Relocate JSONWebToken::HMACToken from EEashmckenzie/hmac-token-decode-and-tests

2 files changed, 35 insertions, 2 deletions

diff --git a/lib/json_web_token/hmac_token.rb b/lib/json_web_token/hmac_token.rb
new file mode 100644
index 00000000000..ceb1b9c913f
--- /dev/null
+++ b/lib/json_web_token/hmac_token.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module JSONWebToken
+  class HMACToken < Token
+    IAT_LEEWAY = 60
+    JWT_ALGORITHM = 'HS256'
+
+    def initialize(secret)
+      super()
+
+      @secret = secret
+    end
+
+    def self.decode(token, secret, leeway: IAT_LEEWAY, verify_iat: true)
+      JWT.decode(token, secret, true, leeway: leeway, verify_iat: verify_iat, algorithm: JWT_ALGORITHM)
+    end
+
+    def encoded
+      JWT.encode(payload, secret, JWT_ALGORITHM)
+    end
+
+    private
+
+    attr_reader :secret
+  end
+end
diff --git a/lib/json_web_token/token.rb b/lib/json_web_token/token.rb
index ce5d6f248d0..c59beef02c9 100644
--- a/lib/json_web_token/token.rb
+++ b/lib/json_web_token/token.rb
@@ -1,17 +1,22 @@
 # frozen_string_literal: true
 
+require 'securerandom'
+
 module JSONWebToken
   class Token
     attr_accessor :issuer, :subject, :audience, :id
     attr_accessor :issued_at, :not_before, :expire_time
 
+    DEFAULT_NOT_BEFORE_TIME = 5
+    DEFAULT_EXPIRE_TIME = 60
+
     def initialize
       @id = SecureRandom.uuid
       @issued_at = Time.now
       # we give a few seconds for time shift
-      @not_before = issued_at - 5.seconds
+      @not_before = issued_at - DEFAULT_NOT_BEFORE_TIME
       # default 60 seconds should be more than enough for this authentication token
-      @expire_time = issued_at + 1.minute
+      @expire_time = issued_at + DEFAULT_EXPIRE_TIME
       @custom_payload = {}
     end