Class: MAuth::Rack::RequestAuthenticator
- Inherits:
-
Middleware
- Object
- Middleware
- MAuth::Rack::RequestAuthenticator
- Defined in:
- lib/mauth/rack.rb
Overview
middleware which will check that a request is authentically signed.
if the request is checked and is not authentic, 401 Unauthorized is returned and the app is not called.
options accepted (key may be string or symbol)
-
should_authenticate_check: a proc which should accept a rack env as an argument, and return true if the request should be authenticated; false if not. if the result from this is false, the request is passed to the app with no authentication performed.
Direct Known Subclasses
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#handle_head(env) ⇒ Object
discards the body if REQUEST_METHOD is HEAD.
-
#response_for_inauthentic_request(env) ⇒ Object
response when the request is inauthentic.
-
#response_for_missing_v2(env) ⇒ Object
response when the requests includes V1 headers but does not include V2 headers and the V2_ONLY_AUTHENTICATE flag is set.
-
#response_for_unable_to_authenticate(env) ⇒ Object
response when the authenticity of the request cannot be determined, due to a problem communicating with the MAuth service.
-
#should_authenticate?(env) ⇒ Boolean
whether the request needs to be authenticated.
Methods inherited from Middleware
Constructor Details
This class inherits a constructor from MAuth::Middleware
Instance Method Details
#call(env) ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/mauth/rack.rb', line 17 def call(env) mauth_request = MAuth::Rack::Request.new(env) env['mauth.protocol_version'] = mauth_request.protocol_version return @app.call(env) unless should_authenticate?(env) if mauth_client.v2_only_authenticate? && mauth_request.protocol_version == 1 return response_for_missing_v2(env) end begin if mauth_client.authentic?(mauth_request) @app.call(env.merge!( 'mauth.app_uuid' => mauth_request.signature_app_uuid, 'mauth.authentic' => true )) else response_for_inauthentic_request(env) end rescue MAuth::UnableToAuthenticateError response_for_unable_to_authenticate(env) end end |
#handle_head(env) ⇒ Object
discards the body if REQUEST_METHOD is HEAD. sets the Content-Length.
42 43 44 45 46 |
# File 'lib/mauth/rack.rb', line 42 def handle_head(env) status, headers, body = *yield headers["Content-Length"] = body.map(&:bytesize).inject(0, &:+).to_s [status, headers, env['REQUEST_METHOD'].casecmp('head').zero? ? [] : body] end |
#response_for_inauthentic_request(env) ⇒ Object
response when the request is inauthentic. responds with status 401 Unauthorized and a message.
55 56 57 58 59 60 |
# File 'lib/mauth/rack.rb', line 55 def response_for_inauthentic_request(env) handle_head(env) do body = { 'errors' => { 'mauth' => ['Unauthorized'] } } [401, { 'Content-Type' => 'application/json' }, [JSON.pretty_generate(body)]] end end |
#response_for_missing_v2(env) ⇒ Object
response when the requests includes V1 headers but does not include V2 headers and the V2_ONLY_AUTHENTICATE flag is set.
74 75 76 77 78 79 80 81 82 |
# File 'lib/mauth/rack.rb', line 74 def response_for_missing_v2(env) handle_head(env) do body = { 'type' => 'errors:mauth:missing_v2', 'title' => 'This service requires mAuth v2 mcc-authentication header. Upgrade your mAuth library and configure it properly.' } [401, { 'Content-Type' => 'application/json' }, [JSON.pretty_generate(body)]] end end |
#response_for_unable_to_authenticate(env) ⇒ Object
response when the authenticity of the request cannot be determined, due to a problem communicating with the MAuth service. responds with a status of 500 and a message.
65 66 67 68 69 70 |
# File 'lib/mauth/rack.rb', line 65 def response_for_unable_to_authenticate(env) handle_head(env) do body = { 'errors' => { 'mauth' => ['Could not determine request authenticity'] } } [500, { 'Content-Type' => 'application/json' }, [JSON.pretty_generate(body)]] end end |
#should_authenticate?(env) ⇒ Boolean
whether the request needs to be authenticated
49 50 51 |
# File 'lib/mauth/rack.rb', line 49 def should_authenticate?(env) @config['should_authenticate_check'] ? @config['should_authenticate_check'].call(env) : true end |