Module: Chook::Server::Auth

Defined in:
lib/chook/server/auth.rb

Overview

helper module for authentication

Constant Summary collapse

USE_JAMF_ADMIN_USER = 
'use_jamf'.freeze

Instance Method Summary collapse

Instance Method Details

#authenticate_admin(user, pw) ⇒ Object

admin user auth might come from config, might come from Jamf Pro



68
69
70
71
 
# File 'lib/chook/server/auth.rb', line 68

def authenticate_admin(user, pw)
  return authenticate_jamf_admin(user, pw) if Chook.config.admin_user == USE_JAMF_ADMIN_USER
  authenticate_admin_user(user, pw)
end

#authenticate_admin_user(user, pw) ⇒ Object

admin auth from config



74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/chook/server/auth.rb', line 74

def authenticate_admin_user(user, pw)
  if user == Chook.config.admin_user && pw == Chook::Server.admin_user_pw
    Chook.logger.debug "Got auth for admin user: #{user}@#{request.ip}"
    session[:authed_admin] = user
    true
  else
    Chook.logger.warn "FAILED auth for admin user: #{user}@#{request.ip}"
    session[:authed_admin] = nil
    false
  end
end

#authenticate_jamf_admin(user, pw) ⇒ Object

admin auth from jamf pro



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/chook/server/auth.rb', line 87

def authenticate_jamf_admin(user, pw)
  require 'ruby-jss'
  JSS::APIConnection.new(
    user: user,
    pw: pw,
    server: Chook.config.jamf_server,
    port: Chook.config.jamf_port,
    use_ssl: Chook.config.jamf_use_ssl,
    verify_cert: Chook.config.jamf_verify_cert
  )
  Chook.logger.debug "Jamf Admin login for: #{user}@#{request.ip}"

  session[:authed_admin] = user
  true
rescue JSS::AuthenticationError
  Chook.logger.warn "Jamf Admin login FAILED for: #{user}@#{request.ip}"
  session[:authed_admin] = nil
  false
end

#authenticate_webhooks_user(creds) ⇒ Object

webhook user auth always comes from config



57
58
59
60
61
62
63
64
65
 
# File 'lib/chook/server/auth.rb', line 57

def authenticate_webhooks_user(creds)
  if creds.first == Chook.config.webhooks_user && creds.last == Chook::Server.webhooks_user_pw
    Chook.logger.debug "Got HTTP Basic auth for webhooks user: #{Chook.config.webhooks_user}@#{request.ip}"
    true
  else
    Chook.logger.error "FAILED auth for webhooks user: #{Chook.config.webhooks_user}@#{request.ip}"
    false
  end
end

#protect_via_basic_auth!Object 



36
37
38
39
40
41
42
 
# File 'lib/chook/server/auth.rb', line 36

def protect_via_basic_auth!
  # don't protect if user isn't defined
  return unless Chook.config.webhooks_user
  return if webhook_user_authorized?
  headers['WWW-Authenticate'] = 'Basic realm="Restricted Area"'
  halt 401, "Not authorized\n"
end

#webhook_user_authorized?Boolean

Returns:

  • (Boolean) 


44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/chook/server/auth.rb', line 44

def webhook_user_authorized?
  @auth ||= Rack::Auth::Basic::Request.new(request.env)

  # gotta have basic auth presented to us
  unless @auth.provided? && @auth.basic? && @auth.credentials
    Chook.logger.debug "No basic auth provided on protected route: #{request.path_info} from: #{request.ip}"
    return false
  end

  authenticate_webhooks_user @auth.credentials
end