[STABLE] Add credential based auth
parent
2373930bc5
commit
e3472d84bb
|
@ -3,15 +3,22 @@ module Api
|
|||
skip_before_action :authenticate_user!, only: :create
|
||||
|
||||
def create
|
||||
mutate Auth::CreateToken.run(auth_params)
|
||||
if(auth_params[:credentials])
|
||||
mutate Auth::CreateTokenFromCredentials.run(auth_params)
|
||||
else
|
||||
mutate Auth::CreateToken.run(auth_params)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def auth_params
|
||||
return { email: params[:user][:email],
|
||||
password: params[:user][:password],
|
||||
host: root_url }
|
||||
params[:user] ||= {}
|
||||
|
||||
{ email: params[:user][:email],
|
||||
password: params[:user][:password],
|
||||
credentials: params[:user][:credentials],
|
||||
host: root_url }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
module Auth
|
||||
class CreateTokenFromCredentials < Mutations::Command
|
||||
PRIVATE_KEY = KeyGen.current
|
||||
attr_reader :user
|
||||
|
||||
required do
|
||||
string :credentials
|
||||
string :host
|
||||
end
|
||||
|
||||
def validate
|
||||
cipher_text = Base64.decode64(credentials)
|
||||
plain_text = PRIVATE_KEY.private_decrypt(cipher_text)
|
||||
cred_info = JSON.parse(plain_text).symbolize_keys!
|
||||
@user = User.where(email: cred_info[:email]).first
|
||||
whoops! unless @user && @user.valid_password?(cred_info[:password])
|
||||
end
|
||||
|
||||
def execute
|
||||
{token: SessionToken.issue_to(user, iss: host)}
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def whoops!(reason = "Bad email or password.")
|
||||
add_error :auth, :*, reason
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1 +0,0 @@
|
|||
|
|
@ -4,20 +4,25 @@
|
|||
class KeyGen
|
||||
SAVE_PATH = "jwt.#{Rails.env}.pem"
|
||||
|
||||
def self.run(path = SAVE_PATH)
|
||||
def self.try_file
|
||||
OpenSSL::PKey::RSA.new(File.read(SAVE_PATH)) if File.file?(SAVE_PATH)
|
||||
end
|
||||
|
||||
def self.generate_new_key(path = SAVE_PATH)
|
||||
rsa = OpenSSL::PKey::RSA.generate(2048)
|
||||
File.open(path, 'w') { |f| f.write(rsa.to_pem) }
|
||||
return rsa
|
||||
end
|
||||
|
||||
# Heroku users can't store stuff on the file system.
|
||||
# For them, there's maybe_load_from_env.
|
||||
# Stores the *.pem file in an ENV var.
|
||||
def self.maybe_load_from_env
|
||||
# Heroku / 12Factor users can't store stuff on the file system. Store your pem
|
||||
# file in ENV['RSA_KEY'] if that applies to you.
|
||||
def self.try_env
|
||||
OpenSSL::PKey::RSA.new(ENV['RSA_KEY']) if ENV['RSA_KEY']
|
||||
end
|
||||
|
||||
# Lazy loads a crypto key. Will look in ENV['RSA_KEY'], then
|
||||
# jwt.environment_name.pem. Generates new key if neither is available.
|
||||
def self.current
|
||||
@current ||= ( maybe_load_from_env || self.run)
|
||||
@current ||= ( try_env || try_file || generate_new_key)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue