Class: OpenC3::AuthModel

Inherits:

Object

• Object
• OpenC3::AuthModel

Defined in:

lib/openc3/models/auth_model.rb

Constant Summary

PRIMARY_KEY =

'OPENC3__TOKEN'

SESSIONS_KEY =

'OPENC3__SESSIONS'

TOKEN_CACHE_TIMEOUT =

5

SESSION_CACHE_TIMEOUT =

5

MIN_TOKEN_LENGTH =

8

@@token_cache =

nil

@@token_cache_time =

nil

@@session_cache =

nil

@@session_cache_time =

nil

Class Method Summary

• .generate_session ⇒ Object
• .hash(token) ⇒ Object
• .logout ⇒ Object
• .set(token, old_token, key = PRIMARY_KEY) ⇒ Object
• .set?(key = PRIMARY_KEY) ⇒ Boolean
• .verify(token) ⇒ Object
• .verify_no_service(token) ⇒ Object

Class Method Details

.generate_session ⇒ Object

# File 'lib/openc3/models/auth_model.rb', line 86

def self.generate_session
  token = SecureRandom.urlsafe_base64(nil, false)
  Store.hset(SESSIONS_KEY, token, Time.now.iso8601)
  return token
end

.hash(token) ⇒ Object

# File 'lib/openc3/models/auth_model.rb', line 98

def self.hash(token)
  Digest::SHA2.hexdigest token
end

.logout ⇒ Object

# File 'lib/openc3/models/auth_model.rb', line 92

def self.logout
  Store.del(SESSIONS_KEY)
  @@sessions_cache = nil
  @@sessions_cache_time = nil
end

.set(token, old_token, key = PRIMARY_KEY) ⇒ Object

# File 'lib/openc3/models/auth_model.rb', line 75

def self.set(token, old_token, key = PRIMARY_KEY)
  raise "token must not be nil or empty" if token.nil? or token.empty?
  raise "token must be at least 8 characters" if token.length < MIN_TOKEN_LENGTH

  if set?(key)
    raise "old_token must not be nil or empty" if old_token.nil? or old_token.empty?
    raise "old_token incorrect" unless verify(old_token)
  end
  Store.set(key, hash(token))
end

.set?(key = PRIMARY_KEY) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/openc3/models/auth_model.rb', line 41

def self.set?(key = PRIMARY_KEY)
  Store.exists(key) == 1
end

.verify(token) ⇒ Object

# File 'lib/openc3/models/auth_model.rb', line 45

def self.verify(token)
  # Handle a service password - Generally only used by ScriptRunner
  # TODO: Replace this with temporary service tokens
  service_password = ENV['OPENC3_SERVICE_PASSWORD']
  return true if service_password and service_password == token

  return verify_no_service(token)
end

.verify_no_service(token) ⇒ Object

# File 'lib/openc3/models/auth_model.rb', line 54

def self.verify_no_service(token)
  return false if token.nil? or token.empty?

  time = Time.now
  return true if @@session_cache and (time - @@session_cache_time) < SESSION_CACHE_TIMEOUT and @@session_cache[token]
  token_hash = hash(token)
  return true if @@token_cache and (time - @@token_cache_time) < TOKEN_CACHE_TIMEOUT and @@token_cache == token_hash

  # Check sessions
  @@session_cache = Store.hgetall(SESSIONS_KEY)
  @@session_cache_time = time
  return true if @@session_cache[token]

  # Check Direct password
  @@token_cache = Store.get(PRIMARY_KEY)
  @@token_cache_time = time
  return true if @@token_cache == token_hash

  return false
end