AuthProvider

class
Superclass
Object
Included Modules
Strelka::Constants
Strelka::ResponseHelpers
Extended With
Loggability
Pluggability
Strelka::AbstractClass
Strelka::Delegation

This is the abstract base class for authentication and/or authorization providers for the :auth plugin.

To define your own authentication provider, you'll need to inherit this class (either directly or via a subclass), name it Strelka::AuthProvider::{Something}, save it in a file named strelka/authprovider/{something}.rb, and override the required methods.

Which methods you'll need to provide implementations for depends on whether your provider provides authentication, authorization, or both.

Authentication Providers

Authentication providers should override either one or both of the following methods, depending on whether they will provide authentication, authorization, or both:

Attributes

app[R]

The Strelka::App that the AuthProvider belongs to.

Public Class Methods

anchor
new( app )

Create a new AuthProvider for the given app.

# File lib/strelka/authprovider.rb, line 50
def initialize( app )
        @app = app
end

Public Instance Methods

anchor
auth_succeeded( request, credentials )

Callback for auth success; the auth provider should use this to add cookies, headers, or whatever to the request or response when the client becomes authenticated. This is a no-op by default.

# File lib/strelka/authprovider.rb, line 75
def auth_succeeded( request, credentials )
        self.log.info "Authentication for %p succeeded." % [ credentials ]
        # No-op by default
end
anchor
authenticate( request )

You should override this method if you want to authenticate the request. It should return a credentials object if authentication is successful, or a false value if it fails.

# File lib/strelka/authprovider.rb, line 66
def authenticate( request )
        self.log.debug "No authentication provided, returning anonymous credentials."
        return 'anonymous'
end
anchor
authorize( credentials, request, perms )

You should override this method if you want to provide authorization in your provider. The credentials will be the same object as the one returned by authenticate, the request is the current Strelka::HTTPRequest, and perms is the Array of Symbols the represents the permissions that apply to the request as specified by the application's require_perms_for and no_perms_for declarations, as an Array of Symbols.

The default behavior is to throw an 403 FORBIDDEN response if any perms were required.

# File lib/strelka/authprovider.rb, line 90
def authorize( credentials, request, perms )
        return true if perms.empty?
        self.require_authorization
end

Protected Instance Methods

anchor
require_authentication( challenge )

Throw a 401 (Unauthorized) response with the specified challenge as the www-Authenticate header.

# File lib/strelka/authprovider.rb, line 102
def require_authentication( challenge )
        finish_with( HTTP::AUTH_REQUIRED, "Requires authentication.", www_authenticate: challenge )
end
anchor
require_authorization( message="You are not authorized to access this resource." )

Throw a 403 (Forbidden) response with the specified message.

# File lib/strelka/authprovider.rb, line 108
def require_authorization( message="You are not authorized to access this resource." )
        finish_with( HTTP::FORBIDDEN, message )
end