: Warden::JWTAuth::Hooks
- Inherits:
-
Object
- Object
- Warden::JWTAuth::Hooks
- Defined in:
- lib/warden/jwt_auth/hooks.rb
Overview
Warden hooks
Constant Summary collapse
- PREPARED_TOKEN_ENV_KEY =
‘env` key where JWT is added
'warden-jwt_auth.token'
Class Method Summary collapse
-
.after_fetch(_user, auth, opts) ⇒ Object
Sign out a JWT scope if it comes from the session unless it is an HTML request.
-
.after_set_user(user, auth, opts) ⇒ Object
Adds a token for the signed in user to the request ‘env` if current path and verb match with configuration.
Class Method Details
.after_fetch(_user, auth, opts) ⇒ Object
Sign out a JWT scope if it comes from the session unless it is an HTML request
If a user is meant to be authenticated via JWT, then if it is fetched from the session during an API request it must be something not intended to happen and a security threat.
Workaround until github.com/hassox/warden/pull/118 is fixed
29 30 31 |
# File 'lib/warden/jwt_auth/hooks.rb', line 29 def self.after_fetch(_user, auth, opts) new.send(:logout_scope, auth, opts) end |
.after_set_user(user, auth, opts) ⇒ Object
Adds a token for the signed in user to the request ‘env` if current path and verb match with configuration. This will be picked up later on by a rack middleware which will add it to the response headers.
17 18 19 |
# File 'lib/warden/jwt_auth/hooks.rb', line 17 def self.after_set_user(user, auth, opts) new.send(:prepare_token, user, auth, opts) end |