Class: KStor::Controller::Authentication

Inherits:

Object

• Object
• KStor::Controller::Authentication

Defined in:

lib/kstor/controller/authentication.rb

Overview

Handle user authentication and sessions.

Instance Method Summary

• #allowed?(user) ⇒ Boolean

  return true if login is allowed to access the database.

• #authenticate(req) ⇒ Object
• #create_first_user(req) ⇒ Object
• #initialize(store, session_store) ⇒ Authentication constructor

  A new instance of Authentication.

• #load_session(sid) ⇒ Object
• #load_user(login) ⇒ Object
• #unlock_user(req) ⇒ Object

Constructor Details

#initialize(store, session_store) ⇒ Authentication

Returns a new instance of Authentication.

# File 'lib/kstor/controller/authentication.rb', line 13

def initialize(store, session_store)
  @store = store
  @sessions = session_store
end

Instance Method Details

#allowed?(user) ⇒ Boolean

return true if login is allowed to access the database.

Returns:

• (Boolean)

# File 'lib/kstor/controller/authentication.rb', line 27

def allowed?(user)
  user.status == 'new' || user.status == 'active'
end

#authenticate(req) ⇒ Object

# File 'lib/kstor/controller/authentication.rb', line 18

def authenticate(req)
  if @store.users?
    unlock_user(req)
  else
    create_first_user(req)
  end
end

#create_first_user(req) ⇒ Object

# File 'lib/kstor/controller/authentication.rb', line 66

def create_first_user(req)
  raise Error.for_code('AUTH/MISSING') unless req.respond_to?(:login)

  Log.info("no user in database, creating #{req.login.inspect}")
  user = Model::User.new(
    login: req.login, name: req.login, status: 'new', keychain: {}
  )
  secret_key = user.secret_key(req.password)
  user.unlock(secret_key)
  @store.user_create(user)
  Log.info("user #{user.login} created")

  session = Session.create(user, secret_key)
  @sessions << session

  [user, session.id]
end

#load_session(sid) ⇒ Object

# File 'lib/kstor/controller/authentication.rb', line 47

def load_session(sid)
  Log.debug("loading session #{sid}")
  session = @sessions[sid]
  raise Error.for_code('AUTH/BADSESSION', sid) unless session

  [session.user, session.secret_key]
end

#load_user(login) ⇒ Object

# File 'lib/kstor/controller/authentication.rb', line 55

def load_user(login)
  Log.debug("authenticating user #{login.inspect}")
  user = @store.user_by_login(login)
  Log.debug("loaded user ##{user.id} #{user.login}")
  unless user && allowed?(user)
    raise Error.for_code('AUTH/FORBIDDEN', login)
  end

  user
end

#unlock_user(req) ⇒ Object

# File 'lib/kstor/controller/authentication.rb', line 31

def unlock_user(req)
  if req.respond_to?(:session_id)
    session_id = req.session_id
    user, secret_key = load_session(session_id)
  else
    user = load_user(req.login)
    secret_key = user.secret_key(req.password)
    session = Session.create(user, secret_key)
    @sessions << session
    session_id = session.id
  end
  user.unlock(secret_key)

  [user, session_id]
end