File: verifier.rb

package info (click to toggle)
ruby-jwt 3.1.2-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 876 kB
  • sloc: ruby: 5,550; makefile: 4
file content (61 lines) | stat: -rw-r--r-- 2,112 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# frozen_string_literal: true

module JWT
  module Claims
    # @api private
    module Verifier
      VERIFIERS = {
        exp: ->(options) { Claims::Expiration.new(leeway: options.dig(:exp, :leeway)) },
        nbf: ->(options) { Claims::NotBefore.new(leeway: options.dig(:nbf, :leeway)) },
        iss: ->(options) { Claims::Issuer.new(issuers: options[:iss]) },
        iat: ->(*)       { Claims::IssuedAt.new },
        jti: ->(options) { Claims::JwtId.new(validator: options[:jti]) },
        aud: ->(options) { Claims::Audience.new(expected_audience: options[:aud]) },
        sub: ->(options) { Claims::Subject.new(expected_subject: options[:sub]) },
        crit: ->(options) { Claims::Crit.new(expected_crits: options[:crit]) },
        required: ->(options) { Claims::Required.new(required_claims: options[:required]) },
        numeric: ->(*)        { Claims::Numeric.new }
      }.freeze

      private_constant(:VERIFIERS)

      class << self
        # @api private
        def verify!(context, *options)
          iterate_verifiers(*options) do |verifier, verifier_options|
            verify_one!(context, verifier, verifier_options)
          end
          nil
        end

        # @api private
        def errors(context, *options)
          errors = []
          iterate_verifiers(*options) do |verifier, verifier_options|
            verify_one!(context, verifier, verifier_options)
          rescue ::JWT::DecodeError => e
            errors << Error.new(message: e.message)
          end
          errors
        end

        private

        def iterate_verifiers(*options)
          options.each do |element|
            if element.is_a?(Hash)
              element.each_key { |key| yield(key, element) }
            else
              yield(element, {})
            end
          end
        end

        def verify_one!(context, verifier, options)
          verifier_builder = VERIFIERS.fetch(verifier) { raise ArgumentError, "#{verifier} not a valid claim verifier" }
          verifier_builder.call(options || {}).verify!(context: context)
        end
      end
    end
  end
end