diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-11-13 06:12:41 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-11-13 06:12:41 +0000 |
| commit | 123970182274ead330cdb93a1cb3296884b1cd69 (patch) | |
| tree | a1a6724469a0abc8ad3cba07f89e16a900664802 /lib | |
| parent | 5fd652decbed82366b96b0acb8446ac46202ce0a (diff) | |
| parent | a3c80014f5dc849af1933570877f8230d98417f1 (diff) | |
| download | gitlab-ce-123970182274ead330cdb93a1cb3296884b1cd69.tar.gz | |
Merge branch 'ashmckenzie/hmac-token-decode-and-tests' into 'master'
Relocate JSONWebToken::HMACToken from EE
See merge request gitlab-org/gitlab-ce!22906
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/json_web_token/hmac_token.rb | 28 | ||||
| -rw-r--r-- | lib/json_web_token/token.rb | 9 |
2 files changed, 35 insertions, 2 deletions
diff --git a/lib/json_web_token/hmac_token.rb b/lib/json_web_token/hmac_token.rb new file mode 100644 index 00000000000..ceb1b9c913f --- /dev/null +++ b/lib/json_web_token/hmac_token.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'jwt' + +module JSONWebToken + class HMACToken < Token + IAT_LEEWAY = 60 + JWT_ALGORITHM = 'HS256' + + def initialize(secret) + super() + + @secret = secret + end + + def self.decode(token, secret, leeway: IAT_LEEWAY, verify_iat: true) + JWT.decode(token, secret, true, leeway: leeway, verify_iat: verify_iat, algorithm: JWT_ALGORITHM) + end + + def encoded + JWT.encode(payload, secret, JWT_ALGORITHM) + end + + private + + attr_reader :secret + end +end diff --git a/lib/json_web_token/token.rb b/lib/json_web_token/token.rb index ce5d6f248d0..c59beef02c9 100644 --- a/lib/json_web_token/token.rb +++ b/lib/json_web_token/token.rb @@ -1,17 +1,22 @@ # frozen_string_literal: true +require 'securerandom' + module JSONWebToken class Token attr_accessor :issuer, :subject, :audience, :id attr_accessor :issued_at, :not_before, :expire_time + DEFAULT_NOT_BEFORE_TIME = 5 + DEFAULT_EXPIRE_TIME = 60 + def initialize @id = SecureRandom.uuid @issued_at = Time.now # we give a few seconds for time shift - @not_before = issued_at - 5.seconds + @not_before = issued_at - DEFAULT_NOT_BEFORE_TIME # default 60 seconds should be more than enough for this authentication token - @expire_time = issued_at + 1.minute + @expire_time = issued_at + DEFAULT_EXPIRE_TIME @custom_payload = {} end |