Class: TDiary::Rack::Auth::OmniAuth::Authorization

Inherits:

Object

• Object
• TDiary::Rack::Auth::OmniAuth::Authorization

Defined in:

lib/tdiary/rack/auth/omniauth/authorization.rb

Instance Method Summary

• #authenticate?(env) ⇒ Boolean
• #call(env) ⇒ Object
• #callback(env) ⇒ Object
• #forbidden ⇒ Object
• #initialize(app, provider, &block) ⇒ Authorization constructor

  A new instance of Authorization.

• #login(env) ⇒ Object
• #logout(env) ⇒ Object

Constructor Details

#initialize(app, provider, &block) ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 8

def initialize(app, provider, &block)
  @app = app
  @provider = provider
  @authz = block
end

Instance Method Details

#authenticate?(env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 57

def authenticate?(env)
  env['omniauth.auth'] || env['rack.session']['auth']
end

#call(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 14

def call(env)
  if not authenticate?(env)
    # phase 1: request phase
    login(env)
  elsif env['REQUEST_PATH'].match(%r|auth/#{@provider}/callback|)
    # phase 2: callback phase
    callback(env)
  else
    # phase 3: authorization phase
    auth = env['rack.session']['auth']
    env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
    return forbidden unless @authz.call(auth)
    @app.call(env)
  end
end

#callback(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 46

def callback(env)
  # reset sesstion to prevend session fixation attack
  # see: http://www.ipa.go.jp/security/vuln/documents/website_security.pdf (section 1.4)
  env['rack.session.options'][:renew] = true
  auth = env['omniauth.auth']
  env['rack.session']['auth'] = auth
  env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
  redirect = env['rack.session']['tdiary.auth.redirect'] || '/'
  [302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
end

#forbidden ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 42

def forbidden
  [403, {'Content-Type' => 'text/plain'}, ['forbidden']]
end

#login(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 30

def login(env)
  STDERR.puts "use #{@provider} authentication strategy"
  req = ::Rack::Request.new(env)
  env['rack.session']['tdiary.auth.redirect'] = "#{req.base_url}#{req.fullpath}"
  redirect = File.join("#{req.base_url}#{req.path}", "#{::OmniAuth.config.path_prefix}/#{@provider}")
  [302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
end

#logout(env) ⇒ Object

# File 'lib/tdiary/rack/auth/omniauth/authorization.rb', line 38

def logout(env)
  env['rack.session']['user_id'] = nil
end