module Wor::Authentication::SessionsController

Public Instance Methods

create() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 4
def create
  entity = authenticate_entity(authenticate_params)
  if entity
    token_data = generate_access_token(entity)
    render json: {
      access_token: token_data[:token], renew_id: token_data[:renew_id]
    }, status: :ok
  else
    render_error('Invalid authentication credentials', :unauthorized)
  end
end
generate_access_token(entity) click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 31
def generate_access_token(entity)
  renew_id = token_renew_id
  payload = entity_payload(entity).merge(
    entity_custom_validation: entity_custom_validation_value(entity),
    expiration_date: new_token_expiration_date,
    maximum_useful_date: token_maximum_useful_date,
    renew_id: renew_id
  )
  access_token_object(token_key, payload, renew_id)
end
invalidate_all() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 24
def invalidate_all
  # should we rescue anything here ?
  # if invalidating uses db and fails, or something like that
  entity_custom_validation_invalidate_all_value(current_entity)
  head :ok
end
renew() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 16
def renew
  if !decoded_token.valid_renew_id?(renew_token_params[:renew_id])
    render_error('Invalid renew_id', :unauthorized)
  else
    render json: { access_token: renew_access_token(current_entity) }, status: :ok
  end
end
renew_access_token(entity) click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 42
def renew_access_token(entity)
  payload = decoded_token.payload
  payload[:expiration_date] = new_token_expiration_date
  payload[:entity_custom_validation] = entity_custom_validation_renew_value(entity)
  Wor::Authentication::TokenManager.new(token_key).encode(payload)
end

Private Instance Methods

access_token_object(token_key, payload, renew_id) click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 51
def access_token_object(token_key, payload, renew_id)
  {
    token: Wor::Authentication::TokenManager.new(token_key).encode(payload),
    renew_id: renew_id
  }
end
authenticate_params() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 66
def authenticate_params
  params.require(:session)
end
current_entity() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 58
def current_entity
  @current_entity ||= find_authenticable_entity(decoded_token)
end
render_entity_invalid_custom_validation() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 90
def render_entity_invalid_custom_validation
  render_error('Entity invalid custom validation', :unauthorized)
end
render_error(error_message, status) click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 62
def render_error(error_message, status)
  render json: { error: error_message }, status: status
end
render_expired_token() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 86
def render_expired_token
  render_error('Expired token', :unauthorized)
end
render_invalid_authorization_token() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 78
def render_invalid_authorization_token
  render_error('Invalid authorization token', :unauthorized)
end
render_missing_authorization_token() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 74
def render_missing_authorization_token
  render_error('You must pass an Authorization Header with the access token', :unauthorized)
end
render_not_renewable_token() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 82
def render_not_renewable_token
  render_error('Access token is not valid anymore', :unauthorized)
end
renew_token_params() click to toggle source
# File lib/wor/authentication/sessions_controller.rb, line 70
def renew_token_params
  params.require(:session).permit(:renew_id)
end