Class: MAuth::Client::LocalAuthenticator::SecurityTokenCacher

Inherits:

Object

• Object
• MAuth::Client::LocalAuthenticator::SecurityTokenCacher

Defined in:

lib/mauth/client/security_token_cacher.rb

Instance Method Summary

• #get(app_uuid) ⇒ Object
• #initialize(mauth_client) ⇒ SecurityTokenCacher constructor

  A new instance of SecurityTokenCacher.

Constructor Details

#initialize(mauth_client) ⇒ SecurityTokenCacher

Returns a new instance of SecurityTokenCacher.

# File 'lib/mauth/client/security_token_cacher.rb', line 10

def initialize(mauth_client)
  @mauth_client = mauth_client
  # TODO: should this be UnableToSignError?
  @mauth_client.assert_private_key(
    UnableToAuthenticateError.new('Cannot fetch public keys from mAuth service without a private key!')
  )
end

Instance Method Details

#get(app_uuid) ⇒ Object

# File 'lib/mauth/client/security_token_cacher.rb', line 18

def get(app_uuid)
  # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
  # app_uuid - probably not exploitable, but this is the right way to do it anyway.
  url_encoded_app_uuid = CGI.escape(app_uuid)
  path = "/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
  response = signed_mauth_connection.get(path)

  case response.status
  when 200
    security_token_from(response.body)
  when 404
    # signing with a key mAuth doesn't know about is considered inauthentic
    raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
  else
    @mauth_client.send(:mauth_service_response_error, response)
  end
rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
  msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
  @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
  raise UnableToAuthenticateError, msg
end