Class: JWT::Verify

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt/verify.rb

Overview

JWT verify methods

Instance Method Summary collapse

Constructor Details

#initialize(payload, options) ⇒ Verify

Returns a new instance of Verify.



14
15
16
17
# File 'lib/jwt/verify.rb', line 14

def initialize(payload, options)
  @payload = payload
  @options = options
end

Instance Method Details

#verify_audObject



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# File 'lib/jwt/verify.rb', line 19

def verify_aud
  return unless (options_aud = extract_option(:aud))

  if @payload['aud'].is_a?(Array)
    fail(
      JWT::InvalidAudError,
      'Invalid audience'
    ) unless @payload['aud'].include?(options_aud.to_s)
  else
    fail(
      JWT::InvalidAudError,
      "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || '<none>'}"
    ) unless @payload['aud'].to_s == options_aud.to_s
  end
end

#verify_expirationObject



35
36
37
38
39
40
41
# File 'lib/jwt/verify.rb', line 35

def verify_expiration
  return unless @payload.include?('exp')

  if @payload['exp'].to_i < (Time.now.to_i - leeway)
    fail(JWT::ExpiredSignature, 'Signature has expired')
  end
end

#verify_iatObject



43
44
45
46
47
48
49
# File 'lib/jwt/verify.rb', line 43

def verify_iat
  return unless @payload.include?('iat')

  if !(@payload['iat'].is_a?(Numeric)) || @payload['iat'].to_f > (Time.now.to_f + leeway)
    fail(JWT::InvalidIatError, 'Invalid iat')
  end
end

#verify_issObject



51
52
53
54
55
56
57
58
59
60
# File 'lib/jwt/verify.rb', line 51

def verify_iss
  return unless (options_iss = extract_option(:iss))

  if @payload['iss'].to_s != options_iss.to_s
    fail(
      JWT::InvalidIssuerError,
      "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || '<none>'}"
    )
  end
end

#verify_jtiObject



62
63
64
65
66
67
68
69
# File 'lib/jwt/verify.rb', line 62

def verify_jti
  options_verify_jti = extract_option(:verify_jti)
  if options_verify_jti.respond_to?(:call)
    fail(JWT::InvalidJtiError, 'Invalid jti') unless options_verify_jti.call(@payload['jti'])
  else
    fail(JWT::InvalidJtiError, 'Missing jti') if @payload['jti'].to_s.strip.empty?
  end
end

#verify_not_beforeObject



71
72
73
74
75
76
77
# File 'lib/jwt/verify.rb', line 71

def verify_not_before
  return unless @payload.include?('nbf')

  if @payload['nbf'].to_i > (Time.now.to_i + leeway)
    fail(JWT::ImmatureSignature, 'Signature nbf has not been reached')
  end
end

#verify_subObject



79
80
81
82
83
84
85
86
# File 'lib/jwt/verify.rb', line 79

def verify_sub
  return unless (options_sub = extract_option(:sub))

  fail(
    JWT::InvalidSubError,
    "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || '<none>'}"
  ) unless @payload['sub'].to_s == options_sub.to_s
end