| Name | Total Lines | Lines of Code | Total Coverage | Code Coverage |
|---|---|---|---|---|
| app/controllers/api/main_api_controller.rb | 89 | 50 | 35.96%
|
16.00%
|
Code reported as executed by Ruby looks like this...and this: this line is also marked as covered.Lines considered as run by rcov, but not reported by Ruby, look like this,and this: these lines were inferred by rcov (using simple heuristics).Finally, here's a line marked as not executed.
1 require 'base64' |
2 |
3 #=== Description |
4 # Scripting API handlers for MarkUs |
5 module Api |
6 |
7 #===Description |
8 # This is the parent class of all API controllers. |
9 # Shared functionality of all API controllers |
10 # should go here. |
11 class MainApiController < ActionController::Base |
12 |
13 before_filter :authenticate |
14 |
15 #=== Description |
16 # Dummy action (for authentication testing) |
17 # No public route matches this action. |
18 def index |
19 render :file => "#{::Rails.root.to_s}/public/200.xml", :status => 200 |
20 end |
21 |
22 private |
23 #=== Description |
24 # Auth handler for the MarkUs API. It uses |
25 # the Authorization HTTP header to determine |
26 # the user who issued the request. With the Authorization |
27 # HTTP header comes a Base 64 encoded MD5 digest of the |
28 # user's private key. |
29 def authenticate |
30 if MarkusConfigurator.markus_config_remote_user_auth |
31 #Check if authentication was already done and REMOTE_USER was set |
32 markus_auth_remote_user = request.env["HTTP_X_FORWARDED_USER"] |
33 if !markus_auth_remote_user.blank? |
34 #REMOTE_USER authentication used, find the user and bypass regular auth |
35 @current_user = User.find_by_user_name(markus_auth_remote_user) |
36 else |
37 #REMOTE_USER_AUTH is true, but REMOTE_USER wasn't set, bail out |
38 render :file => "#{::Rails.root.to_s}/public/403.xml", :status => 403 |
39 return |
40 end |
41 else |
42 #REMOTE_USER authentication not used, proceed with regular auth |
43 auth_token = parse_auth_token(request.headers["HTTP_AUTHORIZATION"]) |
44 # pretend resource not found if missing or wrong authentication |
45 # is provided |
46 if auth_token.nil? |
47 render :file => "#{::Rails.root.to_s}/public/403.xml", :status => 403 |
48 return |
49 end |
50 # Find user by api_key_md5 |
51 @current_user = User.find_by_api_key(auth_token) |
52 end |
53 |
54 if @current_user.nil? |
55 # Key/username does not exist, so bail out |
56 render :file => "#{::Rails.root.to_s}/public/403.xml", :status => 403 |
57 return |
58 elsif markus_auth_remote_user.blank? |
59 # see if the MD5 matches only if REMOTE_USER wasn't used |
60 curr_user_md5 = Base64.decode64(@current_user.api_key) |
61 if (Base64.decode64(auth_token) != curr_user_md5) |
62 # MD5 mismatch, bail out |
63 render :file => "#{::Rails.root.to_s}/public/403.xml", :status => 403 |
64 return |
65 end |
66 end |
67 # Student's aren't allowed yet |
68 if @current_user.student? |
69 # API is available for TAs and Admins only |
70 render :file => "#{::Rails.root.to_s}/public/403.xml", :status => 403 |
71 return |
72 end |
73 end |
74 |
75 |
76 #=== Description |
77 # Helper method for parsing the authentication token |
78 def parse_auth_token(token) |
79 return nil if token.nil? |
80 if !(token =~ /MarkUsAuth ([^\s,]+)/).nil? |
81 return $1 # return matched part |
82 else |
83 return nil |
84 end |
85 end |
86 |
87 end |
88 |
89 end # end Api module |
Generated on Tue Feb 07 00:07:35 -0500 2012 with rcov 0.9.10