Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make decoded JWT available on conn.assigns.person #17

Closed
6 tasks done
nelsonic opened this issue Apr 30, 2020 · 2 comments
Closed
6 tasks done

Make decoded JWT available on conn.assigns.person #17

nelsonic opened this issue Apr 30, 2020 · 2 comments
Assignees
@nelsonic
Labels
discuss enhancement in-progress priority-2 T1h technical

Comments

@nelsonic
Copy link
Member

nelsonic commented Apr 30, 2020
edited
Loading

At present we are assigning the verified and decode JWT to conn.assigns.decoded:

auth_plug/lib/auth_plug.ex

Line 100 in 3bcdac1

|> assign(:decoded, claims)

This made sense at the time we wrote it because the :decoded key is the decoded JWT. 💭
But in the context of an App using auth_plug I find myself writing conn.assigns.decoded.id a lot when I think it would be more intuitive to write conn.assigns.person.id ...

Given that nobody else is using auth_plug yet, now is the time to make this change.
I think it will make things a lot clearer for people in the future.

Todo

  • Rework create_session/3 to assign the decoded claims to conn.assigns.person

    auth_plug/lib/auth_plug.ex

    Lines 97 to 103 in 3bcdac1

    def create_session(conn, claims, jwt) do
    claims = AuthPlug.Helpers.strip_struct_metadata(claims)
    conn
    |> assign(:decoded, claims)
    |> assign(:person, jwt)
    |> put_session(:person, jwt)
    end
  • Assign the original JWT to conn.assigns.jwt i.e. assign(:jwt, jwt) instead of assign(:person, jwt)
  • Define the session as jwt instead of person i.e. put_session(:jwt, jwt)
  • Update the cond block to look for the jwt by the :jwt key instead of :person:

    auth_plug/lib/auth_plug.ex

    Lines 33 to 59 in 3bcdac1

    jwt =
    cond do
    # First Check for JWT in URL Query String.
    # We want a *new* session to supercede any expired session,
    #  so the check for JWT *before* anything else.
    conn.query_string =~ "jwt" ->
    query = URI.decode_query(conn.query_string)
    Map.get(query, "jwt")
    # Check for JWT in Headers:
    Enum.count(get_req_header(conn, "authorization")) > 0 ->
    conn.req_headers
    |> List.keyfind("authorization", 0)
    |> get_token_from_header()
    #  Check for Person in Plug.Conn.assigns
    Map.has_key?(conn.assigns, :person) && not is_nil(conn.assigns.person) ->
    conn.assigns.person
    # Check for Session in Plug.Session:
    not is_nil(get_session(conn, :person)) ->
    get_session(conn, :person)
    # By default return nil so auth check fails
    true ->
    nil
    end
  • Update the tests.
  • Publish a new version with the breaking change. (We don't need a major bump as nobody is using the package yet so 1.1.0 is fine)
@nelsonic nelsonic self-assigned this Apr 30, 2020
@nelsonic nelsonic mentioned this issue Apr 30, 2020
Merged
12 tasks
@nelsonic
Copy link
Member Author

Going to get this done now as it's the penultimate thing on my list before assigning auth/pull/43
I expect it to take around T25m but I've estimated T1h for tidying up tests and docs. ⏳

nelsonic added a commit that referenced this issue Apr 30, 2020
@nelsonic
update conn.assigns.decoded to conn.assigns.person for clarity #17
04146c0
nelsonic added a commit that referenced this issue Apr 30, 2020
@nelsonic
update version of package in README.md for #17
4dae6cc
@nelsonic
Copy link
Member Author

Package published to https://hex.pm/packages/auth_plug/1.1.0

nelsonic added a commit to dwyl/auth that referenced this issue Apr 30, 2020
@nelsonic
rework conn.assigns.decoded > conn.assigns.person for clarity #43 (co…
5de739b 
…mment) dwyl/auth_plug#17
nelsonic added a commit to dwyl/auth_plug_example that referenced this issue Apr 30, 2020
@nelsonic
use auth_plug version 1.1.0 with conn.assigns.person dwyl/auth_plug#17
5fa51fb
nelsonic added a commit to dwyl/auth_plug_example that referenced this issue Apr 30, 2020
@nelsonic
update admin template to use conn.assigns.person dwyl/auth_plug#17
36f2fbf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nelsonic nelsonic

Labels
discuss enhancement in-progress priority-2 T1h technical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nelsonic