Class: Triannon::AuthController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- Triannon::AuthController
- Includes:
- RdfResponseFormats
- Defined in:
- app/controllers/triannon/auth_controller.rb
Overview
Adapted from image-auth.iiif.io/api/image/2.1/authentication.html
Constant Summary collapse
- LOGIN_ACCEPT =
HTTP request methods accepted by /auth/login TODO: enable GET when triannon supports true user authentication
'OPTIONS, POST'
Instance Method Summary collapse
- #access_token ⇒ Object
-
#access_validate ⇒ Object
GET /auth/access_validate Authorize access based on validating an access token.
-
#client_identity ⇒ Object
POST /auth/client_identity A request MUST carry a body with: { “clientId” : “ID”, “clientSecret” : “SECRET” } image-auth.iiif.io/api/image/2.1/authentication.html#client-identity-service image-auth.iiif.io/api/image/2.1/authentication.html#error-conditions return json body [String] containing: { “authorizationCode”: code }.
-
#login ⇒ Object
POST to /auth/login image-auth.iiif.io/api/image/2.1/authentication.html#login-service.
-
#logout ⇒ Object
GET /auth/logout image-auth.iiif.io/api/image/2.1/authentication.html#logout-service.
-
#options ⇒ Object
OPTIONS /auth/login.
Methods included from RdfResponseFormats
#context_url_from_accept, #context_url_from_link, #default_format_jsonld, #mime_type_from_accept
Methods inherited from ApplicationController
#access_token_data, #access_token_generate, #access_token_valid?
Instance Method Details
#access_token ⇒ Object
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'app/controllers/triannon/auth_controller.rb', line 98 def access_token # The cookie established via the login service must be passed to this # service. The service should delete the cookie from the login service # and create a new cookie that allows the user to access content. if session[:login_data] if session[:client_data] # When an authorization code was obtained using /auth/client_identity, # that code must be passed to the Access Token Service as well. auth_code = params[:code] if auth_code.nil? auth_code_required elsif auth_code_valid?(auth_code) access_token_granted else auth_code_invalid end else # Without an authentication code, a login session is sufficient for # granting an access token. However, the only way to enable a login # session is for an authorized client to provide user data in POST # /auth/login, which requires the client to first obtain an # authentication code. Hence, this block of code should never get # executed (unless login requirements change). access_token_granted end else login_required end end |
#access_validate ⇒ Object
GET /auth/access_validate Authorize access based on validating an access token
130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'app/controllers/triannon/auth_controller.rb', line 130 def access_validate auth = request.headers['Authorization'] if auth.nil? || auth !~ /Bearer/ access_token_invalid else token = auth.split[1] if access_token_valid?(token) response.status = 200 render nothing: true else access_token_invalid end end end |
#client_identity ⇒ Object
POST /auth/client_identity A request MUST carry a body with: { “clientId” : “ID”, “clientSecret” : “SECRET” } image-auth.iiif.io/api/image/2.1/authentication.html#client-identity-service image-auth.iiif.io/api/image/2.1/authentication.html#error-conditions return json body [String] containing: { “authorizationCode”: code }
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'app/controllers/triannon/auth_controller.rb', line 64 def client_identity return unless process_post? return unless process_json? data = JSON.parse(request.body.read) required_fields = ['clientId', 'clientSecret'] identity = parse_identity(data, required_fields) if identity['clientId'] && identity['clientSecret'] if identity id = identity['clientId'] pass = identity['clientSecret'] code = { authorizationCode: auth_code_generate(id, pass) } json_response(code, 200) else err = { error: 'invalidClient', errorDescription: 'Invalid client credentials', errorUri: 'http://image-auth.iiif.io/api/image/2.1/authentication.html' } json_response(err, 401) end else err = { error: 'invalidClient', errorDescription: 'Insufficient client data for authentication', errorUri: 'http://image-auth.iiif.io/api/image/2.1/authentication.html' } json_response(err, 401) end end |
#login ⇒ Object
POST to /auth/login image-auth.iiif.io/api/image/2.1/authentication.html#login-service
32 33 34 35 36 37 38 39 40 41 42 |
# File 'app/controllers/triannon/auth_controller.rb', line 32 def login # The service must set a Cookie for the Access Token Service to retrieve # to determine the user information provided by the authentication system. case request.request_method when 'POST' login_handler_post else # The routes should prevent any execution here. request_method_error(LOGIN_ACCEPT) end end |
#logout ⇒ Object
GET /auth/logout image-auth.iiif.io/api/image/2.1/authentication.html#logout-service
46 47 48 49 50 51 52 53 54 55 56 |
# File 'app/controllers/triannon/auth_controller.rb', line 46 def logout case request.request_method when 'GET' .delete(:login_user) reset_session redirect_to root_url, notice: 'Successfully logged out.' else # The routes should prevent any execution here. request_method_error('GET') end end |
#options ⇒ Object
OPTIONS /auth/login
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'app/controllers/triannon/auth_controller.rb', line 13 def # The request MUST use HTTP OPTIONS case request.request_method when 'OPTIONS' if [:login_user] info = service_info_logout else info = service_info_login end # TODO: include optional info, such as service_info_client_identity json_response(info, 200) else # The routes should prevent any execution here. request_method_error(LOGIN_ACCEPT) end end |