Class: Msf::WebServices::Authentication::Strategies::ApiToken

Inherits:

Warden::Strategies::Base

• Object
• Warden::Strategies::Base
• Msf::WebServices::Authentication::Strategies::ApiToken

Defined in:

lib/msf/core/web_services/authentication/strategies/api_token.rb

Direct Known Subclasses

AdminApiToken

Constant Summary

AUTHORIZATION =

'HTTP_AUTHORIZATION'

AUTHORIZATION_SCHEME =

'Bearer'

TOKEN_QUERY_PARAM =

'token'

Instance Method Summary

• #auth_from_db(token) ⇒ Object

  Authenticates the user associated with the API token from the DB.

• #auth_from_env(token) ⇒ Object

  Authenticates the API token from an environment variable.

• #authenticate! ⇒ Object

  Authenticate the request.

• #valid? ⇒ Boolean

  Check if request contains valid data and should be authenticated.

• #validate_user(user) ⇒ Hash

  Validates the user associated with the API token.

Instance Method Details

#auth_from_db(token) ⇒ Object

Authenticates the user associated with the API token from the DB

# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 34

def auth_from_db(token)
  db_manager = env['msf.db_manager']
  user = db_manager.users(persistence_token: token).first

  validation_data = validate_user(user)
  if validation_data[:valid]
    success!(user)
  else
    throw(:warden, message: validation_data[:message], code: validation_data[:code])
  end
end

#auth_from_env(token) ⇒ Object

Authenticates the API token from an environment variable

# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 57

def auth_from_env(token)
  if token == request.env['msf.api_token']
    success!(message: "Successful auth from token")
  else
    throw(:warden, message: 'Invalid API token.', code: 401)
  end
end

#authenticate! ⇒ Object

Authenticate the request.

# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 17

def authenticate!
  auth_initialized = request.env['msf.auth_initialized']
  authorization = request.env[AUTHORIZATION]
  if !auth_initialized
    success!({message: "Initialize authentication by creating an initial user account."})
  else
    if authorization.is_a?(String) && authorization.start_with?(AUTHORIZATION_SCHEME)
      token = authorization.sub(/^#{AUTHORIZATION_SCHEME}\s+/, '')
    else
      token = params[TOKEN_QUERY_PARAM]
    end

    request.env['msf.api_token'].nil? ? auth_from_db(token) : auth_from_env(token)
  end
end

#valid? ⇒ Boolean

Check if request contains valid data and should be authenticated.

Returns:

• (Boolean) —

  true if strategy should be run for the request; otherwise, false.

# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 10

def valid?
  auth_initialized = request.env['msf.auth_initialized']
  authorization = request.env[AUTHORIZATION]
  !auth_initialized || (authorization.is_a?(String) && authorization.start_with?(AUTHORIZATION_SCHEME)) || !params[TOKEN_QUERY_PARAM].nil?
end

#validate_user(user) ⇒ Hash

Validates the user associated with the API token.

Parameters:

• :valid (Hash) —

  a customizable set of options

• :code (Hash) —

  a customizable set of options

• :message (Hash) —

  a customizable set of options

Returns:

• (Hash) —

  User validation data

# File 'lib/msf/core/web_services/authentication/strategies/api_token.rb', line 52

def validate_user(user)
  !user.nil? ? {valid: true, code: 0, message: nil} : {valid: false, code: 401, message: "Invalid API token."}
end