class SoarAuthenticationToken::JwtTokenValidator
Public Class Methods
new(configuration)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 5 def initialize(configuration) @configuration = configuration set_configuration_defaults validate_configuration end
Public Instance Methods
inject_store_provider(store_provider)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 11 def inject_store_provider(store_provider) @store_provider = store_provider end
validate(authentication_token:,flow_identifier:, request_information:)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 15 def validate(authentication_token:,flow_identifier:, request_information:) decoded_token_payload = decode(authentication_token) return rejection_result(reason: 'Token decode/verification failure') if decoded_token_payload.nil? meta = compile_meta_from_payload(decoded_token_payload) return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta) return rejection_result(reason: "Unknown token for <#{meta['authenticated_identifier']}>") unless token_exist_in_store?(meta,flow_identifier) success_result(token_meta: meta) end
Private Instance Methods
attempt_decode_using_a_key(authentication_token,key_data)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 58 def attempt_decode_using_a_key(authentication_token,key_data) public_key = OpenSSL::PKey::EC.new(key_data['public_key']) public_key.private_key = nil JWT.decode(authentication_token.to_s, public_key, true, { :algorithm => 'ES512' }) rescue JWT::VerificationError, JWT::DecodeError nil end
compile_meta_from_payload(decoded_token_payload)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 30 def compile_meta_from_payload(decoded_token_payload) { 'token_identifier' => decoded_token_payload[0]['token_identifier'], 'authenticated_identifier' => decoded_token_payload[0]['authenticated_identifier'], 'token_issue_time' => decoded_token_payload[0]['token_issue_time'], 'token_expiry_time' => decoded_token_payload[0]['token_expiry_time'], 'token_age' => token_age(decoded_token_payload[0]['token_issue_time']) } end
decode(authentication_token)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 50 def decode(authentication_token) @configuration['keys'].sort.reverse_each do |key_name, key_data| payload = attempt_decode_using_a_key(authentication_token,key_data) return payload if payload end nil end
rejection_result(reason:)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 79 def rejection_result(reason:) [false, nil, reason] end
set_configuration_defaults()
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 26 def set_configuration_defaults @configuration['expiry'] ||= 86400 end
success_result(token_meta:)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 83 def success_result(token_meta:) [true, token_meta, "Valid token for <#{token_meta['authenticated_identifier']}>" ] end
token_age(token_issue_time)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 40 def token_age(token_issue_time) Time.now - Time.parse(token_issue_time.to_s) end
token_exist_in_store?(meta,flow_identifier)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 70 def token_exist_in_store?(meta,flow_identifier) @store_provider.token_exist?( token_identifier: meta['token_identifier'], authenticated_identifier: meta['authenticated_identifier'], token_issue_time: meta['token_issue_time'], token_expiry_time: meta['token_expiry_time'], flow_identifier: flow_identifier) end
token_expired?(meta)
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 66 def token_expired?(meta) Time.parse(meta['token_expiry_time'].to_s) < Time.now end
validate_configuration()
click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 44 def validate_configuration raise "'keys' must be configured" unless @configuration['keys'] raise "'expiry' must be configured" unless @configuration['expiry'] raise "'expiry' must be an integer" unless Integer(@configuration['expiry']) end