Class: Auth

Inherits:

Object

• Object
• Auth

Defined in:

lib/ops/oauth2/auth.rb

Overview

Authorization

Class Method Summary

• .authorize(info, request) ⇒ Object
• .authorized?(cookies, request) ⇒ Boolean
• .configuration ⇒ Object
• .configuration_file ⇒ Object
• .cookie_domain ⇒ Object
• .cookie_name_permissions ⇒ Object
• .cookie_name_redirect ⇒ Object
• .cookie_name_signature ⇒ Object
• .cookie_ttl ⇒ Object
• .default_redirect_page ⇒ Object
• .environment ⇒ Object
• .go_to_auth(cookies, request) ⇒ Object
• .header_request_redirect_url ⇒ Object
• .secret ⇒ Object
• .sign(data) ⇒ Object
• .trusted?(cookies, request) ⇒ Boolean
• .untrusted(cookies, request) ⇒ Object

Class Method Details

.authorize(info, request) ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 65

def self.authorize(info, request)
  cookies = {}
  cookies[cookie_name_permissions] = Base64.encode64(info.to_json)
  cookies[cookie_name_signature] = sign([Base64.encode64(info.to_json), request.user_agent].join)
  cookies
end

.authorized?(cookies, request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ops/oauth2/auth.rb', line 83

def self.authorized?(cookies, request)
  return go_to_auth(cookies, request) unless cookies.key?(cookie_name_permissions)
  return go_to_auth(cookies, request) unless cookies.key?(cookie_name_signature)
  return untrusted(cookies, request) unless trusted?(cookies, request)
  200
end

.configuration ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 59

def self.configuration
  @configuration ||= JSON.parse(File.read(configuration_file))
rescue
  abort("Missing or invalid #{self.configuration_file}")
end

.configuration_file ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 55

def self.configuration_file
  '/etc/oauth2/oauth2.conf'
end

.cookie_domain ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 37

def self.cookie_domain
  ENV['OAUTH_COOKIE_DOMAIN'] || self.configuration.dig('auth', 'cookie_domain') || abort('Missing OAUTH_COOKIE_DOMAIN')
end

.cookie_name_permissions ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 9

def self.cookie_name_permissions
  ENV['OAUTH_COOKIE_NAME_PERMISSIONS'] || configuration.dig('auth', 'cookie_name_permissions') || abort('Missing OAUTH_COOKIE_NAME_PERMISSIONS')
end

.cookie_name_redirect ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 17

def self.cookie_name_redirect
  ENV['OAUTH_COOKIE_NAME_REDIRECT'] || configuration.dig('auth', 'cookie_name_redirect') || abort('Missing OAUTH_COOKIE_NAME_REDIRECT')
end

.cookie_name_signature ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 13

def self.cookie_name_signature
  ENV['OAUTH_COOKIE_NAME_SIGNATURE'] || configuration.dig('auth', 'cookie_name_signature') || abort('Missing OAUTH_COOKIE_NAME_SIGNATURE')
end

.cookie_ttl ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 41

def self.cookie_ttl
  return ENV['OAUTH_COOKIE_TTL'].to_i if ENV['OAUTH_COOKIE_TTL']
  configuration.dig('auth', 'cookie_ttl').to_i || abort('Missing OAUTH_COOKIE_TTL')
end

.default_redirect_page ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 33

def self.default_redirect_page
  ENV['DEFAULT_REDIRECT_PAGE'] || configuration.dig('auth', 'default_redirect_page') || abort('Missing DEFAULT_REDIRECT_PAGE')
end

.environment ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 25

def self.environment
  ENV['OAUTH_ENVIRONMENT'] || configuration.dig('auth', 'running_environment') || abort('Missing OAUTH_ENVIRONMENT')
end

.go_to_auth(cookies, request) ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 72

def self.go_to_auth(cookies, request)
  cookies[cookie_name_redirect] = request.env[header_request_redirect_url]
  401
end

.header_request_redirect_url ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 21

def self.header_request_redirect_url
  'HTTP_X_AUTH_REQUEST_REDIRECT'
end

.secret ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 29

def self.secret
  ENV['OAUTH_SHARED_SECRET'] || configuration.dig('auth', 'oauth_shared_secret') || abort('Missing OAUTH_SHARED_SECRET')
end

.sign(data) ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 46

def self.sign(data)
  digest = OpenSSL::Digest.new('sha256')
  Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data))
end

.trusted?(cookies, request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ops/oauth2/auth.rb', line 51

def self.trusted?(cookies, request)
  cookies[cookie_name_signature] == sign([cookies[cookie_name_permissions], request.user_agent].join)
end

.untrusted(cookies, request) ⇒ Object

# File 'lib/ops/oauth2/auth.rb', line 77

def self.untrusted(cookies, request)
  cookies.delete(cookie_name_signature)
  cookies.delete(cookie_name_permissions)
  go_to_auth(cookies, request)
end