Authorization Basic Lauth

mlibrary · May 2, 2024 · 2f0563d · 2f0563d
1 parent 22a0d94
commit 2f0563d
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 13 deletions.
diff --git a/lauth/app/actions/authorize.rb b/lauth/app/actions/authorize.rb
@@ -4,15 +4,20 @@ class Authorize < Lauth::Action
       def handle(request, response)
         response.format = :json
 
-        result = Lauth::Ops::Authorize.new(
-          request: Lauth::Access::Request.new(
-            user: request.params[:user],
-            uri: request.params[:uri],
-            client_ip: request.params[:ip]
-          )
-        ).call
+        if request.has_header?("Authorization") && request.get_header("Authorization") == "Basic Lauth"
+          result = Lauth::Ops::Authorize.new(
+            request: Lauth::Access::Request.new(
+              user: request.params[:user],
+              uri: request.params[:uri],
+              client_ip: request.params[:ip]
+            )
+          ).call
 
-        response.body = result.to_h.to_json
+          response.body = result.to_h.to_json
+        else
+          response.status = 401 # Unauthorized
+          response.body = Lauth::Access::Request.new().to_h.to_json
+        end
       end
     end
   end

diff --git a/lauth/spec/requests/authorized_any_spec.rb b/lauth/spec/requests/authorized_any_spec.rb
@@ -44,7 +44,7 @@
   # @param ip [String]
   # @return [Hash] the response body after json parsing
   def request(from:, as:)
-    get "/authorized", {user: as.to_s, uri: "/restricted-by-username-or-client-ip", ip: from}
+    get "/authorized", {user: as.to_s, uri: "/restricted-by-username-or-client-ip", ip: from}, {'Authorization' => "Basic Lauth"}
     JSON.parse(last_response.body, symbolize_names: true)
   end
 end
diff --git a/lauth/spec/requests/authorized_client_ip_spec.rb b/lauth/spec/requests/authorized_client_ip_spec.rb
@@ -84,7 +84,7 @@ def create_network(access, cidr)
   # @param ip [String]
   # @return [Hash] the response body after json parsing
   def request_from(ip)
-    get "/authorized", {user: "", uri: "/restricted-by-client-ip", ip: ip}
+    get "/authorized", {user: "", uri: "/restricted-by-client-ip", ip: ip}, {'Authorization' => "Basic Lauth"}
     JSON.parse(last_response.body, symbolize_names: true)
   end
 end
diff --git a/lauth/spec/requests/authorized_spec.rb b/lauth/spec/requests/authorized_spec.rb
@@ -15,7 +15,7 @@
     let!(:grant) { Factory[:grant, :for_user, user: user, collection: collection] }
 
     it do
-      get "/authorized", {user: "lauth-allowed", uri: "/restricted-by-username/"}
+      get "/authorized", {user: "lauth-allowed", uri: "/restricted-by-username/"}, {'Authorization' => "Basic Lauth"}
       body = JSON.parse(last_response.body, symbolize_names: true)
 
       expect(body).to include(determination: "allowed")
@@ -33,7 +33,7 @@
     let!(:grant) { Factory[:grant, :for_group, group: group, collection: collection] }
 
     it do
-      get "/authorized", {user: "lauth-group-member", uri: "/restricted-by-username/"}
+      get "/authorized", {user: "lauth-group-member", uri: "/restricted-by-username/"}, {'Authorization' => "Basic Lauth"}
 
       body = JSON.parse(last_response.body, symbolize_names: true)
       expect(body).to include(determination: "allowed")

diff --git a/lauth/spec/requests/delegated_spec.rb b/lauth/spec/requests/delegated_spec.rb
@@ -62,7 +62,7 @@ def setup_coll(name, has_grant:, pub:)
 
   # @return [Hash] the response body after json parsing
   def request(as:)
-    get "/authorized", {user: as.to_s, uri: "/delegated"}
+    get "/authorized", {user: as.to_s, uri: "/delegated"}, {'Authorization' => "Basic Lauth"}
     JSON.parse(last_response.body, symbolize_names: true)
   end
 end