Class: Drillbit::Tokens::JsonWebToken
- Inherits:
-
Object
- Object
- Drillbit::Tokens::JsonWebToken
- Defined in:
- lib/drillbit/tokens/json_web_token.rb
Direct Known Subclasses
Constant Summary collapse
- TRANSFORMATION_EXCEPTIONS =
[ JSON::JWT::Exception, JSON::JWT::InvalidFormat, JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm, JWT::DecodeError, JWT::VerificationError, JWT::ExpiredSignature, JWT::IncorrectAlgorithm, JWT::ImmatureSignature, JWT::InvalidIssuerError, JWT::InvalidIatError, JWT::InvalidAudError, JWT::InvalidSubError, JWT::InvalidJtiError, OpenSSL::PKey::RSAError, OpenSSL::Cipher::CipherError, ].freeze
Instance Attribute Summary collapse
-
#data ⇒ Object
Returns the value of attribute data.
-
#headers ⇒ Object
Returns the value of attribute headers.
-
#private_key ⇒ Object
Returns the value of attribute private_key.
Class Method Summary collapse
-
.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) ⇒ Object
rubocop:disable Metrics/ParameterLists, Metrics/LineLength.
- .build_from_request(request_token) ⇒ Object
- .from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
- .from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
Instance Method Summary collapse
- #audience ⇒ Object
- #blank? ⇒ Boolean
- #empty? ⇒ Boolean
- #expiration ⇒ Object
- #id ⇒ Object
-
#initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) ⇒ JsonWebToken
constructor
A new instance of JsonWebToken.
- #issued_at ⇒ Object
- #issuer ⇒ Object
- #not_before ⇒ Object
- #owner_id ⇒ Object
- #present? ⇒ Boolean
- #roles ⇒ Object
- #subject ⇒ Object
- #subject_id ⇒ Object
- #to_h ⇒ Object
- #to_jwe ⇒ Object
- #to_jwe_s ⇒ Object
- #to_jws ⇒ Object
- #to_jws_s ⇒ Object
- #to_jwt ⇒ Object
- #to_jwt_s ⇒ Object
-
#valid? ⇒ Boolean
rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength.
Constructor Details
#initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) ⇒ JsonWebToken
Returns a new instance of JsonWebToken.
35 36 37 38 39 40 41 42 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 35 def initialize(data:, headers: {}, private_key: Drillbit.configuration.token_private_key) self.data = data self.headers = headers self.private_key = private_key end |
Instance Attribute Details
#data ⇒ Object
Returns the value of attribute data.
31 32 33 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 31 def data @data end |
#headers ⇒ Object
Returns the value of attribute headers.
31 32 33 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 31 def headers @headers end |
#private_key ⇒ Object
Returns the value of attribute private_key.
31 32 33 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 31 def private_key @private_key end |
Class Method Details
.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) ⇒ Object
rubocop:disable Metrics/ParameterLists, Metrics/LineLength
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 53 def self.build(id: SecureRandom.uuid, audience: Drillbit.configuration.default_token_audience, expiration: Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes), issuer: Drillbit.configuration.default_token_issuer || 'Drillbit', issued_at: Time.now.utc, not_before: Time.now.utc, owner: nil, roles: Drillbit.configuration.default_token_roles, subject: Drillbit.configuration.default_token_subject, subject_id:, token_private_key: Drillbit.configuration.token_private_key) owner ||= subject_id new( private_key: token_private_key, data: { 'aud' => audience, 'exp' => expiration.to_i, 'iat' => issued_at.to_i, 'iss' => issuer, 'jti' => id, 'nbf' => not_before.to_i, 'own' => owner, 'rol' => roles.join(','), 'sid' => subject_id, 'sub' => subject, }, ) end |
.build_from_request(request_token) ⇒ Object
44 45 46 47 48 49 50 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 44 def self.build_from_request(request_token) return Tokens::JsonWebTokens::Null.instance unless request_token data, headers = *request_token new(data: data, headers: headers) end |
.from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
175 176 177 178 179 180 181 182 183 184 185 186 187 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 175 def self.from_jwe(encrypted_token, private_key: Drillbit.configuration.token_private_key) return JsonWebTokens::Null.instance if encrypted_token.to_s == '' decrypted_token = JSON::JWT .decode(encrypted_token, private_key) .plain_text from_jws(decrypted_token, private_key: private_key) rescue *TRANSFORMATION_EXCEPTIONS JsonWebTokens::Invalid.instance end |
.from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) ⇒ Object
189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 189 def self.from_jws(signed_token, private_key: Drillbit.configuration.token_private_key) return JsonWebTokens::Null.instance if signed_token.to_s == '' decoded = JWT.decode( signed_token, private_key, true, algorithm: 'RS256', verify_expiration: true, verify_not_before: true, verify_iat: true, leeway: 5, ) data, headers = *decoded new(data: data, headers: headers, private_key: private_key) rescue *TRANSFORMATION_EXCEPTIONS JsonWebTokens::Invalid.instance end |
Instance Method Details
#audience ⇒ Object
105 106 107 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 105 def audience data['aud'] end |
#blank? ⇒ Boolean
89 90 91 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 89 def blank? data.empty? end |
#empty? ⇒ Boolean
97 98 99 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 97 def empty? data.empty? end |
#expiration ⇒ Object
117 118 119 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 117 def expiration data['exp'] end |
#id ⇒ Object
121 122 123 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 121 def id data['jti'] end |
#issued_at ⇒ Object
109 110 111 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 109 def issued_at data['iat'] end |
#issuer ⇒ Object
113 114 115 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 113 def issuer data['iss'] end |
#not_before ⇒ Object
125 126 127 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 125 def not_before data['nbf'] end |
#owner_id ⇒ Object
129 130 131 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 129 def owner_id data['own'] end |
#present? ⇒ Boolean
93 94 95 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 93 def present? data.any? end |
#roles ⇒ Object
147 148 149 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 147 def roles @roles ||= data.fetch('rol', '').split(',') end |
#subject ⇒ Object
137 138 139 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 137 def subject data['sub'] end |
#subject_id ⇒ Object
133 134 135 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 133 def subject_id data['sid'] end |
#to_h ⇒ Object
101 102 103 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 101 def to_h [data, headers] end |
#to_jwe ⇒ Object
167 168 169 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 167 def to_jwe @jwe ||= to_jws.encrypt(private_key, 'RSA-OAEP', 'A256GCM') end |
#to_jwe_s ⇒ Object
171 172 173 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 171 def to_jwe_s @jwe_s ||= to_jwe.to_s end |
#to_jws ⇒ Object
159 160 161 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 159 def to_jws @jws ||= to_jwt.sign(private_key, 'RS256') end |
#to_jws_s ⇒ Object
163 164 165 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 163 def to_jws_s @jws_s ||= to_jws.to_s end |
#to_jwt ⇒ Object
151 152 153 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 151 def to_jwt @jwt ||= JSON::JWT.new(data) end |
#to_jwt_s ⇒ Object
155 156 157 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 155 def to_jwt_s @jwt_s ||= to_jwt.to_s end |
#valid? ⇒ Boolean
rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength
85 86 87 |
# File 'lib/drillbit/tokens/json_web_token.rb', line 85 def valid? true end |