Class: TDiary::Rack::Auth::OmniAuth::Authorization
- Inherits:
-
Object
- Object
- TDiary::Rack::Auth::OmniAuth::Authorization
- Defined in:
- lib/tdiary/rack/auth/omniauth/authorization.rb
Instance Method Summary collapse
- #authenticate?(env) ⇒ Boolean
- #call(env) ⇒ Object
- #callback(env) ⇒ Object
- #forbidden ⇒ Object
-
#initialize(app, provider, &block) ⇒ Authorization
constructor
A new instance of Authorization.
- #login(env) ⇒ Object
- #logout(env) ⇒ Object
Constructor Details
#initialize(app, provider, &block) ⇒ Authorization
Returns a new instance of Authorization.
8 9 10 11 12 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 8 def initialize(app, provider, &block) @app = app @provider = provider @authz = block end |
Instance Method Details
#authenticate?(env) ⇒ Boolean
57 58 59 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 57 def authenticate?(env) env['omniauth.auth'] || env['rack.session']['auth'] end |
#call(env) ⇒ Object
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 14 def call(env) if not authenticate?(env) # phase 1: request phase login(env) elsif env['REQUEST_PATH'].match(%r|auth/#{@provider}/callback|) # phase 2: callback phase callback(env) else # phase 3: authorization phase auth = env['rack.session']['auth'] env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}" return forbidden unless @authz.call(auth) @app.call(env) end end |
#callback(env) ⇒ Object
46 47 48 49 50 51 52 53 54 55 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 46 def callback(env) # reset sesstion to prevend session fixation attack # see: http://www.ipa.go.jp/security/vuln/documents/website_security.pdf (section 1.4) env['rack.session.options'][:renew] = true auth = env['omniauth.auth'] env['rack.session']['auth'] = auth env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}" redirect = env['rack.session']['tdiary.auth.redirect'] || '/' [302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []] end |
#forbidden ⇒ Object
42 43 44 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 42 def forbidden [403, {'Content-Type' => 'text/plain'}, ['forbidden']] end |
#login(env) ⇒ Object
30 31 32 33 34 35 36 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 30 def login(env) STDERR.puts "use #{@provider} authentication strategy" req = ::Rack::Request.new(env) env['rack.session']['tdiary.auth.redirect'] = "#{req.base_url}#{req.fullpath}" redirect = File.join("#{req.base_url}#{req.path}", "#{::OmniAuth.config.path_prefix}/#{@provider}") [302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []] end |
#logout(env) ⇒ Object
38 39 40 |
# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 38 def logout(env) env['rack.session']['user_id'] = nil end |