Class: Rack::OAuth2::AccessToken::MAC

Inherits:

Rack::OAuth2::AccessToken

• Object
• Rack::OAuth2::AccessToken
• Rack::OAuth2::AccessToken::MAC

Defined in:

lib/rack/oauth2/access_token/mac.rb,
lib/rack/oauth2/access_token/mac/verifier.rb,
lib/rack/oauth2/access_token/mac/signature.rb,
lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb

Defined Under Namespace

Classes: Sha256HexVerifier, Signature, Verifier

Instance Attribute Summary

• #ext ⇒ Object readonly

  Returns the value of attribute ext.

• #nonce ⇒ Object readonly

  Returns the value of attribute nonce.

• #signature ⇒ Object readonly

  Returns the value of attribute signature.

Attributes inherited from Rack::OAuth2::AccessToken

#raw_attributes

Instance Method Summary

• #authenticate(request) ⇒ Object
• #initialize(attributes = {}) ⇒ MAC constructor

  A new instance of MAC.

• #token_response ⇒ Object
• #verify!(request) ⇒ Object

Constructor Details

#initialize(attributes = {}) ⇒ MAC

Returns a new instance of MAC.

# File 'lib/rack/oauth2/access_token/mac.rb', line 9

def initialize(attributes = {})
  super(attributes)
  @issued_at = Time.now.utc
  @ts_expires_in ||= 5.minutes
end

Instance Attribute Details

#ext ⇒ Object (readonly)

Returns the value of attribute ext.

# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def ext
  @ext
end

#nonce ⇒ Object (readonly)

Returns the value of attribute nonce.

# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def nonce
  @nonce
end

#signature ⇒ Object (readonly)

Returns the value of attribute signature.

# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def signature
  @signature
end

Instance Method Details

#authenticate(request) ⇒ Object

# File 'lib/rack/oauth2/access_token/mac.rb', line 53

def authenticate(request)
  @nonce = generate_nonce
  @ts_generated = @ts || Time.now.utc

  if self.ext_verifier.present?
    @ext = self.ext_verifier.new(
      raw_body: request.body,
      algorithm: self.mac_algorithm
    ).calculate
  end

  @signature = Signature.new(
    secret:      self.mac_key,
    algorithm:   self.mac_algorithm,
    nonce:       self.nonce,
    method:      request.header.request_method,
    request_uri: request.header.create_query_uri,
    host:        request.header.request_uri.host,
    port:        request.header.request_uri.port,
    ts:          @ts_generated,
    ext:         @ext
  ).calculate

  request.header['Authorization'] = authorization_header
end

#token_response ⇒ Object

# File 'lib/rack/oauth2/access_token/mac.rb', line 15

def token_response
  super.merge(
    mac_key: mac_key,
    mac_algorithm: mac_algorithm
  )
end

#verify!(request) ⇒ Object

# File 'lib/rack/oauth2/access_token/mac.rb', line 22

def verify!(request)
  if self.ext_verifier.present?
    body = request.body.read
    request.body.rewind # for future use

    self.ext_verifier.new(
      raw_body: body,
      algorithm: self.mac_algorithm
    ).verify!(request.ext)
  end

  now = Time.now.utc.to_i
  now = @ts.to_i if @ts.present?

  raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i

  Signature.new(
    secret:      self.mac_key,
    algorithm:   self.mac_algorithm,
    nonce:       request.nonce,
    method:      request.request_method,
    request_uri: request.fullpath,
    host:        request.host,
    port:        request.port,
    ts:          request.ts,
    ext:         request.ext
  ).verify!(request.signature)
rescue Verifier::VerificationFailed => e
  request.invalid_token! e.message
end