Module: RocketIO::TokenAuth

Extended by:
TokenAuth
Included in:
TokenAuth
Defined in:
lib/rocketio/controller/token_auth.rb

Constant Summary collapse

TOKEN_KEY = 
'token='.freeze
TOKEN_REGEX = 
/^Token /
AUTHN_PAIR_DELIMITERS = 
/(?:,|;|\t+)/
HTTP_AUTHORIZATION = 
'HTTP_AUTHORIZATION'.freeze
X_HTTP_AUTHORIZATION_I = 
'X-HTTP_AUTHORIZATION'.freeze
X_HTTP_AUTHORIZATION_II = 
'X_HTTP_AUTHORIZATION'.freeze
REDIRECT_X_HTTP_AUTHORIZATION = 
'REDIRECT_X_HTTP_AUTHORIZATION'.freeze
WWW_AUTHENTICATE = 
'WWW-Authenticate'.freeze
TOKEN_REALM_FORMAT = 
'Token realm="%s"'.freeze
ACCESS_DENIED = 
"HTTP Token: Access denied.\n".freeze

Instance Method Summary collapse

Instance Method Details

#authenticate(env) {|token, options| ... } ⇒ Object

If token Authorization header is present, call the login procedure with the present token and options.

Yields:

  • (token, options)

Returns:

  • the return value of given block if a token is found

  • nil if no token is found



45
46
47
48
49
 
# File 'lib/rocketio/controller/token_auth.rb', line 45

def authenticate env
  token, options = token_and_options(env)
  return if token.nil? || token.empty?
  yield(token, options)
end

#authentication_request(realm) ⇒ Array

Sets a WWW-Authenticate to let the client know a token is desired.

Parameters:

  • realm (String)

Returns:

  • (Array) 


110
111
112
113
114
115
116
 
# File 'lib/rocketio/controller/token_auth.rb', line 110

def authentication_request realm
  [
    401,
    {WWW_AUTHENTICATE => TOKEN_REALM_FORMAT % realm.tr('"', '')},
    [ACCESS_DENIED]
  ]
end

#authorization?(env) ⇒ Boolean

Returns the authorization header regardless of whether it was specified directly or through one of the proxy alternatives.

Returns:

  • (Boolean) 


67
68
69
70
71
72
 
# File 'lib/rocketio/controller/token_auth.rb', line 67

def authorization? env
  env[HTTP_AUTHORIZATION] ||
    env[X_HTTP_AUTHORIZATION_I] ||
    env[X_HTTP_AUTHORIZATION_II] ||
    env[REDIRECT_X_HTTP_AUTHORIZATION]
end

#params_array_from(raw_params) ⇒ Array

Takes raw_params and turns it into an array of parameters

Parameters:

  • raw_params (Array)

Returns:

  • (Array) 


82
83
84
 
# File 'lib/rocketio/controller/token_auth.rb', line 82

def params_array_from raw_params
  raw_params.map { |param| param.split %r/=(.+)?/ }
end

#raw_params(auth) ⇒ Array

This method takes an authorization body and splits up the key-value pairs by the standardized ‘:`, `;`, or `t`

Parameters:

  • auth (String)

Returns:

  • (Array) 


98
99
100
101
102
103
104
 
# File 'lib/rocketio/controller/token_auth.rb', line 98

def raw_params auth
  _raw_params = auth.sub(TOKEN_REGEX, '').split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
  unless _raw_params.first =~ %r{\A#{TOKEN_KEY}}
    _raw_params[0] = [TOKEN_KEY, _raw_params.first]*''
  end
  _raw_params
end

#rewrite_param_values(array_params) ⇒ Object

This removes the ‘“` characters wrapping the value.

Parameters:

  • array_params (Array) 


89
90
91
 
# File 'lib/rocketio/controller/token_auth.rb', line 89

def rewrite_param_values array_params
  array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
end

#token_and_options(env) ⇒ Array

Parses the token and options out of the token authorization header. If the header looks like this:

Authorization: Token token="abc", nonce="def"

Then the returned token is “abc”, and the options is “def”

Returns:

  • (Array)

    if a token is present

  • nil if no token is found



58
59
60
61
62
63
 
# File 'lib/rocketio/controller/token_auth.rb', line 58

def token_and_options env
  return unless authorization_request = authorization?(env)
  return unless authorization_request[TOKEN_REGEX]
  params = token_params_from(authorization_request)
  [params.shift[1], RocketIO.indifferent_params(Hash[params])]
end

#token_params_from(auth) ⇒ Object 



74
75
76
 
# File 'lib/rocketio/controller/token_auth.rb', line 74

def token_params_from auth
  rewrite_param_values(params_array_from(raw_params(auth)))
end