search

mountetna / etna

Base gem for Mount Etna applications
GNU General Public License v2.0
0 stars 0 forks source link

Token authentication #16

Closed graft closed 6 years ago

graft commented 6 years ago

Token authentication takes a signed JWT, validates it using a public key and the expiration timestamp, and creates an Etna::User and adds it to the rack request object.

If the authentication fails for any reason, the user gets a 401.

The Etna::User exposes a basic permissions methods API (can_edit?(project_name), etc.) which controllers can use for checking if the user is valid.

graft commented 6 years ago

In d0406ffd1df2cc1aae303ce9d34242b5eefcb08d I add Etna::Auth and Etna::User - the former checks the existence of the token and validates it, then creates an Etna::User object that the controller can use for checking permissions.

graft commented 6 years ago

In b9e12fc035222c1a4b9240d76a398ac0181e7abb I add a Etna::TestAuth rack layer which can be used in place of Etna::Auth for use with testing.

graft commented 6 years ago

Fixed by #2