Module: Tep::Auth
- Defined in:
- lib/tep/auth.rb
Constant Summary collapse
- CORE_CAPABILITIES =
[:read, :write, :authn, :authz]
Class Method Summary collapse
-
.identify(req) ⇒ Object
Walk the provider chain.
-
.install! ⇒ Object
Replaces the app’s auth-filter slot with the real populate-req.identity filter.
Class Method Details
.identify(req) ⇒ Object
Walk the provider chain. First provider that returns a non-nil Identity wins. Returns nil if no provider matched – caller is responsible for substituting Tep::Identity.anonymous.
Order: BearerToken first (an explicit Authorization header is a stronger signal of caller intent than a passively-replayed cookie), then SessionCookie. Apps that want cookie-wins-bearer semantics can post-process req.identity in a before-filter.
44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/tep/auth.rb', line 44 def self.identify(req) ident = Tep::AuthBearerToken.try(req) if ident != nil return ident end ident = Tep::AuthSessionCookie.try(req) if ident != nil return ident end nil end |
.install! ⇒ Object
Replaces the app’s auth-filter slot with the real populate-req.identity filter. Idempotent.
58 59 60 61 |
# File 'lib/tep/auth.rb', line 58 def self.install! Tep::APP.set_auth_filter(Tep::AuthFilter.new) 0 end |