Last active
February 22, 2016 20:19
-
-
Save dariocravero/89f952ddeba54b3dba2a to your computer and use it in GitHub Desktop.
jwt-blacklist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jwt_authentication_handler(Req) -> | |
| case header_value(Req, "Authorization") of | |
| "Bearer " ++ Token -> | |
| try | |
| ensure_safe_token(Token, couch_config:get("jwt_auth_blacklist")), | |
| token_auth_user(Req, decode(Token)) | |
| catch | |
| % return generic error message (https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Authentication_Responses) | |
| throw:_ -> throw({unauthorized, <<"Token rejected">>}); | |
| error:_ -> throw({unauthorized, <<"Token rejected">>}) | |
| end; | |
| _ -> Req | |
| end. | |
| ensure_safe_token(Token, Config) -> | |
| case couch_util:get_value(Token, Config) of | |
| undefined -> true; | |
| Reason -> throw(Reason) | |
| end. | |
| -define (BlacklistConfig, [{"token","bad guy 1"}]). | |
| ensure_safe_token_ok_test() -> | |
| ?assertEqual(true, ensure_safe_token("good token", ?BlacklistConfig)). | |
| ensure_safe_token_unsafe_test() -> | |
| ?assertThrow("bad guy 1", ensure_safe_token("token", ?BlacklistConfig)). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment