Class: Rack::Auth::Cookie
- Inherits:
-
Object
- Object
- Rack::Auth::Cookie
- Defined in:
- lib/rack/auth/cookie.rb
Constant Summary collapse
- VERSION =
The version of the rack-auth-cookie library.
'0.7.2'
Class Method Summary collapse
- .cookie_name ⇒ Object
- .create_auth_cookie(env) ⇒ Object
- .create_auth_token(env) ⇒ Object
- .create_clear_cookie(env) ⇒ Object
- .generate_hmac(data) ⇒ Object
Instance Method Summary collapse
-
#call(env) ⇒ Object
The call method we’ve defined first checks to see if AUTH_USER or AUTH_FAIL are set in the environment.
- #finish(app, env, cookie_value_from_request = nil) ⇒ Object
-
#initialize(app, options = {}) ⇒ Cookie
constructor
Creates a new Rack::Auth::Cookie object.
- #read_cookie(cookie_value) ⇒ Object
Constructor Details
#initialize(app, options = {}) ⇒ Cookie
Creates a new Rack::Auth::Cookie object.
The cookie_name
param gives the name of the cookie used to authenticate the requestor. The default is ‘auth_token’.
The cookie_domain
param gives a domain name to use for the cookie. If unspecified, cookies will be set without specifying a domain. Per RFC 2965, this should cause user agents to default to the effective request-host.
22 23 24 25 26 27 28 29 30 |
# File 'lib/rack/auth/cookie.rb', line 22 def initialize(app, = {}) @app = app @@secret = [:secret] @@cookie_name = [:cookie_name] || "auth_token" @@cookie_domain = [:cookie_domain] || nil @@idle_timeout = [:idle_timeout] || 3600 @@max_lifetime = [:max_lifetime] || 36000 @@env = {} end |
Class Method Details
.cookie_name ⇒ Object
160 161 162 |
# File 'lib/rack/auth/cookie.rb', line 160 def self. @@cookie_name end |
.create_auth_cookie(env) ⇒ Object
190 191 192 193 194 195 196 |
# File 'lib/rack/auth/cookie.rb', line 190 def self.(env) = create_auth_token(env) = "#{@@cookie_name}=#{URI.escape()}; " += "domain=.#{@@cookie_domain}; " if @@cookie_domain += "path=/; " += "HttpOnly; " end |
.create_auth_token(env) ⇒ Object
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 |
# File 'lib/rack/auth/cookie.rb', line 164 def self.create_auth_token(env) # Copy relevant auth info for storage in a token auth_info = Hash.new auth_info['AUTH_USER'] = env['AUTH_USER'] auth_info['AUTH_TYPE'] = env['AUTH_TYPE'] || "Unknown" auth_info['AUTH_TYPE_USER'] = env['AUTH_TYPE_USER'] || env['AUTH_USER'] # Expecting env['AUTH_DATETIME'] to hold an instance of Time if env['AUTH_DATETIME'] auth_info['AUTH_DATETIME'] = env['AUTH_DATETIME'].to_i else auth_info['AUTH_DATETIME'] = Time.now.utc.to_i end auth_info['AUTH_EXPIRE_DATETIME'] = Time.now.utc.to_i + @@idle_timeout # Pack the auth_info hash for cookie storage json_data = auth_info.to_json packed_data = [json_data].pack('m*') # Add a digest value to cookie_data to prevent tampering "#{packed_data}--#{generate_hmac(packed_data)}" end |
.create_clear_cookie(env) ⇒ Object
198 199 200 201 202 203 204 205 |
# File 'lib/rack/auth/cookie.rb', line 198 def self.(env) = "" = "#{@@cookie_name}=; " += "domain=.#{@@cookie_domain}; " if @@cookie_domain += "path=/; " += "expires=Thu, 01-Jan-1970 00:00:00 GMT; " += "HttpOnly; " end |
.generate_hmac(data) ⇒ Object
207 208 209 |
# File 'lib/rack/auth/cookie.rb', line 207 def self.generate_hmac(data) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @@secret, data) end |
Instance Method Details
#call(env) ⇒ Object
The call method we’ve defined first checks to see if AUTH_USER or AUTH_FAIL are set in the environment. If either is set, we assume that the request has already either passed or failed authentication and move on.
If neither is set, we check for the cookie with the name we’ve been configured to use. If present, we attempt to authenticate the user using the cookie. If successful then AUTH_USER is set to the username.
If unsuccessful then AUTH_USER is not set and AUTH_FAIL is set to an appropriate error message.
It is then up to the application to check for the presence of AUTH_USER and/or AUTH_FAIL and act as necessary.
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'lib/rack/auth/cookie.rb', line 46 def call(env) request = Rack::Request.new(env) auth_fail = false # Only authenticate if there's a cookie in the request named @@cookie_name unless request..has_key?(@@cookie_name) return finish(@app, env) end # Get the data from the cookie begin = request.[@@cookie_name] hash_data = () rescue Exception => e auth_fail = e. end # Do not authenticate if either one of these is set # This check is done late so that we'll have already # checked the cookie if env['AUTH_USER'] || env['AUTH_FAIL'] return finish(@app, env, ) end if !auth_fail auth_datetime = Time.at(hash_data['AUTH_DATETIME']).utc auth_expire_datetime = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc if auth_datetime + @@max_lifetime < Time.now.utc auth_fail = "You have been signed out since you signed in more than #{@@max_lifetime/3600} hours ago" end if auth_expire_datetime < Time.now.utc auth_fail = "You have been signed out due to inactivity" end end if auth_fail env['AUTH_FAIL'] = auth_fail else # Put the values from the hash into the environment env['AUTH_USER'] = hash_data['AUTH_USER'] env['AUTH_TYPE'] = hash_data['AUTH_TYPE'] env['AUTH_TYPE_USER'] = hash_data['AUTH_TYPE_USER'] env['AUTH_TYPE_THIS_REQUEST'] = "Cookie" env['AUTH_DATETIME'] = auth_datetime env['AUTH_EXPIRE_DATETIME'] = auth_expire_datetime end finish(@app, env, ) end |
#finish(app, env, cookie_value_from_request = nil) ⇒ Object
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 |
# File 'lib/rack/auth/cookie.rb', line 101 def finish(app, env, = nil) status, headers, body = @app.call(env) # Assume our cookie isn't in the response unless/until we find it = false if headers.has_key?("Set-Cookie") = headers["Set-Cookie"] = .split(";") # TODO: parse cookies from header and find @@cookie_name .each_with_index do |piece, index| if piece[@@cookie_name] = true end end end # If the application isn't making any changes to the cookie, we can modify it if && ! # If authentication succeeded earlier, send back a new token if env['AUTH_USER'] = self.class.(env) headers["Set-Cookie"] << end # If authentication failed earlier, tell the client to clear the cookie if env['AUTH_FAIL'] = self.class.(env) headers["Set-Cookie"] << end end [status, headers, body] end |
#read_cookie(cookie_value) ⇒ Object
140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/rack/auth/cookie.rb', line 140 def () # Separate the cookie data and the digest raw_data, digest = .split("--") # Check for evidence of tampering unless digest == self.class.generate_hmac(raw_data) raise "Invalid cookie digest!" end # Unpack the cookie data back to a hash begin unpacked_data = raw_data.unpack("m*").first hash_data = JSON.parse(unpacked_data) rescue raise "Unable to read cookie!" end hash_data end |