zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-18 10:19:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added helpful pki config errors if dedected, updated apache examples

Browse source
This commit is contained in:
Priit Tark 2015-05-11 12:30:25 +03:00
parent 36373d12e3
commit 6787832bde
5 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -2,6 +2,7 @@
* Registrar: only dev can skip pki login certificate, * Registrar: only dev can skip pki login certificate,
please be sure all application.yml and apache conf is correctly setup for pki please be sure all application.yml and apache conf is correctly setup for pki
* Updated Registrar Apache example: added user name directive example config
24.04.2015 24.04.2015

6
README.md
View file

@ -179,6 +179,12 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
<Location ~ "/(registrar|assets)\/.+"> <Location ~ "/(registrar|assets)\/.+">
Allow from all Allow from all
</Location> </Location>
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
<Location /registrar/sessions>
SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
</Location>
</VirtualHost> </VirtualHost>
``` ```

8
app/controllers/registrar/sessions_controller.rb
View file

@ -16,6 +16,14 @@ class Registrar::SessionsController < ::SessionsController
) )
) )
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'].blank?
@depp_user.errors.add(:base, :webserver_missing_user_name_directive)
end
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] == '(null)'
@depp_user.errors.add(:base, :webserver_user_name_directive_should_be_required)
end
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag] if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag]
@depp_user.errors.add(:base, :invalid_cert) @depp_user.errors.add(:base, :invalid_cert)
end end

2
config/locales/en.yml
View file

@ -529,6 +529,8 @@ en:
authorization_error: 'Authorization error' authorization_error: 'Authorization error'
invalid_cert: 'Invalid certificate' invalid_cert: 'Invalid certificate'
not_active: 'User is not active' not_active: 'User is not active'
webserver_missing_user_name_directive: 'Webserver configuration error: Apache or nginx is missing user name directive.'
webserver_user_name_directive_should_be_required: 'Webserver configuration error: Apache or nginx should require name directive.'
tag: tag:
blank: "Username can't be blank" blank: "Username can't be blank"
password: password:

2
doc/certificates.md
View file

@ -151,7 +151,7 @@ Add these lines:
RequestHeader set SSL_CLIENT_S_DN_CN "" RequestHeader set SSL_CLIENT_S_DN_CN ""
<Location /sessions/pki> <Location /sessions>
SSLVerifyClient require SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
</Location> </Location>