Merge pull request #1 from cakejelly/identity-token

Error class fix and class for generating layer identity tokens

Author: cakejelly

README.md

@@ -142,6 +142,19 @@ layer.block_user("owner_id", "user_id")
 layer.unblock_user("owner_id", "user_id")
 ```
 
+### Generating Identity Tokens
+See: [the official authentication guide](https://developer.layer.com/docs/android/guides#authentication)
+
+Make sure the following environment variables are set:
+`ENV['LAYER_KEY_ID']`
+`ENV['LAYER_PROVIDER_ID']`
+`ENV['LAYER_PRIVATE_KEY']`
+
+```ruby
+# Returns a valid signed identity token.
+layer.generate_identity_token(user_id: "1234", nonce: "your_random_nonce")
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

layer-api.gemspec

@@ -27,4 +27,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "pry", "~> 0.10.1"
 
   spec.add_dependency "faraday", "~> 0.9.1"
+  spec.add_dependency "jwt", "~> 1.5.1"
 end

lib/layer/api.rb

@@ -1,5 +1,6 @@
 require 'faraday'
 require 'json'
+require 'jwt'
 
 require "layer/api/version"
 require "layer/api/configuration"

lib/layer/api/client.rb

@@ -1,6 +1,7 @@
 require "layer/api/client/conversations"
 require "layer/api/client/announcements"
 require "layer/api/client/users"
+require "layer/api/client/identity_token"
 
 module Layer
   module Api

lib/layer/api/client/identity_token.rb

@@ -0,0 +1,61 @@
+module Layer
+  module Api
+    class IdentityToken
+      attr_reader :user_id, :nonce, :expires_at
+
+      def initialize(options = {})
+        @user_id = options[:user_id]
+        @nonce = options[:nonce]
+        @expires_at = (options[:expires_at] || Time.now+(1209600))
+      end
+
+      def to_s
+        get_jwt
+      end
+
+      def layer_key_id
+        ENV['LAYER_KEY_ID']
+      end
+
+      def layer_provider_id
+        ENV['LAYER_PROVIDER_ID']
+      end
+
+      private
+
+      def get_jwt
+        JWT.encode(claim, private_key, 'RS256', headers)
+      end
+
+      def headers
+        {
+          typ: 'JWT',
+          cty: 'layer-eit;v=1',
+          kid: layer_key_id
+        }
+      end
+
+      def claim
+        {
+          iss: layer_provider_id,
+          prn: user_id.to_s,
+          iat: Time.now.to_i,
+          exp: expires_at.to_i,
+          nce: nonce
+        }
+      end
+
+      def private_key
+        # Cloud66 stores newlines as \n instead of \\n
+        key = ENV['LAYER_PRIVATE_KEY'].dup
+        OpenSSL::PKey::RSA.new(key.gsub!("\\n","\n"))
+      end
+    end
+
+    class Client
+      def generate_identity_token(options = {})
+        IdentityToken.new(options).to_s
+      end
+    end
+  end
+end

lib/layer/api/error.rb

@@ -10,9 +10,8 @@ def self.from_response(response)
                     when 500..599 then Layer::Api::ServerError
                     else self
                     end
+          klass.new(response)
         end
-
-        klass.new(response)
       end
 
       def initialize(response)

spec/layer/identity_token_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+describe Layer::Api::IdentityToken do
+  describe ".new" do
+    it "should allow you to set the user_id, nonce and expires_at variables" do
+      user_id = "1234"
+      nonce = "your_random_nonce"
+      expires_at = "12345678"
+
+      token = Layer::Api::IdentityToken.new(
+        user_id: user_id,
+        nonce: nonce,
+        expires_at: expires_at
+      )
+
+      expect(token.user_id).to eq(user_id)
+      expect(token.nonce).to eq(nonce)
+      expect(token.expires_at).to eq(expires_at)
+    end
+  end
+
+  describe ".layer_key_id" do
+    it "should return your ENV['LAYER_KEY_ID']" do
+      layer_key_id = Layer::Api::IdentityToken.new.layer_key_id
+      expect(layer_key_id).to eq(ENV['LAYER_KEY_ID'])
+    end
+  end
+
+  describe ".layer_provider_id" do
+    it "should return your ENV['LAYER_PROVIDER_ID']" do
+      provider_id = Layer::Api::IdentityToken.new.layer_provider_id
+      expect(provider_id).to eq(ENV['LAYER_PROVIDER_ID'])
+    end
+  end
+
+  describe ".headers" do
+    it "should return necessary headers" do
+      token = Layer::Api::IdentityToken.new
+
+      headers = token.send(:headers)
+
+      expect(headers[:kid]).to eq(ENV['LAYER_KEY_ID'])
+      expect(headers[:cty]).to eq('layer-eit;v=1')
+      expect(headers[:typ]).to eq('JWT')
+    end
+  end
+
+  describe ".claim" do
+    it "should return necessary payload" do
+      token = Layer::Api::IdentityToken.new(
+        user_id: "user_id",
+        nonce: "nonce",
+        expires_at: 1234567
+      )
+
+      claim = token.send(:claim)
+
+      expect(claim[:iss]).to eq(token.layer_provider_id)
+      expect(claim[:prn]).to eq(token.user_id)
+      expect(claim[:exp]).to eq(token.expires_at)
+      expect(claim[:nce]).to eq(token.nonce)
+    end
+  end
+
+  describe ".private_key" do
+    it "should return valid rsa private key" do
+      key = Layer::Api::IdentityToken.new.send(:private_key)
+      expect(key).to be_instance_of(OpenSSL::PKey::RSA)
+    end
+  end
+
+  describe ".to_s" do
+    it "should return a string representation of the identity token" do
+      token = Layer::Api::IdentityToken.new.to_s
+      expect(token).to be_instance_of(String)
+    end
+  end
+
+  describe ".generate_identity_token" do
+    it "should return the correct IdentityToken" do
+      options = {}
+      options[:user_id] = "user_id"
+      options[:nonce] = "user_id"
+      layer = Layer::Api::Client.new
+      expected_token = Layer::Api::IdentityToken.new(options).to_s
+      actual_token = layer.generate_identity_token(options)
+
+      expect(actual_token).to eq(expected_token)
+    end
+  end
+end