class Strelka::AuthProvider::Basic
HTTP Basic
AuthProvider class – a base class for RFC2617 Basic
HTTP Authentication providers for the Streka :auth plugin.
Configuration¶ ↑
The configuration for this provider is read from the 'basicauth' section of the config, and may contain the following keys:
- [realm]
-
the HTTP
Basic
realm. Defaults to the app's application ID - [users]
-
a Hash of username: SHA1+Base64'ed passwords
An example:
-- auth: provider: basic basicauth: realm: Acme Admin Console users: mgranger: "9d5lIumnMJXmVT/34QrMuyj+p0E=" jblack: "1pAnQNSVtpL1z88QwXV4sG8NMP8=" kmurgen: "MZj9+VhZ8C9+aJhmwp+kWBL76Vs="
Caveats¶ ↑
This auth provider is intended as documentation and demonstration only; you should use a more cryptographically secure strategy for real-world applications.
Constants
- CONFIG_DEFAULTS
Configurability API – configuration defaults
Public Class Methods
Configurability API – configure the auth provider instance.
# File lib/strelka/authprovider/basic.rb, line 66 def self::configure( config=nil ) if config && config[:realm] self.log.debug "Configuring Basic authprovider: %p" % [ config ] self.realm = config[:realm] self.users = config[:users] else self.log.warn "No 'basicauth' config section; using the (empty) defaults" self.realm = nil self.users = {} end end
Public Instance Methods
Check the authentication present in request
(if any) for validity, returning the authenticating user's name if authentication succeeds.
# File lib/strelka/authprovider/basic.rb, line 90 def authenticate( request ) authheader = request.header.authorization or self.log_failure "No authorization header in the request." # Extract the credentials bit base64_userpass = authheader[ /^\s*Basic\s+(\S+)$/i, 1 ] or self.log_failure "Invalid Basic Authorization header (%p)" % [ authheader ] # Unpack the username and password credentials = base64_userpass.unpack( 'm' ).first self.log_failure "Malformed credentials %p" % [ credentials ] unless credentials.index(':') # Split the credentials, check for valid user username, password = credentials.split( ':', 2 ) self.check_password( username, password ) # Success! self.auth_succeeded( request, username ) return username end
The authentication realm
# File lib/strelka/authprovider/basic.rb, line 62 singleton_attr_accessor :realm
The Hash of users and their SHA1+Base64'ed passwords
# File lib/strelka/authprovider/basic.rb, line 58 singleton_attr_accessor :users
Protected Instance Methods
Return true
if the given password
is valid for the specified username
. Always returns false for non-existant users.
# File lib/strelka/authprovider/basic.rb, line 119 def check_password( username, password ) digest = self.class.users[ username ] or self.log_failure "No such user %p." % [ username ] # Fail if the password's hash doesn't match self.log_failure "Password mismatch." unless digest == Digest::SHA1.base64digest( password ) return true end
Syntax sugar to allow returning 'false' while logging a reason for doing so. Log a message at 'info' level and return false.
# File lib/strelka/authprovider/basic.rb, line 133 def log_failure( reason ) self.log.warn "Auth failure: %s" % [ reason ] header = "Basic realm=%s" % [ self.class.realm || self.app.conn.app_id ] finish_with( HTTP::AUTH_REQUIRED, "Requires authentication.", www_authenticate: header ) end