summaryrefslogtreecommitdiff
path: root/lib/helper.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/helper.rb')
-rw-r--r--lib/helper.rb42
1 files changed, 21 insertions, 21 deletions
diff --git a/lib/helper.rb b/lib/helper.rb
index 6247460..965b4ad 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -1,38 +1,38 @@
helpers do
# Authentification
- def protected!(token_id)
+ def protected!(subjectid)
if env["session"]
flash[:notice] = "You don't have access to this section: " and \
redirect back and \
- return unless authorized?(token_id)
- elsif !env["session"] && token_id
+ return unless authorized?(subjectid)
+ elsif !env["session"] && subjectid
throw(:halt, [401, "Not authorized.\n"]) and \
redirect back and \
- return unless authorized?(token_id)
+ return unless authorized?(subjectid)
end
throw(:halt, [401, "Not authorized.\n"]) and \
- return unless authorized?(token_id)
+ return unless authorized?(subjectid)
end
- def authorized?(token_id)
+ def authorized?(subjectid)
if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD'])
- ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], token_id)
- LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, token_id: #{token_id} with return #{ret}."
+ ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], subjectid)
+ LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return #{ret}."
return ret
end
if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD'])
- if OpenTox::Authorization.is_token_valid(token_id)
+ if OpenTox::Authorization.is_token_valid(subjectid)
return true
end
end
- LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{token_id}"
+ LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}"
return false
end
def unprotected_requests
case env['REQUEST_URI']
- when /\/login$|\/logout$|\/predict$|\/upload$/
+ when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/
return true
when /\/compound|\/feature|\/task|\/toxcreate/ #to fix: read from config | validation should be protected
return true
@@ -41,9 +41,9 @@ helpers do
end
end
- def check_token_id(token_id)
- return false if !token_id
- return true if token_id.size > 62
+ def check_subjectid(subjectid)
+ return false if !subjectid
+ return true if subjectid.size > 62
false
end
end
@@ -51,16 +51,16 @@ end
before do
unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD'])
begin
- token_id = session[:token_id] if session[:token_id]
- token_id = params[:token_id] if params[:token_id] and !check_token_id(token_id)
- token_id = request.env['HTTP_TOKEN_ID'] if request.env['HTTP_TOKEN_ID'] and !check_token_id(token_id)
+ subjectid = session[:subjectid] if session[:subjectid]
+ subjectid = params[:subjectid] if params[:subjectid] and !check_subjectid(subjectid)
+ subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid)
# see http://rack.rubyforge.org/doc/SPEC.html
- token_id = CGI.unescape(token_id) if token_id.include?("%23")
+ subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
rescue
- LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO token_id."
- token_id = ""
+ LOGGER.debug "OpenTox ruby api wrapper: helper before filter: NO subjectid for URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}"
+ subjectid = ""
end
- protected!(token_id) if AA_SERVER
+ protected!(subjectid) if AA_SERVER
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 04:35:33 +0000