mirror of
https://github.com/internetee/registry.git
synced 2025-05-17 09:57:23 +02:00
Put back password for pki login
This commit is contained in:
parent
fe67c51436
commit
00ecdba699
3 changed files with 12 additions and 16 deletions
|
@ -8,6 +8,7 @@ mkdir certs crl newcerts private csrs
|
|||
chmod 700 private
|
||||
touch index.txt
|
||||
echo 1000 > serial
|
||||
echo 1000 > crlnumber
|
||||
```
|
||||
|
||||
Generate the root key (prompts for pass phrase):
|
||||
|
@ -26,6 +27,8 @@ exit
|
|||
|
||||
Make sure the following options are in place:
|
||||
```
|
||||
crl_extensions = crl_ext
|
||||
|
||||
[ CA_default ]
|
||||
# Where everything is kept
|
||||
dir = /home/registry/registry/shared/ca
|
||||
|
@ -71,6 +74,12 @@ openssl req -sha256 -new -key private/webclient.key.pem -out csrs/webclient.csr.
|
|||
Sign the request and create certificate:
|
||||
```
|
||||
openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/webclient.csr.pem -out certs/webclient.crt.pem
|
||||
chmod 444 certs/webclient.crt.pem
|
||||
```
|
||||
|
||||
Create certificate revocation list (prompts for pass phrase):
|
||||
```
|
||||
openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -gencrl -out crl/crl.pem
|
||||
```
|
||||
|
||||
Configure EPP virtual host:
|
||||
|
|
|
@ -3,18 +3,8 @@ module Repp
|
|||
format :json
|
||||
prefix :repp
|
||||
|
||||
before do
|
||||
auth_param = request.headers['Authorization'].split(' ', 2).second
|
||||
username, password = ::Base64.decode64(auth_param || '').split(':', 2)
|
||||
|
||||
# allow user lookup only by username if request came from webclient
|
||||
if request.ip == APP_CONFIG['webclient_ip'] && password.blank?
|
||||
login_params = { username: username }
|
||||
else
|
||||
login_params = { username: username, password: password }
|
||||
end
|
||||
|
||||
@current_user ||= ApiUser.find_by(login_params)
|
||||
http_basic do |username, password|
|
||||
@current_user ||= ApiUser.find_by(username: username, password: password)
|
||||
end
|
||||
|
||||
helpers do
|
||||
|
|
|
@ -9,10 +9,7 @@ class Epp::SessionsController < EppController
|
|||
# rubocop: disable Metrics/CyclomaticComplexity
|
||||
def login
|
||||
cert_valid = true
|
||||
# Allow login with only username
|
||||
if request.ip == APP_CONFIG['webclient_ip'] && login_params[:password].nil?
|
||||
@api_user = ApiUser.find_by(username: login_params[:username])
|
||||
elsif request.ip == APP_CONFIG['webclient_ip']
|
||||
if request.ip == APP_CONFIG['webclient_ip']
|
||||
@api_user = ApiUser.find_by(login_params)
|
||||
else
|
||||
if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username]
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue