Contents

module Conjur
  module WebServer
    # Verifies that the request contains the authorization token, and then strips it.
    class Authorize
      attr_reader :app, :sessionid
      
      def initialize(app, sessionid)
        @app = app
        @sessionid = sessionid
      end
      
      def call(env)
        if token_valid?(env)
          @app.call env
        else
          [403, {}, ["Authorization is missing or invalid"]]
        end
      end
      
      protected
      
      def token_valid?(env)
        request = Rack::Request.new(env)
        request.session[:sessionid] == sessionid
      end
    end
  end
end

Version data entries

13 entries across 13 versions & 3 rubygems

Version	Path
conjur-asset-ui-1.6.0	lib/conjur/webserver/authorize.rb
conjur-asset-ui-beta-2.0.0	lib/conjur/webserver/authorize.rb
conjur-asset-ui-beta-1.6.2	lib/conjur/webserver/authorize.rb
conjur-asset-ui-beta-1.6.1	lib/conjur/webserver/authorize.rb
conjur-asset-ui-beta-1.6.0	lib/conjur/webserver/authorize.rb
conjur-asset-ui-beta-1.5.0	lib/conjur/webserver/authorize.rb
conjur-asset-ui-1.4.2	lib/conjur/webserver/authorize.rb
conjur-asset-ui-1.3.2	lib/conjur/webserver/authorize.rb
conjur-asset-ui-1.3.1	lib/conjur/webserver/authorize.rb
conjur-asset-ui-1.3.0	lib/conjur/webserver/authorize.rb
conjur-asset-ui-api-1.2.0	lib/conjur/webserver/authorize.rb
conjur-asset-ui-api-1.1.1	lib/conjur/webserver/authorize.rb
conjur-asset-ui-api-1.1.0	lib/conjur/webserver/authorize.rb