diff options
Diffstat (limited to 'lib/helper.rb')
-rw-r--r-- | lib/helper.rb | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index afeeb43..5a2436f 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -9,6 +9,7 @@ helpers do end elsif !env["session"] && subjectid unless authorized?(subjectid) + LOGGER.debug "URI not authorized: clean: " + clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}").to_s + " full: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']} with request: #{request.env['REQUEST_METHOD']}" raise OpenTox::NotAuthorizedError.new "Not authorized" end else @@ -27,29 +28,23 @@ helpers do #cleans URI from querystring and file-extension. Sets port 80 to emptystring # @param [String] uri def clean_uri(uri) + uri = uri.sub(" ", "%20") #dirty hacks => to fix + uri = uri[0,uri.index("InChI=")] if uri.index("InChI=") + out = URI.parse(uri) - out.path = out.path[0, out.path.rindex(/[0-9]/) + 1] if out.path.rindex(/[0-9]/) #cuts after id for a&a - "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path}" + out.path = out.path[0, out.path.length - (out.path.reverse.rindex(/\/{1}\d+\/{1}/))] if out.path.index(/\/{1}\d+\/{1}/) #cuts after /id/ for a&a + "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path.chomp('/')}" end - #unprotected uris for login/logout, webapplication ... - def unprotected_requests - case env['REQUEST_URI'] - when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/ - return true - when /\/features/ - return false - when /\/compound|\/feature|\/task|\/toxcreate/ #to fix: read from config | validation should be protected - return true - else - return false - end + #unprotected uri for login + def login_requests + return env['REQUEST_URI'] =~ /\/login$/ end end before do - unless !AA_SERVER or unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) + unless !AA_SERVER or login_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) begin subjectid = nil subjectid = session[:subjectid] if session[:subjectid] @@ -59,7 +54,7 @@ before do subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") @subjectid = subjectid rescue - LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid for URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}" + #LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid for URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}" subjectid = "" end @subjectid = subjectid |