summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Beauchamp <daniel.beauchamp@gmail.com>2015-12-08 17:14:31 -0500
committerDaniel Beauchamp <daniel.beauchamp@gmail.com>2015-12-08 17:14:31 -0500
commit56de2ad7073cff38d2ff3c4fade8ed1c6bd59702 (patch)
tree5f13b6444a86ea694d2307025fd0038de88dc58c /lib
parente02401ea8b5e2bf2337c387daedf5b3437ba2298 (diff)
parentf8d316e212d315a13f7d09149f1fd05624a20399 (diff)
Merge pull request #644 from Shopify/refactor-auth
Refactor and fix authentication
Diffstat (limited to 'lib')
-rw-r--r--lib/dashing/app.rb11
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/dashing/app.rb b/lib/dashing/app.rb
index 0e7f7bb..b11352d 100644
--- a/lib/dashing/app.rb
+++ b/lib/dashing/app.rb
@@ -23,6 +23,11 @@ helpers do
def protected!
# override with auth logic
end
+
+ def authenticated?(token)
+ return true unless settings.auth_token
+ token && Rack::Utils.secure_compare(settings.auth_token, token)
+ end
end
set :root, Dir.pwd
@@ -89,8 +94,7 @@ post '/dashboards/:id' do
request.body.rewind
body = JSON.parse(request.body.read)
body['dashboard'] ||= params['id']
- auth_token = body.delete("auth_token")
- if !settings.auth_token || settings.auth_token == auth_token
+ if authenticated?(body.delete("auth_token"))
send_event(params['id'], body, 'dashboards')
204 # response without entity body
else
@@ -102,8 +106,7 @@ end
post '/widgets/:id' do
request.body.rewind
body = JSON.parse(request.body.read)
- auth_token = body.delete("auth_token")
- if !settings.auth_token || settings.auth_token == auth_token
+ if authenticated?(body.delete("auth_token"))
send_event(params['id'], body)
204 # response without entity body
else