Module: Webmachine::Resource::Authentication

Defined in:

lib/webmachine/resource/authentication.rb

Overview

Helper methods that can be included in your Webmachine::Resource to assist in performing HTTP Authentication.

Constant Summary

BASIC_HEADER =

Pattern for matching Authorization headers that use the Basic auth scheme.

/^Basic (.*)$/i.freeze

Instance Method Summary

• #basic_auth(header, realm = 'Webmachine') {|user, password| ... } ⇒ true, String

  A simple implementation of HTTP Basic auth.

Instance Method Details

#basic_auth(header, realm = 'Webmachine') {|user, password| ... } ⇒ true, String

A simple implementation of HTTP Basic auth. Call this from the Callbacks#is_authorized? callback, giving it a block which will be yielded the username and password and return true or false.

Parameters:

• header (String) —

  the value of the Authentication request header, passed to the Callbacks#is_authorized? callback.

• realm (String) (defaults to: 'Webmachine') —

  the “realm”, or description of the resource that requires authentication

Yields:

• (user, password) —

  a block that will verify the client-provided user/password against application constraints

Yield Parameters:

• user (String) —

  the passed username

• password (String) —

  the passed password

Yield Returns:

• (true, false) —

  whether the username/password is correct

Returns:

• (true, String) —

  true if the client is authorized, or the appropriate WWW-Authenticate header

# File 'lib/webmachine/resource/authentication.rb', line 26

def basic_auth(header, realm = 'Webmachine')
  if header =~ BASIC_HEADER && yield(*$1.unpack1('m*').split(':', 2))
    true
  else
    %(Basic realm="#{realm}")
  end
end