Class: Rack::Auth::WRAP

Inherits:

AbstractHandler

Object
AbstractHandler
Rack::Auth::WRAP

show all

Defined in:: lib/rack/auth/wrap.rb

Overview

Rack::Auth::WRAP implements oAuth WRAP Authentication, as per draft-hardt-oauth-01. This is a preliminary version based on the Jan 15, 2010 Web Resource Access Profiles as developed by the IETF.

Initialize with the Rack application that you want protecting, and a set of parameters that enables specific checks. The only mandatory parameter is :shared_secret which is required for HMAC-SHA256 processing.

See also: SimpleWebToken::SimpleWebTokenHandler

Defined Under Namespace

Classes: Request

Constant Summary collapse

VERSION = Middleware Gem Versioning

"0.5.2.2"

Instance Method Summary collapse

#call(env) ⇒ Object

Authenticates the request when it has the HTTP_AUTHORIZATION header, and if the header has WRAP as the authentication format.
#initialize(app, opts = {}) ⇒ WRAP constructor

Creates a new instance of Rack::Auth::WRAP, the opts can be used as the following.
#token_handler ⇒ Object

Returns a singleton instance of the SimpleWebToken::SimpleWebTokenHandler based on the options provided when initializing the middleware.

Constructor Details

#initialize(app, opts = {}) ⇒ `WRAP`

Creates a new instance of Rack::Auth::WRAP, the opts can be used as the following.

use Rack::Auth::WRAP, :shared_secret => *secret*, 
                      :trusted_issuers => "http://sts.mycomp.com", 
                      :audiences => "http://app.domain.com"

The parameters on the sample above are the only one that are currently supported by the SimpleWebToken handler. For more information see SimpleWebToken::SimpleWebTokenHandler

# File 'lib/rack/auth/wrap.rb', line 29

def initialize(app, opts = {})
  @app = app
  @opts = opts
end

Instance Method Details

#call(env) ⇒ `Object`

Authenticates the request when it has the HTTP_AUTHORIZATION header, and if the header has WRAP as the authentication format.

NOTE: it is sent by the client as Authorization, but Rack maps it to HTTP_AUTHORIZATION.</strong>

If the user is successfuly authenticated the resulting token is stored on REMOTE_USER into the enviroment. (We didn’t want to couple it with session)

# File 'lib/rack/auth/wrap.rb', line 42

def call(env)
  request = Request.new(env)
  
  if(request.provided? and request.is_wrap?)
    return unauthorized('WRAP') unless token_handler.valid?(request.token)
    env['REMOTE_USER'] = token_handler.parse(request.token)
  end  
  
  return @app.call(env)
end

#token_handler ⇒ `Object`

Returns a singleton instance of the SimpleWebToken::SimpleWebTokenHandler based on the options provided when initializing the middleware.



55
56
57

# File 'lib/rack/auth/wrap.rb', line 55

def token_handler
  @token_handler ||= SimpleWebToken::SimpleWebTokenHandler.new(@opts)
end