Class: SignedForm::GateKeeper

Inherits:

Object

• Object
• SignedForm::GateKeeper

Defined in:

lib/signed_form/gate_keeper.rb

Instance Attribute Summary

• #allowed_attributes ⇒ Object readonly

  Returns the value of attribute allowed_attributes.

Instance Method Summary

• #extract_and_verify_form_signature ⇒ Object
• #initialize(controller) ⇒ GateKeeper constructor

  A new instance of GateKeeper.

• #options ⇒ Object
• #verify_destination ⇒ Object
• #verify_digest ⇒ Object

Constructor Details

#initialize(controller) ⇒ GateKeeper

Returns a new instance of GateKeeper.

# File 'lib/signed_form/gate_keeper.rb', line 5

def initialize(controller)
  @controller = controller
  @params     = controller.params
  @request    = controller.request

  extract_and_verify_form_signature
  verify_destination
  verify_digest
end

Instance Attribute Details

#allowed_attributes ⇒ Object (readonly)

Returns the value of attribute allowed_attributes.

# File 'lib/signed_form/gate_keeper.rb', line 3

def allowed_attributes
  @allowed_attributes
end

Instance Method Details

#extract_and_verify_form_signature ⇒ Object

Raises:

• (Errors::InvalidSignature)

# File 'lib/signed_form/gate_keeper.rb', line 19

def extract_and_verify_form_signature
  data, signature = @params['form_signature'].split('--', 2)
  hmac = SignedForm::HMAC.new secret_key: SignedForm.secret_key

  signature ||= ''

  raise Errors::InvalidSignature, "Form signature is not valid" unless hmac.verify signature, data

  @allowed_attributes = Marshal.load Base64.strict_decode64(data)
  @options            = allowed_attributes.delete(:_options_)
end

#options ⇒ Object

# File 'lib/signed_form/gate_keeper.rb', line 15

def options
  @options ||= {}
end

#verify_destination ⇒ Object

Raises:

• (Errors::InvalidURL)

# File 'lib/signed_form/gate_keeper.rb', line 31

def verify_destination
  return unless options[:method] && options[:url]
  raise Errors::InvalidURL if options[:method].to_s.casecmp(@request.request_method) != 0
  url = @controller.url_for(options[:url])
  raise Errors::InvalidURL if url != @request.fullpath && url != @request.url
end

#verify_digest ⇒ Object

Raises:

• (Errors::ExpiredForm)

# File 'lib/signed_form/gate_keeper.rb', line 38

def verify_digest
  return unless options[:digest]

  return if options[:digest_expiration] && Time.now < options[:digest_expiration]

  digestor = options[:digest]
  given_digest = digestor.to_s
  digestor.view_paths = @controller.view_paths.map(&:to_s)
  digestor.refresh
  raise Errors::ExpiredForm unless given_digest == digestor.to_s
end