Class: RazorRisk::Cassini::Applications::RouteVerbAdaptors::Login::JWTLogin
- Inherits:
-
RESTFramework::VerbHandler
- Object
- RESTFramework::VerbHandler
- RazorRisk::Cassini::Applications::RouteVerbAdaptors::Login::JWTLogin
- Includes:
- Pantheios, Utils, RazorRisk::Cassini::Authorisation::HeaderHelpers, RazorRisk::Cassini::Authorisation::SecurityModelHelpers, HeaderFunctions, Util::ConversionUtil, RazorRisk::Core::Diagnostics::Logger, Razor::Connectivity::EntityConnectors::Exceptions, Razor::Connectivity::Razor3::EntityConnectors
- Defined in:
- lib/razor_risk/cassini/applications/route_verb_adaptors/login/jwt_login.rb
Overview
Handler for JSON Web Token Authentication Login.
Constant Summary collapse
- HTTP_ACCEPTS =
Supported Content Types.
%w{ application/xml application/json text/xml }- HTTP_VERB =
Supported HTTP Verb .
:post- QUERY_PARAMETERS =
Supported query parameters.
%w{}- ROUTE_VARIABLES =
Supported route variables.
%w{}
Instance Method Summary collapse
-
#handle(env, params, request, response) ⇒ Object
Handles a JWT login request which will open a Razor Session and create a JSON Web Token for that session.
Methods included from Utils
#call_system_status, #close_session, #open_session
Instance Method Details
#handle(env, params, request, response) ⇒ Object
Handles a JWT login request which will open a Razor Session and create a JSON Web Token for that session.
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'lib/razor_risk/cassini/applications/route_verb_adaptors/login/jwt_login.rb', line 94 def handle env, params, request, response trace( ParamNames[ :env, :params, :request, :response ], env, params, request, response ) auth_scheme = settings.authentication_scheme auth = env[HTTP_AUTHORIZATION] # to serve direct and also as a delegated server, we accept form # params and also accept (delegated) basic authenticate username = params[:username] password = params[:password] domain = params[:domain] unless username if auth username, password, domain = credentials_from_Basic(auth).map do |s| s.empty? ? nil : s unless s.nil? end end end unless username && password halt 401, make_WWW_auth_header(auth_scheme), 'Missing or invalid authenticate header' end jwt_algo = settings.jwt_encoding_algorithm jwt_sec = @app.secret jwt_algo unless jwt_sec log :critical, 'failed to obtain secret for algorithm \'', jwt_algo, '\'' error 500, 'Oops! Something went wrong!' end cr = ( :basic, [ username, password, domain ], auth_test_mode: settings.auth_test_mode, ) = { auth_test_mode: settings.auth_test_mode, auth_scheme: auth_scheme, razor_requester: settings.razor_requester, message_map: settings., } session_id, user_id, user_name = open_session cr, ** jwt = JWT_from_credentials( session_id, user_id, password, jwt_algo, jwt_sec ) log :informational, "User '#{user_id}' has been logged in" status 200 if request.accept? 'text/plain' content_type 'text/plain' return "authorisation-token: #{jwt}" elsif request.accept?('text/xml') content_type 'application/xml' return %Q{<?xml version="1.0"?><authorisation-token>#{jwt}</authorisation-token>} elsif request.accept?('application/xml') content_type 'application/xml' return %Q{<?xml version="1.0"?><authorisation-token>#{jwt}</authorisation-token>} elsif request.accept? 'application/json' content_type 'application/json' return { 'authorisation-token' => jwt }.to_json else log :violation, 'Invalid accept type' halt 500, {}, 'Oops! Something went wrong!' end end |