Class: Rack::Authenticate::Middleware::Auth

Inherits:
Rack::Auth::AbstractRequest
  • Object
show all
Defined in:
lib/rack/authenticate/middleware.rb

Instance Method Summary collapse

Constructor Details

#initialize(env, configuration = Configuration.new) ⇒ Auth

Returns a new instance of Auth.



40
41
42
43
 
# File 'lib/rack/authenticate/middleware.rb', line 40

def initialize(env, configuration = Configuration.new)
  super(env)
  @configuration = configuration
end

Instance Method Details

#access_idObject 



92
93
94
 
# File 'lib/rack/authenticate/middleware.rb', line 92

def access_id
  @access_id ||= params.split(':').first
end

#basic?Boolean

Returns:

  • (Boolean) 


45
46
47
 
# File 'lib/rack/authenticate/middleware.rb', line 45

def basic?
  :basic == scheme
end

#calculated_digestObject 



104
105
106
 
# File 'lib/rack/authenticate/middleware.rb', line 104

def calculated_digest
  @calculated_digest ||= HMAC::SHA1.hexdigest(secret_key, canonicalized_request)
end

#canonicalized_requestObject 



86
87
88
89
90
 
# File 'lib/rack/authenticate/middleware.rb', line 86

def canonicalized_request
  parts = [ request.request_method, request.url, date ]
  parts += [ request.content_type, content_md5 ] if has_content?
  parts.join("\n")
end

#content_md5Object

TODO: replace the request body with a proxy object that verifies this when it is read.



82
83
84
 
# File 'lib/rack/authenticate/middleware.rb', line 82

def content_md5
  request.env['HTTP_CONTENT_MD5']
end

#given_digestObject 



100
101
102
 
# File 'lib/rack/authenticate/middleware.rb', line 100

def given_digest
  @given_digest ||= params.split(':').last
end

#has_all_required_parts?Boolean

Returns:

  • (Boolean) 


53
54
55
56
57
58
59
60
61
 
# File 'lib/rack/authenticate/middleware.rb', line 53

def has_all_required_parts?
  return false unless date

  if has_content?
    content_md5.to_s != '' && request.content_type.to_s != ''
  else
    true
  end
end

#has_content?Boolean

Returns:

  • (Boolean) 


77
78
79
 
# File 'lib/rack/authenticate/middleware.rb', line 77

def has_content?
  request.content_length.to_i > 0
end

#hmac?Boolean

Returns:

  • (Boolean) 


49
50
51
 
# File 'lib/rack/authenticate/middleware.rb', line 49

def hmac?
  :hmac == scheme
end

#requestObject 



63
64
65
 
# File 'lib/rack/authenticate/middleware.rb', line 63

def request
  @request ||= ::Rack::Request.new(@env)
end

#secret_keyObject 



96
97
98
 
# File 'lib/rack/authenticate/middleware.rb', line 96

def secret_key
  @configuration.hmac_secret_key_for(access_id)
end

#supported_cors_preflight_request?Boolean

Returns:

  • (Boolean) 


115
116
117
118
119
 
# File 'lib/rack/authenticate/middleware.rb', line 115

def supported_cors_preflight_request?
  @configuration.support_cross_origin_resource_sharing? &&
  request.request_method == 'OPTIONS' &&
  %w[ HTTP_ACCESS_CONTROL_REQUEST_METHOD HTTP_ORIGIN ].all? { |k| request.env.has_key?(k) }
end

#valid?Boolean

Returns:

  • (Boolean) 


108
109
110
111
112
113
 
# File 'lib/rack/authenticate/middleware.rb', line 108

def valid?
  provided? &&
  secret_key &&
  valid_current_date? &&
  calculated_digest == given_digest
end

#valid_current_date?Boolean

Returns:

  • (Boolean) 


67
68
69
70
71
72
73
74
75
 
# File 'lib/rack/authenticate/middleware.rb', line 67

def valid_current_date?
  timestamp = Time.httpdate(date)
rescue ArgumentError
  return false
else
  tolerance = @configuration.timestamp_minute_tolerance * 60
  now = Time.now
  (now - tolerance) <= timestamp && (now + tolerance) >= timestamp
end