diff options
author | mr <mr@mrautenberg.de> | 2010-12-14 16:39:01 +0100 |
---|---|---|
committer | mr <mr@mrautenberg.de> | 2010-12-14 16:39:01 +0100 |
commit | 2fb2f4cd34f499f8c9def5e4091cb5998794c595 (patch) | |
tree | 577ed6fb35aac7475507b0a4a04d89ebc63d4f73 /lib/helper.rb | |
parent | 4c2470353a1e3b69b4260d0052c9c48137ef76d3 (diff) |
rename token_id to subjectid
Diffstat (limited to 'lib/helper.rb')
-rw-r--r-- | lib/helper.rb | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index 42c35e8..6b616bc 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -1,32 +1,32 @@ helpers do # Authentification - def protected!(token_id) + def protected!(subjectid) if env["session"] flash[:notice] = "You don't have access to this section: " and \ redirect back and \ - return unless authorized?(token_id) - elsif !env["session"] && token_id + return unless authorized?(subjectid) + elsif !env["session"] && subjectid throw(:halt, [401, "Not authorized.\n"]) and \ redirect back and \ - return unless authorized?(token_id) + return unless authorized?(subjectid) end throw(:halt, [401, "Not authorized.\n"]) and \ - return unless authorized?(token_id) + return unless authorized?(subjectid) end - def authorized?(token_id) + def authorized?(subjectid) if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD']) - ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], token_id) - LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, token_id: #{token_id} with return #{ret}." + ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], subjectid) + LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return #{ret}." return ret end if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD']) - if OpenTox::Authorization.is_token_valid(token_id) + if OpenTox::Authorization.is_token_valid(subjectid) return true end end - LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{token_id}" + LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}" return false end @@ -41,9 +41,9 @@ helpers do end end - def check_token_id(token_id) - return false if !token_id - return true if token_id.size > 62 + def check_subjectid(subjectid) + return false if !subjectid + return true if subjectid.size > 62 false end end @@ -51,16 +51,16 @@ end before do unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) begin - token_id = session[:token_id] if session[:token_id] - token_id = params[:token_id] if params[:token_id] and !check_token_id(token_id) - token_id = request.env['HTTP_TOKEN_ID'] if request.env['HTTP_TOKEN_ID'] and !check_token_id(token_id) + subjectid = session[:subjectid] if session[:subjectid] + subjectid = params[:subjectid] if params[:subjectid] and !check_subjectid(subjectid) + subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid) # see http://rack.rubyforge.org/doc/SPEC.html - token_id = CGI.unescape(token_id) if token_id.include?("%23") + subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") rescue - LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO token_id." - token_id = "" + LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid." + subjectid = "" end - protected!(token_id) if AA_SERVER + protected!(subjectid) if AA_SERVER end end |