lib/fernet/verifier.rb in fernet-0.0.1 vs lib/fernet/verifier.rb in fernet-0.0.2
- old
+ new
@@ -4,28 +4,38 @@
require 'date'
module Fernet
class Verifier
- attr_reader :secret, :token, :data
+ attr_reader :token, :data
attr_writer :seconds_valid
def initialize(secret)
- @secret = secret
+ @secret = secret
end
def verify_token(token)
@token = token
deconstruct
- custom_verification = yield self
+ if block_given?
+ custom_verification = yield self
+ else
+ custom_verification = true
+ end
signatures_match? && token_recent_enough? && custom_verification
end
- private
+ def inspect
+ "#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @seconds_valid=#{@seconds_valid}>"
+ end
+ alias to_s inspect
+ private
+ attr_reader :secret
+
def deconstruct
@data = JSON.parse(Base64.decode64(token))
@received_signature = @data.delete('signature')
@regenerated_mac = OpenSSL::HMAC.hexdigest('sha256', JSON.dump(@data), secret)
end
@@ -33,9 +43,13 @@
def token_recent_enough?
DateTime.parse(data['issued_at']) > (DateTime.now - 60)
end
def signatures_match?
- @regenerated_mac == @received_signature
+ regenerated_bytes = @regenerated_mac.bytes.to_a
+ received_bytes = @received_signature.bytes.to_a
+ received_bytes.inject(0) do |accum, byte|
+ accum |= byte ^ regenerated_bytes.shift
+ end.zero?
end
end
end