lib/jwt_authenticable/auth.rb in researchable_jwt-authenticable-1.1.0 vs lib/jwt_authenticable/auth.rb in researchable_jwt-authenticable-1.2.0
- old
+ new
@@ -9,31 +9,36 @@
include Exceptions
include Responses
# Authenticates a user.
# @raise MissingAuthScope if the jwt does not have the right scope
- def authenticate_user!
- validate_jwt_token! token: authorization_token!
+ def authenticate_user!(skip_2fa: false)
+ validate_jwt_token! token: authorization_token!, skip_2fa: skip_2fa
rescue MissingAuth, MissingAuthScope, InvalidAuthScheme, TwoFANotEnabledError, JWT::VerificationError,
JWT::ExpiredSignature => e
unauthorized(e.message)
end
+ def authenticate_user_without_2fa!
+ authenticate_user!(skip_2fa: true)
+ end
+
# Consider any method below as private and not meant to be used by including classes
# Validate that the JWT token signature and the following claims are valid:
# - exp
# - scope
# @param token [String] JWT token string (just the token, with the header, payload and signature separated by '.')
- # @param is_researcher [Boolean] Whether to validate the token as a researcher's or a participant's
+ # @param skip_2fa [Boolean] When set to true it will not raise a TwoFANotEnabledError if the jwt payload does not
+ # contain the 2fa claim.
# @raise AuthorizationError if the user is trying to login with the incorrect rights.
# @return [Hash] the JWT payload
- def validate_jwt_token!(token:)
+ def validate_jwt_token!(token:, skip_2fa: false)
# NOTE: it is still safe if JWT_SECRET_KEY is not set. The method will trigger a JWT exception
payload = JWT.decode(token, JwtAuthenticable.config.jwt_secret_key, true,
{ algorithm: algorithm }).first
- raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa']
+ raise TwoFANotEnabledError if JwtAuthenticable.config.enforce_2fa && !payload['2fa'] && !skip_2fa
payload
end
# Extracts the authorization token from the Authorization header