class Tilia::Dav::Auth::Backend::AbstractBearer

HTTP Bearer authentication backend class

This class can be used by authentication objects wishing to use HTTP Bearer Most of the digest logic is handled, implementors just need to worry about the validateBearerToken method.

Attributes

realm[W]

Sets the authentication realm for this backend.

@param string realm @return void

Public Class Methods

new(*args) click to toggle source

TODO: document

Calls superclass method
# File lib/tilia/dav/auth/backend/abstract_bearer.rb, line 108
def initialize *args
  @realm = 'tilia/dav'
  super
end

Public Instance Methods

challenge(request, response) click to toggle source

This method is called when a user could not be authenticated, and authentication was required for the current request.

This gives you the opportunity to set authentication headers. The 401 status code will already be set.

In this case of Bearer Auth, this would for example mean that the following header needs to be set:

response.add_header('WWW-Authenticate', 'Bearer realm=SabreDAV')

Keep in mind that in the case of multiple authentication backends, other WWW-Authenticate headers may already have been set, and you'll want to append your own WWW-Authenticate header instead of overwriting the existing one.

@param RequestInterface request @param ResponseInterface response @return void

# File lib/tilia/dav/auth/backend/abstract_bearer.rb, line 98
def challenge(request, response)
  auth = Http::Auth::Bearer.new(
    @realm,
    request,
    response
  )
  auth.require_login
end
check(request, response) click to toggle source

When this method is called, the backend must check if authentication was successful.

The returned value must be one of the following

true, “principals/username”
false, “reason for failure”

If authentication was successful, it's expected that the authentication backend returns a so-called principal url.

Examples of a principal url:

principals/admin principals/user1 principals/users/joe principals/uid/123457

If you don't use WebDAV ACL (RFC3744) we recommend that you simply return a string such as:

principals/users/

@param RequestInterface request @param ResponseInterface response @return array

# File lib/tilia/dav/auth/backend/abstract_bearer.rb, line 59
def check(request, response)
  auth = Http::Auth::Bearer.new(
    @realm,
    request,
    response
  )

  bearer_token = auth.token
  if bearer_token.blank?
    return [false, "No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured"]
  end

  principal_url = validate_bearer_token(bearer_token)
  if principal_url.blank?
    return [false, "Bearer token was incorrect"]
  end

  return [true, principal_url]
end

Protected Instance Methods

validate_bearer_token(bearer_token) click to toggle source

Validates a Bearer token

This method should return the full principal url, or false if the token was incorrect.

@param string bearer_token @return string|false

# File lib/tilia/dav/auth/backend/abstract_bearer.rb, line 22
def validate_bearer_token(bearer_token)
end