module Webmachine::Resource::Authentication

Helper methods that can be included in your {Webmachine::Resource} to assist in performing HTTP Authentication.

Constants

BASIC_HEADER

Pattern for matching Authorization headers that use the Basic auth scheme.

Public Instance Methods

basic_auth(header, realm = 'Webmachine') { |*$unpack1('m*').split(/:/, 2)| ... } click to toggle source

A simple implementation of HTTP Basic auth. Call this from the {Webmachine::Resource::Callbacks#is_authorized?} callback, giving it a block which will be yielded the username and password and return true or false. @param [String] header the value of the Authentication request

header, passed to the {Callbacks#is_authorized?} callback.

@param [String] realm the “realm”, or description of the

resource that requires authentication

@return [true, String] true if the client is authorized, or

the appropriate WWW-Authenticate header

@yield [user, password] a block that will verify the client-provided user/password

against application constraints

@yieldparam [String] user the passed username @yieldparam [String] password the passed password @yieldreturn [true,false] whether the username/password is correct

# File lib/webmachine/resource/authentication.rb, line 26
def basic_auth(header, realm = 'Webmachine')
  if header =~ BASIC_HEADER && yield(*$1.unpack1('m*').split(/:/, 2))
    true
  else
    %(Basic realm="#{realm}")
  end
end