Class: MAuth::Client::LocalAuthenticator::SecurityTokenCacher

Inherits:
Object
  • Object
show all
Defined in:
lib/mauth/client.rb

Instance Method Summary collapse

Constructor Details

#initialize(mauth_client) ⇒ SecurityTokenCacher

Returns a new instance of SecurityTokenCacher.



411
412
413
414
415
416
417
 
# File 'lib/mauth/client.rb', line 411

def initialize(mauth_client)
  @mauth_client = mauth_client
  # TODO: should this be UnableToSignError?
  @mauth_client.assert_private_key(
    UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")
  )
end

Instance Method Details

#get(app_uuid) ⇒ Object 



419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
 
# File 'lib/mauth/client.rb', line 419

def get(app_uuid)
  # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
  # app_uuid - probably not exploitable, but this is the right way to do it anyway.
  # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include /
  url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
  path = "/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
  response = signed_mauth_connection.get(path)

  case response.status
  when 200
    security_token_from(response.body)
  when 404
    # signing with a key mAuth doesn't know about is considered inauthentic
    raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
  else
    @mauth_client.send(:mauth_service_response_error, response)
  end
rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
  msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
  @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
  raise UnableToAuthenticateError, msg
end