Class: Riddl::Utils::OAuth2::UnivieBearer::CheckAuth

Inherits:

Implementation

• Object
• Implementation
• Riddl::Utils::OAuth2::UnivieBearer::CheckAuth

Defined in:

lib/ruby/riddl/utils/oauth2-univie.rb

Instance Method Summary

• #response ⇒ Object

Methods inherited from Implementation

#headers, #initialize, #status

Constructor Details

This class inherits a constructor from Riddl::Implementation

Instance Method Details

#response ⇒ Object

# File 'lib/ruby/riddl/utils/oauth2-univie.rb', line 18

def response
	client_id = @a[0]
	client_secret = @a[1]
	access_tokens = @a[2]
	if @h['AUTHORIZATION']
		token = @h['AUTHORIZATION'].sub(/^Bearer /, '')

		data, _, signature = token.rpartition '.'
		expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)

		if !access_tokens.key? token
			@status = 403
			return Riddl::Parameter::Complex.new('data', 'application/json', {
				:error => 'Unknown token'
			}.to_json)
		elsif signature != expected_sign
			@status = 403
			return Riddl::Parameter::Complex.new('data', 'application/json', {
				:error => 'Invalid token, you bad boy'
			}.to_json)
		end

		header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
		payload_claims = JSON::parse payload_claims

		if header_claims != Riddl::Utils::OAuth2::Helper::header
			@status = 401
			return Riddl::Parameter::Complex.new('data', 'application/json', {
				:error => 'Invalid header claims'
			}.to_json)
		elsif payload_claims['exp'] <= Time.now.to_i
			@status = 403
			return Riddl::Parameter::Complex.new('data', 'application/json', {
				:error => 'Expired token'
			}.to_json)
		elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
			# XXX: ein token für mehrere clients gültig? lookup?
			@status = 403
			return Riddl::Parameter::Complex.new('data', 'application/json', {
				:error => 'Token is not valid for this application'
			}.to_json)
		end

		@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens[token])
	end

	@p
end