Module: Chook::Server::Auth
- Defined in:
- lib/chook/server/auth.rb
Overview
helper module for authentication
Constant Summary collapse
- USE_JAMF_ADMIN_USER =
'use_jamf'.freeze
Instance Method Summary collapse
-
#authenticate_admin(user, pw) ⇒ Object
admin user auth might come from config, might come from Jamf Pro.
-
#authenticate_admin_user(user, pw) ⇒ Object
admin auth from config.
-
#authenticate_jamf_admin(user, pw) ⇒ Object
admin auth from jamf pro.
-
#authenticate_webhooks_user(creds) ⇒ Object
webhook user auth always comes from config.
- #protect_via_basic_auth! ⇒ Object
- #webhook_user_authorized? ⇒ Boolean
Instance Method Details
#authenticate_admin(user, pw) ⇒ Object
admin user auth might come from config, might come from Jamf Pro
68 69 70 71 |
# File 'lib/chook/server/auth.rb', line 68 def authenticate_admin(user, pw) return authenticate_jamf_admin(user, pw) if Chook.config.admin_user == USE_JAMF_ADMIN_USER authenticate_admin_user(user, pw) end |
#authenticate_admin_user(user, pw) ⇒ Object
admin auth from config
74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/chook/server/auth.rb', line 74 def authenticate_admin_user(user, pw) if user == Chook.config.admin_user && pw == Chook::Server.admin_user_pw Chook.logger.debug "Got auth for admin user: #{user}@#{request.ip}" session[:authed_admin] = user true else Chook.logger.warn "FAILED auth for admin user: #{user}@#{request.ip}" session[:authed_admin] = nil false end end |
#authenticate_jamf_admin(user, pw) ⇒ Object
admin auth from jamf pro
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
# File 'lib/chook/server/auth.rb', line 87 def authenticate_jamf_admin(user, pw) require 'ruby-jss' JSS::APIConnection.new( user: user, pw: pw, server: Chook.config.jamf_server, port: Chook.config.jamf_port, use_ssl: Chook.config.jamf_use_ssl, verify_cert: Chook.config.jamf_verify_cert ) Chook.logger.debug "Jamf Admin login for: #{user}@#{request.ip}" session[:authed_admin] = user true rescue JSS::AuthenticationError Chook.logger.warn "Jamf Admin login FAILED for: #{user}@#{request.ip}" session[:authed_admin] = nil false end |
#authenticate_webhooks_user(creds) ⇒ Object
webhook user auth always comes from config
57 58 59 60 61 62 63 64 65 |
# File 'lib/chook/server/auth.rb', line 57 def authenticate_webhooks_user(creds) if creds.first == Chook.config.webhooks_user && creds.last == Chook::Server.webhooks_user_pw Chook.logger.debug "Got HTTP Basic auth for webhooks user: #{Chook.config.webhooks_user}@#{request.ip}" true else Chook.logger.error "FAILED auth for webhooks user: #{Chook.config.webhooks_user}@#{request.ip}" false end end |
#protect_via_basic_auth! ⇒ Object
36 37 38 39 40 41 42 |
# File 'lib/chook/server/auth.rb', line 36 def protect_via_basic_auth! # don't protect if user isn't defined return unless Chook.config.webhooks_user return if headers['WWW-Authenticate'] = 'Basic realm="Restricted Area"' halt 401, "Not authorized\n" end |
#webhook_user_authorized? ⇒ Boolean
44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/chook/server/auth.rb', line 44 def @auth ||= Rack::Auth::Basic::Request.new(request.env) # gotta have basic auth presented to us unless @auth.provided? && @auth.basic? && @auth.credentials Chook.logger.debug "No basic auth provided on protected route: #{request.path_info} from: #{request.ip}" return false end authenticate_webhooks_user @auth.credentials end |