Method: Visor::Common::Util#authorize

Defined in:
lib/common/util.rb

#authorize(env, vas) ⇒ String

Authenticate an user request by analysing the request authorization string.

Parameters:

  • env (Hash)

    The request attributes.

  • vas (Visor::Image::Auth)

    A VAS interface object, used to query for user credentials.

Returns:

  • (String)

    The authenticated user access key.

Raises:

  • (Forbidden)

    If authorization header was not provided along the request.

  • (Forbidden)

    If no access key found in the authorization header string.

  • (Forbidden)

    If no user found with the given access key.

  • (Forbidden)

    If signatures do not match.

  • (InternalError)

    If VAS server was not found.



147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
# File 'lib/common/util.rb', line 147

def authorize(env, vas)
  auth = env['headers']['Authorization']
  raise Visor::Common::Exception::Forbidden, "Authorization not provided." unless auth
  access_key = auth.scan(/\ (\w+):/).flatten.first
  raise Visor::Common::Exception::Forbidden, "No access key found in Authorization." unless access_key
  begin
    user = vas.get_user(access_key)
  rescue Visor::Common::Exception::InternalError => e
    raise Visor::Common::Exception::InternalError, e.message
  rescue => e
    nil
  end
  raise Visor::Common::Exception::Forbidden, "No user found with access key '#{access_key}'." unless user
  sign = sign_request(user[:access_key], user[:secret_key], env['REQUEST_METHOD'], env['REQUEST_PATH'], env['headers'])
  raise Visor::Common::Exception::Forbidden, "Invalid authorization, signatures do not match." unless auth == sign
  access_key
end