Class: MAuth::Client::LocalAuthenticator::SecurityTokenCacher
- Inherits:
-
Object
- Object
- MAuth::Client::LocalAuthenticator::SecurityTokenCacher
- Defined in:
- lib/mauth/client.rb
Defined Under Namespace
Classes: ExpirableSecurityToken
Instance Method Summary collapse
- #get(app_uuid) ⇒ Object
-
#initialize(mauth_client) ⇒ SecurityTokenCacher
constructor
A new instance of SecurityTokenCacher.
Constructor Details
#initialize(mauth_client) ⇒ SecurityTokenCacher
Returns a new instance of SecurityTokenCacher.
410 411 412 413 414 415 416 417 |
# File 'lib/mauth/client.rb', line 410 def initialize(mauth_client) @mauth_client = mauth_client # TODO: should this be UnableToSignError? @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")) @cache = {} require 'thread' @cache_write_lock = Mutex.new end |
Instance Method Details
#get(app_uuid) ⇒ Object
419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 |
# File 'lib/mauth/client.rb', line 419 def get(app_uuid) if !@cache[app_uuid] || @cache[app_uuid].expired? # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious # app_uuid - probably not exploitable, but this is the right way to do it anyway. # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include / url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]")) begin response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json") rescue ::Faraday::Error::ConnectionFailed, ::Faraday::Error::TimeoutError raise UnableToAuthenticateError, "mAuth service did not respond; received #{$!.class}: #{$!.}" end if response.status == 200 begin security_token = JSON.parse(response.body) rescue JSON::ParserError raise UnableToAuthenticateError, "mAuth service responded with unparseable json: #{response.body}\n#{$!.class}: #{$!.}" end @cache_write_lock.synchronize do @cache[app_uuid] = ExpirableSecurityToken.new(security_token, Time.now) end elsif response.status == 404 # signing with a key mAuth doesn't know about is considered inauthentic raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}" else @mauth_client.send(:mauth_service_response_error, response) end end @cache[app_uuid].security_token end |