module ActionController::HttpAuthentication::Token
def authenticate(controller, &login_procedure)
authenticate(controller) { |token, options| ... }
should take two arguments:
* +login_procedure+ - Proc to call if a token is present. The Proc
* +controller+ - ActionController::Base instance for the current request.
==== Parameters
token is found. Returns +nil+ if no token is found.
Returns the return value of +login_procedure+ if a
procedure with the present token and options.
If token Authorization header is present, call the login
def authenticate(controller, &login_procedure) token, options = token_and_options(controller.request) unless token.blank? login_procedure.call(token, options) end end
def authentication_request(controller, realm, message = nil)
* +controller+ - ActionController::Base instance for the outgoing response.
==== Parameters
Returns nothing.
Sets a WWW-Authenticate header to let the client know a token is desired.
def authentication_request(controller, realm, message = nil) message ||= "HTTP Token: Access denied.\n" controller.headers["WWW-Authenticate"] = %(Token realm="#{realm.tr('"', "")}") controller.__send__ :render, plain: message, status: :unauthorized end
def encode_credentials(token, options = {})
* +token+ - String token.
==== Parameters
Returns String.
Encodes the given token and options into an Authorization header value.
def encode_credentials(token, options = {}) values = ["#{TOKEN_KEY}#{token.to_s.inspect}"] + options.map do |key, value| "#{key}=#{value.to_s.inspect}" end "Token #{values * ", "}" end
def params_array_from(raw_params)
def params_array_from(raw_params) raw_params.map { |param| param.split %r/=(.+)?/ } end
def raw_params(auth)
pairs by the standardized :, ;, or \t
This method takes an authorization body and splits up the key-value
def raw_params(auth) _raw_params = auth.sub(TOKEN_REGEX, "").split(WHITESPACED_AUTHN_PAIR_DELIMITERS) _raw_params.reject!(&:empty?) if !_raw_params.first&.start_with?(TOKEN_KEY) _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}" end _raw_params end
def rewrite_param_values(array_params)
def rewrite_param_values(array_params) array_params.each { |param| (param[1] || +"").gsub! %r/^"|"$/, "" } end
def token_and_options(request)
==== Parameters
Returns +nil+ if no token is found.
Returns an +Array+ of [String, Hash] if a token is present.
{nonce: "def"}.
Then the returned token is "abc", and the options are
Authorization: Token token="abc", nonce="def"
"Token" or "Bearer". If the header looks like this:
The value for the Authorization header is expected to have the prefix
Parses the token and options out of the token Authorization header.
def token_and_options(request) authorization_request = request.authorization.to_s if authorization_request[TOKEN_REGEX] params = token_params_from authorization_request [params.shift[1], Hash[params].with_indifferent_access] end end
def token_params_from(auth)
def token_params_from(auth) rewrite_param_values params_array_from raw_params auth end