class Riddl::Utils::OAuth2::UnivieBearer::CheckAuth

Public Instance Methods

response() click to toggle source
# File lib/ruby/riddl/utils/oauth2-univie.rb, line 9
def response
  client_id = @a[0]
  client_secret = @a[1]
  access_tokens = @a[2]
  if @h['AUTHORIZATION']
    token = @h['AUTHORIZATION'].sub(/^Bearer /, '')

    data, _, signature = token.rpartition '.'
    expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)

    if !access_tokens.key? token
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Unknown token'
      }.to_json)
    elsif signature != expected_sign
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Invalid token, you bad boy'
      }.to_json)
    end

    header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
    payload_claims = JSON::parse payload_claims

    if header_claims != Riddl::Utils::OAuth2::Helper::header
      @status = 401
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Invalid header claims'
      }.to_json)
    elsif payload_claims['exp'] <= Time.now.to_i
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Expired token'
      }.to_json)
    elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
      # XXX: ein token für mehrere clients gültig? lookup?
      @status = 403
      return Riddl::Parameter::Complex.new('data', 'application/json', {
        :error => 'Token is not valid for this application'
      }.to_json)
    end

    @headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
  end

  @p
end