Class: Triannon::AuthController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Triannon::AuthController

Includes:

RdfResponseFormats

Defined in:

app/controllers/triannon/auth_controller.rb

Overview

Adapted from iiif.io/api/auth

Constant Summary

IIIF_AUTH =

'http://iiif.io/api/auth/'

LOGIN_ACCEPT =

HTTP request methods accepted by /auth/login TODO: enable GET when triannon supports true user authentication

'OPTIONS, POST'

Instance Method Summary

• #access_token ⇒ Object

  GET /auth/access_token iiif.io/api/auth#access-token-service iiif.io/api/auth#error-conditions.

• #access_validate ⇒ Object

  GET /auth/access_validate Authorize access based on validating an access token.

• #client_identity ⇒ Object

  POST /auth/client_identity A request MUST carry a body with: { “clientId” : “ID”, “clientSecret” : “SECRET” } iiif.io/api/auth#client-identity-service iiif.io/api/auth#error-conditions return json body [String] containing: { “authorizationCode”: code }.

• #login ⇒ Object

  POST to /auth/login iiif.io/api/auth#login-service.

• #logout ⇒ Object

  GET /auth/logout iiif.io/api/auth#logout-service.

• #options ⇒ Object

  OPTIONS /auth/login.

Methods included from RdfResponseFormats

#context_url_from_accept, #context_url_from_link, #default_format_jsonld, #mime_type_from_accept

Methods inherited from ApplicationController

#access_token_data, #access_token_error, #access_token_expired?, #access_token_generate, #access_token_valid?, #json_response, #json_type_accepted

Instance Method Details

#access_token ⇒ Object

GET /auth/access_token iiif.io/api/auth#access-token-service iiif.io/api/auth#error-conditions

# File 'app/controllers/triannon/auth_controller.rb', line 94

def access_token
  # The cookie established via the login service must be passed to this
  # service. The service should delete the cookie from the login service
  # and create a new cookie that allows the user to access content.
  if session[:login_data]
    if session[:client_data]
      # When an authorization code was obtained using /auth/client_identity,
      # that code must be passed to the Access Token Service as well.
      auth_code = params[:code]
      access_token_granted if auth_code_valid?(auth_code)
    else
      # Without an authentication code, a login session is sufficient for
      # granting an access token.  However, the only way to enable a login
      # session is for an authorized client to provide user data in POST
      # /auth/login, which requires the client to first obtain an
      # authentication code.  Hence, this block of code should never get
      # executed (unless login requirements change).
      access_token_granted
    end
  else
    login_required
  end
end

#access_validate ⇒ Object

GET /auth/access_validate Authorize access based on validating an access token

# File 'app/controllers/triannon/auth_controller.rb', line 120

def access_validate
  if access_token_valid?
    response.status = 200
    render nothing: true
  end
end

#client_identity ⇒ Object

POST /auth/client_identity A request MUST carry a body with: { “clientId” : “ID”, “clientSecret” : “SECRET” } iiif.io/api/auth#client-identity-service iiif.io/api/auth#error-conditions return json body [String] containing: { “authorizationCode”: code }

# File 'app/controllers/triannon/auth_controller.rb', line 60

def client_identity
  return unless process_post?
  return unless process_json?
  data = JSON.parse(request.body.read)
  required_fields = ['clientId', 'clientSecret']
  identity = parse_identity(data, required_fields)
  if identity['clientId'] && identity['clientSecret']
    if authorized_client? identity
      id = identity['clientId']
      pass = identity['clientSecret']
      code = { authorizationCode: auth_code_generate(id, pass) }
      json_response(code, 200)
    else
      err = {
        error: 'invalidClient',
        errorDescription: 'Unknown client credentials',
        errorUri: IIIF_AUTH
      }
      json_response(err, 403)
    end
  else
    err = {
      error: 'missingCredentials',
      errorDescription: 'Requires {"clientId": x, "clientSecret": x}',
      errorUri: IIIF_AUTH
    }
    json_response(err, 401)
  end
end

#login ⇒ Object

POST to /auth/login iiif.io/api/auth#login-service

# File 'app/controllers/triannon/auth_controller.rb', line 28

def login
  # The service must set a Cookie for the Access Token Service to retrieve
  # to determine the user information provided by the authentication system.
  case request.request_method
  when 'POST'
    login_handler_post
  else
    # The routes should prevent any execution here.
    request_method_error(LOGIN_ACCEPT)
  end
end

#logout ⇒ Object

GET /auth/logout iiif.io/api/auth#logout-service

# File 'app/controllers/triannon/auth_controller.rb', line 42

def logout
  case request.request_method
  when 'GET'
    cookies.delete(:login_user)
    reset_session
    redirect_to root_url, notice: 'Successfully logged out.'
  else
    # The routes should prevent any execution here.
    request_method_error('GET')
  end
end

#options ⇒ Object

OPTIONS /auth/login

# File 'app/controllers/triannon/auth_controller.rb', line 15

def options
  # The request MUST use HTTP OPTIONS
  case request.request_method
  when 'OPTIONS'
    json_response(service_info, 200)
  else
    # The routes should prevent any execution here.
    request_method_error(LOGIN_ACCEPT)
  end
end