Class: Koi::Middleware::AdminAuthentication

Inherits:
Object
  • Object
show all
Defined in:
lib/koi/middleware/admin_authentication.rb

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ AdminAuthentication

Returns a new instance of AdminAuthentication.



6
7
8
 
# File 'lib/koi/middleware/admin_authentication.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#admin_call(env) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/koi/middleware/admin_authentication.rb', line 18

def admin_call(env)
  request = ActionDispatch::Request.new(env)
  session = ActionDispatch::Request::Session.find(request)

  # Always retrieve user to ensure we are not vulnerable to timing attacks
  Koi::Current.admin_user = if bearer_token(request).present?
                              bearer_admin_user(request)
                            else
                              session_admin_user(session)
                            end

  # Remove from session if not found
  session.delete(:admin_user_id) if session.has_key?(:admin_user_id) && !authenticated?

  if requires_authentication?(request) && !authenticated?
    unauthorized_response(request)
  else
    @app.call(env)
  end
ensure
  Koi::Current.admin_user = nil
end

#call(env) ⇒ Object 



10
11
12
13
14
15
16
 
# File 'lib/koi/middleware/admin_authentication.rb', line 10

def call(env)
  if env["PATH_INFO"].starts_with?("/admin")
    admin_call(env)
  else
    @app.call(env)
  end
end