Class: HaystackRuby::Auth::Scram::Conversation

Inherits:

Object

• Object
• HaystackRuby::Auth::Scram::Conversation

Defined in:

lib/haystack_ruby/auth/conversation.rb

Instance Attribute Summary

• #auth_token ⇒ Object readonly

  Returns the value of attribute auth_token.

• #nonce ⇒ Object readonly

  Returns the value of attribute nonce.

• #server_nonce ⇒ Object readonly

  Returns the value of attribute server_nonce.

• #server_salt ⇒ Object readonly

  Returns the value of attribute server_salt.

Instance Method Summary

• #authorize ⇒ Object
• #connection ⇒ Object
• #initialize(user, url) ⇒ Conversation constructor

  A new instance of Conversation.

• #parse_first_response(response) ⇒ Object

  pull server data out of response to first message.

• #parse_second_response(response) ⇒ Object
• #send_first_message ⇒ Object

  first message sent by client to server.

• #send_second_message ⇒ Object
• #test_auth_token ⇒ Object

Constructor Details

#initialize(user, url) ⇒ Conversation

Returns a new instance of Conversation.

# File 'lib/haystack_ruby/auth/conversation.rb', line 10

def initialize(user, url)
  @user = user
  @url = url
  @nonce = SecureRandom.base64.tr('=','') #TODO check if problem to potentially strip =
  @digest = OpenSSL::Digest::SHA256.new 
  @handshake_token = Base64.strict_encode64(@user.username)
end

Instance Attribute Details

#auth_token ⇒ Object (readonly)

Returns the value of attribute auth_token.

# File 'lib/haystack_ruby/auth/conversation.rb', line 8

def auth_token
  @auth_token
end

#nonce ⇒ Object (readonly)

Returns the value of attribute nonce.

# File 'lib/haystack_ruby/auth/conversation.rb', line 8

def nonce
  @nonce
end

#server_nonce ⇒ Object (readonly)

Returns the value of attribute server_nonce.

# File 'lib/haystack_ruby/auth/conversation.rb', line 8

def server_nonce
  @server_nonce
end

#server_salt ⇒ Object (readonly)

Returns the value of attribute server_salt.

# File 'lib/haystack_ruby/auth/conversation.rb', line 8

def server_salt
  @server_salt
end

Instance Method Details

#authorize ⇒ Object

# File 'lib/haystack_ruby/auth/conversation.rb', line 18

def authorize
  res = send_first_message
  parse_first_response(res)
  res = send_second_message
  parse_second_response(res)
end

#connection ⇒ Object

# File 'lib/haystack_ruby/auth/conversation.rb', line 25

def connection 
  @connection ||= Faraday.new(:url => @url) do |faraday|
    # faraday.response :logger                  # log requests to STDOUT
    faraday.adapter  Faraday.default_adapter  # make requests with Net::HTTP
    faraday.headers['Accept'] = 'application/json' #TODO enable more formats
    faraday.headers['Content-Type'] = 'text/plain'
  end
end

#parse_first_response(response) ⇒ Object

pull server data out of response to first message

# File 'lib/haystack_ruby/auth/conversation.rb', line 44

def parse_first_response(response)

  # parse server response to first message
  response_str = response.env.response_headers['www-authenticate']
  unless response_str.index('scram ') == 0
    throw 'Invalid response from server'
  end
  response_str.slice! 'scram '
  response_vars = {}
  response_str.split(', ').each do |pair|
    key,value = pair.split('=')
    response_vars[key] = value
  end
  unless response_vars['hash'] == 'SHA-256'
    throw "Server requested unsupported hash algorithm: #{response_vars['hash']}"
  end

  # todo check handshake token (should be base64 encode of username)

  @server_first_msg = Base64.decode64(response_vars["data"])
  server_vars = {}
  @server_first_msg.split(',').each do |pair|
    key,value = pair.split '='
    server_vars[key] = value
  end
  @server_nonce = server_vars['r']
  @server_salt = server_vars['s'] #Base64.decode64(server_vars['s'])
  @server_iterations = server_vars['i'].to_i
end

#parse_second_response(response) ⇒ Object

# File 'lib/haystack_ruby/auth/conversation.rb', line 81

def parse_second_response(response)
  begin
    response_str = response.env.response_headers['authentication-info']
    response_vars = {}
    response_str.split(', ').each do |pair|
      key,value = pair.split('=')
      response_vars[key] = value
    end
    # decode data attribute to check server signature is as expected
    key,val = Base64.decode64(response_vars['data']).split('=')
    response_vars[key] = val
    server_sig = response_vars['v']
    unless server_sig == expected_server_signature
      throw "invalid signature from server"
    end
    @auth_token = response_vars['authToken']
  # rescue Exception => e
  #   raise
  end
  
end

#send_first_message ⇒ Object

first message sent by client to server

# File 'lib/haystack_ruby/auth/conversation.rb', line 35

def send_first_message
  res = connection.get('about') do |req|
    req.headers['Authorization'] = "SCRAM handshakeToken=#{@handshake_token},data=#{Base64.urlsafe_encode64(first_message).tr('=','')}"
  end
  res
  
end

#send_second_message ⇒ Object

# File 'lib/haystack_ruby/auth/conversation.rb', line 74

def send_second_message
  res = connection.get('about') do |req|
    req.headers['Authorization'] = "SCRAM handshakeToken=#{@handshake_token},data=#{Base64.strict_encode64(client_final).tr('=','')}"
  end
  res
  
end

#test_auth_token ⇒ Object

# File 'lib/haystack_ruby/auth/conversation.rb', line 103

def test_auth_token
  res = connection.get('about') do |req|
    req.headers['Authorization'] = "BEARER authToken=#{@auth_token}"
  end
end