Class: Conjur::Rack::Authenticator

Inherits:

Object

• Object
• Conjur::Rack::Authenticator

Defined in:

lib/conjur/rack/authenticator.rb

Defined Under Namespace

Classes: AuthorizationError, Forbidden, SignatureError

Instance Attribute Summary

• #app ⇒ Object readonly

  Returns the value of attribute app.

• #options ⇒ Object readonly

  Returns the value of attribute options.

Instance Method Summary

• #call(rackenv) ⇒ Object
• #env ⇒ Object

  threadsafe accessors, values are established explicitly below.

• #initialize(app, options = {}) ⇒ Authenticator constructor

  options: :except

  a list of request path patterns for which to skip authentication.

Constructor Details

#initialize(app, options = {}) ⇒ Authenticator

options:

:except

a list of request path patterns for which to skip authentication.

:optional

request path patterns for which authentication is optional.

# File 'lib/conjur/rack/authenticator.rb', line 50

def initialize app, options = {}
  @app = app
  @options = options
end

Instance Attribute Details

#app ⇒ Object (readonly)

Returns the value of attribute app.

# File 'lib/conjur/rack/authenticator.rb', line 45

def app
  @app
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/conjur/rack/authenticator.rb', line 45

def options
  @options
end

Instance Method Details

#call(rackenv) ⇒ Object

# File 'lib/conjur/rack/authenticator.rb', line 65

def call rackenv
  # never store request-specific variables as application attributes 
  Thread.current[:rack_env] = rackenv
  if authenticate?
    begin
      identity = verify_authorization_and_get_identity # [token, account]
      
      if identity
        conjur_rack[:token] = identity[0]
        conjur_rack[:account] = identity[1]
        conjur_rack[:identity] = identity
        conjur_rack[:privilege] = http_privilege
        conjur_rack[:remote_ip] = http_remote_ip
        conjur_rack[:audit_roles] = http_audit_roles
        conjur_rack[:audit_resources] = http_audit_resources
      end

    rescue Forbidden
      return error 403, $!.message
    rescue SecurityError, RestClient::Exception
      return error 401, $!.message
    end
  end
  begin
    @app.call rackenv
  ensure
    Thread.current[:rack_env] = nil
    Thread.current[:conjur_rack] = {}
  end
end

#env ⇒ Object

threadsafe accessors, values are established explicitly below

# File 'lib/conjur/rack/authenticator.rb', line 56

def env; Thread.current[:rack_env] ; end