-
Notifications
You must be signed in to change notification settings - Fork 1
Authenticate with Hyrax using mixed authentication methods
Josh Gum edited this page May 17, 2017
·
2 revisions
D2H is designed to try and login to the Hyrax server using a standard /users/sign_in
form by default. During the login process, D2H will supply an HTTP Header D2H-AUTHENTICATION value in the format of username|authentication_token.
When Hyrax is using an authentication method such as Devise using CAS or OAuth on the server, you will need to provide a mechanism for D2H to authenticate using a secret token passed in the HTTP headers.
Following is a simple example of how to leverage the default behavior of D2H to attempt authentication through an included HTTP Header supplied during login.
- Set an Environment variable HTTP_D2H_AUTHENTICATION_TOKEN on the server with a secret token to be used by D2H during login, and an Environment variable HTTP_D2H_AUTHENTICATION_USERNAME to match the email address of the user who will be logged in by D2H.
- Add the following code to your
application_controller.rb
:
before_action :check_d2h_http_header_auth
def check_d2h_http_header_auth
if !user_signed_in? && request.headers.key?('HTTP_D2H_AUTHENTICATION')
email, token = request.headers['HTTP_D2H_AUTHENTICATION'].split('|')
if token === ENV['HTTP_D2H_AUTHENTICATION_TOKEN'] && email === ENV['HTTP_D2H_AUTHENTICATION_USERNAME']
u = User.where(email: email).first
sign_in :user, u
redirect_to root_path
else
warden.custom_failure!
render json: 'Unable to authenticate user.', status: 422
end
end
end
- Set the D2H configuration in your .config.yml to match the environment variables set in step #1.
hydra_endpoint:
login:
username: <HTTP_D2H_AUTHENTICATION_USERNAME>
authentication_token: <HTTP_D2H_AUTHENTICATION_TOKEN>