diff options
Diffstat (limited to 'lib/helper.rb')
-rw-r--r-- | lib/helper.rb | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index afeeb43..0bb489c 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -9,6 +9,7 @@ helpers do end elsif !env["session"] && subjectid unless authorized?(subjectid) + LOGGER.debug "URI not authorized: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']} with request: #{request.env['REQUEST_METHOD']}" raise OpenTox::NotAuthorizedError.new "Not authorized" end else @@ -29,27 +30,18 @@ helpers do def clean_uri(uri) out = URI.parse(uri) out.path = out.path[0, out.path.rindex(/[0-9]/) + 1] if out.path.rindex(/[0-9]/) #cuts after id for a&a - "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path}" + "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path.chomp('/')}" end - #unprotected uris for login/logout, webapplication ... - def unprotected_requests - case env['REQUEST_URI'] - when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/ - return true - when /\/features/ - return false - when /\/compound|\/feature|\/task|\/toxcreate/ #to fix: read from config | validation should be protected - return true - else - return false - end + #unprotected uri for login + def login_requests + return env['REQUEST_URI'] =~ /\/login$/ end end before do - unless !AA_SERVER or unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) + unless !AA_SERVER or login_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) begin subjectid = nil subjectid = session[:subjectid] if session[:subjectid] |