Class: Warden::Strategies::HMAC::Query
- Defined in:
- lib/hmac/strategies/query.rb
Overview
Implements query-based hmac authentication for warden. The strategy is registered as ‘:hmac_query` in the warden strategy list.
Instance Method Summary collapse
-
#auth_info ⇒ Hash
retrieve the authentication information from the request.
-
#has_signature? ⇒ Bool
Checks that the request contains a signature.
-
#nonce ⇒ String
retrieve the nonce from the request.
-
#request_timestamp ⇒ String
retrieve the request timestamp as string.
-
#signature_valid? ⇒ Bool
Check that the signature given in the request is valid.
-
#valid? ⇒ Bool
Checks that this strategy applies.
Methods inherited from Base
#authenticate!, #debug, #headers, #logger, #params, #request_method, #retrieve_user
Instance Method Details
#auth_info ⇒ Hash
retrieve the authentication information from the request
41 42 43 |
# File 'lib/hmac/strategies/query.rb', line 41 def auth_info params[auth_param] || {} end |
#has_signature? ⇒ Bool
Checks that the request contains a signature
27 28 29 |
# File 'lib/hmac/strategies/query.rb', line 27 def has_signature? auth_info.include? "signature" end |
#nonce ⇒ String
retrieve the nonce from the request
48 49 50 |
# File 'lib/hmac/strategies/query.rb', line 48 def nonce auth_info["nonce"] || "" end |
#request_timestamp ⇒ String
retrieve the request timestamp as string
55 56 57 |
# File 'lib/hmac/strategies/query.rb', line 55 def auth_info["date"] || "" end |
#signature_valid? ⇒ Bool
Check that the signature given in the request is valid.
34 35 36 |
# File 'lib/hmac/strategies/query.rb', line 34 def signature_valid? hmac.validate_url_signature(request.url, secret) end |
#valid? ⇒ Bool
Checks that this strategy applies. Tests that the required authentication information was given.
17 18 19 20 21 22 |
# File 'lib/hmac/strategies/query.rb', line 17 def valid? valid = has_signature? valid = valid && if check_ttl? valid = valid && has_nonce? if nonce_required? valid end |