added webclient_cert_common_name

Guardfile

@@ -9,7 +9,8 @@ group :red_green_refactor, halt_on_fail: true do
     # watch(%r{^(config|lib)/.*})
   # end
 
-  guard :rspec, cmd: 'spring rspec --fail-fast', notification: false do
+  # guard :rspec, cmd: 'spring rspec --fail-fast', notification: false do
+  guard :rspec, cmd: 'spring rspec', notification: false do
     watch(%r{^spec/.+_spec\.rb$})
     watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
     watch('spec/spec_helper.rb')  { "spec" }

app/api/repp/api.rb

@@ -8,10 +8,15 @@ module Repp
     end
 
     before do
+      next if Rails.env.test?
+      message = 'Certificate mismatch! Cert common name should be:'
+      request_name = ENV['HTTP_SSL_CLIENT_S_DN_CN']
+      
       if request.ip == ENV['webclient_ip']
-        error! 'Certificate mismatch', 401 if env['HTTP_SSL_CLIENT_S_DN_CN'] != 'webclient'
+        webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
+        error! "#{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
       else
-        error! 'Certificate mismatch', 401 if env['HTTP_SSL_CLIENT_S_DN_CN'] != @current_user.username
+        error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
       end
     end
 

config/application-example.yml

@@ -22,6 +22,7 @@ ca_key_password: 'your-root-key-password'
 
 # Used only by EPP server, you can leave it empty when running admin server:
 webclient_ip: '127.0.0.1'
+webclient_cert_common_name: 'webclient'
 
 # DEPP configuration
 show_ds_data_fields: 'false'