class Tiddle::TokenIssuer

Constants

MAXIMUM_TOKENS_PER_USER

Attributes

maximum_tokens_per_user[RW]

Public Class Methods

build() click to toggle source
# File lib/tiddle/token_issuer.rb, line 7
def self.build
  new(MAXIMUM_TOKENS_PER_USER)
end
new(maximum_tokens_per_user) click to toggle source
# File lib/tiddle/token_issuer.rb, line 11
def initialize(maximum_tokens_per_user)
  self.maximum_tokens_per_user = maximum_tokens_per_user
end

Public Instance Methods

create_and_return_token(resource, request, expires_in: nil, metadata: {}) click to toggle source
# File lib/tiddle/token_issuer.rb, line 15
def create_and_return_token(resource, request, expires_in: nil, metadata: {})
  token_class = authentication_token_class(resource)
  token, token_body = Devise.token_generator.generate(token_class, :body)

  resource.authentication_tokens.create!(
    token_attributes(
      token_body: token_body,
      request: request,
      expires_in: expires_in,
      metadata: metadata
    )
  )

  token
end
expire_token(resource, request) click to toggle source
# File lib/tiddle/token_issuer.rb, line 31
def expire_token(resource, request)
  find_token(resource, request.headers["X-#{ModelName.new.with_dashes(resource)}-TOKEN"])
    .try(:destroy)
end
find_token(resource, token_from_headers) click to toggle source
# File lib/tiddle/token_issuer.rb, line 36
def find_token(resource, token_from_headers)
  token_class = authentication_token_class(resource)
  token_body = Devise.token_generator.digest(token_class, :body, token_from_headers)
  # 'find_by' behaves differently in AR vs Mongoid, so using 'where' instead
  resource.authentication_tokens.where(body: token_body).first
end
purge_old_tokens(resource) click to toggle source
# File lib/tiddle/token_issuer.rb, line 43
def purge_old_tokens(resource)
  resource.authentication_tokens
          .order(last_used_at: :desc)
          .offset(maximum_tokens_per_user)
          .destroy_all
end

Private Instance Methods

authentication_token_class(resource) click to toggle source
# File lib/tiddle/token_issuer.rb, line 54
def authentication_token_class(resource)
  if resource.respond_to?(:association) # ActiveRecord
    resource.association(:authentication_tokens).klass
  elsif resource.respond_to?(:relations) # Mongoid
    resource.relations['authentication_tokens'].klass
  else
    raise 'Cannot determine authentication token class, unsupported ORM/ODM?'
  end
end
token_attributes(token_body:, request:, expires_in:, metadata: {}) click to toggle source
# File lib/tiddle/token_issuer.rb, line 64
def token_attributes(token_body:, request:, expires_in:, metadata: {})
  attributes = {
    body: token_body,
    last_used_at: Time.current,
    ip_address: request.remote_ip,
    user_agent: request.user_agent
  }.merge(metadata)

  if expires_in
    attributes.merge(expires_in: expires_in)
  else
    attributes
  end
end