Module: Warden::JWTAuth::EnvHelper

Defined in:

decidim-api/lib/warden/jwt_auth/decidim_overrides.rb

Overview

This module adds some overrides to Warde::JWTAuth due to some issues with how it needs to be setup.

Class Method Summary

• .path_info(env) ⇒ String

  Returns ORIGINAL_FULLPATH, REQUEST_PATH or REQUEST_URI environment variable, which is different from the original version returning the PATH_INFO environment variable.

Class Method Details

.path_info(env) ⇒ String

Returns ORIGINAL_FULLPATH, REQUEST_PATH or REQUEST_URI environment variable, which is different from the original version returning the PATH_INFO environment variable.

This is overridden because the ‘PATH_INFO` string only includes the route under the engine where it is defined, i.e. `/sign_in` and `/sign_out` which are defined under the `Decidim::Api`.

Instead, we want this method to return the full path, i.e. ‘/api/sign_in` and `/api/sign_out` in order to map these routes correctly as the JWT token dispatch and revocation routes. Otherwise the token would be dispatched and revoked also with normal user sign in and sign out requests under the `Decidim::Core` engine which we do not want.

This affects the Devise::JWT / Warden::JWTAuth configuration that is defined at ‘decidim-api/config/initializers/devise.rb` (as `config.jwt`).

The return value is only used by Warden::JWTAuth to check when the token should be dispatched or revoked for the user, nothing else.

Note that this behaves slightly differently during controller testing and when the application is actually running under Rack. The end result is the same but some of the environment variables may be missing during controller testing (e.g. ‘REQUEST_PATH` is not defined under that situation).

Parameters:

• env (Hash) —

  Rack env

Returns:

• (String)

# File 'decidim-api/lib/warden/jwt_auth/decidim_overrides.rb', line 37

def self.path_info(env)
  env["ORIGINAL_FULLPATH"] || env["REQUEST_PATH"] || env["REQUEST_URI"] || ""
end