Class: Riddl::Utils::OAuth2::UnivieBearer::CheckAuth

Inherits:
Implementation show all
Defined in:
lib/ruby/riddl/utils/oauth2-univie.rb

Instance Method Summary collapse

Methods inherited from Implementation

#headers, #initialize, #status

Constructor Details

This class inherits a constructor from Riddl::Implementation

Instance Method Details

#responseObject 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/ruby/riddl/utils/oauth2-univie.rb', line 9

def response
  client_id = @a[0]
  client_secret = @a[1]
  access_tokens = @a[2]
  if @h['AUTHORIZATION']
    token = @h['AUTHORIZATION'].sub(/^Bearer /, '')

    data, _, signature = token.rpartition '.'
    expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)

    if !access_tokens.key? token
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Unknown token'
      }.to_json)
    elsif signature != expected_sign
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Invalid token, you bad boy'
      }.to_json)
    end

    header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
    payload_claims = JSON::parse payload_claims

    if header_claims != Riddl::Utils::OAuth2::Helper::header
      @status = 401
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Invalid header claims'
      }.to_json)
    elsif payload_claims['exp'] <= Time.now.to_i
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Expired token'
      }.to_json)
    elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
      # XXX: ein token für mehrere clients gültig? lookup?
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Token is not valid for this application'
      }.to_json)
    end

    @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
  end

  @p
end