class Warden::JWTAuth::UserDecoder

Layer above token decoding which directly decodes a user from a JWT

Attributes

helper[R]

Public Class Methods

new(**args) click to toggle source
Calls superclass method
# File lib/warden/jwt_auth/user_decoder.rb, line 13
def initialize(**args)
  super
  @helper = PayloadUserHelper
end

Public Instance Methods

call(token, scope, aud) click to toggle source

Returns the user that is encoded in a JWT. The scope is used to choose the user repository to which send `#find_for_jwt_authentication(sub)` with decoded `sub` claim.

@param token [String] a JWT @param scope [Symbol] Warden scope @param aud [String] Expected aud claim @return [Interfaces::User] an user, whatever it is @raise [Errors::RevokedToken] when token has been revoked for the encoded user @raise [Errors::NilUser] when decoded user is nil @raise [Errors::WrongScope] when encoded scope does not match with scope @raise [Errors::WrongAud] when encoded aud does not match with aud argument

# File lib/warden/jwt_auth/user_decoder.rb, line 32
def call(token, scope, aud)
  payload = TokenDecoder.new.call(token)
  check_valid_claims(payload, scope, aud)
  user = helper.find_user(payload)
  check_valid_user(payload, user, scope)
  user
end

Private Instance Methods

check_valid_claims(payload, scope, aud) click to toggle source
# File lib/warden/jwt_auth/user_decoder.rb, line 42
def check_valid_claims(payload, scope, aud)
  raise Errors::WrongScope, 'wrong scope' unless helper.scope_matches?(payload, scope)
  raise Errors::WrongAud, 'wrong aud' unless helper.aud_matches?(payload, aud)
end
check_valid_user(payload, user, scope) click to toggle source
# File lib/warden/jwt_auth/user_decoder.rb, line 47
def check_valid_user(payload, user, scope)
  raise Errors::NilUser, 'nil user' unless user

  strategy = revocation_strategies[scope]
  raise Errors::RevokedToken, 'revoked token' if strategy.jwt_revoked?(payload, user)
end