Module: Verikloak::Rails::Controller
- Extended by:
- ActiveSupport::Concern
- Includes:
- ErrorHandling
- Defined in:
- lib/verikloak/rails/controller.rb,
lib/verikloak/rails/controller/error_handling.rb
Overview
Controller concern providing Verikloak helpers and JSON error handling.
Includes before_action :authenticate_user!, helpers such as
current_user_claims, and consistent 401/403 responses. Optionally wraps
requests with tagged logging and a 500 JSON renderer.
Defined Under Namespace
Modules: ErrorHandling
Instance Method Summary collapse
-
#authenticate_user! ⇒ void
Ensures a user is authenticated, otherwise renders a JSON 401 response.
-
#authenticated? ⇒ Boolean
Whether the request has verified user claims.
-
#current_subject ⇒ String?
The
sub(subject) claim from the current user claims. -
#current_token ⇒ String?
The raw bearer token used for the current request.
-
#current_user_claims ⇒ Hash?
The verified JWT claims for the current user.
-
#with_required_audience!(*required) ⇒ void
Enforces that the current user has all required audiences.
Instance Method Details
#authenticate_user! ⇒ void
This method returns an undefined value.
Ensures a user is authenticated, otherwise renders a JSON 401 response.
48 49 50 51 52 53 54 |
# File 'lib/verikloak/rails/controller.rb', line 48 def authenticate_user! return if Verikloak::Rails.config.skip_path_matcher.skip?(request.path_info) return if authenticated? e = ::Verikloak::Error.new('Unauthorized', code: 'unauthorized') Verikloak::Rails.config.error_renderer.render(self, e) end |
#authenticated? ⇒ Boolean
Whether the request has verified user claims.
58 |
# File 'lib/verikloak/rails/controller.rb', line 58 def authenticated? = current_user_claims.present? |
#current_subject ⇒ String?
The sub (subject) claim from the current user claims.
78 |
# File 'lib/verikloak/rails/controller.rb', line 78 def current_subject = current_user_claims && current_user_claims['sub'] |
#current_token ⇒ String?
The raw bearer token used for the current request.
Prefer Rack env (honoring a custom token_env_key); fall back to
RequestStore when available.
72 73 74 |
# File 'lib/verikloak/rails/controller.rb', line 72 def current_token _verikloak_fetch_request_context(Verikloak::Rails.config.effective_token_env_key, :verikloak_token) end |
#current_user_claims ⇒ Hash?
The verified JWT claims for the current user.
Prefer Rack env (honoring a custom user_env_key); fall back to
RequestStore when available.
64 65 66 |
# File 'lib/verikloak/rails/controller.rb', line 64 def current_user_claims _verikloak_fetch_request_context(Verikloak::Rails.config.effective_user_env_key, :verikloak_user) end |
#with_required_audience!(*required) ⇒ void
This method returns an undefined value.
Enforces that the current user has all required audiences.
87 88 89 90 91 92 |
# File 'lib/verikloak/rails/controller.rb', line 87 def with_required_audience!(*required) aud = Array(current_user_claims&.dig('aud')) return if required.flatten.all? { |r| aud.include?(r) } raise ::Verikloak::Error.new('Required audience not satisfied', code: 'forbidden') end |