Class: Drillbit::Tokens::JsonWebToken

Inherits:

Object

• Object
• Drillbit::Tokens::JsonWebToken

Defined in:

lib/drillbit/tokens/json_web_token.rb

Direct Known Subclasses

Drillbit::Tokens::JsonWebTokens::PasswordReset

Constant Summary

TRANSFORMATION_EXCEPTIONS =

[
  JSON::JWT::Exception,
  JSON::JWT::InvalidFormat,
  JSON::JWT::VerificationFailed,
  JSON::JWT::UnexpectedAlgorithm,
  JWT::DecodeError,
  JWT::VerificationError,
  JWT::ExpiredSignature,
  JWT::IncorrectAlgorithm,
  JWT::ImmatureSignature,
  JWT::InvalidIssuerError,
  JWT::InvalidIatError,
  JWT::InvalidAudError,
  JWT::InvalidSubError,
  JWT::InvalidJtiError,
  OpenSSL::PKey::RSAError,
  OpenSSL::Cipher::CipherError,
].freeze

Instance Attribute Summary

• #data ⇒ Object

  Returns the value of attribute data.

• #headers ⇒ Object

  Returns the value of attribute headers.

• #private_key ⇒ Object

  Returns the value of attribute private_key.

Class Method Summary

• .build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) ⇒ Object

  rubocop:disable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength :reek:DuplicateMethodCall.

• .build_from_request(request_token) ⇒ Object
• .from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
• .from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object

Instance Method Summary

• #audience ⇒ Object
• #blank? ⇒ Boolean
• #empty? ⇒ Boolean
• #expiration ⇒ Object
• #id ⇒ Object
• #initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) ⇒ JsonWebToken constructor

  A new instance of JsonWebToken.

• #issued_at ⇒ Object
• #issuer ⇒ Object
• #not_before ⇒ Object
• #owner_id ⇒ Object
• #present? ⇒ Boolean
• #roles ⇒ Object
• #subject ⇒ Object
• #subject_id ⇒ Object
• #to_h ⇒ Object
• #to_jwe ⇒ Object
• #to_jwe_s ⇒ Object
• #to_jws ⇒ Object
• #to_jws_s ⇒ Object
• #to_jwt ⇒ Object
• #to_jwt_s ⇒ Object
• #valid? ⇒ Boolean

  rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength.

Constructor Details

#initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) ⇒ JsonWebToken

Returns a new instance of JsonWebToken.

# File 'lib/drillbit/tokens/json_web_token.rb', line 35

def initialize(data:,
               headers:     {},
               private_key: Drillbit.configuration.token_private_key)

  self.data        = data
  self.headers     = headers
  self.private_key = private_key
end

Instance Attribute Details

#data ⇒ Object

Returns the value of attribute data.

# File 'lib/drillbit/tokens/json_web_token.rb', line 31

def data
  @data
end

#headers ⇒ Object

Returns the value of attribute headers.

# File 'lib/drillbit/tokens/json_web_token.rb', line 31

def headers
  @headers
end

#private_key ⇒ Object

Returns the value of attribute private_key.

# File 'lib/drillbit/tokens/json_web_token.rb', line 31

def private_key
  @private_key
end

Class Method Details

.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) ⇒ Object

rubocop:disable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength :reek:DuplicateMethodCall

# File 'lib/drillbit/tokens/json_web_token.rb', line 54

def self.build(id:                SecureRandom.uuid,
               audience:          Drillbit.configuration.default_token_audience,
               expiration:        Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes),
               issuer:            Drillbit.configuration.default_token_issuer || 'Drillbit',
               issued_at:         Time.now.utc,
               not_before:        Time.now.utc,
               owner:             nil,
               roles:             Drillbit.configuration.default_token_roles,
               subject:           Drillbit.configuration.default_token_subject,
               subject_id:,
               token_private_key: Drillbit.configuration.token_private_key)

  owner ||= subject_id

  new(
    private_key: token_private_key,
    data:        {
      'aud' => audience,
      'exp' => expiration.to_i,
      'iat' => issued_at.to_i,
      'iss' => issuer,
      'jti' => id,
      'nbf' => not_before.to_i,
      'own' => owner,
      'rol' => roles.join(','),
      'sid' => subject_id,
      'sub' => subject,
    },
  )
end

.build_from_request(request_token) ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 44

def self.build_from_request(request_token)
  return Tokens::JsonWebTokens::Null.instance unless request_token

  data, headers = *request_token

  new(data: data, headers: headers)
end

.from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 176

def self.from_jwe(encrypted_token,
                  private_key: Drillbit.configuration.token_private_key)

  return JsonWebTokens::Null.instance if encrypted_token.to_s == ''

  decrypted_token = JSON::JWT.
                      decode(encrypted_token, private_key).
                      plain_text

  from_jws(decrypted_token, private_key: private_key)
rescue *TRANSFORMATION_EXCEPTIONS
  JsonWebTokens::Invalid.instance
end

.from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 190

def self.from_jws(signed_token,
                  private_key: Drillbit.configuration.token_private_key)

  return JsonWebTokens::Null.instance if signed_token.to_s == ''

  decoded = JWT.decode(
                        signed_token,
                        private_key,
                        true,
                        algorithm:         'RS256',
                        verify_expiration: true,
                        verify_not_before: true,
                        verify_iat:        true,
                        leeway:            5,
  )

  data, headers = *decoded

  new(data:        data,
      headers:     headers,
      private_key: private_key)
rescue *TRANSFORMATION_EXCEPTIONS
  JsonWebTokens::Invalid.instance
end

Instance Method Details

#audience ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 106

def audience
  data['aud']
end

#blank? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/drillbit/tokens/json_web_token.rb', line 90

def blank?
  data.empty?
end

#empty? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/drillbit/tokens/json_web_token.rb', line 98

def empty?
  data.empty?
end

#expiration ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 118

def expiration
  data['exp']
end

#id ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 122

def id
  data['jti']
end

#issued_at ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 110

def issued_at
  data['iat']
end

#issuer ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 114

def issuer
  data['iss']
end

#not_before ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 126

def not_before
  data['nbf']
end

#owner_id ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 130

def owner_id
  data['own']
end

#present? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/drillbit/tokens/json_web_token.rb', line 94

def present?
  data.any?
end

#roles ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 148

def roles
  @roles ||= data['rol'].split(',')
end

#subject ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 138

def subject
  data['sub']
end

#subject_id ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 134

def subject_id
  data['sid']
end

#to_h ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 102

def to_h
  [data, headers]
end

#to_jwe ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 168

def to_jwe
  @jwe ||= to_jws.encrypt(private_key, 'RSA-OAEP', 'A256GCM')
end

#to_jwe_s ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 172

def to_jwe_s
  @jwe_s ||= to_jwe.to_s
end

#to_jws ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 160

def to_jws
  @jws ||= to_jwt.sign(private_key,    'RS256')
end

#to_jws_s ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 164

def to_jws_s
  @jws_s ||= to_jws.to_s
end

#to_jwt ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 152

def to_jwt
  @jwt ||= JSON::JWT.new(data)
end

#to_jwt_s ⇒ Object

# File 'lib/drillbit/tokens/json_web_token.rb', line 156

def to_jwt_s
  @jwt_s ||= to_jwt.to_s
end

#valid? ⇒ Boolean

rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength

Returns:

• (Boolean)

# File 'lib/drillbit/tokens/json_web_token.rb', line 86

def valid?
  true
end