RubygemsResearch

Sha256: 2f5ac20afe9e415547cc00ea16f07c8544785c078ca79e00a0d96617d6d85788

Contents?: true

Size: 1.99 KB

Versions: 2

Compression:

Stored size: 1.99 KB

module Arcadex
	module Authentication

		################Below are authentication methods###########################
		############This should be called by the user##############################
		def self.authenticate_owner_with_index(params,request,auth_key,index_key,index_attr,downcase)
			instance_hash = ::Arcadex::Authentication.get_instance(params,request,auth_key)
			index = ::Arcadex::Header.grab_param_header(params,request,index_key,downcase)
			if instance_hash.nil? || index.nil?
				return nil
			end
			token = instance_hash["current_token"]
			owner = instance_hash["current_owner"]
			owner_from_index = ::Object.const_get(token.imageable_type).find_by(index_attr.to_sym => index)
			if owner_from_index.nil?
				return nil
			end
			if owner.id != owner_from_index.id
				return nil
			end
			return instance_hash
		end

		#Returns the object that is mapped to the key. The key is in the params or heaaders
		def self.get_instance(params,request,key)
			auth_token = ::Arcadex::Header.grab_param_header(params,request,key,false)
			if auth_token.nil?
				return nil
			end
			token = ::Arcadex::Find.find_token_by_auth_token(auth_token)
	    owner = ::Arcadex::Find.find_owner_by_token(token)
	    #This is to mitigate timing attacks
	    ::Devise.secure_compare(auth_token,auth_token)
	    if token.nil? || owner.nil?
	    	return nil
	    end
	    if !::Arcadex::Authentication.update_token(token,request)
	    	return nil
	    end
	    instance_hash = {"current_owner" => owner, "current_token" => token}
	    return instance_hash
		end

		def self.update_token(token,request)
			if token.first_ip_address.nil?
				token.first_ip_address = request.remote_ip
			end
			token.current_ip_address = request.remote_ip
			if token.times_used.nil?
				token.times_used = 0;
			end
			token.times_used = token.times_used + 1
			if !token.max_uses.nil?
				if token.max_uses > token.times_used
					::Arcadex::Authentication.destroy_token(token)
					return false
				end
			end
			token.save
			return true
		end

	end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
arcadex-1.3.0	lib/arcadex/authentication.rb
arcadex-1.2.3	lib/arcadex/authentication.rb