Authenticate with Hyrax using mixed authentication methods

D2H is designed to try and login to the Hyrax server using a standard /users/sign_in form by default. During the login process, D2H will supply an HTTP Header D2H-AUTHENTICATION value in the format of username|authentication_token.

When Hyrax is using an authentication method such as Devise using CAS or OAuth on the server, you will need to provide a mechanism for D2H to authenticate using a secret token passed in the HTTP headers.

Following is a simple example of how to leverage the default behavior of D2H to attempt authentication through an included HTTP Header supplied during login.

1. Set an Environment variable HTTP_D2H_AUTHENTICATION_TOKEN on the server with a secret token to be used by D2H during login, and an Environment variable HTTP_D2H_AUTHENTICATION_USERNAME to match the email address of the user who will be logged in by D2H.
2. Add the following code to your application_controller.rb:

  before_action :check_d2h_http_header_auth
  def check_d2h_http_header_auth
    if !user_signed_in? && request.headers.key?('HTTP_D2H_AUTHENTICATION')
      email, token = request.headers['HTTP_D2H_AUTHENTICATION'].split('|')
      if token === ENV['HTTP_D2H_AUTHENTICATION_TOKEN'] && email === ENV['HTTP_D2H_AUTHENTICATION_USERNAME']
        u = User.where(email: email).first
        sign_in :user, u
        redirect_to root_path
      else
        warden.custom_failure!
        render json: 'Unable to authenticate user.', status: 422
      end
    end
  end

3. Set the D2H configuration in your .config.yml to match the environment variables set in step #1.

hydra_endpoint:
  login:
    username: <HTTP_D2H_AUTHENTICATION_USERNAME>
    authentication_token: <HTTP_D2H_AUTHENTICATION_TOKEN>