lib/mixlib/authentication/http_authentication_request.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

#
# Author:: Daniel DeLeo (<dan@chef.io>)
# Copyright:: Copyright (c) 2010-2018 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require "mixlib/authentication"

module Mixlib
  module Authentication
    class HTTPAuthenticationRequest

      MANDATORY_HEADERS = %i{x_ops_sign x_ops_userid x_ops_timestamp host x_ops_content_hash}.freeze

      attr_reader :request

      def initialize(request)
        @request = request
        @request_signature = nil
        validate_headers!
      end

      def headers
        @headers ||= @request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
      end

      def http_method
        @request.method.to_s
      end

      def path
        @request.path.to_s
      end

      def signing_description
        headers[:x_ops_sign].chomp
      end

      def user_id
        headers[:x_ops_userid].chomp
      end

      def timestamp
        headers[:x_ops_timestamp].chomp
      end

      def host
        headers[:host].chomp
      end

      def content_hash
        headers[:x_ops_content_hash].chomp
      end

      def server_api_version
        (headers[:x_ops_server_api_version] || DEFAULT_SERVER_API_VERSION).chomp
      end

      def request_signature
        unless @request_signature
          @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }
            .sort { |x, y| x.to_s[/\d+/].to_i <=> y.to_s[/\d+/].to_i }.map { |i| i[1] }.join("\n")
          Mixlib::Authentication::Log.trace "Reconstituted (user-supplied) request signature: #{@request_signature}"
        end
        @request_signature
      end

      def validate_headers!
        missing_headers = MANDATORY_HEADERS - headers.keys
        unless missing_headers.empty?
          missing_headers.map! { |h| h.to_s.upcase }
          raise MissingAuthenticationHeader, "missing required authentication header(s) '#{missing_headers.join("', '")}'"
        end
      end
    end
  end
end