zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-17 09:57:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

Put back password for pki login

Browse source
This commit is contained in:
Martin Lensment 2015-02-23 11:53:23 +02:00
parent fe67c51436
commit 00ecdba699
3 changed files with 12 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

9
CHANGELOG.md
View file

@ -8,6 +8,7 @@ mkdir certs crl newcerts private csrs
chmod 700 private chmod 700 private
touch index.txt touch index.txt
echo 1000 > serial echo 1000 > serial
echo 1000 > crlnumber
``` ```
Generate the root key (prompts for pass phrase): Generate the root key (prompts for pass phrase):
@ -26,6 +27,8 @@ exit
Make sure the following options are in place: Make sure the following options are in place:
``` ```
crl_extensions = crl_ext
[ CA_default ] [ CA_default ]
# Where everything is kept # Where everything is kept
dir = /home/registry/registry/shared/ca dir = /home/registry/registry/shared/ca
@ -71,6 +74,12 @@ openssl req -sha256 -new -key private/webclient.key.pem -out csrs/webclient.csr.
Sign the request and create certificate: Sign the request and create certificate:
``` ```
openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/webclient.csr.pem -out certs/webclient.crt.pem openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/webclient.csr.pem -out certs/webclient.crt.pem
chmod 444 certs/webclient.crt.pem
```
Create certificate revocation list (prompts for pass phrase):
```
openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -gencrl -out crl/crl.pem
``` ```
Configure EPP virtual host: Configure EPP virtual host:

14
app/api/repp/api.rb
View file

@ -3,18 +3,8 @@ module Repp
format :json format :json
prefix :repp prefix :repp
before do http_basic do |username, password|
auth_param = request.headers['Authorization'].split(' ', 2).second @current_user ||= ApiUser.find_by(username: username, password: password)
username, password = ::Base64.decode64(auth_param || '').split(':', 2)
# allow user lookup only by username if request came from webclient
if request.ip == APP_CONFIG['webclient_ip'] && password.blank?
login_params = { username: username }
else
login_params = { username: username, password: password }
end
@current_user ||= ApiUser.find_by(login_params)
end end
helpers do helpers do

5
app/controllers/epp/sessions_controller.rb
View file

@ -9,10 +9,7 @@ class Epp::SessionsController < EppController
# rubocop: disable Metrics/CyclomaticComplexity # rubocop: disable Metrics/CyclomaticComplexity
def login def login
cert_valid = true cert_valid = true
# Allow login with only username if request.ip == APP_CONFIG['webclient_ip']
if request.ip == APP_CONFIG['webclient_ip'] && login_params[:password].nil?
@api_user = ApiUser.find_by(username: login_params[:username])
elsif request.ip == APP_CONFIG['webclient_ip']
@api_user = ApiUser.find_by(login_params) @api_user = ApiUser.find_by(login_params)
else else
if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username] if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username]