Class: ClientAuthentication

Inherits:

Object

• Object
• ClientAuthentication

Defined in:

lib/client_authentication.rb

Defined Under Namespace

Classes: ClientAuthenticationException

Instance Attribute Summary

• #header_keys ⇒ Object

  Returns the value of attribute header_keys.

Instance Method Summary

• #authenticate_client! ⇒ Object
• #authenticate_header_values!(key, digest, time) ⇒ Object
• #generate_digest(salt, secret) ⇒ Object
• #initialize(headers, max_seconds = 5, model = Application, logger = nil) ⇒ ClientAuthentication constructor

  model must respond to :key and :secret.

• #salt ⇒ Object

Constructor Details

#initialize(headers, max_seconds = 5, model = Application, logger = nil) ⇒ ClientAuthentication

model must respond to :key and :secret

# File 'lib/client_authentication.rb', line 5

def initialize(headers, max_seconds = 5, model = Application, logger=nil)
  @headers = headers
  @max_seconds = max_seconds
  @model = model
  @logger = logger

  @header_keys = {
    time:   "X-Level3-Digest-Time",
    key:    "X-Level3-Application-Key",
    digest: "X-Level3-Digest",
  }
end

Instance Attribute Details

#header_keys ⇒ Object

Returns the value of attribute header_keys.

# File 'lib/client_authentication.rb', line 2

def header_keys
  @header_keys
end

Instance Method Details

#authenticate_client! ⇒ Object

# File 'lib/client_authentication.rb', line 18

def authenticate_client!
  key =    @headers[ header_keys[:key] ]
  time =   @headers[ header_keys[:time] ]
  digest = @headers[ header_keys[:digest] ]

  authenticate_header_values!(key, digest, time)
  key
end

#authenticate_header_values!(key, digest, time) ⇒ Object

Raises:

• (ClientAuthenticationException)

# File 'lib/client_authentication.rb', line 27

def authenticate_header_values!(key, digest, time)
  diff = (time.to_i - salt.to_i).abs
  raise ClientAuthenticationException.new if diff > @max_seconds

  application = @model.find_by_key(key)
  raise ClientAuthenticationException.new unless application

  secret = application.secret
  raise ClientAuthenticationException.new unless secret

  raise ClientAuthenticationException.new unless digest.eql? generate_digest(time, secret)
  true
end

#generate_digest(salt, secret) ⇒ Object

# File 'lib/client_authentication.rb', line 41

def generate_digest(salt, secret)
  Base64.encode64(
    OpenSSL::HMAC.digest(
      'sha256',secret, salt) ).
    strip
end

#salt ⇒ Object

# File 'lib/client_authentication.rb', line 48

def salt
  Time.now.to_i.to_s
end