I am implementing a custom authorizer and authenticator to perform HMAC token signing using the ember-simple-auth library, and each piece works well in isolation, but break together.
If I disable the authorizer, the authenticator can initiate sessions just fine, and once there is an existing session, the authorizer correctly authorizes all requests to the api, but when both are in play, the authorizer mangles the initial login request.
Is there a way to skip the authorizer for the authentication request, or perhaps to temporarily disable the ajaxPrefilter that's modifying the requests? Or is there a better way of going about this?
authenticator:
var CustomAuthenticator = Base.extend({
authenticate: function(credentials) {
var data = {
user: {
email: credentials.identification,
password: credentials.password
}
};
return Ember.$.post(MyApplicationENV.API_URL + '/users/login', data).then(function(response, statusText, xhr) {
if (xhr.status === 201) {
return response;
}
}).fail(function() {
console.warn('login FAILED!');
});
},...
authorizer:
var CustomAuthorizer = Base.extend({
authorize: function(jqXHR, requestOptions) {
var timestamp = parseInt((new Date().getTime() / 1000), 10);
var hashedToken = window.md5(timestamp + ':' + this.get('session.authentication_token'));
var data = 'user_token=' + hashedToken;
data += '&user_email=' + this.get('session.email');
data += '×tamp=' + timestamp;
requestOptions.data = data;
}
});
You should check for session.get('isAuthenticated') in the authorizer and only authorize the request if that's true. That way it won't authorize the initial login request.