Module: Webmachine::Resource::Authentication

Defined in:
lib/webmachine/resource/authentication.rb

Overview

Helper methods that can be included in your Webmachine::Resource to assist in performing HTTP Authentication.

Constant Summary collapse

BASIC_HEADER =

Pattern for matching Authorization headers that use the Basic auth scheme.

/^Basic (.*)$/i.freeze

Instance Method Summary collapse

Instance Method Details

#basic_auth(header, realm = "Webmachine") {|user, password| ... } ⇒ true, String

A simple implementation of HTTP Basic auth. Call this from the Callbacks#is_authorized? callback, giving it a block which will be yielded the username and password and return true or false.

Parameters:

  • header (String)

    the value of the Authentication request header, passed to the Callbacks#is_authorized? callback.

  • realm (String) (defaults to: "Webmachine")

    the “realm”, or description of the resource that requires authentication

Yields:

  • (user, password)

    a block that will verify the client-provided user/password against application constraints

Yield Parameters:

  • user (String)

    the passed username

  • password (String)

    the passed password

Yield Returns:

  • (true, false)

    whether the username/password is correct

Returns:

  • (true, String)

    true if the client is authorized, or the appropriate WWW-Authenticate header



26
27
28
29
30
31
32
# File 'lib/webmachine/resource/authentication.rb', line 26

def basic_auth(header, realm="Webmachine")
  if header =~ BASIC_HEADER && (yield *$1.unpack('m*').first.split(/:/,2))
    true
  else
    %Q[Basic realm="#{realm}"]
  end
end