Class: Authentication::Strategies::ApiToken

Inherits:
Warden::Strategies::Base
  • Object
show all
Defined in:
lib/msf/core/web_services/authentication/strategies/api_token.rb

Direct Known Subclasses

AdminApiToken

Constant Summary collapse

AUTHORIZATION =
'HTTP_AUTHORIZATION'
AUTHORIZATION_SCHEME =
'Bearer'
TOKEN_QUERY_PARAM =
'token'

Instance Method Summary collapse

Instance Method Details

#auth_from_db(token) ⇒ Object

Authenticates the user associated with the API token from the DB


34
35
36
37
38
39
40
41
42
43
44
# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 34

def auth_from_db(token)
  db_manager = env['msf.db_manager']
  user = db_manager.users(persistence_token: token).first

  validation_data = validate_user(user)
  if validation_data[:valid]
    success!(user)
  else
    throw(:warden, message: validation_data[:message], code: validation_data[:code])
  end
end

#auth_from_env(token) ⇒ Object

Authenticates the API token from an environment variable


57
58
59
60
61
62
63
# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 57

def auth_from_env(token)
  if token == request.env['msf.api_token']
    success!(message: "Successful auth from token")
  else
    throw(:warden, message: 'Invalid API token.', code: 401)
  end
end

#authenticate!Object

Authenticate the request.


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 17

def authenticate!
  auth_initialized = request.env['msf.auth_initialized']
  authorization = request.env[AUTHORIZATION]
  if !auth_initialized
    success!({message: "Initialize authentication by creating an initial user account."})
  else
    if authorization.is_a?(String) && authorization.start_with?(AUTHORIZATION_SCHEME)
      token = authorization.sub(/^#{AUTHORIZATION_SCHEME}\s+/, '')
    else
      token = params[TOKEN_QUERY_PARAM]
    end

    request.env['msf.api_token'].nil? ? auth_from_db(token) : auth_from_env(token)
  end
end

#valid?Boolean

Check if request contains valid data and should be authenticated.

Returns:

  • (Boolean)

    true if strategy should be run for the request; otherwise, false.


10
11
12
13
14
# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 10

def valid?
  auth_initialized = request.env['msf.auth_initialized']
  authorization = request.env[AUTHORIZATION]
  !auth_initialized || (authorization.is_a?(String) && authorization.start_with?(AUTHORIZATION_SCHEME)) || !params[TOKEN_QUERY_PARAM].nil?
end

#validate_user(user) ⇒ Hash

Validates the user associated with the API token.

Parameters:

  • :valid (Hash)

    a customizable set of options

  • :code (Hash)

    a customizable set of options

  • :message (Hash)

    a customizable set of options

Returns:

  • (Hash)

    User validation data


52
53
54
# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 52

def validate_user(user)
  !user.nil? ? {valid: true, code: 0, message: nil} : {valid: false, code: 401, message: "Invalid API token."}
end