Allow multiple hosts filtering

[ricardotealdi]

For an app that responds for multiple hosts (e.g.: myapp.com and api.myapp.com), the Cassette::Authentication::Filter doesn't allow us to configure more than one host for the service ticket validation.

[andrerocker]

we know that possibility to use request.host but this is not a good pratice, and can cause security issues.

[ricardotealdi]

We could add multiple hosts in the config.yml and then we could use the request.host as the service for validation, but verifying if the service is in the config.yml.

WDYT?

[rhruiz]

suggestions:

• build a more specialized controller filter for this use case
• provide a separate configuration entry for the "alternative" services so current configs don't break

[andrerocker]

@ricardotealdi This can be a cool approach, we can auto detect the service key value type, and assume a default beheviour.

[fabioperrella]

+1

[fagnerpereira]

When there are multiple hosts actually the cache doesnt work, for example:
Im authenticating with first host and generate some ticket, if i try to authenticate again with the same ticket but another host the ticket will be valid cause its in the expire time.

[ricardotealdi]

@fagnerpereira Great point! There is a bug on the ticket caching. Even if we implement something to allow for multiple hosts, the ticket caching won't validate a different service/host.

[andrerocker]

The ticket just be valid with our service, the cache key will should be a hash of key+service :p