class Rack::OAuth2::AccessToken::MAC

Attributes

ext[R]
nonce[R]
signature[R]

Public Class Methods

new(attributes = {}) click to toggle source
Calls superclass method Rack::OAuth2::AccessToken.new
# File lib/rack/oauth2/access_token/mac.rb, line 9
def initialize(attributes = {})
  super(attributes)
  @issued_at = Time.now.utc
  @ts_expires_in ||= 5.minutes
end

Public Instance Methods

authenticate(request) click to toggle source
# File lib/rack/oauth2/access_token/mac.rb, line 53
def authenticate(request)
  @nonce = generate_nonce
  @ts_generated = @ts || Time.now.utc

  if self.ext_verifier.present?
    @ext = self.ext_verifier.new(
      raw_body: request.body,
      algorithm: self.mac_algorithm
    ).calculate
  end

  @signature = Signature.new(
    secret:      self.mac_key,
    algorithm:   self.mac_algorithm,
    nonce:       self.nonce,
    method:      request.header.request_method,
    request_uri: request.header.create_query_uri,
    host:        request.header.request_uri.host,
    port:        request.header.request_uri.port,
    ts:          @ts_generated,
    ext:         @ext
  ).calculate

  request.header['Authorization'] = authorization_header
end
token_response() click to toggle source
# File lib/rack/oauth2/access_token/mac.rb, line 15
def token_response
  super.merge(
    mac_key: mac_key,
    mac_algorithm: mac_algorithm
  )
end
verify!(request) click to toggle source
# File lib/rack/oauth2/access_token/mac.rb, line 22
def verify!(request)
  if self.ext_verifier.present?
    body = request.body.read
    request.body.rewind # for future use

    self.ext_verifier.new(
      raw_body: body,
      algorithm: self.mac_algorithm
    ).verify!(request.ext)
  end

  now = Time.now.utc.to_i
  now = @ts.to_i if @ts.present?

  raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i

  Signature.new(
    secret:      self.mac_key,
    algorithm:   self.mac_algorithm,
    nonce:       request.nonce,
    method:      request.request_method,
    request_uri: request.fullpath,
    host:        request.host,
    port:        request.port,
    ts:          request.ts,
    ext:         request.ext
  ).verify!(request.signature)
rescue Verifier::VerificationFailed => e
  request.invalid_token! e.message
end

Private Instance Methods

authorization_header() click to toggle source
# File lib/rack/oauth2/access_token/mac.rb, line 81
def authorization_header
  header = "MAC id=\"#{access_token}\""
  header << ", nonce=\"#{nonce}\""
  header << ", ts=\"#{@ts_generated.to_i}\""
  header << ", mac=\"#{signature}\""
  header << ", ext=\"#{ext}\"" if @ext.present?
  header
end
generate_nonce() click to toggle source
# File lib/rack/oauth2/access_token/mac.rb, line 90
def generate_nonce
  [
    (Time.now.utc - @issued_at).to_i,
    SecureRandom.hex
  ].join(':')
end