Skip to content

Commit

Permalink
Better jwt error handling (#13)
Browse files Browse the repository at this point in the history 
* extract shared helper for bearer tokens

* spec invalid credential using ok method

* move away from ok method for testing
  • Loading branch information
@camallen
camallen authored Nov 13, 2018
1 parent 4474956 commit d18eb84
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 15 deletions.
19 changes: 15 additions & 4 deletions interventions_gateway_api.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,20 @@
SUBJECT_QUEUE_EVENT_TYPE = { event_type: 'subject_queue' }.freeze

class InterventionsGatewayApi < Sinatra::Base
attr_reader :credential

configure :production, :development do
enable :logging
end

before do
content_type 'application/json'
setup_credentials if request.post?
if request.post?
setup_credentials
unless valid_credentials
halt 401
end
end
end

# {
Expand Down Expand Up @@ -90,13 +97,17 @@ def setup_credentials
if match
auth = match[1]
@credential = Credential.new(auth)
else
halt 401
end
end

def valid_credentials
return false unless credential

credential.logged_in? && !credential.expired?
end

def authorize(request)
if @credential.accessible_project?(request.project_id)
if credential.accessible_project?(request.project_id)
yield
success_response(request.user_id)
else
Expand Down
4 changes: 0 additions & 4 deletions lib/credential.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,6 @@ def initialize(token)
@token = token
end

def ok?
logged_in? && !expired?
end

def logged_in?
return false unless jwt_payload.present?
jwt_payload['login'].present?
Expand Down
37 changes: 30 additions & 7 deletions spec/interventions_api_gateway_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,37 @@
end
end

shared_examples "validates bearer tokens" do
it "should respond with unauthorized without auth headers" do
post end_point, json_payload
expect(last_response).to be_unauthorized
end

context "when token is expired" do
let(:credential) { instance_double("Credential", expired?: true, logged_in?: true) }

it "should respond with unauthorized" do
post end_point, json_payload, headers
expect(last_response).to be_unauthorized
end
end

context "when token is missing user" do
let(:credential) { instance_double("Credential", expired?: false, logged_in?: false) }

it "should respond with unauthorized" do
post end_point, json_payload, headers
expect(last_response).to be_unauthorized
end
end
end

context "when supplying tokens" do
let(:headers) do
{'HTTP_AUTHORIZATION' => 'Bearer FakeToken'}
end
let(:json_payload) { payload.to_json }
let(:credential) { instance_double(Credential) }
let(:credential) { instance_double(Credential, expired?: false, logged_in?: true) }
let(:sugar) { instance_double(Sugar) }
let(:project_id) { "3434" }

Expand Down Expand Up @@ -48,9 +73,8 @@ def payload_without_key(payload, key)
}
end

it "should respond with unauthorized without auth headers" do
post '/subject_queues', json_payload
expect(last_response).to be_unauthorized
it_behaves_like "validates bearer tokens" do
let(:end_point) { "/subject_queues" }
end

it "should respond with unprocessable with extra payload information" do
Expand Down Expand Up @@ -124,9 +148,8 @@ def payload_without_key(payload, key)
}
end

it "should respond with unauthorized without auth headers" do
post '/messages', json_payload
expect(last_response).to be_unauthorized
it_behaves_like "validates bearer tokens" do
let(:end_point) { "/messages" }
end

it "should respond with unprocessable with extra payload information" do
Expand Down

0 comments on commit d18eb84

Please sign in to comment.