Class: OpenShift::AuthService

Inherits:
Object
  • Object
show all
Defined in:
lib/openshift/auth_service.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(auth_info = nil) ⇒ AuthService

Returns a new instance of AuthService.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/openshift/auth_service.rb', line 15

def initialize(auth_info = nil)
  # This is useful for testing
  @auth_info = auth_info

  if @auth_info.nil?
    @auth_info = Rails.application.config.auth
  end

  @salt           = @auth_info[:salt]
  @privkeyfile    = @auth_info[:privkeyfile]
  @privkeypass    = @auth_info[:privkeypass]
  @pubkeyfile     = @auth_info[:pubkeyfile]

  @token_login_key = @auth_info[:token_login_key] || :login
end

Class Method Details

.instanceObject



11
12
13
# File 'lib/openshift/auth_service.rb', line 11

def self.instance
  @oo_auth_provider.new
end

.provider=(provider_class) ⇒ Object



7
8
9
# File 'lib/openshift/auth_service.rb', line 7

def self.provider=(provider_class)
  @oo_auth_provider = provider_class
end

Instance Method Details

#authenticate(request, login, password) ⇒ Object



88
89
90
# File 'lib/openshift/auth_service.rb', line 88

def authenticate(request, , password)
  return {:username => , :auth_method => :login}
end

#generate_broker_key(app) ⇒ Object

Be careful overriding this method in a subclass. Doing so incorrectly can break node->broker authentication when swapping plugins.



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/openshift/auth_service.rb', line 33

def generate_broker_key(app)
  cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
  cipher.encrypt
  cipher.key = OpenSSL::Digest::SHA512.new(@salt).digest
  cipher.iv = iv = cipher.random_iv
  token = {:app_name => app.name,
           @token_login_key => app.user.,
           :creation_time => app.creation_time}
  encrypted_token = cipher.update(token.to_json)
  encrypted_token << cipher.final

  public_key = OpenSSL::PKey::RSA.new(File.read(@pubkeyfile), @privkeypass)
  encrypted_iv = public_key.public_encrypt(iv)

  # Base64 encode the iv and token
  encoded_iv = Base64::encode64(encrypted_iv)
  encoded_token = Base64::encode64(encrypted_token)

  [encoded_iv, encoded_token]
end

#login(request, params, cookies) ⇒ Object



92
93
94
95
96
97
98
99
# File 'lib/openshift/auth_service.rb', line 92

def (request, params, cookies)
  if params['broker_auth_key'] && params['broker_auth_iv']
    return {:username => params['broker_auth_key'], :auth_method => :broker_auth}
  else
    data = JSON.parse(params['json_data'])
    return {:username => data["rhlogin"], :auth_method => :login}
  end
end

#validate_broker_key(iv, key) ⇒ Object

Be careful overriding this method in a subclass. Doing so incorrectly can break node->broker authentication when swapping plugins.

Raises:

  • (OpenShift::AccessDeniedException)


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/openshift/auth_service.rb', line 56

def validate_broker_key(iv, key)
  key = key.gsub(" ", "+")
  iv = iv.gsub(" ", "+")
  begin
    encrypted_token = Base64::decode64(key)
    cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
    cipher.decrypt
    cipher.key = OpenSSL::Digest::SHA512.new(@salt).digest
    private_key = OpenSSL::PKey::RSA.new(File.read(@privkeyfile), @privkeypass)
    cipher.iv =  private_key.private_decrypt(Base64::decode64(iv))
    json_token = cipher.update(encrypted_token)
    json_token << cipher.final
  rescue => e
    $stderr.puts e.message
    $stderr.puts e.backtrace
    Rails.logger.debug "Broker key authentication failed. #{e.backtrace.inspect}"
    raise OpenShift::AccessDeniedException.new
  end

  token = JSON.parse(json_token)
  username = token[@token_login_key.to_s]
  app_name = token['app_name']
  creation_time = token['creation_time']

  user = CloudUser.find(username)
  raise OpenShift::AccessDeniedException.new if user.nil?
  app = Application.find(user, app_name)

  raise OpenShift::AccessDeniedException.new if app.nil? or creation_time != app.creation_time
  return {:username => username, :auth_method => :broker_auth}
end