Class: RazorRisk::Cassini::Applications::RouteVerbAdaptors::Login::JWTLogout

Inherits:

RESTFramework::VerbHandler

• Object
• RESTFramework::VerbHandler
• RazorRisk::Cassini::Applications::RouteVerbAdaptors::Login::JWTLogout

Includes:

Pantheios, Utils, RazorRisk::Cassini::Authorisation::HeaderHelpers, RazorRisk::Cassini::Authorisation::SecurityModelHelpers, HeaderFunctions, Util::ConversionUtil, RazorRisk::Core::Diagnostics::Logger, Razor::Connectivity::EntityConnectors::Exceptions, Razor::Connectivity::Razor3::EntityConnectors

Defined in:

lib/razor_risk/cassini/applications/route_verb_adaptors/login/jwt_logout.rb

Overview

Handler for JSON Web Token Authentication Logout.

Constant Summary

HTTP_ACCEPTS =

Supported Content Types.

%w{
    application/xml
    application/json
    text/xml
}

HTTP_VERB =

Supported HTTP Verb .

:post

QUERY_PARAMETERS =

Supported query parameters.

%w{}

ROUTE_VARIABLES =

Supported route variables.

%w{}

Instance Method Summary

• #handle(env, params, request, response) ⇒ Object

  Handles a JWT logout request which will close a Razor Session.

Methods included from Utils

#call_system_status, #close_session, #open_session

Instance Method Details

#handle(env, params, request, response) ⇒ Object

Handles a JWT logout request which will close a Razor Session.

Parameters:

• env (::Hash) —

  The Rack request environment (@see Rack::Request#env).

• params (::Hash) —

  Validated query parameters (@see ValidateQueryParametersHelper#validate_query_parameters)

• request (::Sinatra::Request) —

  The request to be handled.

• response (::Sinatra::Response) —

  The response object that will be used for the HTTP response.

# File 'lib/razor_risk/cassini/applications/route_verb_adaptors/login/jwt_logout.rb', line 91

def handle env, params, request, response

    trace(
        ParamNames[ :env, :params, :request, :response ],
        env, params, request, response
    )

    auth_scheme = settings.authentication_scheme
    auth        = env[HTTP_AUTHORIZATION]

    unless auth
        halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
    end

    jwt_algo   = settings.jwt_encoding_algorithm
    jwt_sec    = @app.secret jwt_algo

    unless jwt_sec
        log :critical, 'failed to obtain secret for algorithm \'', jwt_algo, '\''
        error 500, 'Oops! Something went wrong!'
    end

    begin
        session_id, user_id, _ = credentials_from_JWT(auth, jwt_sec)
    rescue ::JWT::DecodeError
        halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
    end

    unless session_id
        halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header'
    end

    log :informational, "User '#{user_id}' has been logged out"

    options    = {
        razor_requester: settings.razor_requester,
        message_map:     settings.message_map,
    }

    close_session session_id, **options

    status 204
end