Class: OMF::Web::Rack::SessionAuthenticator
- Inherits:
-
Common::LObject
- Object
- Common::LObject
- OMF::Web::Rack::SessionAuthenticator
- Defined in:
- lib/omf-web/rack/session_authenticator.rb
Overview
This rack module maintains a session cookie and redirects any requests to protected pages to a ‘login’ page at the beginning of a session
Calls to the class methods are resolved inthe context of a Session using ‘OMF::Web::SessionStore’
Constant Summary collapse
- @@active =
false
- @@expire_after =
Expire authenticated session after being idle for that many seconds
2592000
Class Method Summary collapse
-
.[](key) ⇒ Object
DO NOT CALL DIRECTLY.
-
.[]=(key, value) ⇒ Object
DO NOT CALL DIRECTLY.
-
.active? ⇒ Boolean
Returns true if this Rack module has been instantiated in the current Rack stack.
-
.authenticate ⇒ Object
Calling this method will authenticate the current session.
-
.authenticated? ⇒ Boolean
Return true if the session is authenticated.
-
.logout ⇒ Object
Logging out will un-authenticate this session.
Instance Method Summary collapse
- #call(env) ⇒ Object
- #check_authenticated ⇒ Object
-
#initialize(app, opts = {}) ⇒ SessionAuthenticator
constructor
opts - :login_url - URL to redirect if session is not authenticated :no_session - Array of regexp on ‘path_info’ which do not require an authenticated session :expire_after - Idle time in sec after which to expire a session.
Methods included from Common::Loggable
#_logger, #debug, #error, #fatal, #info, init_log, logger, set_environment, #warn
Constructor Details
#initialize(app, opts = {}) ⇒ SessionAuthenticator
opts -
:login_url - URL to redirect if session is not authenticated
:no_session - Array of regexp on 'path_info' which do not require an authenticated session
:expire_after - Idle time in sec after which to expire a session
71 72 73 74 75 76 77 78 79 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 71 def initialize(app, opts = {}) @app = app @opts = opts @opts[:no_session] = (@opts[:no_session] || []).map { |s| Regexp.new(s) } if @opts[:expire_after] @@expire_after = @opts[:expire_after] end @@active = true end |
Class Method Details
.[](key) ⇒ Object
DO NOT CALL DIRECTLY
51 52 53 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 51 def self.[](key) OMF::Web::SessionStore[key, :authenticator] end |
.[]=(key, value) ⇒ Object
DO NOT CALL DIRECTLY
57 58 59 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 57 def self.[]=(key, value) OMF::Web::SessionStore[key, :authenticator] = value end |
.active? ⇒ Boolean
Returns true if this Rack module has been instantiated in the current Rack stack.
24 25 26 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 24 def self.active? @@active end |
.authenticate ⇒ Object
Calling this method will authenticate the current session
37 38 39 40 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 37 def self.authenticate self[:authenticated] = true self[:valid_until] = Time.now + @@expire_after end |
.authenticated? ⇒ Boolean
Return true if the session is authenticated
30 31 32 33 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 30 def self.authenticated? debug "AUTH: #{self[:authenticated] == true}" self[:authenticated] == true end |
.logout ⇒ Object
Logging out will un-authenticate this session
44 45 46 47 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 44 def self.logout debug "LOGOUT" self[:authenticated] = false end |
Instance Method Details
#call(env) ⇒ Object
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 89 def call(env) #puts env.keys.inspect req = ::Rack::Request.new(env) path_info = req.path_info unless sid = req.['sid'] sid = "s#{(rand * 10000000).to_i}_#{(rand * 10000000).to_i}" end Thread.current["sessionID"] = sid # needed for Session Store unless @opts[:no_session].find {|rx| rx.match(path_info) } # If 'login_page_url' is defined, check if this session is authenticated login_url = @opts[:login_page_url] if login_url && login_url != req.path_info begin check_authenticated rescue AuthenticationFailedException => ex if err = self.class[:login_error] login_url = login_url + "?msg=#{err}" end headers = {'Location' => login_url, "Content-Type" => ""} Rack::Utils.(headers, 'sid', sid) return [301, headers, ['Login first']] end end end status, headers, body = @app.call(env) Rack::Utils.(headers, 'sid', sid) if sid [status, headers, body] end |
#check_authenticated ⇒ Object
81 82 83 84 85 86 87 |
# File 'lib/omf-web/rack/session_authenticator.rb', line 81 def check_authenticated authenticated = self.class[:authenticated] == true #puts "AUTHENTICATED: #{authenticated}" raise AuthenticationFailedException.new unless authenticated #self.class[:valid_until] = Time.now + @@expire_after end |