Class: RGigya::SigUtils

Inherits:

Object

• Object
• RGigya::SigUtils

Includes:

RGigya

Defined in:

lib/rgigya/sig_utils.rb

Constant Summary

Constants included from RGigya

JSONParseError

Class Method Summary

• .calculate_signature(base, key) ⇒ String

  Value of the signature.

• .current_time_in_milliseconds ⇒ String

  Current time in milliseconds.

• .get_dynamic_session_signature(glt_cookie, timeout_in_seconds) ⇒ String

  generates the value for the session expiration cookie developers.gigya.com/010_Developer_Guide/87_Security#Defining_a_Session_Expiration_Cookie.

• .validate_friend_signature(uid, timestamp, friend_uid, signature) ⇒ Boolean

  developers.gigya.com/010_Developer_Guide/87_Security#Validate_Friendship_Signatures_when_required.

• .validate_user_signature(uid, timestamp, signature) ⇒ Boolean

  validates the signature from the api calls having to do with authentication developers.gigya.com/010_Developer_Guide/87_Security#Validate_the_UID_Signature_in_the_Social_Login_Process.

Methods included from RGigya

build_url, check_for_errors, config, log, method_missing, params_with_signature, parse_results, parse_results_secure, parse_results_with_signature, prepare_for_signature, required_parameters, respond_to?, verify_config_data

Class Method Details

.calculate_signature(base, key) ⇒ String

Returns value of the signature.

Parameters:

• base (Strsing) —

  string that we are basing the signature off of

• key (String) —

  The key we are using the encode the signature

Returns:

• (String) —

  value of the signature

Author:

• Scott Sampson

# File 'lib/rgigya/sig_utils.rb', line 90

def calculate_signature(base,key)
   base = base.encode('UTF-8')
   raw = OpenSSL::HMAC.digest('sha1',Base64.decode64(key), base)
	return Base64.encode64(raw).chomp.gsub(/\n/,'')
end

.current_time_in_milliseconds ⇒ String

Returns current time in milliseconds.

Returns:

• (String) —

  current time in milliseconds

Author:

• Scott Sampson

# File 'lib/rgigya/sig_utils.rb', line 78

def current_time_in_milliseconds()
   return DateTime.now.strftime("%Q")
end

.get_dynamic_session_signature(glt_cookie, timeout_in_seconds) ⇒ String

generates the value for the session expiration cookie developers.gigya.com/010_Developer_Guide/87_Security#Defining_a_Session_Expiration_Cookie

You want to use this if you want to terminate a session in the future

Parameters:

• glt_cookie (String) —

  The login token received from Gigya after successful Login. Gigya stores the token in a cookie named: “glt_” + <Your API Key>

• timeout_in_seconds (Integer) —

  The expiration time in seconds since Jan. 1st 1970 and in GMT/UTC timezone.

Returns:

• (String) —

  value you want to set in the cookie

Author:

• Scott Sampson

# File 'lib/rgigya/sig_utils.rb', line 64

def get_dynamic_session_signature(glt_cookie, timeout_in_seconds)
	expiration_time_unix_ms = (current_time_in_milliseconds().to_i/1000) + timeout_in_seconds
   expiration_time_unix = expiration_time_unix_ms.floor.to_s
	unsigned_expiration = "#{glt_cookie}_#{expiration_time_unix}"
	signed_expiration = calculate_signature(unsigned_expiration,@@api_secret)
	return "#{expiration_time_unix}_#{signed_expiration}"
end

.validate_friend_signature(uid, timestamp, friend_uid, signature) ⇒ Boolean

developers.gigya.com/010_Developer_Guide/87_Security#Validate_Friendship_Signatures_when_required

Parameters:

• uid (String) —

  The id for the user who’s friends you are getting

• timestamp (String) —

  The signatureTimestamp passed along with each friend to verify the signature

• friend_uid (String) —

  gigya’s user_id for the friend

• signature (String) —

  the friendshipSignature we are verifying against

Returns:

• (Boolean) —

  true or false on whether the signature is valid

Author:

• Scott Sampson

# File 'lib/rgigya/sig_utils.rb', line 46

def validate_friend_signature(uid, timestamp, friend_uid, signature)
		base = "#{timestamp}_#{friend_uid}_#{uid}"
		expected_signature = calculate_signature(base, @@api_secret)
		return expected_signature == signature
end

.validate_user_signature(uid, timestamp, signature) ⇒ Boolean

validates the signature from the api calls having to do with authentication developers.gigya.com/010_Developer_Guide/87_Security#Validate_the_UID_Signature_in_the_Social_Login_Process

Parameters:

• uid (String) —

  The id for the user who’s friends you are getting

• timestamp (String) —

  The signatureTimestamp passed along with api call

• signature (String) —

  the UIDSignature we are verifying against

Returns:

• (Boolean) —

  true or false on whether the signature is valid

Author:

• Scott Sampson

# File 'lib/rgigya/sig_utils.rb', line 27

def validate_user_signature(uid, timestamp, signature) 
  base = "#{timestamp}_#{uid}"
	expected_signature = calculate_signature(base, @@api_secret)
	return expected_signature == signature
end