Class: Api::Authorization

Inherits:
Object
  • Object
show all
Defined in:
lib/api/authorization.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(controller) ⇒ Authorization


7
8
9
# File 'lib/api/authorization.rb', line 7

def initialize(controller)
  @controller = controller
end

Instance Attribute Details

#controllerObject (readonly)

Returns the value of attribute controller


5
6
7
# File 'lib/api/authorization.rb', line 5

def controller
  @controller
end

#user_loginObject (readonly)

Returns the value of attribute user_login


5
6
7
# File 'lib/api/authorization.rb', line 5

def 
  
end

Instance Method Details

#authenticateObject


11
12
13
14
15
16
17
18
19
20
21
22
23
# File 'lib/api/authorization.rb', line 11

def authenticate
  unless SETTINGS[:login]
    # We assume we always have a user logged in,
    # if authentication is disabled, the user is the build-in admin account.
    User.current = User.admin
  else
    return true if User.current && Rails.env.test?
    authorization_method = oauth? ? :oauth : :http_basic
    User.current         = send(authorization_method) || (return false)
  end

  return true
end

#authorizeObject


34
35
36
37
38
# File 'lib/api/authorization.rb', line 34

def authorize
  User.current.allowed_to?(
    :controller => controller.params[:controller].gsub(/::/, "_").underscore,
    :action     => controller.params[:action])
end

#http_basicObject


40
41
42
43
44
45
# File 'lib/api/authorization.rb', line 40

def http_basic
  controller.authenticate_with_http_basic do |u, p|
     = u
    User.(u, p)
  end
end

#is_admin?Boolean


25
26
27
28
29
30
31
32
# File 'lib/api/authorization.rb', line 25

def is_admin?
  return true unless SETTINGS[:login]
  return true if User.current && User.current.admin?
  authorization_method = oauth? ? :oauth : :http_basic
  User.current         = send(authorization_method) || (return false)
  return User.current.admin? if User.current
  return false
end

#oauthObject


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# File 'lib/api/authorization.rb', line 51

def oauth
  unless Setting['oauth_active']
    Rails.logger.warn 'Trying to authenticate with OAuth, but OAuth is not active'
    return nil
  end

  unless (incoming_key = OAuth::RequestProxy.proxy(controller.request).oauth_consumer_key) ==
      Setting['oauth_consumer_key']
    Rails.logger.warn "oauth_consumer_key should be '#{Setting['oauth_consumer_key']}' but was '#{incoming_key}'"
    return nil
  end

  if OAuth::Signature.verify(controller.request, :consumer_secret => Setting['oauth_consumer_secret'])
    user_name = controller.request.headers['foreman_user']
    if Setting['oauth_map_users'] && user_name != 'admin'
      User.(user_name).tap do |obj|
        Rails.logger.warn "Oauth: mapping to user '#{user_name}' failed" if obj.nil?
      end
    else
      User.admin
    end
  else
    Rails.logger.warn "OAuth signature verification failed."
    return nil
  end
end

#oauth?Boolean


47
48
49
# File 'lib/api/authorization.rb', line 47

def oauth?
  !!(controller.request.authorization =~ /^OAuth/)
end