zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-08-03 16:32:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Revert back to CSR / CRT upload

Browse source
This commit is contained in:
Martin Lensment 2015-05-22 13:42:40 +03:00
parent 8292951c9c
commit 0aa5399265
12 changed files with 214 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

84
app/controllers/admin/certificates_controller.rb
View file

@ -1,19 +1,21 @@
class Admin::CertificatesController < AdminController
load_and_authorize_resource
before_action :set_api_user, only: [:new, :show, :destroy, :edit, :update]
before_action :set_certificate, :set_api_user, only: [:sign, :show, :download_csr, :download_crt, :revoke, :destroy]
def show; end
def edit; end
def new
@api_user = ApiUser.find(params[:api_user_id])
@certificate = Certificate.new(api_user: @api_user)
end
def create
@api_user = ApiUser.find(params[:api_user_id])
@certificate = @api_user.certificates.build(certificate_params)
crt = certificate_params[:crt].open.read if certificate_params[:crt]
csr = certificate_params[:csr].open.read if certificate_params[:csr]
@certificate = @api_user.certificates.build(csr: csr, crt: crt)
if @api_user.save
flash[:notice] = I18n.t('record_created')
redirect_to [:admin, @api_user, @certificate]
@ -23,16 +25,6 @@ class Admin::CertificatesController < AdminController
end
end
def update
if @certificate.update(certificate_params)
flash[:notice] = I18n.t('record_updated')
redirect_to [:admin, @api_user, @certificate]
else
flash.now[:alert] = I18n.t('failed_to_update_record')
render 'edit'
end
end
def destroy
if @certificate.destroy
flash[:notice] = I18n.t('record_deleted')
@ -43,48 +35,50 @@ class Admin::CertificatesController < AdminController
end
end
# DEPRECATED FOR NOW
# def sign
# if @certificate.sign!
# flash[:notice] = I18n.t('record_updated')
# redirect_to [:admin, @api_user, @certificate]
# else
# flash.now[:alert] = I18n.t('failed_to_update_record')
# render 'show'
# end
# end
def sign
if @certificate.sign!
flash[:notice] = I18n.t('record_updated')
redirect_to [:admin, @api_user, @certificate]
else
flash.now[:alert] = I18n.t('failed_to_update_record')
render 'show'
end
end
# def revoke
# if @certificate.revoke!
# flash[:notice] = I18n.t('record_updated')
# else
# flash[:alert] = I18n.t('failed_to_update_record')
# end
# redirect_to [:admin, @api_user, @certificate]
# end
def revoke
if @certificate.revoke!
flash[:notice] = I18n.t('record_updated')
else
flash[:alert] = I18n.t('failed_to_update_record')
end
redirect_to [:admin, @api_user, @certificate]
end
# def download_csr
# send_data @certificate.csr, filename: "#{@api_user.username}.csr.pem"
# end
def download_csr
send_data @certificate.csr, filename: "#{@api_user.username}.csr.pem"
end
# def download_crt
# send_data @certificate.crt, filename: "#{@api_user.username}.crt.pem"
# end
def download_crt
send_data @certificate.crt, filename: "#{@api_user.username}.crt.pem"
end
private
# DEPRECATED FOR NOW
# def set_certificate
# @certificate = Certificate.find(params[:id])
# @csr = OpenSSL::X509::Request.new(@certificate.csr) if @certificate.csr
# @crt = OpenSSL::X509::Certificate.new(@certificate.crt) if @certificate.crt
# end
def set_certificate
@certificate = Certificate.find(params[:id])
@csr = OpenSSL::X509::Request.new(@certificate.csr) if @certificate.csr
@crt = OpenSSL::X509::Certificate.new(@certificate.crt) if @certificate.crt
end
def set_api_user
@api_user = ApiUser.find(params[:api_user_id])
end
def certificate_params
params.require(:certificate).permit(:common_name, :md5, :interface)
if params[:certificate]
params.require(:certificate).permit(:crt, :csr)
else
{}
end
end
end

25
app/controllers/registrar/sessions_controller.rb
View file

@ -13,6 +13,7 @@ class Registrar::SessionsController < Devise::SessionsController
# rubocop:disable Metrics/PerceivedComplexity
# rubocop:disable Metrics/CyclomaticComplexity
# rubocop:disable Metrics/MethodLength
def create
@depp_user = Depp::User.new(params[:depp_user].merge(
pki: !(Rails.env.development? || Rails.env.test?)
@ -23,17 +24,32 @@ class Registrar::SessionsController < Devise::SessionsController
@depp_user.errors.add(:base, :webserver_missing_user_name_directive)
end
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_CERT'].blank?
@depp_user.errors.add(:base, :webserver_missing_client_cert_directive)
end
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] == '(null)'
@depp_user.errors.add(:base, :webserver_user_name_directive_should_be_required)
end
logger.error request.env
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag]
@depp_user.errors.add(:base, :invalid_cert)
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_CERT'] == '(null)'
@depp_user.errors.add(:base, :webserver_client_cert_directive_should_be_required)
end
@api_user = ApiUser.find_by(username: params[:depp_user][:tag], password: params[:depp_user][:password])
unless @api_user
@depp_user.errors.add(:base, t(:no_such_user))
render 'login' and return
end
if @depp_user.pki
unless @api_user.registrar_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'])
@depp_user.errors.add(:base, :invalid_cert)
end
end
if @depp_user.errors.none? && @depp_user.valid?
@api_user = ApiUser.find_by(username: params[:depp_user][:tag])
if @api_user.active?
sign_in @api_user
redirect_to role_base_root_url(@api_user)
@ -47,6 +63,7 @@ class Registrar::SessionsController < Devise::SessionsController
end
# rubocop:enable Metrics/CyclomaticComplexity
# rubocop:enable Metrics/PerceivedComplexity
# rubocop:enable Metrics/MethodLength
def id
@user = ApiUser.find_by_idc_data(request.env['SSL_CLIENT_S_DN'])