module SoarAuthenticationToken class StaticTokenValidator def initialize(configuration) @configuration = configuration validate_configuration end def inject_store_provider(store_provider) #ignore the store provider since this validator does not use a store end def validate(authentication_token:,flow_identifier: nil) found_static_token = find_configured_static_token(authentication_token) return rejection_result(reason: 'Unknown static token') if found_static_token.nil? meta = compile_meta(token_identifier: 'static_token', authenticated_identifier: found_static_token['authenticated_identifier'], token_issue_time: found_static_token['token_issue_time'], token_expiry_time: found_static_token['token_expiry_time']) return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta) return success_result(token_meta: meta) end private def find_configured_static_token(authentication_token) @configuration['static_tokens'].each { |static_token| return static_token if authentication_token == static_token['token'] } nil end def compile_meta(token_identifier:, authenticated_identifier:, token_issue_time:, token_expiry_time:) { 'token_identifier' => token_identifier, 'authenticated_identifier' => authenticated_identifier, 'token_issue_time' => token_issue_time, 'token_expiry_time' => token_expiry_time, 'token_age' => token_age(token_issue_time) } end def token_age(token_issue_time) Time.now - Time.parse(token_issue_time.to_s) end def validate_configuration raise "array of 'static_tokens' must be configured" unless @configuration['static_tokens'] end def token_expired?(meta) Time.parse(meta['token_expiry_time'].to_s) < Time.now end def rejection_result(reason:) [false, nil, reason] end def success_result(token_meta:) [true, token_meta, "Valid token for <#{token_meta['authenticated_identifier']}>" ] end end end