Class: JWT::Verify

Inherits:

Object

• Object
• JWT::Verify

Defined in:

lib/jwt/verify.rb

Overview

JWT verify methods

Constant Summary

DEFAULTS =

{
  leeway: 0
}.freeze

Class Method Summary

• .verify_claims(payload, options) ⇒ Object

Instance Method Summary

• #initialize(payload, options) ⇒ Verify constructor

  A new instance of Verify.

• #verify_aud ⇒ Object
• #verify_expiration ⇒ Object
• #verify_iat ⇒ Object
• #verify_iss ⇒ Object
• #verify_jti ⇒ Object
• #verify_not_before ⇒ Object
• #verify_required_claims ⇒ Object
• #verify_sub ⇒ Object

Constructor Details

#initialize(payload, options) ⇒ Verify

Returns a new instance of Verify.

# File 'lib/jwt/verify.rb', line 28

def initialize(payload, options)
  @payload = payload
  @options = DEFAULTS.merge(options)
end

Class Method Details

.verify_claims(payload, options) ⇒ Object

# File 'lib/jwt/verify.rb', line 19

def verify_claims(payload, options)
  options.each do |key, val|
    next unless key.to_s =~ /verify/

    Verify.send(key, payload, options) if val
  end
end

Instance Method Details

#verify_aud ⇒ Object

Raises:

• (JWT::InvalidAudError)

# File 'lib/jwt/verify.rb', line 33

def verify_aud
  return unless (options_aud = @options[:aud])

  aud = @payload['aud']
  raise(JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{aud || '<none>'}") if ([*aud] & [*options_aud]).empty?
end

#verify_expiration ⇒ Object

Raises:

• (JWT::ExpiredSignature)

# File 'lib/jwt/verify.rb', line 40

def verify_expiration
  return unless contains_key?(@payload, 'exp')
  raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
end

#verify_iat ⇒ Object

Raises:

• (JWT::InvalidIatError)

# File 'lib/jwt/verify.rb', line 45

def verify_iat
  return unless contains_key?(@payload, 'iat')

  iat = @payload['iat']
  raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
end

#verify_iss ⇒ Object

# File 'lib/jwt/verify.rb', line 52

def verify_iss
  return unless (options_iss = @options[:iss])

  iss = @payload['iss']

  options_iss = Array(options_iss).map { |item| item.is_a?(Symbol) ? item.to_s : item }

  case iss
  when *options_iss
    nil
  else
    raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
  end
end

#verify_jti ⇒ Object

# File 'lib/jwt/verify.rb', line 67

def verify_jti
  options_verify_jti = @options[:verify_jti]
  jti = @payload['jti']

  if options_verify_jti.respond_to?(:call)
    verified = options_verify_jti.arity == 2 ? options_verify_jti.call(jti, @payload) : options_verify_jti.call(jti)
    raise(JWT::InvalidJtiError, 'Invalid jti') unless verified
  elsif jti.to_s.strip.empty?
    raise(JWT::InvalidJtiError, 'Missing jti')
  end
end

#verify_not_before ⇒ Object

Raises:

• (JWT::ImmatureSignature)

# File 'lib/jwt/verify.rb', line 79

def verify_not_before
  return unless contains_key?(@payload, 'nbf')
  raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
end

#verify_required_claims ⇒ Object

# File 'lib/jwt/verify.rb', line 91

def verify_required_claims
  return unless (options_required_claims = @options[:required_claims])

  options_required_claims.each do |required_claim|
    raise(JWT::MissingRequiredClaim, "Missing required claim #{required_claim}") unless contains_key?(@payload, required_claim)
  end
end

#verify_sub ⇒ Object

Raises:

• (JWT::InvalidSubError)

# File 'lib/jwt/verify.rb', line 84

def verify_sub
  return unless (options_sub = @options[:sub])

  sub = @payload['sub']
  raise(JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{sub || '<none>'}") unless sub.to_s == options_sub.to_s
end