Module: Hawk::Server

Extended by:

Server

Included in:

Server

Defined in:

lib/hawk/server.rb

Instance Method Summary

• #authenticate(authorization_header, options) ⇒ Object
• #authenticate_bewit(bewit, options) ⇒ Object
• #build_authorization_header(options) ⇒ Object

Instance Method Details

#authenticate(authorization_header, options) ⇒ Object

# File 'lib/hawk/server.rb', line 5

def authenticate(authorization_header, options)
  Hawk::AuthorizationHeader.authenticate(authorization_header, options)
end

#authenticate_bewit(bewit, options) ⇒ Object

# File 'lib/hawk/server.rb', line 9

def authenticate_bewit(bewit, options)
  padding = '=' * ((4 - bewit.size) % 4)
  id, timestamp, mac, ext = Base64.decode64(bewit + padding).split('\\')

  unless options[:credentials_lookup].respond_to?(:call) && (credentials = options[:credentials_lookup].call(id))
    return AuthenticationFailure.new(:id, "Unidentified id")
  end

  if Time.at(timestamp.to_i) < Time.now
    return AuthenticationFailure.new(:ts, "Stale timestamp")
  end

  expected_bewit = Crypto.bewit(
    :credentials => credentials,
    :host => options[:host],
    :request_uri => remove_bewit_param_from_path(options[:request_uri]),
    :port => options[:port],
    :method => options[:method],
    :ts => timestamp,
    :ext => ext
  )

  unless expected_bewit == bewit
    if options[:request_uri].to_s =~ /\Ahttp/
      return authenticate_bewit(bewit, options.merge(
        :request_uri => options[:request_uri].sub(%r{\Ahttps?://[^/]+}, '')
      ))
    else
      return AuthenticationFailure.new(:bewit, "Invalid signature")
    end
  end

  credentials
end

#build_authorization_header(options) ⇒ Object

# File 'lib/hawk/server.rb', line 44

def build_authorization_header(options)
  Hawk::AuthorizationHeader.build(options, [:hash, :ext, :mac])
end