A&A configuration options / request script_uri replaced

author: mr <mr@mrautenberg.de> 2010-12-10 17:19:35 +0100
committer: mr <mr@mrautenberg.de> 2010-12-10 17:19:35 +0100
commit: de12a8002ebc0bf4018588deafd5057b6478f414 (patch)
tree: 395d7fb95ba51059fedec18229b09445043d1336
parent: 3dd413a79d8ef32c8bf0426228e34d87bdcd5a6b (diff)
2 files changed, 33 insertions, 20 deletions
diff --git a/lib/helper.rb b/lib/helper.rb
index 11f790b..6247460 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -1,30 +1,32 @@
 helpers do
 
-	# Authentification
+  # Authentification
   def protected!(token_id)
-    if env["session"] 
+    if env["session"]
       flash[:notice] = "You don't have access to this section: " and \
       redirect back and \
       return unless authorized?(token_id)
+    elsif !env["session"] && token_id
+      throw(:halt, [401, "Not authorized.\n"]) and \
+      redirect back and \
+      return unless authorized?(token_id)
     end
-    throw(:halt, [401, "Not authorized\n"]) and \
+    throw(:halt, [401, "Not authorized.\n"]) and \
     return unless authorized?(token_id)
   end
- 
+
   def authorized?(token_id)
-    case request.env['REQUEST_METHOD']    
-    when "DELETE", "PUT"
-      ret = OpenTox::Authorization.authorize(request.env['SCRIPT_URI'], request.env['REQUEST_METHOD'], token_id)
-      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['SCRIPT_URI']}, token_id: #{token_id} with return #{ret}." 
+    if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD'])
+      ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], token_id)
+      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, token_id: #{token_id} with return #{ret}."
       return ret
-    when "POST", "HEAD"
+    end
+    if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD'])
       if OpenTox::Authorization.is_token_valid(token_id)
-        LOGGER.debug "OpenTox helpers OpenTox::Authorization.is_token_valid: true"  
         return true
       end
-      LOGGER.warn "OpenTox helpers POST on #{request.env['SCRIPT_URI']} with token_id: #{token_id} false."  
-    end 
-    LOGGER.debug "Not authorized for: 1. #{request['SCRIPT_URI']} 2. #{request.env['SCRIPT_URI']}  with Method: #{request.env['REQUEST_METHOD']} with Token #{token_id}"
+    end
+    LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{token_id}"
     return false
   end
 
@@ -32,7 +34,7 @@ helpers do
     case  env['REQUEST_URI']
     when /\/login$|\/logout$|\/predict$|\/upload$/
       return true
-    when /\/compound|\/feature|\/task|\/toxcreate/   #to fix: read from config | validation should be protected 
+    when /\/compound|\/feature|\/task|\/toxcreate/   #to fix: read from config | validation should be protected
       return true
     else
       return false
@@ -43,24 +45,22 @@ helpers do
     return false if !token_id
     return true if token_id.size > 62
     false
-  end  
+  end
 end
 
 before do
-
-  unless unprotected_requests or env['REQUEST_METHOD'] == "GET"
+  unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
       token_id = session[:token_id] if session[:token_id]
       token_id = params[:token_id]  if params[:token_id]  and !check_token_id(token_id)
       token_id = request.env['HTTP_TOKEN_ID'] if request.env['HTTP_TOKEN_ID'] and !check_token_id(token_id)
       # see http://rack.rubyforge.org/doc/SPEC.html
-      token_id = CGI.unescape(token_id) if token_id.include?("%23") 
+      token_id = CGI.unescape(token_id) if token_id.include?("%23")
     rescue
-      LOGGER.debug "OpenTox api wrapper: helper before filter: NO token_id." 
+      LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO token_id."
       token_id = ""
     end
     protected!(token_id) if AA_SERVER
   end
-	    
 end
 
diff --git a/lib/templates/config.yaml b/lib/templates/config.yaml
index 00c00cb..db11006 100644
--- a/lib/templates/config.yaml
+++ b/lib/templates/config.yaml
@@ -39,3 +39,16 @@
 
 # Uncomment for verbose logging
 # :logger: debug
+
+# OpenSSO Authorization
+# set ":server: nil" to disable A&A
+:authorization:
+  :server: "https://opensso.in-silico.ch"
+  :free_request: #not controlled by A&A
+    - "GET"  
+  :authenticate_request: #only for authenticated user
+    - "POST"
+  :authorize_request:  #only for authenticated and authorizeduser
+    - "DELETE"
+    - "PUT"
+  
+\ No newline at end of file
author	mr <mr@mrautenberg.de>	2010-12-10 17:19:35 +0100
committer	mr <mr@mrautenberg.de>	2010-12-10 17:19:35 +0100
commit	de12a8002ebc0bf4018588deafd5057b6478f414 (patch)
tree	395d7fb95ba51059fedec18229b09445043d1336
parent	3dd413a79d8ef32c8bf0426228e34d87bdcd5a6b (diff)