From 67196217a8425c34867d0c4e003e10146d6baa3b Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Wed, 25 Mar 2015 14:17:02 +0200
Subject: [PATCH] Check client certificate CN in REPP

---
 app/api/repp/api.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb
index 04b805597..df49bdf52 100644
--- a/app/api/repp/api.rb
+++ b/app/api/repp/api.rb
@@ -7,6 +7,14 @@ module Repp
       @current_user ||= ApiUser.find_by(username: username, password: password)
     end
 
+    before do
+      if request.ip == ENV['webclient_ip']
+        error! 'Certificate mismatch', 401 if env['HTTP_SSL_CLIENT_S_DN_CN'] != 'webclient'
+      else
+        error! 'Certificate mismatch', 401 if env['HTTP_SSL_CLIENT_S_DN_CN'] != @current_user.username
+      end
+    end
+
     helpers do
       attr_reader :current_user
     end