Class: Rack::OAuth2::AccessToken::MAC

Inherits:
Rack::OAuth2::AccessToken show all
Defined in:
lib/rack/oauth2/access_token/mac.rb,
lib/rack/oauth2/access_token/mac/verifier.rb,
lib/rack/oauth2/access_token/mac/signature.rb,
lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
more...

Defined Under Namespace

Classes: Sha256HexVerifier, Signature, Verifier

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(attributes = {}) ⇒ MAC

Returns a new instance of MAC.

[View source]

9
10
11
12
13
# File 'lib/rack/oauth2/access_token/mac.rb', line 9

def initialize(attributes = {})
  super(attributes)
  @issued_at = Time.now.utc
  @ts_expires_in ||= 5.minutes
end

Instance Attribute Details

#extObject (readonly)

Returns the value of attribute ext.


7
8
9
# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def ext
  @ext
end

#nonceObject (readonly)

Returns the value of attribute nonce.


7
8
9
# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def nonce
  @nonce
end

#signatureObject (readonly)

Returns the value of attribute signature.


7
8
9
# File 'lib/rack/oauth2/access_token/mac.rb', line 7

def signature
  @signature
end

Instance Method Details

#authenticate(request) ⇒ Object

[View source]

53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/rack/oauth2/access_token/mac.rb', line 53

def authenticate(request)
  @nonce = generate_nonce
  @ts_generated = @ts || Time.now.utc

  if self.ext_verifier.present?
    @ext = self.ext_verifier.new(
      :raw_body => request.body,
      :algorithm => self.mac_algorithm
    ).calculate
  end

  @signature = Signature.new(
    :secret      => self.mac_key,
    :algorithm   => self.mac_algorithm,
    :nonce       => self.nonce,
    :method      => request.header.request_method,
    :request_uri => request.header.create_query_uri,
    :host        => request.header.request_uri.host,
    :port        => request.header.request_uri.port,
    :ts          => @ts_generated,
    :ext         => @ext
  ).calculate

  request.header['Authorization'] = authorization_header
end

#token_responseObject

[View source]

15
16
17
18
19
20
# File 'lib/rack/oauth2/access_token/mac.rb', line 15

def token_response
  super.merge(
    :mac_key => mac_key,
    :mac_algorithm => mac_algorithm
  )
end

#verify!(request) ⇒ Object

[View source]

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/rack/oauth2/access_token/mac.rb', line 22

def verify!(request)          
  if self.ext_verifier.present?
    body = request.body.read
    request.body.rewind # for future use

    self.ext_verifier.new(
      :raw_body => body,
      :algorithm => self.mac_algorithm
    ).verify!(request.ext)
  end

  now = Time.now.utc.to_i
  now = @ts.to_i if @ts.present?
            
  raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i

  Signature.new(
    :secret      => self.mac_key,
    :algorithm   => self.mac_algorithm,
    :nonce       => request.nonce,
    :method      => request.request_method,
    :request_uri => request.fullpath,
    :host        => request.host,
    :port        => request.port,
    :ts          => request.ts,
    :ext         => request.ext
  ).verify!(request.signature)
rescue Verifier::VerificationFailed => e
  request.invalid_token! e.message
end