Module: Thoth::Helper::Admin

Defined in:

lib/thoth/helper/admin.rb

Overview

The Admin helper provides methods for checking for or requiring authorization from within other actions and views.

Instance Method Summary

• #auth_key ⇒ Object

  Generates and returns an auth key suitable for storage in a client-side auth cookie.

• #auth_key_valid? ⇒ Boolean

  Validates the auth cookie and returns true if the user is authenticated, false otherwise.

• #form_token ⇒ Object

  Returns a String that can be included in a hidden form field and used on submission to verify that the form was not submitted by an unauthorized third party.

• #form_token_valid?(name = 'token') ⇒ Boolean

  Checks the form token specified by name and returns true if it’s valid, false otherwise.

• #require_auth ⇒ Object

  Checks the auth cookie and redirects to the login page if the user is not authenticated.

Instance Method Details

#auth_key ⇒ Object

Generates and returns an auth key suitable for storage in a client-side auth cookie. The key is an SHA256 hash of the following elements:

- Thoth HOME_DIR path
- user's IP address
- AUTH_SEED from Thoth config
- ADMIN_USER from Thoth config
- ADMIN_PASS from Thoth config

# File 'lib/thoth/helper/admin.rb', line 43

def auth_key
  Digest::SHA256.hexdigest(HOME_DIR + request.ip + Config.admin['seed'] +
      Config.admin['user'] + Config.admin['pass'])
end

#auth_key_valid? ⇒ Boolean

Validates the auth cookie and returns true if the user is authenticated, false otherwise.

Returns:

• (Boolean)

# File 'lib/thoth/helper/admin.rb', line 50

def auth_key_valid?
  return false unless thoth_auth = cookie(:thoth_auth)
  thoth_auth == auth_key
end

#form_token ⇒ Object

Returns a String that can be included in a hidden form field and used on submission to verify that the form was not submitted by an unauthorized third party.

# File 'lib/thoth/helper/admin.rb', line 58

def form_token
  cookie_token = cookie(:thoth_token)
  return cookie_token if cookie_token

  chaos = [srand, rand, Time.now.to_f, HOME_DIR].join
  cookie_token = Digest::SHA256.hexdigest(chaos)

  response.set_cookie(:thoth_token,
      :path  => '/',
      :value => cookie_token
    )

  cookie_token
end

#form_token_valid?(name = 'token') ⇒ Boolean

Checks the form token specified by name and returns true if it’s valid, false otherwise.

Returns:

• (Boolean)

# File 'lib/thoth/helper/admin.rb', line 75

def form_token_valid?(name = 'token')
  request[name] == form_token
end

#require_auth ⇒ Object

Checks the auth cookie and redirects to the login page if the user is not authenticated.

# File 'lib/thoth/helper/admin.rb', line 81

def require_auth
  redirect(AdminController.r()) unless auth_key_valid?
end