module Sinatra::Fx::Auth::Helpers

Public Instance Methods

authenticated?() click to toggle source
# File lib/sinatra/fx-auth.rb, line 11
def authenticated?
  authenticated  = false
  profile, token = token_credentials
  authenticated = profile.authenticate? token if profile         #, request.ip if profile
  log_authentication_failure profile, token unless authenticated #, request.ip unless authenticated
  authenticated
end
authorized?(*roles) click to toggle source
# File lib/sinatra/fx-auth.rb, line 20
def authorized? *roles
  authorized     = false
  profile, token = token_credentials
  authorized = profile.authorized? roles if profile
  log_authorization_failure profile, roles unless authorized
  authorized
end

Private Instance Methods

error_message() click to toggle source
# File lib/sinatra/fx-auth.rb, line 57
def error_message
  message = env['sinatra.error'].message
  logger.error '### Error: ' + message + ' ###'
  {:error => message}.to_json
end
find_user() click to toggle source
# File lib/sinatra/fx-auth.rb, line 64
def find_user
  profile = Auth::UserProfile.get params[:id]
  raise Auth::MissingUserError unless profile
  profile
end
log_authentication_failure(profile, token) click to toggle source
# File lib/sinatra/fx-auth.rb, line 95
def log_authentication_failure profile, token #, ip_address
  logger.warn '### BEGIN Authentication FAILURE ###'
  if profile
    logger.warn '      Profile: ' + profile.id.to_s
    logger.warn '      Status: ' + profile.status.to_s if profile.status != :online
    if profile.pass_key
      logger.warn '      Token: ' + profile.pass_key.token + ' != Attempted: ' + token if profile.pass_key.token != token
      logger.warn '      Expired: ' + profile.pass_key.expires.to_s + ' < ' + Time.now.to_s if profile.pass_key.expired?
      #logger.warn '      IP: ' + profile.pass_key.ip_address.to_s + ' != Attempted: ' + ip_address if profile.pass_key.ip_address != ip_address
    else
      logger.warn '      PassKey: Missing'
    end
  else
    logger.warn '      Profile: Not Found'
  end
  logger.warn '### END   Authentication FAILURE ###'
end
log_authorization_failure(profile, allowed_roles) click to toggle source
# File lib/sinatra/fx-auth.rb, line 114
def log_authorization_failure profile, allowed_roles
  logger.warn '### BEGIN Authorization FAILURE ###'
  if profile
    profile_roles = []
    profile.roles.each { |role| profile_roles.push role.name.to_sym }
    logger.warn '      Profile: ' + profile.id.to_s
    logger.warn '      Allowed Roles: ' + allowed_roles.to_s
    logger.warn '      Profile Roles: ' + profile_roles.to_s
  else
    logger.warn '      Profile: Not Found'
  end
  logger.warn '### END   Authorization FAILURE ###'
end
param_credentials() click to toggle source
# File lib/sinatra/fx-auth.rb, line 43
def param_credentials
  return params[:profile][:email], params[:profile][:pass_phrase]
end
pass_key_exclusions() click to toggle source
# File lib/sinatra/fx-auth.rb, line 85
def pass_key_exclusions
  [
      :id,
      :created_at,
      :updated_at,
      :user_profile_id
  ]
end
profile_exclusions() click to toggle source
# File lib/sinatra/fx-auth.rb, line 71
def profile_exclusions
  [
      :created_at,
      :updated_at,
      :email_verification_code,
      :pass_phrase,
      :pass_phrase_crypt,
      :pass_phrase_expires_at,
      :sign_on_attempts,
      :locked_until
  ]
end
token_credentials() click to toggle source
# File lib/sinatra/fx-auth.rb, line 32
def token_credentials
  profile = nil
  token   = request.env['HTTP_X_AUTH_TOKEN']
  unless token.nil?
    passkey = Auth::PassKey.first :token => token
    profile = passkey.user_profile if passkey
  end
  return profile, token
end
valid_params?() click to toggle source
# File lib/sinatra/fx-auth.rb, line 48
def valid_params?
  # TODO Handle JSON body as well as FORM encoding
  #  request.body.rewind  # in case someone already read it
  #  profile = JSON.parse request.body.read

  params[:profile] and params[:profile][:email] and params[:profile][:pass_phrase]
end