Class: BrowserID::Verifier::Persona
- Inherits:
-
Object
- Object
- BrowserID::Verifier::Persona
- Defined in:
- lib/browserid/verifier/persona.rb
Overview
Public: This class sends the assertion to Mozilla’s Persona server for verification.
Constant Summary collapse
- VERIFICATION_SERVER =
Public: String defining the endpoint of the server to perform Persona verifications against.
'verifier.login.persona.org'
- VERIFICATION_PATH =
Public: String defining the normal path to POST assertion verifications to.
'/verify'
Instance Attribute Summary collapse
-
#path ⇒ Object
Returns the value of attribute path.
-
#server ⇒ Object
Returns the value of attribute server.
Instance Method Summary collapse
-
#initialize(server = VERIFICATION_SERVER, path = VERIFICATION_PATH) ⇒ Persona
constructor
Public: Constructs a new Persona verifier.
-
#verify(assertion, audience) ⇒ Object
Public: Verifies a Persona assertion for a given audience.
Constructor Details
#initialize(server = VERIFICATION_SERVER, path = VERIFICATION_PATH) ⇒ Persona
Public: Constructs a new Persona verifier.
server - Domain String of the server to send assertions to for
verifications (default: VERIFICATION_SERVER).
path - Path String to POST to on the server (default:
VERIFICATION_PATH).
26 27 28 29 |
# File 'lib/browserid/verifier/persona.rb', line 26 def initialize(server=VERIFICATION_SERVER, path=VERIFICATION_PATH) @server = server @path = path end |
Instance Attribute Details
#path ⇒ Object
Returns the value of attribute path.
9 10 11 |
# File 'lib/browserid/verifier/persona.rb', line 9 def path @path end |
#server ⇒ Object
Returns the value of attribute server.
9 10 11 |
# File 'lib/browserid/verifier/persona.rb', line 9 def server @server end |
Instance Method Details
#verify(assertion, audience) ⇒ Object
Public: Verifies a Persona assertion for a given audience.
assertion - Persona authentication assertion. audience - Audience String to verify assertion against. This should be
the URI of the service with scheme, authority, and port.
Returns the authenticated email address String and the issuing domain if the assertion is valid. Raises an exception with a failure message if the client was not successfully authenticated.
Examples
verify(assertion, "https://app.example.com:443")
# => "[email protected]", "persona.mozilla.com"
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/browserid/verifier/persona.rb', line 47 def verify(assertion, audience) http = Net::HTTP.new(@server, 443) http.use_ssl = true verification = Net::HTTP::Post.new(@path) verification.set_form_data(assertion: assertion, audience: audience) response = http.request(verification) raise "Unsuccessful response from #{@server}: #{response}" unless response.kind_of? Net::HTTPSuccess authentication = JSON.parse(response.body) # Authentication response is a JSON hash which must contain a 'status' # of "okay" or "failure". status = authentication['status'] raise "Unknown authentication status '#{status}'" unless %w{okay failure}.include? status # An unsuccessful authentication response should contain a reason string. raise "Assertion failure: #{authentication['reason']}" unless status == "okay" # A successful response looks like the following: # { # "status": "okay", # "email": "[email protected]", # "audience": "https://service.example.com:443", # "expires": 1234567890, # "issuer": "persona.mozilla.com" # } auth_audience = authentication['audience'] raise "Persona assertion audience '#{auth_audience}' does not match verifier audience '#{audience}'" unless auth_audience == audience expires = authentication['expires'] && Time.at(authentication['expires'].to_i/1000.0) raise "Persona assertion expired at #{expires}" if expires && expires < Time.now [authentication['email'], authentication['issuer']] end |