Class: Colossus::Verifier

Inherits:
Object
  • Object
show all
Defined in:
lib/colossus/verifier.rb

Overview

Implements the verification logic based on SHA1 in order to avoid timing attacks. (cf Faye doc)

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(secret = Colossus.config.secret_key, writer_token = Colossus.config.writer_token) ⇒ Verifier

Returns a new instance of Verifier.



7
8
9
10
11
12
 
# File 'lib/colossus/verifier.rb', line 7

def initialize(secret = Colossus.config.secret_key,
               writer_token = Colossus.config.writer_token)
  @sha1         = OpenSSL::Digest.new('sha1')
  @secret       = secret
  @writer_token = writer_token
end

Instance Attribute Details

#secretObject (readonly)

Returns the value of attribute secret.



5
6
7
 
# File 'lib/colossus/verifier.rb', line 5

def secret
  @secret
end

#sha1Object (readonly)

Returns the value of attribute sha1.



5
6
7
 
# File 'lib/colossus/verifier.rb', line 5

def sha1
  @sha1
end

#writer_tokenObject (readonly)

Returns the value of attribute writer_token.



5
6
7
 
# File 'lib/colossus/verifier.rb', line 5

def writer_token
  @writer_token
end

Instance Method Details

#generate_user_token(user_id) ⇒ Object 



27
28
29
 
# File 'lib/colossus/verifier.rb', line 27

def generate_user_token(user_id)
   OpenSSL::HMAC.hexdigest(sha1, secret, user_id)
end

#verify_token(token_given, user_id) ⇒ Object 



14
15
16
17
18
19
 
# File 'lib/colossus/verifier.rb', line 14

def verify_token(token_given, user_id)
  expected_token = generate_user_token(user_id)
  expected_hash  = Digest::SHA1.hexdigest(expected_token)
  actual_hash    = Digest::SHA1.hexdigest(token_given)
  expected_hash == actual_hash
end

#verify_writer_token(token_given) ⇒ Object 



21
22
23
24
25
 
# File 'lib/colossus/verifier.rb', line 21

def verify_writer_token(token_given)
  expected_hash  = Digest::SHA1.hexdigest(writer_token)
  actual_hash    = Digest::SHA1.hexdigest(token_given)
  expected_hash == actual_hash
end