[STABLE] Add credential based auth

2016-03-27 10:32:15 -05:00 · 2016-03-27 10:32:15 -05:00 · e3472d84bb
parent 2373930bc5
commit e3472d84bb
4 changed files with 51 additions and 11 deletions
--- a/app/controllers/api/tokens_controller.rb
+++ b/app/controllers/api/tokens_controller.rb
@ -3,15 +3,22 @@ module Api
    skip_before_action :authenticate_user!, only: :create

    def create
-      mutate Auth::CreateToken.run(auth_params)
+      if(auth_params[:credentials])
+        mutate Auth::CreateTokenFromCredentials.run(auth_params)
+      else
+        mutate Auth::CreateToken.run(auth_params)
+      end
    end

    private

    def auth_params
-      return { email:    params[:user][:email],
-               password: params[:user][:password],
-               host:     root_url }
+      params[:user] ||= {}
+
+      { email:       params[:user][:email],
+        password:    params[:user][:password],
+        credentials: params[:user][:credentials],
+        host:        root_url }
    end
  end
 end
--- a/app/mutations/auth/create_token_from_credentials.rb
+++ b/app/mutations/auth/create_token_from_credentials.rb
@ -0,0 +1,29 @@
+module Auth
+  class CreateTokenFromCredentials < Mutations::Command
+    PRIVATE_KEY = KeyGen.current
+    attr_reader :user
+
+    required do
+      string :credentials
+      string :host
+    end
+
+    def validate
+      cipher_text = Base64.decode64(credentials)
+      plain_text  = PRIVATE_KEY.private_decrypt(cipher_text)
+      cred_info   = JSON.parse(plain_text).symbolize_keys!
+      @user       = User.where(email: cred_info[:email]).first
+      whoops! unless @user && @user.valid_password?(cred_info[:password])
+    end
+
+    def execute
+      {token: SessionToken.issue_to(user, iss: host)}
+    end
+
+private
+
+    def whoops!(reason = "Bad email or password.")
+      add_error :auth, :*, reason
+    end
+  end
+end
--- a/decoder_ring.rb
+++ b/decoder_ring.rb
@ -1 +0,0 @@
-
--- a/lib/key_gen.rb
+++ b/lib/key_gen.rb
@ -4,20 +4,25 @@
 class KeyGen
  SAVE_PATH = "jwt.#{Rails.env}.pem"

-  def self.run(path = SAVE_PATH)
+  def self.try_file
+    OpenSSL::PKey::RSA.new(File.read(SAVE_PATH)) if File.file?(SAVE_PATH)
+  end
+
+  def self.generate_new_key(path = SAVE_PATH)
    rsa = OpenSSL::PKey::RSA.generate(2048)
    File.open(path, 'w') { |f| f.write(rsa.to_pem) }
    return rsa
  end

-  # Heroku users can't store stuff on the file system.
-  # For them, there's maybe_load_from_env.
-  # Stores the *.pem file in an ENV var.
-  def self.maybe_load_from_env
+  # Heroku / 12Factor users can't store stuff on the file system. Store your pem
+  # file in ENV['RSA_KEY'] if that applies to you.
+  def self.try_env
    OpenSSL::PKey::RSA.new(ENV['RSA_KEY']) if ENV['RSA_KEY']
  end

+  # Lazy loads a crypto key.  Will look in ENV['RSA_KEY'], then
+  # jwt.environment_name.pem. Generates new key if neither is available.
  def self.current
-    @current ||= ( maybe_load_from_env || self.run)
+    @current ||= ( try_env || try_file || generate_new_key)
  end
 end