Commit 05df052c3ea68585e85c65ee77dd4bc64d948dcb
1 parent
abc6e60e
Exists in
master
add authorization
Showing
4 changed files
with
88 additions
and
2 deletions
Show diff stats
app/controllers/concerns/scim_rails/exception_handler.rb
0 โ 100644
| ... | ... | @@ -0,0 +1,29 @@ |
| 1 | +module ScimRails | |
| 2 | + module ExceptionHandler | |
| 3 | + extend ActiveSupport::Concern | |
| 4 | + | |
| 5 | + class MissingCredentials < StandardError | |
| 6 | + end | |
| 7 | + | |
| 8 | + class InvalidCredentials < StandardError | |
| 9 | + end | |
| 10 | + | |
| 11 | + included do | |
| 12 | + rescue_from ScimRails::ExceptionHandler::InvalidCredentials do | |
| 13 | + scim_response({ message: "Invalid credentials" }, :unauthorized) | |
| 14 | + end | |
| 15 | + | |
| 16 | + rescue_from ScimRails::ExceptionHandler::MissingCredentials do | |
| 17 | + scim_response({ message: "Missing credentials" }, :unauthorized) | |
| 18 | + end | |
| 19 | + | |
| 20 | + rescue_from ActiveRecord::RecordNotFound do |e| | |
| 21 | + scim_response({ message: e.message }, :not_found) | |
| 22 | + end | |
| 23 | + | |
| 24 | + rescue_from ActiveRecord::RecordInvalid do |e| | |
| 25 | + scim_response({ message: e.message }, :unprocessable_entity) | |
| 26 | + end | |
| 27 | + end | |
| 28 | + end | |
| 29 | +end | ... | ... |
app/controllers/scim_rails/application_controller.rb
| 1 | 1 | module ScimRails |
| 2 | - class ApplicationController < ActionController::Base | |
| 3 | - protect_from_forgery with: :exception | |
| 2 | + class ApplicationController < ActionController::API | |
| 3 | + include ActionController::HttpAuthentication::Basic::ControllerMethods | |
| 4 | + include ExceptionHandler | |
| 5 | + include Response | |
| 6 | + | |
| 7 | + before_action :authorize_request | |
| 8 | + | |
| 9 | + private | |
| 10 | + | |
| 11 | + def authorize_request | |
| 12 | + authenticate_with_http_basic do |username, password| | |
| 13 | + authorization = AuthorizeApiRequest.new( | |
| 14 | + subdomain: username, | |
| 15 | + api_key: password | |
| 16 | + ) | |
| 17 | + @company = authorization.company | |
| 18 | + end | |
| 19 | + end | |
| 4 | 20 | end |
| 5 | 21 | end | ... | ... |
| ... | ... | @@ -0,0 +1,34 @@ |
| 1 | +module ScimRails | |
| 2 | + class AuthorizeApiRequest | |
| 3 | + | |
| 4 | + def initialize(subdomain:, api_key:) | |
| 5 | + @subdomain = subdomain | |
| 6 | + @api_key = api_key | |
| 7 | + | |
| 8 | + raise ScimRails::ExceptionHandler::MissingCredentials if subdomain.blank? || api_key.blank? | |
| 9 | + end | |
| 10 | + | |
| 11 | + def company | |
| 12 | + company = find_company | |
| 13 | + authorize(company) | |
| 14 | + company | |
| 15 | + end | |
| 16 | + | |
| 17 | + private | |
| 18 | + | |
| 19 | + attr_reader :subdomain | |
| 20 | + attr_reader :api_key | |
| 21 | + | |
| 22 | + def find_company | |
| 23 | + @company ||= Company.find_by!(subdomain: subdomain) | |
| 24 | + | |
| 25 | + rescue ActiveRecord::RecordNotFound | |
| 26 | + raise ScimRails::ExceptionHandler::InvalidCredentials | |
| 27 | + end | |
| 28 | + | |
| 29 | + def authorize(company) | |
| 30 | + authorized = ActiveSupport::SecurityUtils::secure_compare(company.api_key, api_key) | |
| 31 | + raise ScimRails::ExceptionHandler::InvalidCredentials unless authorized | |
| 32 | + end | |
| 33 | + end | |
| 34 | +end | ... | ... |