26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# File 'lib/roda/plugins/http_auth.rb', line 26
def http_auth(opts={}, &authenticator)
auth_opts = roda_class.opts[:http_auth].merge(opts)
authenticator ||= auth_opts[:authenticator]
raise "Must provide an authenticator block" if authenticator.nil?
begin
auth = Rack::Auth::Basic::Request.new(env)
unless auth.provided? && auth_opts[:schemes].include?(auth.scheme)
auth_opts[:unauthorized].call(self) if auth_opts[:unauthorized]
halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
end
credentials = if auth.basic?
auth.credentials
elsif auth.scheme == 'bearer'
[env['HTTP_AUTHORIZATION'].strip.split(' ').last]
else
[auth.scheme, ]
end
if authenticator.call(*credentials)
env['REMOTE_USER'] = auth.username
else
opts[:unauthorized].call(self) if auth_opts[:unauthorized]
halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
end
rescue StandardError
halt [400, auth_opts[:bad_request_headers].call(auth_opts), []]
end
end
|