From 4c089275d34ba42014e1add97a41ccf351790260 Mon Sep 17 00:00:00 2001 From: mr Date: Wed, 5 Jan 2011 10:30:54 +0100 Subject: Authorization for GET requests --- lib/dataset.rb | 30 +++++++++++++++--------------- lib/feature.rb | 4 ++-- lib/helper.rb | 31 ++++++++++++++++++++----------- lib/model.rb | 4 ++-- 4 files changed, 39 insertions(+), 30 deletions(-) (limited to 'lib') diff --git a/lib/dataset.rb b/lib/dataset.rb index aba7754..52b41a7 100644 --- a/lib/dataset.rb +++ b/lib/dataset.rb @@ -14,7 +14,7 @@ module OpenTox # dataset = OpenTox::Dataset.new("http:://webservices.in-silico/ch/dataset/1") # @param [optional, String] uri Dataset URI # @return [OpenTox::Dataset] Dataset object - def initialize(uri=nil) + def initialize(uri=nil,subjectid=nil) super uri @features = {} @compounds = [] @@ -27,7 +27,7 @@ module OpenTox # @param [optional, String] uri Dataset URI # @return [OpenTox::Dataset] Dataset object def self.create(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil) - dataset = Dataset.new + dataset = Dataset.new(nil,subjectid) dataset.save(subjectid) dataset end @@ -50,17 +50,17 @@ module OpenTox # Find a dataset and load all data. This can be time consuming, use Dataset.new together with one of the load_* methods for a fine grained control over data loading. # @param [String] uri Dataset URI # @return [OpenTox::Dataset] Dataset object with all data - def self.find(uri) - dataset = Dataset.new(uri) - dataset.load_all + def self.find(uri, subjectid=nil) + dataset = Dataset.new(uri, subjectid) + dataset.load_all(subjectid) dataset end # Get all datasets from a service # @param [optional,String] uri URI of the dataset service, defaults to service specified in configuration # @return [Array] Array of dataset object without data (use one of the load_* methods to pull data from the server) - def self.all(uri=CONFIG[:services]["opentox-dataset"]) - RestClientWrapper.get(uri,:accept => "text/uri-list").to_s.each_line.collect{|u| Dataset.new(u)} + def self.all(uri=CONFIG[:services]["opentox-dataset"], subjectid=nil) + RestClientWrapper.get(uri,{:accept => "text/uri-list",:subjectid => subjectid}).to_s.each_line.collect{|u| Dataset.new(u)} end # Load YAML representation into the dataset @@ -118,9 +118,9 @@ module OpenTox end # Load all data (metadata, data_entries, compounds and features) from URI - def load_all + def load_all(subjectid=nil) if (CONFIG[:yaml_hosts].include?(URI.parse(@uri).host)) - copy YAML.load(RestClientWrapper.get(@uri, :accept => "application/x-yaml")) + copy YAML.load(RestClientWrapper.get(@uri, {:accept => "application/x-yaml", :subjectid => subjectid})) else parser = Parser::Owl::Dataset.new(@uri) copy parser.load_uri @@ -129,8 +129,8 @@ module OpenTox # Load and return only compound URIs from the dataset service # @return [Array] Compound URIs in the dataset - def load_compounds - RestClientWrapper.get(File.join(uri,"compounds"),:accept=> "text/uri-list").to_s.each_line do |compound_uri| + def load_compounds(subjectid=nil) + RestClientWrapper.get(File.join(uri,"compounds"),{:accept=> "text/uri-list", :subjectid => subjectid}).to_s.each_line do |compound_uri| @compounds << compound_uri.chomp end @compounds.uniq! @@ -258,7 +258,7 @@ module OpenTox task_uri = RestClient.post(@uri, {:file => File.new(@path)},{:accept => "text/uri-list" , :subjectid => subjectid}).to_s.chomp #task_uri = `curl -X POST -H "Accept:text/uri-list" -F "file=@#{@path};type=application/rdf+xml" http://apps.ideaconsult.net:8080/ambit2/dataset` Task.find(task_uri).wait_for_completion - self.uri = RestClientWrapper.get(task_uri,:accept => 'text/uri-list') + self.uri = RestClientWrapper.get(task_uri,{:accept => 'text/uri-list', :subjectid => subjectid}) end else # create dataset if uri is empty @@ -293,9 +293,9 @@ module OpenTox # Find a prediction dataset and load all data. # @param [String] uri Prediction dataset URI # @return [OpenTox::Dataset] Prediction dataset object with all data - def self.find(uri) - prediction = LazarPrediction.new(uri) - prediction.load_all + def self.find(uri, subjectid=nil) + prediction = LazarPrediction.new(uri, subjectid) + prediction.load_all(subjectid) prediction end diff --git a/lib/feature.rb b/lib/feature.rb index 9e28077..349f8ae 100644 --- a/lib/feature.rb +++ b/lib/feature.rb @@ -2,10 +2,10 @@ module OpenTox class Feature include OpenTox - def self.find(uri) + def self.find(uri, subjectid=nil) feature = Feature.new uri if (CONFIG[:yaml_hosts].include?(URI.parse(uri).host)) - feature.add_metadata YAML.load(RestClientWrapper.get(uri,:accept => "application/x-yaml")) + feature.add_metadata YAML.load(RestClientWrapper.get(uri,{:accept => "application/x-yaml", :subjectid => subjectid})) else feature.add_metadata Parser::Owl::Dataset.new(uri).load_metadata end diff --git a/lib/helper.rb b/lib/helper.rb index 965b4ad..cb80018 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -15,21 +15,35 @@ helpers do return unless authorized?(subjectid) end + #Check Authorization for URI with method and subjectid. def authorized?(subjectid) + uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}") if CONFIG[:authorization][:authorize_request].include?(request.env['REQUEST_METHOD']) - ret = OpenTox::Authorization.authorize("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}", request.env['REQUEST_METHOD'], subjectid) - LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return #{ret}." + ret = OpenTox::Authorization.authorize(uri, request.env['REQUEST_METHOD'], subjectid) + LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request.env['REQUEST_METHOD']} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<" return ret end if CONFIG[:authorization][:authenticate_request].include?(env['REQUEST_METHOD']) - if OpenTox::Authorization.is_token_valid(subjectid) - return true - end + return true if OpenTox::Authorization.is_token_valid(subjectid) end LOGGER.debug "Not authorized for: #{request.env['rack.url_scheme']}://#{request['REQUEST_URI']} with Method: #{request.env['REQUEST_METHOD']} with Token #{subjectid}" return false end + #cleans URI from querystring and file-extension. Sets port 80 to emptystring + # @param [String] uri + def clean_uri(uri) + out = URI.parse(uri) + "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path.chomp(File.extname(out.path))}" + end + + def check_subjectid(subjectid) + return false if !subjectid + return true if subjectid.size > 62 + false + end + + #unprotected uris for login/logout, webapplication ... def unprotected_requests case env['REQUEST_URI'] when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/ @@ -41,18 +55,13 @@ helpers do end end - def check_subjectid(subjectid) - return false if !subjectid - return true if subjectid.size > 62 - false - end end before do unless unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) begin subjectid = session[:subjectid] if session[:subjectid] - subjectid = params[:subjectid] if params[:subjectid] and !check_subjectid(subjectid) + subjectid = params[:subjectid] if params[:subjectid] and !check_subjectid(subjectid) subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !check_subjectid(subjectid) # see http://rack.rubyforge.org/doc/SPEC.html subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") diff --git a/lib/model.rb b/lib/model.rb index c645bdc..32f5604 100644 --- a/lib/model.rb +++ b/lib/model.rb @@ -67,8 +67,8 @@ module OpenTox # Find a lazar model # @param [String] uri Model URI # @return [OpenTox::Model::Lazar] lazar model - def self.find(uri) - YAML.load RestClientWrapper.get(uri,:accept => 'application/x-yaml') + def self.find(uri, subjectid=nil) + YAML.load RestClientWrapper.get(uri,{:accept => 'application/x-yaml', :subjectid => subjectid}) end # Create a new lazar model -- cgit v1.2.3