-
Notifications
You must be signed in to change notification settings - Fork 373
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
remove duplication in claim verifications
- Loading branch information
1 parent
3a1809e
commit 9710bc9
Showing
19 changed files
with
83 additions
and
124 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,79 +1,38 @@ | ||
# frozen_string_literal: true | ||
|
||
require_relative 'claims/audience' | ||
require_relative 'claims/expiration' | ||
require_relative 'claims/issued_at' | ||
require_relative 'claims/issuer' | ||
require_relative 'claims/jwt_id' | ||
require_relative 'claims/not_before' | ||
require_relative 'claims/numeric' | ||
require_relative 'claims/required' | ||
require_relative 'claims/subject' | ||
|
||
module JWT | ||
module Claims | ||
ValidationContext = Struct.new(:payload, keyword_init: true) | ||
VerificationContext = Struct.new(:payload, keyword_init: true) | ||
|
||
VERIFIERS = { | ||
verify_expiration: ->(options) { Claims::Expiration.new(leeway: options[:exp_leeway] || options[:leeway]) }, | ||
verify_not_before: ->(options) { Claims::NotBefore.new(leeway: options[:nbf_leeway] || options[:leeway]) }, | ||
verify_iss: ->(options) { Claims::Issuer.new(issuers: options[:iss]) }, | ||
verify_iat: ->(*) { Claims::IssuedAt.new }, | ||
verify_jti: ->(options) { Claims::JwtId.new(validator: options[:verify_jti]) }, | ||
verify_aud: ->(options) { Claims::Audience.new(expected_audience: options[:aud]) }, | ||
verify_sub: ->(options) { options[:sub] && Claims::Subject.new(expected_subject: options[:sub]) }, | ||
required_claims: ->(options) { Claims::Required.new(required_claims: options[:required_claims]) } | ||
}.freeze | ||
|
||
class << self | ||
def verify!(payload, options) | ||
verify_expiration(payload, options) | ||
verify_not_before(payload, options) | ||
verify_iss(payload, options) | ||
verify_iat(payload, options) | ||
verify_jti(payload, options) | ||
verify_aud(payload, options) | ||
verify_sub(payload, options) | ||
verify_required_claims(payload, options) | ||
end | ||
VERIFIERS.each do |key, verifier_builder| | ||
next unless options[key] | ||
|
||
def verify_aud(payload, options) | ||
return unless options[:verify_aud] | ||
|
||
Claims::Audience.new(expected_audience: options[:aud]).validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_expiration(payload, options) | ||
return unless options[:verify_expiration] | ||
|
||
Claims::Expiration.new(leeway: options[:exp_leeway] || options[:leeway]).validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_iat(payload, options) | ||
return unless options[:verify_iat] | ||
|
||
Claims::IssuedAt.new.validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_iss(payload, options) | ||
return unless options[:verify_iss] | ||
|
||
Claims::Issuer.new(issuers: options[:iss]).validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_jti(payload, options) | ||
return unless options[:verify_jti] | ||
|
||
Claims::JwtId.new(validator: options[:verify_jti]).validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_not_before(payload, options) | ||
return unless options[:verify_not_before] | ||
|
||
Claims::NotBefore.new(leeway: options[:nbf_leeway] || options[:leeway]).validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_sub(payload, options) | ||
return unless options[:verify_sub] | ||
return unless options[:sub] | ||
|
||
Claims::Subject.new(expected_subject: options[:sub]).validate!(context: ValidationContext.new(payload: payload)) | ||
end | ||
|
||
def verify_required_claims(payload, options) | ||
return unless (options_required_claims = options[:required_claims]) | ||
|
||
Claims::Required.new(required_claims: options_required_claims).validate!(context: ValidationContext.new(payload: payload)) | ||
verifier_builder&.call(options)&.verify!(context: VerificationContext.new(payload: payload)) | ||
end | ||
end | ||
end | ||
end | ||
end | ||
|
||
require_relative 'claims/audience' | ||
require_relative 'claims/expiration' | ||
require_relative 'claims/issued_at' | ||
require_relative 'claims/issuer' | ||
require_relative 'claims/jwt_id' | ||
require_relative 'claims/not_before' | ||
require_relative 'claims/numeric' | ||
require_relative 'claims/required' | ||
require_relative 'claims/subject' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.