diff options
author | mr <mr@mrautenberg.de> | 2010-12-10 17:19:35 +0100 |
---|---|---|
committer | mr <mr@mrautenberg.de> | 2010-12-10 17:19:35 +0100 |
commit | de12a8002ebc0bf4018588deafd5057b6478f414 (patch) | |
tree | 395d7fb95ba51059fedec18229b09445043d1336 | |
parent | 3dd413a79d8ef32c8bf0426228e34d87bdcd5a6b (diff) |
A&A configuration options / request script_uri replaced
-rw-r--r-- | lib/helper.rb | 40 | ||||
-rw-r--r-- | lib/templates/config.yaml | 13 |
2 files changed, 33 insertions, 20 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index 11f790b..6247460 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -1,30 +1,32 @@ helpers do - # Authentification + # Authentification def protected!(token_id) - if env["session"] + if env["session"] flash[:notice] = "You don't have access to this section: " and \ redirect back and \ return unless authorized?(token_id) + elsif !env["session"] && token_id + throw(:halt, [401, "Not authorized.\n"]) and \ + redirect back and \ + return unless authorized?(token_id) end - throw(:halt, [401, "Not authorized\n"]) and \ + throw(:halt, [401, "Not authorized.\n"]) and \ return unless authorized?(token_id) end - + def authorized?(token_id) - case request.env['REQUEST_METHOD'] - when "DELETE", "PUT" - ret = OpenTox::Authorization.authorize(request.env['SCRIPT_URI'], request.env['REQUEST_METHOD'], token_id) - LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['SCRIPT_URI']}, token_id: #{token_id} with return #{ret}." + if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD']) + ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], token_id) + LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, token_id: #{token_id} with return #{ret}." return ret - when "POST", "HEAD" + end + if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD']) if OpenTox::Authorization.is_token_valid(token_id) - LOGGER.debug "OpenTox helpers OpenTox::Authorization.is_token_valid: true" return true end - LOGGER.warn "OpenTox helpers POST on #{request.env['SCRIPT_URI']} with token_id: #{token_id} false." - end - LOGGER.debug "Not authorized for: 1. #{request['SCRIPT_URI']} 2. #{request.env['SCRIPT_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{token_id}" + end + LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{token_id}" return false end @@ -32,7 +34,7 @@ helpers do case env['REQUEST_URI'] when /\/login$|\/logout$|\/predict$|\/upload$/ return true - when /\/compound|\/feature|\/task|\/toxcreate/ #to fix: read from config | validation should be protected + when /\/compound|\/feature|\/task|\/toxcreate/ #to fix: read from config | validation should be protected return true else return false @@ -43,24 +45,22 @@ helpers do return false if !token_id return true if token_id.size > 62 false - end + end end before do - - unless unprotected_requests or env['REQUEST_METHOD'] == "GET" + unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) begin token_id = session[:token_id] if session[:token_id] token_id = params[:token_id] if params[:token_id] and !check_token_id(token_id) token_id = request.env['HTTP_TOKEN_ID'] if request.env['HTTP_TOKEN_ID'] and !check_token_id(token_id) # see http://rack.rubyforge.org/doc/SPEC.html - token_id = CGI.unescape(token_id) if token_id.include?("%23") + token_id = CGI.unescape(token_id) if token_id.include?("%23") rescue - LOGGER.debug "OpenTox api wrapper: helper before filter: NO token_id." + LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO token_id." token_id = "" end protected!(token_id) if AA_SERVER end - end diff --git a/lib/templates/config.yaml b/lib/templates/config.yaml index 00c00cb..db11006 100644 --- a/lib/templates/config.yaml +++ b/lib/templates/config.yaml @@ -39,3 +39,16 @@ # Uncomment for verbose logging # :logger: debug + +# OpenSSO Authorization +# set ":server: nil" to disable A&A +:authorization: + :server: "https://opensso.in-silico.ch" + :free_request: #not controlled by A&A + - "GET" + :authenticate_request: #only for authenticated user + - "POST" + :authorize_request: #only for authenticated and authorizeduser + - "DELETE" + - "PUT" +
\ No newline at end of file |