Class: Rack::PrxAuth::AuthValidator

Inherits:

Object

• Object
• Rack::PrxAuth::AuthValidator

Defined in:

lib/rack/prx_auth/auth_validator.rb

Instance Attribute Summary

• #issuer ⇒ Object readonly

  Returns the value of attribute issuer.

• #token ⇒ Object readonly

  Returns the value of attribute token.

Instance Method Summary

• #claims ⇒ Object
• #decode_token ⇒ Object
• #expired? ⇒ Boolean
• #initialize(token, certificate = nil, issuer = nil) ⇒ AuthValidator constructor

  A new instance of AuthValidator.

• #time_to_live ⇒ Object
• #token_issuer_matches? ⇒ Boolean
• #valid? ⇒ Boolean
• #valid_token_format? ⇒ Boolean

Constructor Details

#initialize(token, certificate = nil, issuer = nil) ⇒ AuthValidator

Returns a new instance of AuthValidator.

# File 'lib/rack/prx_auth/auth_validator.rb', line 8

def initialize(token, certificate = nil, issuer = nil)
  @token = token
  @certificate = certificate
  @issuer = issuer
end

Instance Attribute Details

#issuer ⇒ Object (readonly)

Returns the value of attribute issuer.

# File 'lib/rack/prx_auth/auth_validator.rb', line 6

def issuer
  @issuer
end

#token ⇒ Object (readonly)

Returns the value of attribute token.

# File 'lib/rack/prx_auth/auth_validator.rb', line 6

def token
  @token
end

Instance Method Details

#claims ⇒ Object

# File 'lib/rack/prx_auth/auth_validator.rb', line 18

def claims
  @claims ||= decode_token
end

#decode_token ⇒ Object

# File 'lib/rack/prx_auth/auth_validator.rb', line 26

def decode_token
  return {} if token.nil?

  begin
    JSON::JWT.decode(token, :skip_verification)
  rescue JSON::JWT::InvalidFormat
    {}
  end
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/prx_auth/auth_validator.rb', line 36

def expired?
  (time_to_live + 30) <= 0 # 30 second clock jitter allowance
end

#time_to_live ⇒ Object

# File 'lib/rack/prx_auth/auth_validator.rb', line 40

def time_to_live
  now = Time.now.to_i
  if claims["exp"].nil?
    0
  elsif claims["iat"].nil? || claims["iat"] <= claims["exp"]
    claims["exp"] - now
  else
    # malformed - exp is a num-seconds offset from issued-at-time
    (claims["iat"] + claims["exp"]) - now
  end
end

#token_issuer_matches? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/prx_auth/auth_validator.rb', line 52

def token_issuer_matches?
  claims["iss"] == @issuer
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/prx_auth/auth_validator.rb', line 14

def valid?
  valid_token_format? && !expired? && @certificate.valid?(token)
end

#valid_token_format? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/prx_auth/auth_validator.rb', line 22

def valid_token_format?
  decode_token.present?
end