Class: MAuth::Client::Authenticator::SecurityTokenCacher

Inherits:
Object
  • Object
show all
Defined in:
lib/mauth/client/security_token_cacher.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(mauth_client) ⇒ SecurityTokenCacher

Returns a new instance of SecurityTokenCacher.



18
19
20
21
22
23
24
 
# File 'lib/mauth/client/security_token_cacher.rb', line 18

def initialize(mauth_client)
  @mauth_client = mauth_client
  # TODO: should this be UnableToSignError?
  mauth_client.assert_private_key(
    UnableToAuthenticateError.new('Cannot fetch public keys from mAuth service without a private key!')
  )
end

Instance Attribute Details

#mauth_clientObject (readonly)

Returns the value of attribute mauth_client.



16
17
18
 
# File 'lib/mauth/client/security_token_cacher.rb', line 16

def mauth_client
  @mauth_client
end

Instance Method Details

#get(app_uuid) ⇒ Object 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/mauth/client/security_token_cacher.rb', line 26

def get(app_uuid)
  # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
  # app_uuid - probably not exploitable, but this is the right way to do it anyway.
  url_encoded_app_uuid = CGI.escape(app_uuid)
  path = "/mauth/#{mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
  response = signed_mauth_connection.get(path)

  case response.status
  when 200
    security_token_from(response.body)
  when 404
    # signing with a key mAuth doesn't know about is considered inauthentic
    raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
  else
    mauth_client.send(:mauth_service_response_error, response)
  end
rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
  msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
  mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
  raise UnableToAuthenticateError, msg
end