Class: SignIn::SessionRevoker

Inherits:
Object
  • Object
show all
Defined in:
app/services/sign_in/session_revoker.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(anti_csrf_token:, access_token: nil, refresh_token: nil, device_secret: nil) ⇒ SessionRevoker

Returns a new instance of SessionRevoker.



9
10
11
12
13
14
 
# File 'app/services/sign_in/session_revoker.rb', line 9

def initialize(anti_csrf_token:, access_token: nil, refresh_token: nil, device_secret: nil)
  @refresh_token = refresh_token
  @anti_csrf_token = anti_csrf_token
  @access_token = access_token
  @device_secret = device_secret
end

Instance Attribute Details

#access_tokenObject (readonly)

Returns the value of attribute access_token.



7
8
9
 
# File 'app/services/sign_in/session_revoker.rb', line 7

def access_token
  @access_token
end

#anti_csrf_tokenObject (readonly)

Returns the value of attribute anti_csrf_token.



7
8
9
 
# File 'app/services/sign_in/session_revoker.rb', line 7

def anti_csrf_token
  @anti_csrf_token
end

#device_secretObject (readonly)

Returns the value of attribute device_secret.



7
8
9
 
# File 'app/services/sign_in/session_revoker.rb', line 7

def device_secret
  @device_secret
end

#refresh_tokenObject (readonly)

Returns the value of attribute refresh_token.



7
8
9
 
# File 'app/services/sign_in/session_revoker.rb', line 7

def refresh_token
  @refresh_token
end

#sessionObject (readonly)

Returns the value of attribute session.



7
8
9
 
# File 'app/services/sign_in/session_revoker.rb', line 7

def session
  @session
end

Instance Method Details

#anti_csrf_checkObject (private) 



25
26
27
28
29
 
# File 'app/services/sign_in/session_revoker.rb', line 25

def anti_csrf_check
  if anti_csrf_token != revoking_token.anti_csrf_token
    raise Errors::AntiCSRFMismatchError.new message: 'Anti CSRF token is not valid'
  end
end

#anti_csrf_enabled_client?Boolean (private)

Returns:

  • (Boolean) 


70
71
72
 
# File 'app/services/sign_in/session_revoker.rb', line 70

def anti_csrf_enabled_client?
  client_config.anti_csrf
end

#client_configObject (private) 



66
67
68
 
# File 'app/services/sign_in/session_revoker.rb', line 66

def client_config
  @client_config ||= SignIn::ClientConfig.find_by!(client_id: session.client_id)
end

#delete_device_sessionsObject (private) 



84
85
86
87
 
# File 'app/services/sign_in/session_revoker.rb', line 84

def delete_device_sessions
  hashed_device_secret = get_hash(device_secret)
  OAuthSession.where(hashed_device_secret:).destroy_all
end

#delete_session!Object (private) 



78
79
80
81
82
 
# File 'app/services/sign_in/session_revoker.rb', line 78

def delete_session!
  detect_token_theft if refresh_token
ensure
  session.destroy!
end

#detect_token_theftObject (private) 



36
37
38
39
40
 
# File 'app/services/sign_in/session_revoker.rb', line 36

def detect_token_theft
  unless refresh_token_in_session? || parent_refresh_token_in_session?
    raise Errors::TokenTheftDetectedError.new message: 'Token theft detected'
  end
end

#double_parent_refresh_token_hashObject (private) 



54
55
56
 
# File 'app/services/sign_in/session_revoker.rb', line 54

def double_parent_refresh_token_hash
  @double_parent_refresh_token_hash ||= get_hash(refresh_token.parent_refresh_token_hash)
end

#double_refresh_token_hashObject (private) 



50
51
52
 
# File 'app/services/sign_in/session_revoker.rb', line 50

def double_refresh_token_hash
  @double_refresh_token_hash ||= get_hash(refresh_token_hash)
end

#find_valid_oauth_sessionObject (private) 



31
32
33
34
 
# File 'app/services/sign_in/session_revoker.rb', line 31

def find_valid_oauth_session
  @session ||= OAuthSession.find_by(handle: revoking_token.session_handle)
  raise Errors::SessionNotAuthorizedError.new message: 'No valid Session found' unless session&.active?
end

#get_hash(object) ⇒ Object (private) 



74
75
76
 
# File 'app/services/sign_in/session_revoker.rb', line 74

def get_hash(object)
  Digest::SHA256.hexdigest(object)
end

#parent_refresh_token_in_session?Boolean (private)

Returns:

  • (Boolean) 


46
47
48
 
# File 'app/services/sign_in/session_revoker.rb', line 46

def parent_refresh_token_in_session?
  session.hashed_refresh_token == double_parent_refresh_token_hash
end

#performObject 



16
17
18
19
20
21
 
# File 'app/services/sign_in/session_revoker.rb', line 16

def perform
  find_valid_oauth_session
  anti_csrf_check if anti_csrf_enabled_client?
  delete_session!
  delete_device_sessions if device_secret.present?
end

#refresh_token_hashObject (private) 



58
59
60
 
# File 'app/services/sign_in/session_revoker.rb', line 58

def refresh_token_hash
  @refresh_token_hash ||= get_hash(refresh_token.to_json)
end

#refresh_token_in_session?Boolean (private)

Returns:

  • (Boolean) 


42
43
44
 
# File 'app/services/sign_in/session_revoker.rb', line 42

def refresh_token_in_session?
  session.hashed_refresh_token == double_refresh_token_hash
end

#revoking_tokenObject (private) 



62
63
64
 
# File 'app/services/sign_in/session_revoker.rb', line 62

def revoking_token
  @revoking_token ||= access_token || refresh_token
end