Module: Webmachine::Resource::Authentication

Defined in:
lib/webmachine/resource/authentication.rb

Overview

Helper methods that can be included in your Webmachine::Resource to assist in performing HTTP Authentication.

Constant Summary

BASIC_HEADER =
Pattern for matching Authorization headers that use the Basic auth scheme. 
/^Basic (.*)$/i.freeze

Instance Method Summary (collapse)

Instance Method Details

- (true, String) basic_auth(header, realm = "Webmachine") {|user, password| ... }

A simple implementation of HTTP Basic auth. Call this from the Callbacks#is_authorized? callback, giving it a block which will be yielded the username and password and return true or false.

Parameters:

  • header (String)
    the value of the Authentication request header, passed to the Callbacks#is_authorized? callback.
  • realm (String) (defaults to: "Webmachine")
    the "realm", or description of the resource that requires authentication

Yields:

  • (user, password)
    a block that will verify the client-provided user/password against application constraints

Yield Parameters:

  • user (String)
    the passed username
  • password (String)
    the passed password

Yield Returns:

  • (true, false)
    whether the username/password is correct

Returns:

  • (true, String)
    true if the client is authorized, or the appropriate WWW-Authenticate header


26
27
28
29
30
31
32
 
# File 'lib/webmachine/resource/authentication.rb', line 26

def basic_auth(header, realm="Webmachine")
  if header =~ BASIC_HEADER && (yield *$1.unpack('m*').first.split(/:/,2))
    true
  else
    %Q[Basic realm="#{realm}"]
  end
end