module JsonWebToken::Util
Utility methods
Public Instance Methods
constant_time_compare?(a, b)
click to toggle source
@param a [String] @param b [String] @return [Boolean] a predicate that compares two strings for equality in constant-time
to avoid timing attacks
@example
Util.constant_time_compare?("a", "A") # => false
@see tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3.2 @see cf. rails activesupport/lib/active_support/security_utils.rb
# File lib/json_web_token/util.rb, line 16 def constant_time_compare?(a, b) return false if a.nil? || b.nil? || a.empty? || b.empty? secure_compare(a, b) end
secure_compare(a, b)
click to toggle source
# File lib/json_web_token/util.rb, line 32 def secure_compare(a, b) return false unless a.bytesize == b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end
symbolize_keys(hsh)
click to toggle source
@param hsh [Hash] @return [Hash] a new hash with all keys converted to symbols,
as long as they respond to to_sym
@example
Util.symbolize_keys({'a' => 0, 'b' => '2', c: '3'}) # => {a: 0, b: '2', c: '3'}
@see cf. rails activesupport/lib/active_support/core_ext/hash/keys.rb
# File lib/json_web_token/util.rb, line 28 def symbolize_keys(hsh) transform_keys(hsh) { |key| key.to_sym rescue key } end
transform_keys(hsh) { |k| ... }
click to toggle source
# File lib/json_web_token/util.rb, line 40 def transform_keys(hsh) result = Hash.new hsh.keys.each { |k| result[yield(k)] = hsh[k] } result end