Merge branch 'master' into registry-790

# Conflicts: # test/integration/epp/domain/domain_delete_test.rb # test/integration/epp/domain/domain_update_test.rb # test/integration/epp/domain/transfer/request_test.rb # test/system/admin_area/domains_test.rb
2025-06-11 23:24:48 +02:00 · 2018-08-09 15:01:23 +03:00 · 2018-08-09 15:01:23 +03:00 · 1d79f6548d
commit 1d79f6548d
parent 4b30234c86 71c74a66f8
61 changed files with 731 additions and 84 deletions
--- a/lib/auth_token/auth_token_creator.rb
+++ b/lib/auth_token/auth_token_creator.rb
@ -0,0 +1,41 @@
+class AuthTokenCreator
+  DEFAULT_VALIDITY = 2.hours
+
+  attr_reader :user
+  attr_reader :key
+  attr_reader :expires_at
+
+  def self.create_with_defaults(user)
+    new(user, Rails.application.config.secret_key_base, Time.now + DEFAULT_VALIDITY)
+  end
+
+  def initialize(user, key, expires_at)
+    @user = user
+    @key = key
+    @expires_at = expires_at.utc.strftime('%F %T %Z')
+  end
+
+  def hashable
+    {
+      user_ident: user.registrant_ident,
+      user_username: user.username,
+      expires_at: expires_at,
+    }.to_json
+  end
+
+  def encrypted_token
+    encryptor = OpenSSL::Cipher::AES.new(256, :CBC)
+    encryptor.encrypt
+    encryptor.key = key
+    encrypted_bytes = encryptor.update(hashable) + encryptor.final
+    Base64.urlsafe_encode64(encrypted_bytes)
+  end
+
+  def token_in_hash
+    {
+      access_token: encrypted_token,
+      expires_at: expires_at,
+      type: 'Bearer',
+    }
+  end
+end
--- a/lib/auth_token/auth_token_decryptor.rb
+++ b/lib/auth_token/auth_token_decryptor.rb
@ -0,0 +1,43 @@
+class AuthTokenDecryptor
+  attr_reader :decrypted_data
+  attr_reader :token
+  attr_reader :key
+  attr_reader :user
+
+  def self.create_with_defaults(token)
+    new(token, Rails.application.config.secret_key_base)
+  end
+
+  def initialize(token, key)
+    @token = token
+    @key = key
+  end
+
+  def decrypt_token
+    decipher = OpenSSL::Cipher::AES.new(256, :CBC)
+    decipher.decrypt
+    decipher.key = key
+
+    base64_decoded = Base64.urlsafe_decode64(token.to_s)
+    plain = decipher.update(base64_decoded) + decipher.final
+
+    @decrypted_data = JSON.parse(plain, symbolize_names: true)
+  rescue OpenSSL::Cipher::CipherError, ArgumentError
+    false
+  end
+
+  def valid?
+    decrypted_data && valid_user? && still_valid?
+  end
+
+  private
+
+  def valid_user?
+    @user = RegistrantUser.find_by(registrant_ident: decrypted_data[:user_ident])
+    @user&.username == decrypted_data[:user_username]
+  end
+
+  def still_valid?
+    decrypted_data[:expires_at] > Time.now
+  end
+end