Class: Rack::Auth::Cheat

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/auth/cheat.rb

Instance Method Summary collapse

Constructor Details

#initialize(app, user_field = 'username', password_field = 'password') ⇒ Cheat

Creates a new Rack::Auth::Cheat object. The user_field and password_field are the params looked for in the call method. The defaults are ‘username’ and ‘password’, respectively.



8
9
10
11
12
 
# File 'lib/rack/auth/cheat.rb', line 8

def initialize(app, user_field = 'username', password_field = 'password')
  @app = app
  @user_field = user_field
  @password_field = password_field
end

Instance Method Details

#call(env) ⇒ Object

The call method we’ve defined first checks to see if the AUTH_USER environment variable is set. If it is, we assume that the user has already been authenticated and move on.

If AUTH_USER is not set, and AUTH_FAIL is not set, we then check whether the username and password match (the “Cheat” authentication method). If they match, AUTH_USER is set to the username.

If they don’t match then the request is passed on without modification. AUTH_FAIL will not be set by this class.

It up to the application to check for the presence of AUTH_USER and/or AUTH_FAIL and act as necessary.



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/rack/auth/cheat.rb', line 28

def call(env)
  request = Rack::Request.new(env)

  user = request.params[@user_field]
  password = request.params[@password_field]

  # Only authenticate user if both the username and password fields are present
  unless user && password
    return @app.call(env)
  end

  # Do not authenticate if either one of these is set
  if env['AUTH_USER'] || env['AUTH_FAIL']
    return @app.call(env)
  end

  if user == password
    env['AUTH_USER'] = user
    env['AUTH_TYPE'] = "Cheat"
    env['AUTH_TYPE_USER'] = user
    env['AUTH_TYPE_THIS_REQUEST'] = "Cheat"
    env['AUTH_DATETIME'] = Time.now.utc
    
    env.delete('AUTH_FAIL')
  end

  @app.call(env)
end