Merge pull request #11 from wpdebruin/development

lmajano · web-flow · commit 9599093f3b86 · 2020-07-22T14:21:59.000-05:00
Update JWT service for storage not enabled
diff --git a/models/jwt/JwtService.cfc b/models/jwt/JwtService.cfc
@@ -247,7 +247,7 @@ component accessors="true" singleton {
 
 		// Verify it
 		if ( isNull( oUser ) || !len( oUser.getId() ) ) {
-			// Announce the creation
+			// Announce the invalid user
 			variables.interceptorService.processState(
 				"cbSecurity_onJWTInvalidUser",
 				{
@@ -270,7 +270,7 @@ component accessors="true" singleton {
 			.getContext()
 			.setPrivateValue( variables.settings.prcUserVariable, oUser );
 
-		// Announce the creation
+		// Announce the valid authentication
 		variables.interceptorService.processState(
 			"cbSecurity_onJWTValidAuthentication",
 			{
@@ -297,7 +297,7 @@ component accessors="true" singleton {
 		// Invalidate the token, decode it first and use the jti claim
 		var results = getTokenStorage().clear( this.decode( arguments.token ).jti );
 
-		// Announce the creation
+		// Announce the token invalidation
 		variables.interceptorService.processState(
 			"cbSecurity_onJWTInvalidation",
 			{ token : arguments.token }
@@ -364,7 +364,7 @@ component accessors="true" singleton {
 					);
 				}
 
-				// Announce the creation
+				// Announce the invalid claims
 				variables.interceptorService.processState(
 					"cbSecurity_onJWTInvalidClaims",
 					{
@@ -387,7 +387,7 @@ component accessors="true" singleton {
 				variables.log.warn( "Token rejected, it has expired", decodedToken );
 			}
 
-			// Announce the creation
+			// Announce the token expiration
 			variables.interceptorService.processState(
 				"cbSecurity_onJWTExpiration",
 				{
@@ -400,12 +400,12 @@ component accessors="true" singleton {
 		}
 
 		// Verify that this token has not been invalidated in the storage?
-		if ( !getTokenStorage().exists( decodedToken.jti ) ) {
+		if ( variables.settings.jwt.tokenStorage.enabled && !getTokenStorage().exists( decodedToken.jti )  ) {
 			if ( variables.log.canWarn() ) {
 				variables.log.warn( "Token rejected, it was not found in token storage", decodedToken );
 			}
 
-			// Announce the creation
+			// Announce the rejection, token not found in storage
 			variables.interceptorService.processState(
 				"cbSecurity_onJWTStorageRejection",
 				{
@@ -424,7 +424,7 @@ component accessors="true" singleton {
 		// Log
 		if ( variables.log.canDebug() ) {
 			variables.log.debug(
-				"Token is valid, not expired and found in storage, inflating to PRC",
+				"Token is valid, not expired and found in (enabled) storage, inflating to PRC",
 				decodedToken
 			);
 		}
@@ -435,7 +435,7 @@ component accessors="true" singleton {
 			.setPrivateValue( "jwt_token", jwtToken )
 			.setPrivateValue( "jwt_payload", decodedToken );
 
-		// Announce the creation
+		// Announce the valid parsing
 		variables.interceptorService.processState(
 			"cbSecurity_onJWTValidParsing",
 			{
@@ -581,7 +581,7 @@ component accessors="true" singleton {
 	 * @return { allow:boolean, type:authentication|authorization }
 	 */
 	struct function ruleValidator( required rule, required controller ){
-		return validateSecurity( arguments.rule.roles );
+		return validateSecurity( arguments.rule.permissions );
 	}
 
 	/**
