Class: MAuth::Client::LocalAuthenticator::SecurityTokenCacher

Inherits:
Object
  • Object
show all
Defined in:
lib/mauth/client/security_token_cacher.rb

Defined Under Namespace

Classes: ExpirableSecurityToken

Instance Method Summary collapse

Constructor Details

#initialize(mauth_client) ⇒ SecurityTokenCacher

Returns a new instance of SecurityTokenCacher.



13
14
15
16
17
18
19
20
 
# File 'lib/mauth/client/security_token_cacher.rb', line 13

def initialize(mauth_client)
  @mauth_client = mauth_client
  # TODO: should this be UnableToSignError?
  @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!"))
  @cache = {}
  require 'thread'
  @cache_write_lock = Mutex.new
end

Instance Method Details

#get(app_uuid) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/mauth/client/security_token_cacher.rb', line 22

def get(app_uuid)
  if !@cache[app_uuid] || @cache[app_uuid].expired?
    # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
    # app_uuid - probably not exploitable, but this is the right way to do it anyway.
    url_encoded_app_uuid = CGI.escape(app_uuid)
    begin
      response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json")
    rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
      msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
      @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
      raise UnableToAuthenticateError, msg
    end
    if response.status == 200
      begin
        security_token = JSON.parse(response.body)
      rescue JSON::ParserError => e
        msg =  "mAuth service responded with unparseable json: #{response.body}\n#{e.class}: #{e.message}"
        @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
        raise UnableToAuthenticateError, msg
      end
      @cache_write_lock.synchronize do
        @cache[app_uuid] = ExpirableSecurityToken.new(security_token, Time.now)
      end
    elsif response.status == 404
      # signing with a key mAuth doesn't know about is considered inauthentic
      raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
    else
      @mauth_client.send(:mauth_service_response_error, response)
    end
  end
  @cache[app_uuid].security_token
end