zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-11 23:24:48 +02:00
Code Issues Projects Releases Packages Wiki Activity

Change Base64 encoding to be url_safe, add crude implementation of a Controller

Browse source
This commit is contained in:
Maciej Szlosarczyk 2018-07-20 16:46:22 +03:00
parent dc8230dcc2
commit 35c3f0a5bf
No known key found for this signature in database
GPG key ID: 41D62D42D3B0D765
6 changed files with 50 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

41
app/controllers/api/v1/registrant/domains_controller.rb Normal file
View file

@ -0,0 +1,41 @@
require 'rails5_api_controller_backport'
require 'auth_token/auth_token_decryptor'
module Api
module V1
module Registrant
class DomainsController < ActionController::API
before_filter :authenticate
def index
registrant = ::Registrant.find_by(ident: current_user.registrant_ident)
unless registrant
render json: Domain.all
else
domains = Domain.where(registrant_id: registrant.id)
render json: domains
end
end
private
def bearer_token
pattern = /^Bearer /
header = request.headers['Authorization']
header.gsub(pattern, '') if header && header.match(pattern)
end
def authenticate
decryptor = AuthTokenDecryptor.create_with_defaults(bearer_token)
decryptor.decrypt_token
if decryptor.valid?
sign_in decryptor.user
else
render json: { error: "Not authorized" }, status: 403
end
end
end
end
end
end

3
config/routes.rb
View file

@ -22,7 +22,8 @@ Rails.application.routes.draw do
namespace :v1 do namespace :v1 do
namespace :registrant do namespace :registrant do
post 'auth/eid', to: 'auth#eid' post 'auth/eid', to: 'auth#eid'
post 'auth/username', to: 'auth#username'
resources :domains, only: [:index]
end end
end end
end end

2
lib/auth_token/auth_token_creator.rb
View file

@ -28,7 +28,7 @@ class AuthTokenCreator
encryptor.encrypt encryptor.encrypt
encryptor.key = key encryptor.key = key
encrypted_bytes = encryptor.update(hashable) + encryptor.final encrypted_bytes = encryptor.update(hashable) + encryptor.final
Base64.encode64(encrypted_bytes) Base64.urlsafe_encode64(encrypted_bytes)
end end
def token_in_hash def token_in_hash

4
lib/auth_token/auth_token_decryptor.rb
View file

@ -18,11 +18,11 @@ class AuthTokenDecryptor
decipher.decrypt decipher.decrypt
decipher.key = key decipher.key = key
base64_decoded = Base64.decode64(token) base64_decoded = Base64.urlsafe_decode64(token)
plain = decipher.update(base64_decoded) + decipher.final plain = decipher.update(base64_decoded) + decipher.final
@decrypted_data = JSON.parse(plain, symbolize_names: true) @decrypted_data = JSON.parse(plain, symbolize_names: true)
rescue OpenSSL::Cipher::CipherError rescue OpenSSL::Cipher::CipherError, ArgumentError
false false
end end

3
test/lib/auth_token/auth_token_creator_test.rb
View file

@ -15,6 +15,7 @@ class AuthTokenCreatorTest < ActiveSupport::TestCase
def test_hashable_is_constructed_as_expected def test_hashable_is_constructed_as_expected
expected_hashable = { user_ident: 'US-1234', user_username: 'Registrant User', expected_hashable = { user_ident: 'US-1234', user_username: 'Registrant User',
expires_at: '2010-07-05 00:30:00 UTC' }.to_json expires_at: '2010-07-05 00:30:00 UTC' }.to_json
assert_equal(expected_hashable, @token_creator.hashable) assert_equal(expected_hashable, @token_creator.hashable)
end end
@ -23,7 +24,7 @@ class AuthTokenCreatorTest < ActiveSupport::TestCase
encryptor.decrypt encryptor.decrypt
encryptor.key = @random_bytes encryptor.key = @random_bytes
base64_decoded = Base64.decode64(@token_creator.encrypted_token) base64_decoded = Base64.urlsafe_decode64(@token_creator.encrypted_token)
result = encryptor.update(base64_decoded) + encryptor.final result = encryptor.update(base64_decoded) + encryptor.final
hashable = { user_ident: 'US-1234', user_username: 'Registrant User', hashable = { user_ident: 'US-1234', user_username: 'Registrant User',

4
test/lib/auth_token/auth_token_decryptor_test.rb
View file

@ -15,7 +15,7 @@ class AuthTokenDecryptorTest < ActiveSupport::TestCase
# this token corresponds to: # this token corresponds to:
# {:user_ident=>"US-1234", :user_username=>"Registrant User", :expires_at=>"2010-07-05 02:15:00 UTC"} # {:user_ident=>"US-1234", :user_username=>"Registrant User", :expires_at=>"2010-07-05 02:15:00 UTC"}
@access_token = "q27NWIsKD5snWj9vZzJ0RcOYvgocEyu7H9yCaDjfmGi54sogovpBeALMPWTZ\nHMcdFQzSiq6b4cI0p5tO0/5UEOHic2jRzNW7mkhi+bn+Y2W9l9TJV0IdiTj9\nbaf+JvlbyaJh6+/eXIm0tuV5E8Ra9Q==\n" @access_token = "q27NWIsKD5snWj9vZzJ0RcOYvgocEyu7H9yCaDjfmGi54sogovpBeALMPWTZHMcdFQzSiq6b4cI0p5tO0_5UEOHic2jRzNW7mkhi-bn-Y2Wlnw7jhMpxw6VwJR8QEoDzjkcNxnKBN6OKF4nssa60ZQ=="
end end
def teardown def teardown
@ -61,7 +61,7 @@ class AuthTokenDecryptorTest < ActiveSupport::TestCase
def test_returns_false_for_non_existing_user def test_returns_false_for_non_existing_user
# This token was created from an admin user and @key. Decrypted, it corresponds to: # This token was created from an admin user and @key. Decrypted, it corresponds to:
# {:user_ident=>nil, :user_username=>"test", :expires_at=>"2010-07-05 00:15:00 UTC"} # {:user_ident=>nil, :user_username=>"test", :expires_at=>"2010-07-05 00:15:00 UTC"}
other_token = "rMkjgpyRcj2xOnHVwvvQ5RAS0yQepUSrw3XM5BrwM4TMH+h+TBeLve9InC/z\naPneMMnCs0NHQHt1EpH95A2YhX5P3HsyYITRErDmtlzUf21e185q/CUkW5NG\nWa4rar+6\n" other_token = "rMkjgpyRcj2xOnHVwvvQ5RAS0yQepUSrw3XM5BrwM4TMH-h-TBeLve9InC_zaPneMMnCs0NHQHt1EpH95A2Yhdk6Ge6HQ-4gN5L0THDywCO2vHKGucPxbd6g6wOSaOnR"
decryptor = AuthTokenDecryptor.new(other_token, @key) decryptor = AuthTokenDecryptor.new(other_token, @key)
decryptor.decrypt_token decryptor.decrypt_token