diff options
author | Christoph Helma <helma@in-silico.de> | 2010-02-22 17:53:17 +0100 |
---|---|---|
committer | Christoph Helma <helma@in-silico.de> | 2010-02-22 17:53:17 +0100 |
commit | 66af8a8f648c41321189800cd81246f28d046fe6 (patch) | |
tree | 6b7e3d860209fd4bdd3af6e927f6f64ee64a15ff /lib/authorization.rb | |
parent | 8946f755a1b6063d424263924acefce0d0d9d49e (diff) | |
parent | 53d755065500701a46b2a3754dc1299febe79c43 (diff) |
authorisation merged from micha
Diffstat (limited to 'lib/authorization.rb')
-rw-r--r-- | lib/authorization.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/authorization.rb b/lib/authorization.rb new file mode 100644 index 0000000..7cb548e --- /dev/null +++ b/lib/authorization.rb @@ -0,0 +1,24 @@ +helpers do + + def protected! + response['WWW-Authenticate'] = %(Basic realm="Opentox Webservice Authentication") and \ + throw(:halt, [401, "Not authorized\n"]) and \ + return unless authorized? + end + + def authorized? + @auth ||= Rack::Auth::Basic::Request.new(request.env) + @auth.provided? && @auth.basic? && @auth.credentials && valid_user? + end + + def valid_user? + users = @@users[:users] + return @auth.credentials == [@auth.username, users.fetch(@auth.username)] if users.has_key?(@auth.username) + return false + end + +end + +before do + protected! unless env['REQUEST_METHOD'] == "GET" +end
\ No newline at end of file |