Class: MAuth::Client::LocalAuthenticator::SecurityTokenCacher
- Inherits:
-
Object
- Object
- MAuth::Client::LocalAuthenticator::SecurityTokenCacher
- Defined in:
- lib/mauth/client/security_token_cacher.rb
Defined Under Namespace
Classes: ExpirableSecurityToken
Instance Method Summary collapse
- #get(app_uuid) ⇒ Object
-
#initialize(mauth_client) ⇒ SecurityTokenCacher
constructor
A new instance of SecurityTokenCacher.
Constructor Details
#initialize(mauth_client) ⇒ SecurityTokenCacher
Returns a new instance of SecurityTokenCacher.
13 14 15 16 17 18 19 20 |
# File 'lib/mauth/client/security_token_cacher.rb', line 13 def initialize(mauth_client) @mauth_client = mauth_client # TODO: should this be UnableToSignError? @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")) @cache = {} require 'thread' @cache_write_lock = Mutex.new end |
Instance Method Details
#get(app_uuid) ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/mauth/client/security_token_cacher.rb', line 22 def get(app_uuid) if !@cache[app_uuid] || @cache[app_uuid].expired? # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious # app_uuid - probably not exploitable, but this is the right way to do it anyway. url_encoded_app_uuid = CGI.escape(app_uuid) begin response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json") rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e msg = "mAuth service did not respond; received #{e.class}: #{e.}" @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}") raise UnableToAuthenticateError, msg end if response.status == 200 begin security_token = JSON.parse(response.body) rescue JSON::ParserError => e msg = "mAuth service responded with unparseable json: #{response.body}\n#{e.class}: #{e.}" @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}") raise UnableToAuthenticateError, msg end @cache_write_lock.synchronize do @cache[app_uuid] = ExpirableSecurityToken.new(security_token, Time.now) end elsif response.status == 404 # signing with a key mAuth doesn't know about is considered inauthentic raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}" else @mauth_client.send(:mauth_service_response_error, response) end end @cache[app_uuid].security_token end |