require 'deprecate' module Panoptes class Client module Authentication extend Gem::Deprecate attr_reader :payload def jwt_payload raise NotLoggedIn unless @auth[:token] @payload = decode_token(@auth[:token]) rescue JWT::ExpiredSignature raise AuthenticationExpired end def token_contents if payload_exists? && !payload_expired? # use the cached version of the payload while not expired payload['data'] else # decode the payload from the JWT token jwt_payload['data'] end end def token_expiry # always decode and fetch the expiry time from the JWT token Time.at(jwt_payload.fetch('exp',0)).utc end def authenticated? !!token_contents['id'] end def authenticated_user_login ensure_authenticated token_contents.fetch('login', nil) end def authenticated_user_display_name ensure_authenticated token_contents.fetch('dname', nil) end def authenticated_user_id ensure_authenticated token_contents.fetch('id') end def authenticated_admin? ensure_authenticated token_contents.fetch('admin', false) end def current_user token_contents end deprecate :current_user, :token_contents, 2019, 7 private def ensure_authenticated raise NotLoggedIn unless authenticated? end def payload_exists? !!@payload end def payload_expiry_time @payload_expiry_time ||= Time.at(payload.fetch('exp',0)).utc end def payload_expired? payload_expiry_time < Time.now.utc end def jwt_signing_public_key @jwt_signing_public_key ||= OpenSSL::PKey::RSA.new(File.read(@public_key_path)) end def decode_token(token) payload, = JWT.decode token, jwt_signing_public_key, algorithm: 'RS512' payload end def public_key_for_env(env) case env.to_s when "staging" File.expand_path(File.join("..","..", "..", "..", "data", "doorkeeper-jwt-staging.pub"), __FILE__) when "production" File.expand_path(File.join("..","..", "..", "..", "data", "doorkeeper-jwt-production.pub"), __FILE__) else nil end end end end end