Class: OpenShift::AuthService
- Inherits:
-
Object
- Object
- OpenShift::AuthService
- Defined in:
- lib/openshift/auth_service.rb
Class Method Summary collapse
Instance Method Summary collapse
- #authenticate(request, login, password) ⇒ Object
-
#generate_broker_key(app) ⇒ Object
Be careful overriding this method in a subclass.
-
#initialize(auth_info = nil) ⇒ AuthService
constructor
A new instance of AuthService.
- #login(request, params, cookies) ⇒ Object
-
#validate_broker_key(iv, key) ⇒ Object
Be careful overriding this method in a subclass.
Constructor Details
#initialize(auth_info = nil) ⇒ AuthService
Returns a new instance of AuthService.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/openshift/auth_service.rb', line 15 def initialize(auth_info = nil) # This is useful for testing @auth_info = auth_info if @auth_info.nil? @auth_info = Rails.application.config.auth end @salt = @auth_info[:salt] @privkeyfile = @auth_info[:privkeyfile] @privkeypass = @auth_info[:privkeypass] @pubkeyfile = @auth_info[:pubkeyfile] @token_login_key = @auth_info[:token_login_key] || :login end |
Class Method Details
.instance ⇒ Object
11 12 13 |
# File 'lib/openshift/auth_service.rb', line 11 def self.instance @oo_auth_provider.new end |
.provider=(provider_class) ⇒ Object
7 8 9 |
# File 'lib/openshift/auth_service.rb', line 7 def self.provider=(provider_class) @oo_auth_provider = provider_class end |
Instance Method Details
#authenticate(request, login, password) ⇒ Object
88 89 90 |
# File 'lib/openshift/auth_service.rb', line 88 def authenticate(request, login, password) return {:username => login, :auth_method => :login} end |
#generate_broker_key(app) ⇒ Object
Be careful overriding this method in a subclass. Doing so incorrectly can break node->broker authentication when swapping plugins.
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/openshift/auth_service.rb', line 33 def generate_broker_key(app) cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc") cipher.encrypt cipher.key = OpenSSL::Digest::SHA512.new(@salt).digest cipher.iv = iv = cipher.random_iv token = {:app_name => app.name, @token_login_key => app.user.login, :creation_time => app.creation_time} encrypted_token = cipher.update(token.to_json) encrypted_token << cipher.final public_key = OpenSSL::PKey::RSA.new(File.read(@pubkeyfile), @privkeypass) encrypted_iv = public_key.public_encrypt(iv) # Base64 encode the iv and token encoded_iv = Base64::encode64(encrypted_iv) encoded_token = Base64::encode64(encrypted_token) [encoded_iv, encoded_token] end |
#login(request, params, cookies) ⇒ Object
92 93 94 95 96 97 98 99 |
# File 'lib/openshift/auth_service.rb', line 92 def login(request, params, ) if params['broker_auth_key'] && params['broker_auth_iv'] return {:username => params['broker_auth_key'], :auth_method => :broker_auth} else data = JSON.parse(params['json_data']) return {:username => data["rhlogin"], :auth_method => :login} end end |
#validate_broker_key(iv, key) ⇒ Object
Be careful overriding this method in a subclass. Doing so incorrectly can break node->broker authentication when swapping plugins.
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/openshift/auth_service.rb', line 56 def validate_broker_key(iv, key) key = key.gsub(" ", "+") iv = iv.gsub(" ", "+") begin encrypted_token = Base64::decode64(key) cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc") cipher.decrypt cipher.key = OpenSSL::Digest::SHA512.new(@salt).digest private_key = OpenSSL::PKey::RSA.new(File.read(@privkeyfile), @privkeypass) cipher.iv = private_key.private_decrypt(Base64::decode64(iv)) json_token = cipher.update(encrypted_token) json_token << cipher.final rescue => e $stderr.puts e. $stderr.puts e.backtrace Rails.logger.debug "Broker key authentication failed. #{e.backtrace.inspect}" raise OpenShift::AccessDeniedException.new end token = JSON.parse(json_token) username = token[@token_login_key.to_s] app_name = token['app_name'] creation_time = token['creation_time'] user = CloudUser.find(username) raise OpenShift::AccessDeniedException.new if user.nil? app = Application.find(user, app_name) raise OpenShift::AccessDeniedException.new if app.nil? or creation_time != app.creation_time return {:username => username, :auth_method => :broker_auth} end |