Class: RestfulApiAuthentication::Checker

Inherits:

Object

• Object
• RestfulApiAuthentication::Checker

Defined in:

lib/restful_api_authentication/checker.rb

Instance Attribute Summary

• #errors ⇒ Object

  Returns the value of attribute errors.

• #http_headers ⇒ Object

  Returns the value of attribute http_headers.

• #request_uri ⇒ Object

  Returns the value of attribute request_uri.

Instance Method Summary

• #authorized?(options = {}) ⇒ Boolean

  Checks if the current request passes authorization.

• #initialize(http_headers, request_uri) ⇒ Checker constructor

  A new instance of Checker.

Constructor Details

#initialize(http_headers, request_uri) ⇒ Checker

Returns a new instance of Checker.

# File 'lib/restful_api_authentication/checker.rb', line 30

def initialize(http_headers, request_uri)
  @http_headers = http_headers
  @request_uri = request_uri
  @errors = []
end

Instance Attribute Details

#errors ⇒ Object

Returns the value of attribute errors.

# File 'lib/restful_api_authentication/checker.rb', line 28

def errors
  @errors
end

#http_headers ⇒ Object

Returns the value of attribute http_headers.

# File 'lib/restful_api_authentication/checker.rb', line 28

def http_headers
  @http_headers
end

#request_uri ⇒ Object

Returns the value of attribute request_uri.

# File 'lib/restful_api_authentication/checker.rb', line 28

def request_uri
  @request_uri
end

Instance Method Details

#authorized?(options = {}) ⇒ Boolean

Checks if the current request passes authorization

Returns:

• (Boolean)

# File 'lib/restful_api_authentication/checker.rb', line 37

def authorized?(options = {})
  raise "Configuration values not found. Please run rails g restful_api_authentication:install to generate a config file." if @@header_timestamp.nil? || @@header_signature.nil? || @@header_api_key.nil? || @@time_window.nil? || @@disabled_message.nil?
  return_val = false
  if headers_have_values?
    if in_time_window?
      if test_hash.downcase == @http_headers[@@header_signature].downcase
        if is_disabled?
          @errors << @@disabled_message
          return false
        end
        if options[:require_master] == true
          if is_master?
            return_val = true
          else
            @errors << "client does not have the required permissions"
          end
        else
          return_val = true
        end
      else
        @errors << "signature is invalid"
      end
    else
      @errors << "request is outside the required time window of #{@@time_window.to_s} minutes"
    end
  else
    @errors << "one or more required headers is missing"
  end
  if return_val == false && @errors.count == 0
    @errors << "authentication failed"
  end
  return_val
end