Class: Msf::WebServices::Authentication::Strategies::UserPassword

Inherits:

Warden::Strategies::Base

• Object
• Warden::Strategies::Base
• Msf::WebServices::Authentication::Strategies::UserPassword

Defined in:

lib/msf/core/web_services/authentication/strategies/user_password.rb

Instance Method Summary

• #authenticate! ⇒ Object

  Authenticate the request.

• #valid? ⇒ Boolean

  Check if request contains valid data and should be authenticated.

Instance Method Details

#authenticate! ⇒ Object

Authenticate the request.

# File 'lib/msf/core/web_services/authentication/strategies/user_password.rb', line 30

def authenticate!
  begin
    body = JSON.parse(request.body.read, symbolize_names: true)

    db_manager = env['msf.db_manager']
    user = db_manager.users(username: body[:username]).first

    if user.nil? || !db_manager.authenticate_user(id: user.id, password: body[:password])
      fail("Invalid username or password.")
    else
      success!(user)
    end
  ensure
    request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
  end
end

#valid? ⇒ Boolean

Check if request contains valid data and should be authenticated.

Returns:

• (Boolean) —

  true if strategy should be run for the request; otherwise, false.

# File 'lib/msf/core/web_services/authentication/strategies/user_password.rb', line 20

def valid?
  begin
    body = JSON.parse(request.body.read, symbolize_names: true)
    body[:username] && body[:password]
  ensure
    request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
  end
end