add token validation for rails controller actions #28
Conversation
|
Probably good to add |
|
|
||
| private | ||
|
|
||
| def authenticate_with_token |
There was a problem hiding this comment.
I think to give a little more control to the application, maybe traitify-ruby only needs:
- traitify.valid_jwt_token?(x)
- traitify.jwt_public_keys=([x, y])
And then we wouldn't need to have the railties and actionpack dependencies. Then in our rails apps we'd pretty much just add:
# In existing Traitify initializer
Traitify.jwt_public_keys = [ENV["JWT_PUBLIC_KEY"], ENV["JWT_PUBLIC_KEY_LEGACY"]].select(&:present?)
# In a concern or controller, allowing us to accept multiple forms of auth and rendering app specific errors
def authenticate_with_jwt
token = extract_token_from_header
return render_unauthorized("Missing token") if token.nil?
render_unauthorized("Invalid token") unless valid_token?(token)
end
tomprats
left a comment
tomprats
left a comment
There was a problem hiding this comment.
The method and tests both look good. I think there's just a bunch of leftover stuff from the original implementation
| validate_claims(payload) | ||
| return true | ||
| rescue JWT::ExpiredSignature, JWT::DecodeError, JWT::VerificationError => e | ||
| Traitify.logger.warn("[JWT] #{e.class.name}: #{e.message}") |
There was a problem hiding this comment.
I think we can just do logger or log directly here
|
|
||
| SimpleCov.start :test_frameworks | ||
|
|
||
| module Rails |
There was a problem hiding this comment.
I think this file/folder can be deleted now
| spec.test_files = spec.files.grep(%r{^(test|spec|features)/}) | ||
| spec.require_paths = ["lib"] | ||
|
|
||
| spec.add_runtime_dependency "activesupport", ">= 5.1", "< 8.x" |
There was a problem hiding this comment.
We still need the activesupport dependency for some previous things
No description provided.