Move HMAC tokens into users.cr
This commit is contained in:
parent
dcddb6fb83
commit
1465cefa17
|
@ -389,55 +389,3 @@ def extract_items(nodeset, ucid = nil)
|
|||
|
||||
return items
|
||||
end
|
||||
|
||||
def create_response(user_id, operation, key, expire = 6.hours)
|
||||
expire = Time.now + expire
|
||||
nonce = Random::Secure.hex(4)
|
||||
|
||||
challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
|
||||
token = OpenSSL::HMAC.digest(:sha256, key, challenge)
|
||||
|
||||
challenge = Base64.urlsafe_encode(challenge)
|
||||
token = Base64.urlsafe_encode(token)
|
||||
|
||||
return challenge, token
|
||||
end
|
||||
|
||||
def validate_response(challenge, token, user_id, operation, key)
|
||||
if !challenge
|
||||
raise "Hidden field \"challenge\" is a required field"
|
||||
end
|
||||
|
||||
if !token
|
||||
raise "Hidden field \"token\" is a required field"
|
||||
end
|
||||
|
||||
challenge = Base64.decode_string(challenge)
|
||||
if challenge.split("-").size == 4
|
||||
expire, nonce, challenge_user_id, challenge_operation = challenge.split("-")
|
||||
|
||||
expire = expire.to_i?
|
||||
expire ||= 0
|
||||
else
|
||||
raise "Invalid challenge"
|
||||
end
|
||||
|
||||
challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge)
|
||||
challenge = Base64.urlsafe_encode(challenge)
|
||||
|
||||
if challenge != token
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if challenge_operation != operation
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if challenge_user_id != user_id
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if expire < Time.now.to_unix
|
||||
raise "Token is expired, please try again"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -195,3 +195,55 @@ def create_user(sid, email, password)
|
|||
|
||||
return user
|
||||
end
|
||||
|
||||
def create_response(user_id, operation, key, expire = 6.hours)
|
||||
expire = Time.now + expire
|
||||
nonce = Random::Secure.hex(4)
|
||||
|
||||
challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
|
||||
token = OpenSSL::HMAC.digest(:sha256, key, challenge)
|
||||
|
||||
challenge = Base64.urlsafe_encode(challenge)
|
||||
token = Base64.urlsafe_encode(token)
|
||||
|
||||
return challenge, token
|
||||
end
|
||||
|
||||
def validate_response(challenge, token, user_id, operation, key)
|
||||
if !challenge
|
||||
raise "Hidden field \"challenge\" is a required field"
|
||||
end
|
||||
|
||||
if !token
|
||||
raise "Hidden field \"token\" is a required field"
|
||||
end
|
||||
|
||||
challenge = Base64.decode_string(challenge)
|
||||
if challenge.split("-").size == 4
|
||||
expire, nonce, challenge_user_id, challenge_operation = challenge.split("-")
|
||||
|
||||
expire = expire.to_i?
|
||||
expire ||= 0
|
||||
else
|
||||
raise "Invalid challenge"
|
||||
end
|
||||
|
||||
challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge)
|
||||
challenge = Base64.urlsafe_encode(challenge)
|
||||
|
||||
if challenge != token
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if challenge_operation != operation
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if challenge_user_id != user_id
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if expire < Time.now.to_unix
|
||||
raise "Token is expired, please try again"
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue