Module: Hawk::Server

Extended by:
Server
Included in:
Server
Defined in:
lib/hawk/server.rb

Instance Method Summary collapse

Instance Method Details

#authenticate(authorization_header, options) ⇒ Object 



5
6
7
 
# File 'lib/hawk/server.rb', line 5

def authenticate(authorization_header, options)
  Hawk::AuthorizationHeader.authenticate(authorization_header, options)
end

#authenticate_bewit(encoded_bewit, options) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/hawk/server.rb', line 9

def authenticate_bewit(encoded_bewit, options)
  bewit = Crypto::Bewit.decode(encoded_bewit)

  unless options[:credentials_lookup].respond_to?(:call) && (credentials = options[:credentials_lookup].call(bewit.id))
    return AuthenticationFailure.new(:id, "Unidentified id")
  end

  if Time.at(bewit.ts.to_i) < Time.now
    return AuthenticationFailure.new(:ts, "Stale timestamp")
  end

  expected_bewit = Crypto.bewit(
    :credentials => credentials,
    :host => options[:host],
    :request_uri => remove_bewit_param_from_path(options[:request_uri]),
    :port => options[:port],
    :method => options[:method],
    :ts => bewit.ts,
    :ext => bewit.ext
  )

  unless expected_bewit.eql?(bewit)
    if options[:request_uri].to_s =~ /\Ahttp/
      return authenticate_bewit(encoded_bewit, options.merge(
        :request_uri => options[:request_uri].sub(%r{\Ahttps?://[^/]+}, '')
      ))
    else
      return AuthenticationFailure.new(:bewit, "Invalid signature #{expected_bewit.mac.normalized_string}")
    end
  end

  credentials
end

#build_authorization_header(options) ⇒ Object 



43
44
45
46
 
# File 'lib/hawk/server.rb', line 43

def build_authorization_header(options)
  options[:type] = 'response'
  Hawk::AuthorizationHeader.build(options, [:hash, :ext, :mac])
end

#build_tsm_header(options) ⇒ Object 



48
49
50
 
# File 'lib/hawk/server.rb', line 48

def build_tsm_header(options)
  Hawk::TimestampMacHeader.build(options)
end