class MAuth::Client::LocalAuthenticator::SecurityTokenCacher

Public Class Methods

new(mauth_client) click to toggle source
# File lib/mauth/client/security_token_cacher.rb, line 9
def initialize(mauth_client)
  @mauth_client = mauth_client
  # TODO: should this be UnableToSignError?
  @mauth_client.assert_private_key(UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!"))
  @cache = {}
  require 'thread'
  @cache_write_lock = Mutex.new
end

Public Instance Methods

get(app_uuid) click to toggle source
# File lib/mauth/client/security_token_cacher.rb, line 18
def get(app_uuid)
  if !@cache[app_uuid]
    # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
    # app_uuid - probably not exploitable, but this is the right way to do it anyway.
    url_encoded_app_uuid = CGI.escape(app_uuid)
    begin
      response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json")
    rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
      msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
      @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
      raise UnableToAuthenticateError, msg
    end
    if response.status == 200
      @cache_write_lock.synchronize do
        @cache[app_uuid] = security_token_from(response.body)
      end
    elsif response.status == 404
      # signing with a key mAuth doesn't know about is considered inauthentic
      raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
    else
      @mauth_client.send(:mauth_service_response_error, response)
    end
  end
  @cache[app_uuid]
end

Private Instance Methods

security_token_from(response_body) click to toggle source
# File lib/mauth/client/security_token_cacher.rb, line 46
def security_token_from(response_body)
  JSON.parse response_body
rescue JSON::ParserError => e
  msg =  "mAuth service responded with unparseable json: #{response_body}\n#{e.class}: #{e.message}"
  @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
  raise UnableToAuthenticateError, msg
end
signed_mauth_connection() click to toggle source
# File lib/mauth/client/security_token_cacher.rb, line 54
def signed_mauth_connection
  require 'faraday'
  require 'mauth/faraday'
  @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path } if @mauth_client.ssl_certs_path
  @signed_mauth_connection ||= ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
    builder.use MAuth::Faraday::MAuthClientUserAgent
    builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
    builder.use :http_cache, serializer: Oj, logger: MAuth::Client.new.logger, shared_cache: false
    builder.adapter ::Faraday.default_adapter
  end
end