Class: Carpool::Driver
- Inherits:
-
Object
- Object
- Carpool::Driver
- Includes:
- Mixins::Core
- Defined in:
- lib/carpool/driver.rb
Class Attribute Summary collapse
-
.revoke_uri ⇒ Object
Returns the value of attribute revoke_uri.
-
.site_key ⇒ Object
Returns the value of attribute site_key.
-
.unauthorized_uri ⇒ Object
Returns the value of attribute unauthorized_uri.
Class Method Summary collapse
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) {|Carpool::Driver| ... } ⇒ Driver
constructor
A new instance of Driver.
Methods included from Mixins::Core
Constructor Details
Class Attribute Details
.revoke_uri ⇒ Object
Returns the value of attribute revoke_uri.
13 14 15 |
# File 'lib/carpool/driver.rb', line 13 def revoke_uri @revoke_uri end |
.site_key ⇒ Object
Returns the value of attribute site_key.
11 12 13 |
# File 'lib/carpool/driver.rb', line 11 def site_key @site_key end |
.unauthorized_uri ⇒ Object
Returns the value of attribute unauthorized_uri.
12 13 14 |
# File 'lib/carpool/driver.rb', line 12 def @unauthorized_uri end |
Class Method Details
.passenger(url, options = {}) ⇒ Object
19 20 21 22 23 |
# File 'lib/carpool/driver.rb', line 19 def passenger(url, = {}) [:site_key] ||= Carpool.generate_site_key(url) [:secret] ||= Carpool.generate_site_key(url.reverse) passengers << { url => } end |
.passengers ⇒ Object
15 16 17 |
# File 'lib/carpool/driver.rb', line 15 def passengers @passengers ||= [] end |
Instance Method Details
#call(env) ⇒ Object
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/carpool/driver.rb', line 38 def call(env) @env = env [:scope] = "driver" # Unless we are trying to authenticate a passenger, just continue through the stack. return @app.call(env) unless valid_request? && valid_referrer? # Parse the referring site referrer = URI.parse(@env['HTTP_REFERER']) # Unless this domain is listed as a potential passenger, issue a 500. current_passenger = Carpool::Driver.passengers.reject{ |p| !p.keys.first.downcase.include?(referrer.host) } if current_passenger.nil? or current_passenger.empty? return [500, {}, 'Unauthorized request.'] end if is_revoking? response = [302, {'Location' => Carpool::Driver.revoke_uri}, 'Redirecting logged out session...'] return response end [:current_passenger] = current_passenger.first[referrer.host.to_s] # Attempt to find an existing driver session. # If one is found, redirect back to the passenger site and include our seatbelt # The seatbelt includes two parts: # 1) The referring uri, so that Carpool::Passenger on the other end can send the user back to their location one authenticated # 2) The session payload. This is an AES encrypted hash of whatever attributes you've made available. The encrypted hash is # keyed with the site_key and secret of the referring site for extra security. # unless [:passenger_token] puts "Carpool::Driver: Redirecting to authentication path.." Carpool.auth_attempt = true [:redirect_to] = referrer response = [302, {'Location' => Carpool::Driver.}, 'Redirecting unauthorized user...'] else puts "Carpool::Driver: Redirecting to passenger site.." [:redirect_to] = referrer seatbelt = SeatBelt.new(env).create_payload! response = [302, {'Location' => seatbelt}, 'Approved!'] Carpool.auth_attempt = false [:redirect_to] = false [:current_passenger] = nil end response end |