Module: Gitlab::JwtAuthenticatable::ClassMethods

Includes:

Utils::StrongMemoize

Defined in:

lib/gitlab/jwt_authenticatable.rb

Instance Method Summary

• #decode_jwt_for_issuer(issuer, encoded_message) ⇒ Object
• #secret ⇒ Object
• #write_secret ⇒ Object

Methods included from Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Instance Method Details

#decode_jwt_for_issuer(issuer, encoded_message) ⇒ Object

# File 'lib/gitlab/jwt_authenticatable.rb', line 16

def decode_jwt_for_issuer(issuer, encoded_message)
  JWT.decode(
    encoded_message,
    secret,
    true,
    { iss: issuer, verify_iss: true, algorithm: 'HS256' }
  )
end

#secret ⇒ Object

# File 'lib/gitlab/jwt_authenticatable.rb', line 25

def secret
  strong_memoize(:secret) do
    Base64.strict_decode64(File.read(secret_path).chomp).tap do |bytes|
      raise "#{secret_path} does not contain #{SECRET_LENGTH} bytes" if bytes.length != SECRET_LENGTH
    end
  end
end

#write_secret ⇒ Object

# File 'lib/gitlab/jwt_authenticatable.rb', line 33

def write_secret
  bytes = SecureRandom.random_bytes(SECRET_LENGTH)
  File.open(secret_path, 'w:BINARY', 0600) do |f|
    f.chmod(0600) # If the file already existed, the '0600' passed to 'open' above was a no-op.
    f.write(Base64.strict_encode64(bytes))
  end
end