56 lines
1.1 KiB
Ruby
56 lines
1.1 KiB
Ruby
|
# frozen_string_literal: true
|
||
|
|
|
||
|
|
module Atlassian
|
||
|
|
module JiraConnect
|
||
|
|
module Jwt
|
||
|
|
class Symmetric
|
||
|
|
include Gitlab::Utils::StrongMemoize
|
||
|
|
|
||
|
|
CONTEXT_QSH_STRING = 'context-qsh'
|
||
|
|
|
||
|
|
def initialize(jwt)
|
||
|
|
@jwt = jwt
|
||
|
|
end
|
||
|
|
|
||
|
|
def iss_claim
|
||
|
|
jwt_headers['iss']
|
||
|
|
end
|
||
|
|
|
||
|
|
def sub_claim
|
||
|
|
jwt_headers['sub']
|
||
|
|
end
|
||
|
|
|
||
|
|
def valid?(shared_secret)
|
||
|
|
Atlassian::Jwt.decode(@jwt, shared_secret).present?
|
||
|
|
rescue JWT::DecodeError
|
||
|
|
false
|
||
|
|
end
|
||
|
|
|
||
|
|
def verify_qsh_claim(url_with_query, method, url)
|
||
|
|
qsh_claim == Atlassian::Jwt.create_query_string_hash(url_with_query, method, url)
|
||
|
|
rescue StandardError
|
||
|
|
false
|
||
|
|
end
|
||
|
|
|
||
|
|
def verify_context_qsh_claim
|
||
|
|
qsh_claim == CONTEXT_QSH_STRING
|
||
|
|
end
|
||
|
|
|
||
|
|
private
|
||
|
|
|
||
|
|
def qsh_claim
|
||
|
|
jwt_headers['qsh']
|
||
|
|
end
|
||
|
|
|
||
|
|
def jwt_headers
|
||
|
|
strong_memoize(:jwt_headers) do
|
||
|
|
Atlassian::Jwt.decode(@jwt, nil, false).first
|
||
|
|
rescue JWT::DecodeError
|
||
|
|
{}
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|