Class: SignalWire::SWML::Service::TimingSafeBasicAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/signalwire/swml/service.rb

Overview

Middleware: timing-safe Basic-Auth

Instance Method Summary collapse

Constructor Details

#initialize(app, service) ⇒ TimingSafeBasicAuth

Returns a new instance of TimingSafeBasicAuth.



603
604
605
606
 
# File 'lib/signalwire/swml/service.rb', line 603

def initialize(app, service)
  @app     = app
  @service = service
end

Instance Method Details

#call(env) ⇒ Object 



608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
 
# File 'lib/signalwire/swml/service.rb', line 608

def call(env)
  auth = Rack::Auth::Basic::Request.new(env)

  unless auth.provided? && auth.basic?
    return unauthorized
  end

  user, pass = @service.get_basic_auth_credentials
  input_user, input_pass = auth.credentials

  # Timing-safe comparison to prevent timing attacks.
  user_ok = secure_compare(user, input_user)
  pass_ok = secure_compare(pass, input_pass)

  if user_ok && pass_ok
    @app.call(env)
  else
    unauthorized
  end
end