class Riddl::Utils::OAuth2::UnivieBearer::CheckAuth
Public Instance Methods
response()
click to toggle source
# File lib/ruby/riddl/utils/oauth2-univie.rb, line 9 def response client_id = @a[0] client_secret = @a[1] access_tokens = @a[2] if @h['AUTHORIZATION'] token = @h['AUTHORIZATION'].sub(/^Bearer /, '') data, _, signature = token.rpartition '.' expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data) if !access_tokens.key? token @status = 403 return Riddl::Parameter::Complex.new('data', 'application/json', { :error => 'Unknown token' }.to_json) elsif signature != expected_sign @status = 403 return Riddl::Parameter::Complex.new('data', 'application/json', { :error => 'Invalid token, you bad boy' }.to_json) end header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v } payload_claims = JSON::parse payload_claims if header_claims != Riddl::Utils::OAuth2::Helper::header @status = 401 return Riddl::Parameter::Complex.new('data', 'application/json', { :error => 'Invalid header claims' }.to_json) elsif payload_claims['exp'] <= Time.now.to_i @status = 403 return Riddl::Parameter::Complex.new('data', 'application/json', { :error => 'Expired token' }.to_json) elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id # XXX: ein token für mehrere clients gültig? lookup? @status = 403 return Riddl::Parameter::Complex.new('data', 'application/json', { :error => 'Token is not valid for this application' }.to_json) end @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token)) end @p end