Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rendering Json Results in JWT::DecodeError #162

Closed
louisscruz opened this issue Aug 24, 2016 · 1 comment
Closed

Rendering Json Results in JWT::DecodeError #162

louisscruz opened this issue Aug 24, 2016 · 1 comment

Comments

@louisscruz
Copy link

louisscruz commented Aug 24, 2016
edited
Loading

Steps to reproduce

Perform any request that should render JSON in my controllers.

Expected behavior

The controllers should render JSON.

Actual behavior

For instance, when I make a call to create a session through my sessions_controller, I get the following error:

JWT::DecodeError (Nil JSON web token):

lib/json_web_token.rb:11:in `decode'
app/helpers/sessions_helper.rb:15:in `current_user'
app/controllers/api/sessions_controller.rb:13:in `create'

For some reason the current_user method of my sessions_helper is being called, and I have no idea why.

sessions_helper.rb

require 'json_web_token'

module SessionsHelper
  def create_session(user)
    session[:user_id] = user.id
  end

  def current_user
    puts caller
    auth_token = request.headers["Authorization"]
    if auth_token
      auth_token = auth_token.split(" ").last
      begin
        decoded_token = JsonWebToken.decode auth_token
      rescue JWT::ExpiredSignature
        return
      end
      @current_user ||= User.find_by(auth_token: auth_token)
    end
  end

  def log_out(user)
    logged_in? ? user.generate_authentication_token! : user.destroy_token!
    auth_token = user.auth_token
    user.update_attribute(:auth_token, auth_token)
  end

  def logged_in?
    current_user.present?
  end

  def authenticate_with_token!
    render json: { errors: "Not authenticated" }, status: :unauthorized unless logged_in?
  end

  def log_in(user)
    create_session(user)
    user.generate_authentication_token!
    user.update_attribute(:auth_token, user.auth_token)
  end

  def authenticate_as_self_or_admin!
    render json: { errors: "Not authorized" }, status: :unauthorized unless is_self? || is_admin?
  end

  def is_self?
    user = User.find(params[:id])
    auth_token = request.headers["Authorization"]
    auth_token = auth_token.split(" ").last if auth_token
    user.auth_token != auth_token
  end

  def is_admin?
    if logged_in? && current_user.authenticate(params[:password])
      current_user.admin
    end
  end
end

The output of the p caller makes it appear that the very act of calling render json: user is making a call to my method current_user. The same error occurs with rendering JSON in the users_controller.rb.

System configuration

Rails version: Originally on 5.0.0 (beta 2), Updated to 5.1.0 (alpha) in attempt to fix this issue

Ruby version: 2.2.3p173
@louisscruz
Copy link
Author

It turns out that current_user was in fact being called since it is the default scope_name for Active Model Serializers. Here are the relevant docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@louisscruz