authorisation merged from micha

author: Christoph Helma <helma@in-silico.de> 2010-02-22 17:53:17 +0100
committer: Christoph Helma <helma@in-silico.de> 2010-02-22 17:53:17 +0100
commit: 66af8a8f648c41321189800cd81246f28d046fe6 (patch)
tree: 6b7e3d860209fd4bdd3af6e927f6f64ee64a15ff /lib/authorization.rb
parent: 8946f755a1b6063d424263924acefce0d0d9d49e (diff)
parent: 53d755065500701a46b2a3754dc1299febe79c43 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/authorization.rb b/lib/authorization.rb
new file mode 100644
index 0000000..7cb548e
--- /dev/null
+++ b/lib/authorization.rb
@@ -0,0 +1,24 @@
+helpers do
+ 
+  def protected!
+    response['WWW-Authenticate'] = %(Basic realm="Opentox Webservice Authentication") and \
+    throw(:halt, [401, "Not authorized\n"]) and \
+    return unless authorized?
+  end
+ 
+  def authorized?
+    @auth ||= Rack::Auth::Basic::Request.new(request.env)
+    @auth.provided? && @auth.basic? && @auth.credentials && valid_user?
+  end
+  
+  def valid_user?
+    users = @@users[:users]
+    return @auth.credentials == [@auth.username, users.fetch(@auth.username)] if users.has_key?(@auth.username)
+    return false
+  end
+ 
+end
+ 
+before do
+  protected! unless env['REQUEST_METHOD'] == "GET"
+end
+\ No newline at end of file
author	Christoph Helma <helma@in-silico.de>	2010-02-22 17:53:17 +0100
committer	Christoph Helma <helma@in-silico.de>	2010-02-22 17:53:17 +0100
commit	66af8a8f648c41321189800cd81246f28d046fe6 (patch)
tree	6b7e3d860209fd4bdd3af6e927f6f64ee64a15ff /lib/authorization.rb
parent	8946f755a1b6063d424263924acefce0d0d9d49e (diff)
parent	53d755065500701a46b2a3754dc1299febe79c43 (diff)