Class: Drillbit::Tokens::JsonWebToken
- Inherits:
-
Object
- Object
- Drillbit::Tokens::JsonWebToken
- Defined in:
- lib/drillbit/tokens/json_web_token.rb
Direct Known Subclasses
Constant Summary collapse
- TRANSFORMATION_EXCEPTIONS =
[ JSON::JWT::Exception, JSON::JWT::InvalidFormat, JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm, JWT::DecodeError, JWT::VerificationError, JWT::ExpiredSignature, JWT::IncorrectAlgorithm, JWT::ImmatureSignature, JWT::InvalidIssuerError, JWT::InvalidIatError, JWT::InvalidAudError, JWT::InvalidSubError, JWT::InvalidJtiError, OpenSSL::PKey::RSAError, OpenSSL::Cipher::CipherError, ].freeze
Instance Attribute Summary collapse
-
#data ⇒ Object
Returns the value of attribute data.
-
#headers ⇒ Object
Returns the value of attribute headers.
-
#private_key ⇒ Object
Returns the value of attribute private_key.
Class Method Summary collapse
-
.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) ⇒ Object
rubocop:disable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength.
- .build_from_request(request_token) ⇒ Object
- .from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
- .from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
Instance Method Summary collapse
- #audience ⇒ Object
- #blank? ⇒ Boolean
- #empty? ⇒ Boolean
- #expiration ⇒ Object
- #id ⇒ Object
-
#initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) ⇒ JsonWebToken
constructor
A new instance of JsonWebToken.
- #issued_at ⇒ Object
- #issuer ⇒ Object
- #not_before ⇒ Object
- #owner_id ⇒ Object
- #present? ⇒ Boolean
- #roles ⇒ Object
- #subject ⇒ Object
- #subject_id ⇒ Object
- #to_h ⇒ Object
- #to_jwe ⇒ Object
- #to_jwe_s ⇒ Object
- #to_jws ⇒ Object
- #to_jws_s ⇒ Object
- #to_jwt ⇒ Object
- #to_jwt_s ⇒ Object
-
#valid? ⇒ Boolean
rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength.
Constructor Details
#initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) ⇒ JsonWebToken
Returns a new instance of JsonWebToken.
34 35 36 37 38 39 40 41 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 34 def initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) self.data = data self.headers = headers self.private_key = private_key end |
Instance Attribute Details
#data ⇒ Object
Returns the value of attribute data.
30 31 32 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 30 def data @data end |
#headers ⇒ Object
Returns the value of attribute headers.
30 31 32 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 30 def headers @headers end |
#private_key ⇒ Object
Returns the value of attribute private_key.
30 31 32 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 30 def private_key @private_key end |
Class Method Details
.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) ⇒ Object
rubocop:disable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 52 def self.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) owner ||= subject_id new( private_key: token_private_key, data: { 'aud' => audience, 'exp' => expiration.to_i, 'iat' => issued_at.to_i, 'iss' => issuer, 'jti' => id, 'nbf' => not_before.to_i, 'own' => owner, 'rol' => roles.join(','), 'sid' => subject_id, 'sub' => subject, }, ) end |
.build_from_request(request_token) ⇒ Object
43 44 45 46 47 48 49 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 43 def self.build_from_request(request_token) return Tokens::JsonWebTokens::Null.instance unless request_token data, headers = *request_token new(data: data, headers: headers) end |
.from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 174 def self.from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) return JsonWebTokens::Null.instance if encrypted_token.to_s == '' decrypted_token = JSON::JWT. decode(encrypted_token, private_key). plain_text from_jws(decrypted_token, private_key: private_key) rescue *TRANSFORMATION_EXCEPTIONS JsonWebTokens::Invalid.instance end |
.from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 188 def self.from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) return JsonWebTokens::Null.instance if signed_token.to_s == '' decoded = JWT.decode( signed_token, private_key, true, algorithm: 'RS256', verify_expiration: true, verify_not_before: true, verify_iat: true, leeway: 5, ) data, headers = *decoded new(data: data, headers: headers, private_key: private_key) rescue *TRANSFORMATION_EXCEPTIONS JsonWebTokens::Invalid.instance end |
Instance Method Details
#audience ⇒ Object
104 105 106 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 104 def audience data['aud'] end |
#blank? ⇒ Boolean
88 89 90 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 88 def blank? data.empty? end |
#empty? ⇒ Boolean
96 97 98 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 96 def empty? data.empty? end |
#expiration ⇒ Object
116 117 118 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 116 def expiration data['exp'] end |
#id ⇒ Object
120 121 122 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 120 def id data['jti'] end |
#issued_at ⇒ Object
108 109 110 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 108 def issued_at data['iat'] end |
#issuer ⇒ Object
112 113 114 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 112 def issuer data['iss'] end |
#not_before ⇒ Object
124 125 126 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 124 def not_before data['nbf'] end |
#owner_id ⇒ Object
128 129 130 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 128 def owner_id data['own'] end |
#present? ⇒ Boolean
92 93 94 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 92 def present? data.any? end |
#roles ⇒ Object
146 147 148 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 146 def roles @roles ||= data.fetch('rol', '').split(',') end |
#subject ⇒ Object
136 137 138 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 136 def subject data['sub'] end |
#subject_id ⇒ Object
132 133 134 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 132 def subject_id data['sid'] end |
#to_h ⇒ Object
100 101 102 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 100 def to_h [data, headers] end |
#to_jwe ⇒ Object
166 167 168 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 166 def to_jwe @jwe ||= to_jws.encrypt(private_key, 'RSA-OAEP', 'A256GCM') end |
#to_jwe_s ⇒ Object
170 171 172 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 170 def to_jwe_s @jwe_s ||= to_jwe.to_s end |
#to_jws ⇒ Object
158 159 160 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 158 def to_jws @jws ||= to_jwt.sign(private_key, 'RS256') end |
#to_jws_s ⇒ Object
162 163 164 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 162 def to_jws_s @jws_s ||= to_jws.to_s end |
#to_jwt ⇒ Object
150 151 152 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 150 def to_jwt @jwt ||= JSON::JWT.new(data) end |
#to_jwt_s ⇒ Object
154 155 156 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 154 def to_jwt_s @jwt_s ||= to_jwt.to_s end |
#valid? ⇒ Boolean
rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength
84 85 86 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 84 def valid? true end |