diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb index 04b805597..ec0b3167f 100644 --- a/app/api/repp/api.rb +++ b/app/api/repp/api.rb @@ -3,8 +3,18 @@ module Repp format :json prefix :repp - http_basic do |username, password| - @current_user ||= ApiUser.find_by(username: username, password: password) + before do + auth_param = request.headers['Authorization'].split(' ', 2).second + username, password = ::Base64.decode64(auth_param || '').split(':', 2) + + # allow user lookup only by username if request came from webclient + if request.ip == APP_CONFIG['webclient_ip'] && password.blank? + login_params = { username: username } + else + login_params = { username: username, password: password } + end + + @current_user ||= ApiUser.find_by(login_params) end helpers do diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index 94ee568b0..4d7e2481b 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -4,8 +4,8 @@ class Epp::SessionsController < EppController end def login - # pki login - if request.env['HTTP_SSL_CLIENT_S_DN_CN'] == login_params[:username] + # Allow login with only username + if request.ip == APP_CONFIG['webclient_ip'] && login_params[:password].nil? @api_user = ApiUser.find_by(username: login_params[:username]) else @api_user = ApiUser.find_by(login_params) diff --git a/config/routes.rb b/config/routes.rb index cd9f85b81..e2bb835b3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,6 +3,7 @@ require 'epp_constraint' Rails.application.routes.draw do namespace(:epp, defaults: { format: :xml }) do match 'session/:action', controller: 'sessions', via: :all + match 'session/pki/:action', controller: 'sessions', via: :all post 'command/:action', controller: 'domains', constraints: EppConstraint.new(:domain) post 'command/:action', controller: 'contacts', constraints: EppConstraint.new(:contact)