Class: Rack::OAuth2::AccessToken::MAC

Inherits:

Rack::OAuth2::AccessToken

• Object
• Rack::OAuth2::AccessToken
• Rack::OAuth2::AccessToken::MAC

Defined in:

lib/rack/oauth2/access_token/mac.rb,
lib/rack/oauth2/access_token/mac/verifier.rb,
lib/rack/oauth2/access_token/mac/signature.rb,
lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb more...

Defined Under Namespace

Classes: Sha256HexVerifier, Signature, Verifier

Instance Attribute Summary

• #ext ⇒ Object readonly

  Returns the value of attribute ext.

• #nonce ⇒ Object readonly

  Returns the value of attribute nonce.

• #signature ⇒ Object readonly

  Returns the value of attribute signature.

Instance Method Summary

• #authenticate(request) ⇒ Object
• #initialize(attributes = {}) ⇒ MAC constructor

  A new instance of MAC.

• #token_response ⇒ Object
• #verify!(request) ⇒ Object

Constructor Details

#initialize(attributes = {}) ⇒ MAC

Returns a new instance of MAC.

# File 'lib/rack/oauth2/access_token/mac.rb', line 9

def initialize(attributes = {})
  super(attributes)
  @issued_at = Time.now.utc
  @ts_expires_in ||= 5.minutes
end

Instance Attribute Details

#ext ⇒ Object (readonly)

Returns the value of attribute ext.

# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def ext
  @ext
end

#nonce ⇒ Object (readonly)

Returns the value of attribute nonce.

# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def nonce
  @nonce
end

#signature ⇒ Object (readonly)

Returns the value of attribute signature.

# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def signature
  @signature
end

Instance Method Details

#authenticate(request) ⇒ Object

# File 'lib/rack/oauth2/access_token/mac.rb', line 53

def authenticate(request)
  @nonce = generate_nonce
  @ts_generated = @ts || Time.now.utc

  if self.ext_verifier.present?
    @ext = self.ext_verifier.new(
      :raw_body => request.body,
      :algorithm => self.mac_algorithm
    ).calculate
  end

  @signature = Signature.new(
    :secret      => self.mac_key,
    :algorithm   => self.mac_algorithm,
    :nonce       => self.nonce,
    :method      => request.header.request_method,
    :request_uri => request.header.create_query_uri,
    :host        => request.header.request_uri.host,
    :port        => request.header.request_uri.port,
    :ts          => @ts_generated,
    :ext         => @ext
  ).calculate

  request.header['Authorization'] = authorization_header
end

#token_response ⇒ Object

# File 'lib/rack/oauth2/access_token/mac.rb', line 15

def token_response
  super.merge(
    :mac_key => mac_key,
    :mac_algorithm => mac_algorithm
  )
end

#verify!(request) ⇒ Object

# File 'lib/rack/oauth2/access_token/mac.rb', line 22

def verify!(request)          
  if self.ext_verifier.present?
    body = request.body.read
    request.body.rewind # for future use

    self.ext_verifier.new(
      :raw_body => body,
      :algorithm => self.mac_algorithm
    ).verify!(request.ext)
  end

  now = Time.now.utc.to_i
  now = @ts.to_i if @ts.present?
            
  raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i

  Signature.new(
    :secret      => self.mac_key,
    :algorithm   => self.mac_algorithm,
    :nonce       => request.nonce,
    :method      => request.request_method,
    :request_uri => request.fullpath,
    :host        => request.host,
    :port        => request.port,
    :ts          => request.ts,
    :ext         => request.ext
  ).verify!(request.signature)
rescue Verifier::VerificationFailed => e
  request.invalid_token! e.message
end