Class methods to add to app classes that enable Auth
The Strelka::AuthProvider subclass that will be used to provide authentication and authorization to instances of the app.
Hashes of criteria for applying and skipping auth for a request, keyed by request pattern
Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern
Hashes of criteria for applying and skipping auth for a request, keyed by request pattern
Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern
Extension callback – register objects that are extended so when the auth plugin is configured, it can set the configured auto provider.
# File lib/strelka/app/auth.rb, line 276
def self::extended( obj )
super
Strelka::App::Auth.extended_apps << obj
obj.auth_provider = Strelka::App::Auth::DEFAULT_AUTH_PROVIDER
endGet/set the AuthProvider for the app to type, where
type can be an AuthProvider class object or the name of one.
# File lib/strelka/app/auth.rb, line 320
def auth_provider=( type )
@auth_provider = Strelka::AuthProvider.get_subclass( type )
self.log.debug "Auth provider set to %p" % [ @auth_provider ]
return @auth_provider
endReturns true if there are any criteria for determining whether
or not a request needs auth.
# File lib/strelka/app/auth.rb, line 329
def has_auth_criteria?
return self.has_positive_auth_criteria? || self.has_negative_auth_criteria?
endReturns true if the app has been set up so that all methods
but ones that match declared criteria require auth.
# File lib/strelka/app/auth.rb, line 343
def has_negative_auth_criteria?
return !self.negative_auth_criteria.empty?
endReturns true if the app has been set up so that only some
methods require auth.
# File lib/strelka/app/auth.rb, line 336
def has_positive_auth_criteria?
return !self.positive_auth_criteria.empty?
endExtension callback – add instance variables to extending objects.
# File lib/strelka/app/auth.rb, line 307
def inherited( subclass )
super
Strelka::App::Auth.extended_apps << subclass
subclass.instance_variable_set( :@auth_provider, @auth_provider )
subclass.instance_variable_set( :@positive_auth_criteria, @positive_auth_criteria.dup )
subclass.instance_variable_set( :@negative_auth_criteria, @negative_auth_criteria.dup )
subclass.instance_variable_set( :@positive_perms_criteria, @positive_perms_criteria.dup )
subclass.instance_variable_set( :@negative_perms_criteria, @negative_perms_criteria.dup )
endConstrain authentication to apply to requests except those
whose #app_path
matches the given string or regexp, and/or for
which the given block returns a true value.
# File lib/strelka/app/auth.rb, line 390
def no_auth_for( *criteria, &block )
if self.has_positive_auth_criteria?
raise ScriptError,
"defining both positive and negative auth criteria is unsupported."
end
criteria << nil if criteria.empty?
block ||= Proc.new { true }
criteria.each do |pattern|
pattern.gsub!( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub! )
self.log.debug " adding no_auth for %p" % [ pattern ]
self.negative_auth_criteria[ pattern ] = block
end
endRegister one or more exceptions to the permissions policy in effect for
requests whose #app_path matches the
specified pattern. The block form should return
true if the request it's called with should be allowed
without authorization checks.
# File lib/strelka/app/auth.rb, line 431
def no_perms_for( pattern=nil, &block )
raise LocalJumpError, "no block or pattern given" unless pattern || block
block ||= Proc.new { true }
pattern ||= /(?##{block.object_id})/
pattern.gsub!( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub! )
self.log.debug " adding no_auth for %p" % [ pattern ]
self.negative_perms_criteria << [ pattern, block ]
endConstrain authentication to apply only to requests whose #app_path matches the
given string or regexp, and/or for which the
given block returns a true value. regexp patterns
are matched as-is, and string patterns are matched exactly via
== after stripping leading and trailing '/' characters
from both it and the app_path. NOTE: using this
declaration inverts the default security policy of restricting access to
all requests.
# File lib/strelka/app/auth.rb, line 362
def require_auth_for( *criteria, &block )
if self.has_negative_auth_criteria?
raise ScriptError,
"defining both positive and negative auth criteria is unsupported."
end
criteria << nil if criteria.empty?
block ||= Proc.new { true }
criteria.each do |pattern|
pattern.gsub!( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub! )
self.log.debug " adding require_auth for %p" % [ pattern ]
self.positive_auth_criteria[ pattern ] = block
end
endConstrain authorization to apply only to requests which match the given
pattern. The pattern is either a String or a
Regexp which is tested against the request’s
#app_path. The perms should be Symbols which indicate a
set of permission types that must have been granted in order to carry out
the request. The block, if given, should evaluate to true if
the request should undergo authorization, or false if it should not.
NOTE: using this declaration inverts the default security
policy of restricting access to all requests.
# File lib/strelka/app/auth.rb, line 415
def require_perms_for( pattern=nil, *perms, &block )
block ||= Proc.new {
self.log.debug " using default perms: %p" % [ perms ]
true
}
pattern.gsub!( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub! )
self.log.debug " adding require_perms (%p) for %p" % [ perms, pattern ]
self.positive_perms_criteria << [ pattern, block, perms.freeze ]
end