diff options
| author | Ash McKenzie <amckenzie@gitlab.com> | 2018-11-08 12:28:13 +0300 |
|---|---|---|
| committer | Ash McKenzie <amckenzie@gitlab.com> | 2018-11-13 00:36:57 +0300 |
| commit | a3c80014f5dc849af1933570877f8230d98417f1 (patch) | |
| tree | 71b39ceca7c983125dc565356572767811a2fcbe /lib/json_web_token | |
| parent | b3b9817e5100ae2e827794d87ac6a6649571eddc (diff) | |
Relocate JSONWebToken::HMACToken from EE
Diffstat (limited to 'lib/json_web_token')
| -rw-r--r-- | lib/json_web_token/hmac_token.rb | 28 | ||||
| -rw-r--r-- | lib/json_web_token/token.rb | 9 |
2 files changed, 35 insertions, 2 deletions
diff --git a/lib/json_web_token/hmac_token.rb b/lib/json_web_token/hmac_token.rb new file mode 100644 index 00000000000..ceb1b9c913f --- /dev/null +++ b/lib/json_web_token/hmac_token.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'jwt' + +module JSONWebToken + class HMACToken < Token + IAT_LEEWAY = 60 + JWT_ALGORITHM = 'HS256' + + def initialize(secret) + super() + + @secret = secret + end + + def self.decode(token, secret, leeway: IAT_LEEWAY, verify_iat: true) + JWT.decode(token, secret, true, leeway: leeway, verify_iat: verify_iat, algorithm: JWT_ALGORITHM) + end + + def encoded + JWT.encode(payload, secret, JWT_ALGORITHM) + end + + private + + attr_reader :secret + end +end diff --git a/lib/json_web_token/token.rb b/lib/json_web_token/token.rb index ce5d6f248d0..c59beef02c9 100644 --- a/lib/json_web_token/token.rb +++ b/lib/json_web_token/token.rb @@ -1,17 +1,22 @@ # frozen_string_literal: true +require 'securerandom' + module JSONWebToken class Token attr_accessor :issuer, :subject, :audience, :id attr_accessor :issued_at, :not_before, :expire_time + DEFAULT_NOT_BEFORE_TIME = 5 + DEFAULT_EXPIRE_TIME = 60 + def initialize @id = SecureRandom.uuid @issued_at = Time.now # we give a few seconds for time shift - @not_before = issued_at - 5.seconds + @not_before = issued_at - DEFAULT_NOT_BEFORE_TIME # default 60 seconds should be more than enough for this authentication token - @expire_time = issued_at + 1.minute + @expire_time = issued_at + DEFAULT_EXPIRE_TIME @custom_payload = {} end |