Class: OpenSesame::Token

Inherits:

Object

• Object
• OpenSesame::Token

Defined in:

lib/open-sesame.rb

Overview

Used for generating time-sensitive, cryptographically secure authorization tokens.

Constant Summary

@@default_secret =

For really lazy people. You really should set your own secret phrase.

"OPEN SESAME"

Class Method Summary

• .generate(secret = @@default_secret, timestamp = Time.now.utc.to_datetime) ⇒ String

  Generate a token, which will automatically expire after one hour.

• .verify(token, secret = @@default_secret) ⇒ Object

  Verify a token.

Class Method Details

.generate(secret = @@default_secret, timestamp = Time.now.utc.to_datetime) ⇒ String

Generate a token, which will automatically expire after one hour.

Parameters:

• secret (String) (defaults to: @@default_secret) —

  The shared secret, which should only be known by the sender and the receiver.

• timestamp (DateTime) (defaults to: Time.now.utc.to_datetime) —

  Expire the token automatically one hour from this time. Defaults to now.

Returns:

• (String) —

  The token.

# File 'lib/open-sesame.rb', line 18

def self.generate(secret = @@default_secret, timestamp = Time.now.utc.to_datetime)
  timestamp_string = timestamp.strftime('%Y%m%dT%H%M')
  hash = (Digest::SHA1.new << secret + timestamp_string).to_s
  timestamp_string + '-' + hash
end

.verify(token, secret = @@default_secret) ⇒ Object

Verify a token.

Parameters:

• token (String) —

  The token.

• secret (String) (defaults to: @@default_secret) —

  The shared secret.

# File 'lib/open-sesame.rb', line 28

def self.verify(token, secret = @@default_secret)
  string = token.split /-/
  timestamp = DateTime.strptime string.first, '%Y%m%dT%H%M'
  one_hour_ago = (Time.now.utc - 3600).to_datetime
  (timestamp >= one_hour_ago) && token.eql?(generate(secret, timestamp))
end