lib/fernet/verifier.rb in fernet-1.0 vs lib/fernet/verifier.rb in fernet-1.1
- old
+ new
@@ -1,18 +1,20 @@
require 'base64'
-require 'json'
+require 'yajl'
require 'openssl'
require 'date'
module Fernet
class Verifier
attr_reader :token, :data
- attr_writer :seconds_valid
+ attr_accessor :ttl, :enforce_ttl
def initialize(secret, decrypt)
- @secret = Secret.new(secret, decrypt)
- @decrypt = decrypt
+ @secret = Secret.new(secret, decrypt)
+ @decrypt = decrypt
+ @ttl = 60
+ @enforce_ttl = true
end
def verify_token(token)
@token = token
deconstruct
@@ -25,33 +27,37 @@
signatures_match? && token_recent_enough? && custom_verification
end
def inspect
- "#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @seconds_valid=#{@seconds_valid}>"
+ "#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @ttl=#{@ttl}>"
end
alias to_s inspect
private
attr_reader :secret
def deconstruct
parts = @token.split('|')
if decrypt?
encrypted_data, iv, @received_signature = *parts
- @data = JSON.parse(decrypt!(encrypted_data, Base64.urlsafe_decode64(iv)))
+ @data = Yajl::Parser.parse(decrypt!(encrypted_data, Base64.urlsafe_decode64(iv)))
signing_blob = "#{encrypted_data}|#{iv}"
else
encoded_data, @received_signature = *parts
signing_blob = encoded_data
- @data = JSON.parse(Base64.urlsafe_decode64(encoded_data))
+ @data = Yajl::Parser.parse(Base64.urlsafe_decode64(encoded_data))
end
@regenerated_mac = OpenSSL::HMAC.hexdigest('sha256', signing_blob, signing_key)
end
def token_recent_enough?
- DateTime.parse(data['issued_at']) > (DateTime.now - 60)
+ if enforce_ttl?
+ DateTime.parse(data['issued_at']) > (now - ttl)
+ else
+ true
+ end
end
def signatures_match?
regenerated_bytes = @regenerated_mac.bytes.to_a
received_bytes = @received_signature.bytes.to_a
@@ -78,7 +84,14 @@
def decrypt?
@decrypt
end
+ def enforce_ttl?
+ @enforce_ttl
+ end
+
+ def now
+ DateTime.now
+ end
end
end