Class: TDiary::Rack::Auth::OmniAuth::Authorization

Inherits:

Object

• Object
• TDiary::Rack::Auth::OmniAuth::Authorization

Defined in:

lib/tdiary/rack/auth/omniauth/authorization.rb

Instance Method Summary

• #authenticate?(env) ⇒ Boolean
• #call(env) ⇒ Object
• #callback(env) ⇒ Object
• #forbidden ⇒ Object
• #initialize(app, provider, &block) ⇒ Authorization constructor

  A new instance of Authorization.

• #login(env) ⇒ Object
• #logout(env) ⇒ Object

Constructor Details

#initialize(app, provider, &block) ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 8

def initialize(app, provider, &block)
	@app = app
	@provider = provider
	@authz = block
end

Instance Method Details

#authenticate?(env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 57

def authenticate?(env)
	env['omniauth.auth'] || env['rack.session']['auth']
end

#call(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 14

def call(env)
	if not authenticate?(env)
		# phase 1: request phase
		login(env)
	elsif env['REQUEST_PATH'].match(%r|auth/#{@provider}/callback|)
		# phase 2: callback phase
		callback(env)
	else
		# phase 3: authorization phase
		auth = env['rack.session']['auth']
		env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
		return forbidden unless @authz.call(auth)
		@app.call(env)
	end
end

#callback(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 46

def callback(env)
	# reset sesstion to prevend session fixation attack
	# see: http://www.ipa.go.jp/security/vuln/documents/website_security.pdf (section 1.4)
	env['rack.session.options'][:renew] = true
	auth = env['omniauth.auth']
	env['rack.session']['auth'] = auth
	env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
	redirect = env['rack.session']['tdiary.auth.redirect'] || '/'
	[302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
end

#forbidden ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 42

def forbidden
	[403, {'Content-Type' => 'text/plain'}, ['forbidden']]
end

#login(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 30

def login(env)
	STDERR.puts "use #{@provider} authentication strategy"
	req = ::Rack::Request.new(env)
	env['rack.session']['tdiary.auth.redirect'] = "#{req.base_url}#{req.fullpath}"
	redirect = File.join("#{req.base_url}#{req.path}", "#{::OmniAuth.config.path_prefix}/#{@provider}")
	[302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
end

#logout(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 38

def logout(env)
	env['rack.session']['user_id'] = nil
end