Class: Kennedy::Ticket

Inherits:
Object
  • Object
show all
Defined in:
lib/kennedy/ticket.rb

Overview

A ticket represents a time-constrained period in which an authenticated person can access a service

Constant Summary collapse

DefaultExpiry =

In seconds

30

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ Ticket

Returns a new instance of Ticket.

Parameters:

  • args (Hash) (defaults to: {})

    The arguments to construct the ticket with

Options Hash (args):

  • :iv (String)

    An iv to use to encrypt and decrypt the ticket

  • :passphrase (String)

    A passphrase to encrypt and decrypt the ticket



47
48
49
50
51
 
# File 'lib/kennedy/ticket.rb', line 47

def initialize(args = {})
  @iv = args[:iv] || raise(ArgumentError, "Ticket encryption IV must be given as :iv")
  @passphrase = args[:passphrase] || raise(ArgumentError, "Ticket encryption passphrase must be given as :passphrase")
  @expiry = args[:expiry] || DefaultExpiry
end

Instance Attribute Details

#identifierObject

Returns the value of attribute identifier.



12
13
14
 
# File 'lib/kennedy/ticket.rb', line 12

def identifier
  @identifier
end

Class Method Details

.create(args = {}) ⇒ Object

Creates a new ticket with the given arguments

Parameters:

  • args (Hash) (defaults to: {})

    The arguments to generate the ticket with

Options Hash (args):

  • :identifier (String)

    An identifier to use in the ticket

  • :iv (String)

    An iv to use to encrypt and decrypt the ticket

  • :passphrase (String)

    A passphrase to encrypt and decrypt the ticket

  • :expiry (String)

    A length of time in seconds for which this ticket is valid after to_encrypted is called



25
26
27
28
29
30
 
# File 'lib/kennedy/ticket.rb', line 25

def self.create(args = {})
  identifier = args[:identifier] || raise(ArgumentError, "Ticket identifier must be given as :identifier")
  ticket = new(:iv => args[:iv], :passphrase => args[:passphrase], :expiry => args[:expiry])
  ticket.identifier = identifier
  ticket
end

.from_encrypted(args = {}) ⇒ Object

Decrypts a ticket from the given arguments

Parameters:

  • args (Hash) (defaults to: {})

    The arguments to build the ticket with

Options Hash (args):

  • :data (String)

    An encrypted ticket

  • :iv (String)

    An IV to use to decrypt the ticket

  • :passphrase (String)

    A passphrase to use to decrypt the ticket



37
38
39
40
41
42
 
# File 'lib/kennedy/ticket.rb', line 37

def self.from_encrypted(args = {})
  data = args[:data] || raise(ArgumentError, "Data must be given as :data")
  ticket = new(:iv => args[:iv], :passphrase => args[:passphrase])
  ticket.decrypt(data)
  ticket
end

Instance Method Details

#decrypt(data) ⇒ Object

Decrypts the given ticket data

Parameters:

  • data (String)

    The ticket data to decrypt



72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/kennedy/ticket.rb', line 72

def decrypt(data)
  cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
  cipher.decrypt
  cipher.key = @passphrase
  cipher.iv = @iv
  decrypted = cipher.update(data)
  decrypted << cipher.final
  json = JSON.parse(decrypted)
  self.identifier = json['identifier']
  @expiry = Time.parse(json['expiry'])
rescue OpenSSL::Cipher::CipherError => e
  raise Kennedy::BadTicketException, "Given data was not decryptable"
end

#expired?Boolean

Returns:

  • (Boolean) 


86
87
88
 
# File 'lib/kennedy/ticket.rb', line 86

def expired?
  !@expiry.nil? && (@expiry < Time.now)
end

#to_encryptedString

Generates an encrypted chunk of JSON with the identifier and expiration time for this ticket encoded in

Returns:

  • (String)

    An encrypted JSON string



60
61
62
63
64
65
66
67
68
 
# File 'lib/kennedy/ticket.rb', line 60

def to_encrypted
  cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
  cipher.encrypt
  cipher.key = @passphrase
  cipher.iv = @iv
  encrypted = cipher.update(to_expiring_json)
  encrypted << cipher.final
  encrypted
end