Skip to content

Commit

Permalink
Merge pull request #457 from datacite/feture_blakclisted_jwt
Browse files Browse the repository at this point in the history
rejects blacklisted JWT
  • Loading branch information
kjgarza authored Mar 27, 2020
2 parents 2f2e5ce + 8832ce1 commit 5c48ab4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/controllers/application_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ class ApplicationController < ActionController::API
include Authenticable
include CanCan::ControllerAdditions
include ErrorSerializable

require "facets/string/snakecase"

# include helper module for caching infrequently changing resources
Expand Down Expand Up @@ -74,6 +73,7 @@ def authenticate_user_with_basic_auth!
def authenticate_user!
type, credentials = type_and_credentials_from_request_headers
return false if credentials.blank?
raise JWT::VerificationError if (ENV["JWT_BLACKLISTED"] || "").split(",").include?(credentials)

@current_user = User.new(credentials, type: type)
fail CanCan::AuthorizationNotPerformed if @current_user.errors.present?
Expand All @@ -98,7 +98,7 @@ def authenticated_user
unless Rails.env.development?
rescue_from *RESCUABLE_EXCEPTIONS do |exception|
status = case exception.class.to_s
when "CanCan::AuthorizationNotPerformed", "JWT::DecodeError" then 401
when "CanCan::AuthorizationNotPerformed", "JWT::DecodeError","JWT::VerificationError" then 401
when "CanCan::AccessDenied" then 403
when "ActiveRecord::RecordNotFound", "AbstractController::ActionNotFound", "ActionController::RoutingError" then 404
when "ActionController::UnknownFormat" then 406
Expand Down

0 comments on commit 5c48ab4

Please sign in to comment.