module Thoth::Helper::Admin
The Admin
helper provides methods for checking for or requiring authorization from within other actions and views.
Public Instance Methods
auth_key()
click to toggle source
Generates and returns an auth key suitable for storage in a client-side auth cookie. The key is an SHA256 hash of the following elements:
- Thoth HOME_DIR path - user's IP address - AUTH_SEED from Thoth config - ADMIN_USER from Thoth config - ADMIN_PASS from Thoth config
# File lib/thoth/helper/admin.rb, line 43 def auth_key Digest::SHA256.hexdigest(HOME_DIR + request.ip + Config.admin['seed'] + Config.admin['user'] + Config.admin['pass']) end
auth_key_valid?()
click to toggle source
Validates the auth cookie and returns true
if the user is authenticated, false
otherwise.
# File lib/thoth/helper/admin.rb, line 50 def auth_key_valid? return false unless thoth_auth = cookie(:thoth_auth) thoth_auth == auth_key end
form_token()
click to toggle source
Returns a String that can be included in a hidden form field and used on submission to verify that the form was not submitted by an unauthorized third party.
# File lib/thoth/helper/admin.rb, line 58 def form_token cookie_token = cookie(:thoth_token) return cookie_token if cookie_token chaos = [srand, rand, Time.now.to_f, HOME_DIR].join cookie_token = Digest::SHA256.hexdigest(chaos) response.set_cookie(:thoth_token, :path => '/', :value => cookie_token ) cookie_token end
form_token_valid?(name = 'token')
click to toggle source
Checks the form token specified by name and returns true
if it's valid, false
otherwise.
# File lib/thoth/helper/admin.rb, line 75 def form_token_valid?(name = 'token') request[name] == form_token end
require_auth()
click to toggle source
Checks the auth cookie and redirects to the login page if the user is not authenticated.
# File lib/thoth/helper/admin.rb, line 81 def require_auth redirect(AdminController.r()) unless auth_key_valid? end