Class: Etna::TestAuth

Inherits:

Auth

• Object
• Auth
• Etna::TestAuth

Defined in:

lib/etna/test_auth.rb

Class Method Summary

• .hmac_header(signature) ⇒ Object
• .hmac_params(params) ⇒ Object
• .token_header(params) ⇒ Object
• .token_param(params) ⇒ Object

Instance Method Summary

• #approve_hmac(request) ⇒ Object
• #approve_user(request) ⇒ Object
• #update_payload(payload, token, request) ⇒ Object

Methods inherited from Auth

#call, #initialize

Constructor Details

This class inherits a constructor from Etna::Auth

Class Method Details

.hmac_header(signature) ⇒ Object

# File 'lib/etna/test_auth.rb', line 18

def self.hmac_header(signature)
  return [ Etna::Auth.etna_url_param(:signature).to_s, signature ]
end

.hmac_params(params) ⇒ Object

# File 'lib/etna/test_auth.rb', line 22

def self.hmac_params(params)
  return {
    expiration: params.delete(:expiration) || DateTime.now.iso8601,
    id: params.delete(:id) || 'etna',
    nonce: 'nonce',
    signature: params.delete(:signature) || 'invalid',
    headers: params.keys.join(',')
  }.merge(params).map do |item, value|
    [ Etna::Auth.etna_url_param(item).to_s, value ]
  end.to_h
end

.token_header(params) ⇒ Object

# File 'lib/etna/test_auth.rb', line 8

def self.token_header(params)
  token = Base64.strict_encode64(params.to_json)
  return [ 'Authorization', "Etna something.#{token}" ]
end

.token_param(params) ⇒ Object

# File 'lib/etna/test_auth.rb', line 13

def self.token_param(params)
  token = Base64.strict_encode64(params.to_json)
  return [ Etna::Auth.etna_url_param(:authorization).to_s, "Etna #{token}" ]
end

Instance Method Details

#approve_hmac(request) ⇒ Object

# File 'lib/etna/test_auth.rb', line 72

def approve_hmac(request)
  hmac_signature = etna_param(request, :signature)

  return false unless hmac_signature

  headers = (etna_param(request, :headers)&.split(/,/) || []).map do |header|
    [ header.to_sym, etna_param(request, header) ]
  end.to_h

  hmac_params = {
    method: request.request_method,
    host: request.host,
    path: request.path,

    expiration: etna_param(request, :expiration) || DateTime.now.iso8601,
    id: etna_param(request, :id) || 'etna',
    nonce: etna_param(request, :nonce) || 'nonce',
    headers: headers,
    test_signature: hmac_signature
  }

  hmac = Etna::TestHmac.new(application, hmac_params)

  request.env['etna.hmac'] = hmac

  return nil unless hmac.valid?

  params(request).update(headers)

  return true
end

#approve_user(request) ⇒ Object

# File 'lib/etna/test_auth.rb', line 52

def approve_user(request)
  token = auth(request,:etna)

  return false unless token

  # Useful for testing certain behavior
  params = request.env["rack.request.params"]

  # Here we simply base64-encode our user hash and pass it through
  # In order to behave more like "real" tokens, we expect the user hash to be
  #   in index 1 after splitting by ".".
  # We do this to support Metis client tests, we pass in tokens with multiple "."-separated parts, so
  #   have to account for that.
  payload = JSON.parse(Base64.decode64(token.split('.')[1]))
  request.env['etna.user'] = Etna::User.new(
    update_payload(payload, token, request),
    token
  ) unless !!params[:do_not_set_user]
end

#update_payload(payload, token, request) ⇒ Object

# File 'lib/etna/test_auth.rb', line 34

def update_payload(payload, token, request)
  route = server.find_route(request)

  payload = payload.map{|k,v| [k.to_sym, v]}.to_h

  return payload unless route

  begin      
    permissions = Etna::Permissions.from_encoded_permissions(payload[:perm])

    # Skip making an actual call to Janus. This behavior is tested in auth_spec

    payload[:perm] = permissions.to_string
  end if (!route.ignore_janus? && route.has_user_constraint?(:can_view?))

  payload
end