Roda::RodaPlugins::Auth::

InstanceMethods module

Roda Plugin API – declare methods added to Roda instances

Public Class Methods

included( mod )

Inclusion callback – add Loggability to including classes.

    # File lib/roda/plugins/auth.rb
300 def self::included( mod )
301     super
302     unless mod.respond_to?( :log_to )
303         mod.extend( Loggability )
304         mod.log_to( :ravn_tactical )
305     end
306 end

Public Instance Methods

auth( **options )

Set authentication for the current route. Calling this more than once is additive.

    # File lib/roda/plugins/auth.rb
311 def auth( **options )
312     options = request.roda_class.opts[ OPTIONS_KEY ].merge( options )
313 
314     # If the route specifies a scheme, only use it for challenges
315     if (route_scheme = options[:scheme])
316         available_schemes = options[:schemes].dup
317         options[:schemes] = available_schemes.delete_if {|key, _| key != route_scheme }
318     end
319 
320     self.log.debug "Applying registered auth schemes: %p" % [ options[:schemes] ]
321     unauthorized_response( **options ) unless request.authenticate( **options )
322     self.log.debug "Authentication succeeded."
323     forbidden_response( **options ) unless request.authorize( **options )
324     self.log.debug "Authorization succeeded."
325 end

forbidden_response( options )

Halt with a response that indicates that the provided credentials were not sufficient to allow access to the requested resource.

    # File lib/roda/plugins/auth.rb
357 def forbidden_response( options )
358     self.log.warn "Authorization failed; halting with a FORBIDDEN response."
359 
360     if (callback = options[:on_authz_failure])
361         callback.call( request )
362     end
363 
364     request.halt( 403, {}, 'Forbidden' )
365 end

no_auth_possible_response( options )

Halt with a response that indicates that no authentication is possible.

    # File lib/roda/plugins/auth.rb
329 def no_auth_possible_response( options )
330     self.log.warn "No auth schemes set; authentication is not possible."
331     request.halt( 403, {}, 'No authentication possible.' )
332 end

unauthorized_response( **options )

Halt with a response that indicates that the request lacks valid authentication credentials for the requested resource.

    # File lib/roda/plugins/auth.rb
337 def unauthorized_response( **options )
338     self.log.warn "Authentication failed. Sending UNAUTHORIZED response."
339     challenge = Roda::RodaPlugins::Auth.make_authenticate_header( **options )
340     self.log.debug "Auth challenge is: %p" % [ challenge ]
341 
342     if (callback = options[:on_auth_failure])
343         callback.call( request, challenge )
344     end
345 
346     if challenge
347         headers = { 'WWW-Authenticate' => challenge }
348         request.halt( 401, headers, 'Authentication required.' )
349     else
350         no_auth_possible_response( options )
351     end
352 end