module ActionController::HttpAuthentication::Token
def authenticate(controller, &login_procedure)
authenticate(controller) { |token, options| ... }
take two arguments:
* `login_procedure` - Proc to call if a token is present. The Proc should
* `controller` - ActionController::Base instance for the current request.
#### Parameters
`nil` if no token is found.
Returns the return value of `login_procedure` if a token is found. Returns
present token and options.
If token Authorization header is present, call the login procedure with the
def authenticate(controller, &login_procedure) token, options = token_and_options(controller.request) unless token.blank? login_procedure.call(token, options) end end
def authentication_request(controller, realm, message = nil)
* `realm` - String realm to use in the header.
* `controller` - ActionController::Base instance for the outgoing response.
#### Parameters
Returns nothing.
Sets a WWW-Authenticate header to let the client know a token is desired.
def authentication_request(controller, realm, message = nil) message ||= "HTTP Token: Access denied.\n" controller.headers["WWW-Authenticate"] = %(Token realm="#{realm.tr('"', "")}") controller.__send__ :render, plain: message, status: :unauthorized end
def encode_credentials(token, options = {})
* `options` - Optional Hash of the options.
* `token` - String token.
#### Parameters
Returns String.
Encodes the given token and options into an Authorization header value.
def encode_credentials(token, options = {}) values = ["#{TOKEN_KEY}#{token.to_s.inspect}"] + options.map do |key, value| "#{key}=#{value.to_s.inspect}" end "Token #{values * ", "}" end
def params_array_from(raw_params)
def params_array_from(raw_params) raw_params.map { |param| param.split %r/=(.+)?/ } end
def raw_params(auth)
the standardized `:`, `;`, or `\t` delimiters defined in
This method takes an authorization body and splits up the key-value pairs by
def raw_params(auth) _raw_params = auth.sub(TOKEN_REGEX, "").split(AUTHN_PAIR_DELIMITERS).map(&:strip) _raw_params.reject!(&:empty?) if !_raw_params.first&.start_with?(TOKEN_KEY) _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}" end _raw_params end
def rewrite_param_values(array_params)
def rewrite_param_values(array_params) array_params.each { |param| (param[1] || +"").gsub! %r/^"|"$/, "" } end
def token_and_options(request)
* `request` - ActionDispatch::Request instance with the current headers.
#### Parameters
no token is found.
Returns an `Array` of `[String, Hash]` if a token is present. Returns `nil` if
Then the returned token is `"abc"`, and the options are `{nonce: "def"}`.
Authorization: Token token="abc", nonce="def"
`"Bearer"`. If the header looks like this:
for the Authorization header is expected to have the prefix `"Token"` or
Parses the token and options out of the token Authorization header. The value
def token_and_options(request) authorization_request = request.authorization.to_s if authorization_request[TOKEN_REGEX] params = token_params_from authorization_request [params.shift[1], Hash[params].with_indifferent_access] end end
def token_params_from(auth)
def token_params_from(auth) rewrite_param_values params_array_from raw_params auth end