class Darrrr::RecoveryToken

Constants

BASE64_CHARACTERS

Attributes

token_object[R]

Public Class Methods

account_provider_issuer(serialized_data) click to toggle source

Extract an account provider from a token based on the token type.

serialized_data: a binary string representation of a RecoveryToken.

returns the account provider for the recovery token or raises an error

if the token is a countersigned token
# File lib/darrrr/recovery_token.rb, line 91
def account_provider_issuer(serialized_data)
  issuer(serialized_data, Darrrr::RECOVERY_TOKEN_TYPE)
end
build(issuer:, audience:, type:, options: 0x00) click to toggle source

data: the value that will be encrypted by EncryptedData. audience: the provider for which we are building the token. type: Either 0 (recovery token) or 1 (countersigned recovery token) options: the value to set for the options byte

returns a RecoveryToken.

# File lib/darrrr/recovery_token.rb, line 43
def build(issuer:, audience:, type:, options: 0x00)
  token = RecoveryTokenWriter.new.tap do |token|
    token.token_id = token_id
    token.issuer = issuer.origin
    token.issued_time = Time.now.utc.iso8601
    token.options = options
    token.audience = audience.origin
    token.version = Darrrr::PROTOCOL_VERSION
    token.token_type = type
  end
  new(token)
end
parse(serialized_data) click to toggle source

serialized_data: a binary string representation of a RecoveryToken.

returns a RecoveryToken.

# File lib/darrrr/recovery_token.rb, line 65
def parse(serialized_data)
  new RecoveryTokenReader.new.read(serialized_data)
rescue IOError => e
  message = e.message
  if serialized_data =~ BASE64_CHARACTERS
    message = "#{message}: did you forget to Base64.strict_decode64 this value?"
  end
  raise RecoveryTokenSerializationError, message
end
recovery_provider_issuer(serialized_data) click to toggle source

Extract a recovery provider from a token based on the token type.

serialized_data: a binary string representation of a RecoveryToken.

returns the recovery provider for the coutnersigned token or raises an

error if the token is a recovery token
# File lib/darrrr/recovery_token.rb, line 81
def recovery_provider_issuer(serialized_data)
  issuer(serialized_data, Darrrr::COUNTERSIGNED_RECOVERY_TOKEN_TYPE)
end
token_id() click to toggle source

token ID generates a random array of bytes. this method only exists so that it can be stubbed.

# File lib/darrrr/recovery_token.rb, line 58
def token_id
  SecureRandom.random_bytes(16).bytes.to_a
end

Private Class Methods

issuer(serialized_data, token_type) click to toggle source

Convenience method to find the issuer of the token

serialized_data: a binary string representation of a RecoveryToken.

raises an error if the token is the not the expected type returns the account provider or recovery provider instance based on the

token type
# File lib/darrrr/recovery_token.rb, line 102
        def issuer(serialized_data, token_type)
  parsed_token = parse(serialized_data)
  raise TokenFormatError, "Token type must be #{token_type}" unless parsed_token.token_type == token_type

  issuer = parsed_token.issuer
  case token_type
  when Darrrr::RECOVERY_TOKEN_TYPE
    Darrrr.account_provider(issuer)
  when Darrrr::COUNTERSIGNED_RECOVERY_TOKEN_TYPE
    Darrrr.recovery_provider(issuer)
  else
    raise RecoveryTokenError, "Could not determine provider"
  end
end
new(token_object) click to toggle source

Typically, you would not call `new` directly but instead use `build` and `parse`

token_object: a RecoveryTokenWriter/RecoveryTokenReader instance

# File lib/darrrr/recovery_token.rb, line 22
def initialize(token_object)
  @token_object = token_object
end

Public Instance Methods

decode(context = nil) click to toggle source
# File lib/darrrr/recovery_token.rb, line 27
def decode(context = nil)
  Darrrr.this_account_provider.encryptor.decrypt(self.data, Darrrr.this_account_provider, context)
end
state_url() click to toggle source

A globally known location of the token, used to initiate a recovery

# File lib/darrrr/recovery_token.rb, line 32
def state_url
  [Darrrr.recovery_provider(self.audience).recover_account, "id=#{CGI::escape(token_id.to_hex)}"].join("?")
end