module Thoth::Helper::Admin

The Admin helper provides methods for checking for or requiring authorization from within other actions and views.

Public Instance Methods

auth_key() click to toggle source

Generates and returns an auth key suitable for storage in a client-side auth cookie. The key is an SHA256 hash of the following elements:

- Thoth HOME_DIR path
- user's IP address
- AUTH_SEED from Thoth config
- ADMIN_USER from Thoth config
- ADMIN_PASS from Thoth config
# File lib/thoth/helper/admin.rb, line 43
def auth_key
  Digest::SHA256.hexdigest(HOME_DIR + request.ip + Config.admin['seed'] +
      Config.admin['user'] + Config.admin['pass'])
end
auth_key_valid?() click to toggle source

Validates the auth cookie and returns true if the user is authenticated, false otherwise.

# File lib/thoth/helper/admin.rb, line 50
def auth_key_valid?
  return false unless thoth_auth = cookie(:thoth_auth)
  thoth_auth == auth_key
end
form_token() click to toggle source

Returns a String that can be included in a hidden form field and used on submission to verify that the form was not submitted by an unauthorized third party.

# File lib/thoth/helper/admin.rb, line 58
def form_token
  cookie_token = cookie(:thoth_token)
  return cookie_token if cookie_token

  chaos = [srand, rand, Time.now.to_f, HOME_DIR].join
  cookie_token = Digest::SHA256.hexdigest(chaos)

  response.set_cookie(:thoth_token,
      :path  => '/',
      :value => cookie_token
    )

  cookie_token
end
form_token_valid?(name = 'token') click to toggle source

Checks the form token specified by name and returns true if it's valid, false otherwise.

# File lib/thoth/helper/admin.rb, line 75
def form_token_valid?(name = 'token')
  request[name] == form_token
end
require_auth() click to toggle source

Checks the auth cookie and redirects to the login page if the user is not authenticated.

# File lib/thoth/helper/admin.rb, line 81
def require_auth
  redirect(AdminController.r()) unless auth_key_valid?
end