Class: ApiKeys::Helpers::TokenSession

Inherits:
Object
  • Object
show all
Defined in:
lib/api_keys/helpers/token_session.rb

Overview

Helper for managing API key tokens in the session.

Secret keys can only be shown once (immediately after creation) because the plaintext token is not stored in the database. This helper provides a clean interface for the "show token once" pattern:

  1. After creating a key, store the token in the session
  2. On the success page, retrieve (and clear) the token
  3. If the user refreshes, the token is gone

Examples:

In your controller

# After creating a key:
def create
  @api_key = current_org.create_api_key!(...)
  ApiKeys::Helpers::TokenSession.store(session, @api_key)
  redirect_to success_path
end

# On the success page:
def success
  @token = ApiKeys::Helpers::TokenSession.retrieve_once(session)
  redirect_to index_path, alert: "Token already shown" unless @token
end

Constant Summary collapse

DEFAULT_SESSION_KEY =

Default session key for storing the token

:api_keys_new_token

Class Method Summary collapse

Class Method Details

.available?(session, key: DEFAULT_SESSION_KEY) ⇒ Boolean

Check if a token is available in the session without removing it. Useful for conditional rendering.

Parameters:

  • session (ActionDispatch::Request::Session)

    The Rails session

  • key (Symbol) (defaults to: DEFAULT_SESSION_KEY)

    Optional custom session key (default: :api_keys_new_token)

Returns:

  • (Boolean)

    true if a token is stored



62
63
64
# File 'lib/api_keys/helpers/token_session.rb', line 62

def available?(session, key: DEFAULT_SESSION_KEY)
  session[key].present?
end

.retrieve_once(session, key: DEFAULT_SESSION_KEY) ⇒ String?

Retrieve and clear the token from the session. Returns nil if no token is stored (e.g., page was refreshed).

Parameters:

  • session (ActionDispatch::Request::Session)

    The Rails session

  • key (Symbol) (defaults to: DEFAULT_SESSION_KEY)

    Optional custom session key (default: :api_keys_new_token)

Returns:

  • (String, nil)

    The token, or nil if not present



52
53
54
# File 'lib/api_keys/helpers/token_session.rb', line 52

def retrieve_once(session, key: DEFAULT_SESSION_KEY)
  session.delete(key)
end

.store(session, api_key, key: DEFAULT_SESSION_KEY) ⇒ String

Store an API key's token in the session for later retrieval.

Parameters:

  • session (ActionDispatch::Request::Session)

    The Rails session

  • api_key (ApiKeys::ApiKey)

    The newly created API key

  • key (Symbol) (defaults to: DEFAULT_SESSION_KEY)

    Optional custom session key (default: :api_keys_new_token)

Returns:

  • (String)

    The token that was stored



40
41
42
43
44
# File 'lib/api_keys/helpers/token_session.rb', line 40

def store(session, api_key, key: DEFAULT_SESSION_KEY)
  token = api_key.respond_to?(:token) ? api_key.token : api_key.to_s
  session[key] = token
  token
end