Module: Arcadex::Authentication

Defined in:

lib/arcadex/authentication.rb

Class Method Summary

• .authenticate_owner_with_index(params, request, auth_key, index_key, index_attr, downcase) ⇒ Object

  Below are authentication methods########################### This should be called by the user##############################.

• .get_instance(params, request, key) ⇒ Object

  Returns the object that is mapped to the key.

• .get_instance_no_update(params, request, key) ⇒ Object

  Returns the object that is mapped to the key.

• .update_token(token, request) ⇒ Object

Class Method Details

.authenticate_owner_with_index(params, request, auth_key, index_key, index_attr, downcase) ⇒ Object

Below are authentication methods########################### This should be called by the user##############################

# File 'lib/arcadex/authentication.rb', line 6

def self.authenticate_owner_with_index(params,request,auth_key,index_key,index_attr,downcase)
	instance_hash = ::Arcadex::Authentication.get_instance(params,request,auth_key)
	index = ::Arcadex::Header.grab_param_header(params,request,index_key,downcase)
	if instance_hash.nil? || index.nil?
		return nil
	end
	token = instance_hash["current_token"]
	owner = instance_hash["current_owner"]
	owner_from_index = ::Object.const_get(token.imageable_type).find_by(index_attr.to_sym => index)
	if owner_from_index.nil?
		return nil
	end
	if owner.id != owner_from_index.id
		return nil
	end
	return instance_hash
end

.get_instance(params, request, key) ⇒ Object

Returns the object that is mapped to the key. The key is in the params or heaaders

# File 'lib/arcadex/authentication.rb', line 25

def self.get_instance(params,request,key)
	auth_token = ::Arcadex::Header.grab_param_header(params,request,key,false)
	if auth_token.nil?
		return nil
	end
	token = ::Arcadex::Find.find_token_by_auth_token(auth_token)
   owner = ::Arcadex::Find.find_owner_by_token(token)
   #This is to mitigate timing attacks
   ::Devise.secure_compare(auth_token,auth_token)
   if token.nil? || owner.nil?
   	return nil
   end
   if !::Arcadex::Authentication.update_token(token,request)
   	return nil
   end
   instance_hash = {"current_owner" => owner, "current_token" => token}
   return instance_hash
end

.get_instance_no_update(params, request, key) ⇒ Object

Returns the object that is mapped to the key. The key is in the params or heaaders

# File 'lib/arcadex/authentication.rb', line 45

def self.get_instance_no_update(params,request,key)
	auth_token = ::Arcadex::Header.grab_param_header(params,request,key,false)
	if auth_token.nil?
		return nil
	end
	token = ::Arcadex::Find.find_token_by_auth_token(auth_token)
   owner = ::Arcadex::Find.find_owner_by_token(token)
   #This is to mitigate timing attacks
   ::Devise.secure_compare(auth_token,auth_token)
   if token.nil? || owner.nil?
   	return nil
   end
   instance_hash = {"current_owner" => owner, "current_token" => token}
   return instance_hash
end

.update_token(token, request) ⇒ Object

# File 'lib/arcadex/authentication.rb', line 61

def self.update_token(token,request)
	if token.first_ip_address.nil?
		token.first_ip_address = request.remote_ip
	end
	token.current_ip_address = request.remote_ip
	if token.times_used.nil?
		token.times_used = 0;
	end
	token.times_used = token.times_used + 1
	if !token.max_uses.nil?
		if token.max_uses > token.times_used
			::Arcadex::Authentication.destroy_token(token)
			return false
		end
	end
	token.save
	return true
end