Class: Rack::Authenticate::Middleware::Auth
- Inherits:
-
Rack::Auth::AbstractRequest
- Object
- Rack::Auth::AbstractRequest
- Rack::Authenticate::Middleware::Auth
- Defined in:
- lib/rack/authenticate/middleware.rb
Instance Method Summary collapse
- #access_id ⇒ Object
- #basic? ⇒ Boolean
- #calculated_digest ⇒ Object
- #canonicalized_request ⇒ Object
-
#content_md5 ⇒ Object
TODO: replace the request body with a proxy object that verifies this when it is read.
- #given_digest ⇒ Object
- #has_all_required_parts? ⇒ Boolean
- #has_content? ⇒ Boolean
- #hmac? ⇒ Boolean
-
#initialize(env, configuration = Configuration.new) ⇒ Auth
constructor
A new instance of Auth.
- #request ⇒ Object
- #secret_key ⇒ Object
- #supported_cors_preflight_request? ⇒ Boolean
- #valid? ⇒ Boolean
- #valid_current_date? ⇒ Boolean
Constructor Details
#initialize(env, configuration = Configuration.new) ⇒ Auth
Returns a new instance of Auth.
40 41 42 43 |
# File 'lib/rack/authenticate/middleware.rb', line 40 def initialize(env, configuration = Configuration.new) super(env) @configuration = configuration end |
Instance Method Details
#access_id ⇒ Object
92 93 94 |
# File 'lib/rack/authenticate/middleware.rb', line 92 def access_id @access_id ||= params.split(':').first end |
#basic? ⇒ Boolean
45 46 47 |
# File 'lib/rack/authenticate/middleware.rb', line 45 def basic? :basic == scheme end |
#calculated_digest ⇒ Object
104 105 106 |
# File 'lib/rack/authenticate/middleware.rb', line 104 def calculated_digest @calculated_digest ||= HMAC::SHA1.hexdigest(secret_key, canonicalized_request) end |
#canonicalized_request ⇒ Object
86 87 88 89 90 |
# File 'lib/rack/authenticate/middleware.rb', line 86 def canonicalized_request parts = [ request.request_method, request.url, date ] parts += [ request.content_type, content_md5 ] if has_content? parts.join("\n") end |
#content_md5 ⇒ Object
TODO: replace the request body with a proxy object that verifies this when it is read.
82 83 84 |
# File 'lib/rack/authenticate/middleware.rb', line 82 def content_md5 request.env['HTTP_CONTENT_MD5'] end |
#given_digest ⇒ Object
100 101 102 |
# File 'lib/rack/authenticate/middleware.rb', line 100 def given_digest @given_digest ||= params.split(':').last end |
#has_all_required_parts? ⇒ Boolean
53 54 55 56 57 58 59 60 61 |
# File 'lib/rack/authenticate/middleware.rb', line 53 def has_all_required_parts? return false unless date if has_content? content_md5.to_s != '' && request.content_type.to_s != '' else true end end |
#has_content? ⇒ Boolean
77 78 79 |
# File 'lib/rack/authenticate/middleware.rb', line 77 def has_content? request.content_length.to_i > 0 end |
#hmac? ⇒ Boolean
49 50 51 |
# File 'lib/rack/authenticate/middleware.rb', line 49 def hmac? :hmac == scheme end |
#request ⇒ Object
63 64 65 |
# File 'lib/rack/authenticate/middleware.rb', line 63 def request @request ||= ::Rack::Request.new(@env) end |
#secret_key ⇒ Object
96 97 98 |
# File 'lib/rack/authenticate/middleware.rb', line 96 def secret_key @configuration.hmac_secret_key_for(access_id) end |
#supported_cors_preflight_request? ⇒ Boolean
115 116 117 118 119 |
# File 'lib/rack/authenticate/middleware.rb', line 115 def supported_cors_preflight_request? @configuration.support_cross_origin_resource_sharing? && request.request_method == 'OPTIONS' && %w[ HTTP_ACCESS_CONTROL_REQUEST_METHOD HTTP_ORIGIN ].all? { |k| request.env.has_key?(k) } end |
#valid? ⇒ Boolean
108 109 110 111 112 113 |
# File 'lib/rack/authenticate/middleware.rb', line 108 def valid? provided? && secret_key && valid_current_date? && calculated_digest == given_digest end |
#valid_current_date? ⇒ Boolean
67 68 69 70 71 72 73 74 75 |
# File 'lib/rack/authenticate/middleware.rb', line 67 def valid_current_date? = Time.httpdate(date) rescue ArgumentError return false else tolerance = @configuration. * 60 now = Time.now (now - tolerance) <= && (now + tolerance) >= end |