Strelka::HTTPRequest::

Auth

module
Included Modules
Strelka::Constants

The mixin that adds methods to Strelka::HTTPRequest for authentication/authorization.

Attributes

auth_provider[RW]

The Strelka::AuthProvider the app uses for authentication (if any)

authenticated?[RW]

The current session namespace

authenticated_user[RW]

The current session namespace

Public Class Methods

anchor
new( * )

Extension callback – add instance variables to extended objects.

# File lib/strelka/httprequest/auth.rb, line 14
def initialize( * )
        super
        @auth_provider = nil
        @authenticated_user = nil
end

Public Instance Methods

anchor
authenticate( options={}, &block )

Try to authenticate the request using the specified block. If a block is not provided, the authenticate method of the app's AuthProvider is used instead.

Valid options are:

:optional

if this is set to a true value, don't throw a 401 Requires Authentication if the authentication fails.

# File lib/strelka/httprequest/auth.rb, line 41
def authenticate( options={}, &block )
        block ||= self.auth_provider.method( :authenticate )
        result = block.call( self )

        finish_with( HTTP::UNAUTHORIZED, "Authorization failed" ) unless result || options[:optional]
        self.authenticated_user = result

        return result
end
anchor
authorize( *perms, &block )

Try to check authorization using the specified block. If a block is not provided, the authorize method of the app's AuthProvider is used instead. If the request doesn't already have an authenticated_user set, authenticate will be called with no arguments to try to provide one. The provided perms are passed either to the block or the AuthProvider if no block is given. If successful, the authenticated user that was used is returned.

# File lib/strelka/httprequest/auth.rb, line 58
def authorize( *perms, &block )
        if block
                results = block.call or
                        finish_with( HTTP::FORBIDDEN, "You are not authorized to access this resource." )
                return results
        else
                self.log.debug "Deferred authorization via %p" % [ self.auth_provider ]
                credentials = self.authenticated_user || self.authenticate
                self.auth_provider.authorize( credentials, self, perms )
                return credentials
        end
end