Module: Auth
- Extended by:
- Auth
- Includes:
- Helpers
- Included in:
- Auth
- Defined in:
- lib/auth.rb,
lib/auth/client.rb,
lib/auth/sentry.rb,
lib/auth/server.rb,
lib/auth/helpers.rb,
lib/auth/version.rb,
lib/auth/exceptions.rb
Defined Under Namespace
Modules: Helpers Classes: AccessDenied, AuthException, Client, InvalidRequest, InvalidScope, Sentry, Server, UnauthorizedClient, UnsupportedResponseType
Constant Summary collapse
- Version =
VERSION = '0.0.2'
Instance Method Summary collapse
- #authenticate_account(username, password) ⇒ Object
- #authenticate_client(client_id, client_secret = nil) ⇒ Object
- #change_password(username, old_password, new_password) ⇒ Object
-
#issue_code(account_id, client_id, redirect_uri, scopes = nil) ⇒ Object
Authorization codes.
-
#issue_token(account_id, scopes = nil, ttl = nil) ⇒ Object
Access tokens.
-
#redis ⇒ Object
Returns the current Redis connection.
-
#redis=(server) ⇒ Object
Accepts: 1.
-
#register_account(username, password) ⇒ Object
Accounts.
-
#register_client(client_id, name, redirect_uri) ⇒ Object
Clients.
- #remove_account(username) ⇒ Object
- #remove_client(client_id) ⇒ Object
- #validate_code(code, client_id, redirect_uri) ⇒ Object
- #validate_token(token, scopes = nil) ⇒ Object
Methods included from Helpers
#decode, #decode_scopes, #encode, #encode_scopes, #encrypt_password, #generate_secret
Instance Method Details
#authenticate_account(username, password) ⇒ Object
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/auth.rb', line 72 def authenticate_account(username, password) account = redis.hgetall("account:#{username}") if account['crypted_password'] crypted_password = encrypt_password(password, account['password_salt'], account['password_hash']) if crypted_password == account['crypted_password'] return true else return false end else return false end end |
#authenticate_client(client_id, client_secret = nil) ⇒ Object
124 125 126 127 128 129 130 131 |
# File 'lib/auth.rb', line 124 def authenticate_client(client_id, client_secret = nil) client = redis.hgetall("client:#{client_id}") if client_secret return client['id'] && client['secret'] == client_secret ? Client.new(client) : false else return client['id'] ? Client.new(client) : false end end |
#change_password(username, old_password, new_password) ⇒ Object
88 89 90 91 92 93 94 95 96 97 |
# File 'lib/auth.rb', line 88 def change_password(username, old_password, new_password) if authenticate_account(username, old_password) hash = ENV['AUTH_HASH_ALGORITHM'] salt = generate_secret crypted_password = encrypt_password(new_password, salt, hash) redis.hmset("account:#{username}", 'crypted_password', crypted_password, 'password_hash', hash, 'password_salt', salt) end end |
#issue_code(account_id, client_id, redirect_uri, scopes = nil) ⇒ Object
Authorization codes
141 142 143 144 145 146 147 148 149 150 |
# File 'lib/auth.rb', line 141 def issue_code(account_id, client_id, redirect_uri, scopes = nil) code = generate_secret redis.set("code:#{client_id}:#{redirect_uri}:#{code}:account", account_id) decode_scopes(scopes).each do |scope| redis.sadd("code:#{client_id}:#{redirect_uri}:#{code}:scopes", scope) end redis.expire("code:#{client_id}:#{redirect_uri}:#{code}:account", 3600) redis.expire("code:#{client_id}:#{redirect_uri}:#{code}:scopes", 3600) return code end |
#issue_token(account_id, scopes = nil, ttl = nil) ⇒ Object
Access tokens
166 167 168 169 170 171 172 173 174 175 176 177 |
# File 'lib/auth.rb', line 166 def issue_token(account_id, scopes = nil, ttl = nil) token = generate_secret redis.set("token:#{token}:account", account_id) decode_scopes(scopes).each do |scope| redis.sadd("token:#{token}:scopes", scope) end if ttl redis.expire("token:#{token}:account", ttl) redis.expire("token:#{token}:scopes", ttl) end return token end |
#redis ⇒ Object
Returns the current Redis connection. If none has been created, will create a new one.
46 47 48 49 50 |
# File 'lib/auth.rb', line 46 def redis return @redis if @redis self.redis = 'localhost:6379' self.redis end |
#redis=(server) ⇒ Object
Accepts:
1. A 'hostname:port' string
2. A 'hostname:port:db' string (to select the Redis db)
3. A 'hostname:port/namespace' string (to set the Redis namespace)
4. A redis URL string 'redis://host:port'
5. An instance of `Redis`, `Redis::Client`, `Redis::DistRedis`,
or `Redis::Namespace`.
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/auth.rb', line 25 def redis=(server) if server.respond_to? :split if server =~ /redis\:\/\// redis = Redis.connect(:url => server) else server, namespace = server.split('/', 2) host, port, db = server.split(':') redis = Redis.new(:host => host, :port => port, :thread_safe => true, :db => db) end namespace ||= :auth @redis = Redis::Namespace.new(namespace, :redis => redis) elsif server.respond_to? :namespace= @redis = server else @redis = Redis::Namespace.new(:auth, :redis => server) end end |
#register_account(username, password) ⇒ Object
Accounts
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/auth.rb', line 56 def register_account(username, password) raise if username.nil? || username == '' raise if password.nil? || password == '' unless redis.exists("account:#{username}") hash = ENV['AUTH_HASH_ALGORITHM'] salt = generate_secret crypted_password = encrypt_password(password, salt, hash) redis.hmset("account:#{username}", 'crypted_password', crypted_password, 'password_hash', hash, 'password_salt', salt) return true else return false end end |
#register_client(client_id, name, redirect_uri) ⇒ Object
Clients
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'lib/auth.rb', line 107 def register_client(client_id, name, redirect_uri) raise if client_id.nil? || client_id == '' raise if name.nil? || name == '' raise if redirect_uri.nil? || redirect_uri == '' unless redis.exists("client:#{client_id}") secret = generate_secret client = { :id => client_id, :secret => secret, :name => name, :redirect_uri => redirect_uri } client.each do |key,val| redis.hset("client:#{client_id}", key, val) end return Client.new(client) end end |
#remove_account(username) ⇒ Object
99 100 101 |
# File 'lib/auth.rb', line 99 def remove_account(username) redis.del("account:#{username}") end |
#remove_client(client_id) ⇒ Object
133 134 135 |
# File 'lib/auth.rb', line 133 def remove_client(client_id) redis.del("client:#{client_id}") end |
#validate_code(code, client_id, redirect_uri) ⇒ Object
152 153 154 155 156 157 158 159 160 |
# File 'lib/auth.rb', line 152 def validate_code(code, client_id, redirect_uri) account_id = redis.get("code:#{client_id}:#{redirect_uri}:#{code}:account") scopes = redis.smembers("code:#{client_id}:#{redirect_uri}:#{code}:scopes") if account_id return account_id, encode_scopes(scopes) else return false end end |
#validate_token(token, scopes = nil) ⇒ Object
179 180 181 182 183 184 185 186 187 188 |
# File 'lib/auth.rb', line 179 def validate_token(token, scopes = nil) account_id = redis.get("token:#{token}:account") if account_id && decode_scopes(scopes).all? {|scope| redis.sismember("token:#{token}:scopes", scope) } return account_id else return false end end |