Class: JWT::Verify

Inherits:

Object

• Object
• JWT::Verify

Defined in:

lib/jwt/verify.rb

Overview

JWT verify methods

Instance Method Summary

• #initialize(payload, options) ⇒ Verify constructor

  A new instance of Verify.

• #verify_aud ⇒ Object
• #verify_aud_array(audience, options_aud) ⇒ Object
• #verify_expiration ⇒ Object
• #verify_iat ⇒ Object
• #verify_iss ⇒ Object
• #verify_jti ⇒ Object
• #verify_not_before ⇒ Object
• #verify_sub ⇒ Object

Constructor Details

#initialize(payload, options) ⇒ Verify

Returns a new instance of Verify.

# File 'lib/jwt/verify.rb', line 15

def initialize(payload, options)
  @payload = payload
  @options = options
end

Instance Method Details

#verify_aud ⇒ Object

# File 'lib/jwt/verify.rb', line 20

def verify_aud
  return unless (options_aud = extract_option(:aud))

  if @payload['aud'].is_a?(Array)
    verify_aud_array(@payload['aud'], options_aud)
  else
    raise(
      JWT::InvalidAudError,
      "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || '<none>'}"
    ) unless @payload['aud'].to_s == options_aud.to_s
  end
end

#verify_aud_array(audience, options_aud) ⇒ Object

# File 'lib/jwt/verify.rb', line 33

def verify_aud_array(audience, options_aud)
  if options_aud.is_a?(Array)
    options_aud.each do |aud|
      raise(JWT::InvalidAudError, 'Invalid audience') unless audience.include?(aud.to_s)
    end
  else
    raise(JWT::InvalidAudError, 'Invalid audience') unless audience.include?(options_aud.to_s)
  end
end

#verify_expiration ⇒ Object

# File 'lib/jwt/verify.rb', line 43

def verify_expiration
  return unless @payload.include?('exp')

  if @payload['exp'].to_i <= (Time.now.to_i - leeway)
    raise(JWT::ExpiredSignature, 'Signature has expired')
  end
end

#verify_iat ⇒ Object

# File 'lib/jwt/verify.rb', line 51

def verify_iat
  return unless @payload.include?('iat')

  if !@payload['iat'].is_a?(Numeric) || @payload['iat'].to_f > (Time.now.to_f + leeway)
    raise(JWT::InvalidIatError, 'Invalid iat')
  end
end

#verify_iss ⇒ Object

# File 'lib/jwt/verify.rb', line 59

def verify_iss
  return unless (options_iss = extract_option(:iss))

  if @payload['iss'].to_s != options_iss.to_s
    raise(
      JWT::InvalidIssuerError,
      "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || '<none>'}"
    )
  end
end

#verify_jti ⇒ Object

# File 'lib/jwt/verify.rb', line 70

def verify_jti
  options_verify_jti = extract_option(:verify_jti)
  if options_verify_jti.respond_to?(:call)
    raise(JWT::InvalidJtiError, 'Invalid jti') unless options_verify_jti.call(@payload['jti'])
  else
    raise(JWT::InvalidJtiError, 'Missing jti') if @payload['jti'].to_s.strip.empty?
  end
end

#verify_not_before ⇒ Object

# File 'lib/jwt/verify.rb', line 79

def verify_not_before
  return unless @payload.include?('nbf')

  if @payload['nbf'].to_i > (Time.now.to_i + leeway)
    raise(JWT::ImmatureSignature, 'Signature nbf has not been reached')
  end
end

#verify_sub ⇒ Object

Raises:

• (JWT::InvalidSubError)

# File 'lib/jwt/verify.rb', line 87

def verify_sub
  return unless (options_sub = extract_option(:sub))

  raise(
    JWT::InvalidSubError,
    "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || '<none>'}"
  ) unless @payload['sub'].to_s == options_sub.to_s
end