summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2018-11-13 06:12:41 +0000
committerStan Hu <stanhu@gmail.com>2018-11-13 06:12:41 +0000
commit123970182274ead330cdb93a1cb3296884b1cd69 (patch)
treea1a6724469a0abc8ad3cba07f89e16a900664802 /lib
parent5fd652decbed82366b96b0acb8446ac46202ce0a (diff)
parenta3c80014f5dc849af1933570877f8230d98417f1 (diff)
downloadgitlab-ce-123970182274ead330cdb93a1cb3296884b1cd69.tar.gz
Merge branch 'ashmckenzie/hmac-token-decode-and-tests' into 'master'
Relocate JSONWebToken::HMACToken from EE See merge request gitlab-org/gitlab-ce!22906
Diffstat (limited to 'lib')
-rw-r--r--lib/json_web_token/hmac_token.rb28
-rw-r--r--lib/json_web_token/token.rb9
2 files changed, 35 insertions, 2 deletions
diff --git a/lib/json_web_token/hmac_token.rb b/lib/json_web_token/hmac_token.rb
new file mode 100644
index 00000000000..ceb1b9c913f
--- /dev/null
+++ b/lib/json_web_token/hmac_token.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module JSONWebToken
+ class HMACToken < Token
+ IAT_LEEWAY = 60
+ JWT_ALGORITHM = 'HS256'
+
+ def initialize(secret)
+ super()
+
+ @secret = secret
+ end
+
+ def self.decode(token, secret, leeway: IAT_LEEWAY, verify_iat: true)
+ JWT.decode(token, secret, true, leeway: leeway, verify_iat: verify_iat, algorithm: JWT_ALGORITHM)
+ end
+
+ def encoded
+ JWT.encode(payload, secret, JWT_ALGORITHM)
+ end
+
+ private
+
+ attr_reader :secret
+ end
+end
diff --git a/lib/json_web_token/token.rb b/lib/json_web_token/token.rb
index ce5d6f248d0..c59beef02c9 100644
--- a/lib/json_web_token/token.rb
+++ b/lib/json_web_token/token.rb
@@ -1,17 +1,22 @@
# frozen_string_literal: true
+require 'securerandom'
+
module JSONWebToken
class Token
attr_accessor :issuer, :subject, :audience, :id
attr_accessor :issued_at, :not_before, :expire_time
+ DEFAULT_NOT_BEFORE_TIME = 5
+ DEFAULT_EXPIRE_TIME = 60
+
def initialize
@id = SecureRandom.uuid
@issued_at = Time.now
# we give a few seconds for time shift
- @not_before = issued_at - 5.seconds
+ @not_before = issued_at - DEFAULT_NOT_BEFORE_TIME
# default 60 seconds should be more than enough for this authentication token
- @expire_time = issued_at + 1.minute
+ @expire_time = issued_at + DEFAULT_EXPIRE_TIME
@custom_payload = {}
end