zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-28 05:26:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add certs control

Browse source
This commit is contained in:
Sergei Tsõganov 2022-06-13 15:33:37 +03:00
parent d848675557
commit 7ec5c914bc
3 changed files with 17 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/repp/v1/base_controller.rb
View file

@ -103,14 +103,15 @@ module Repp
def authenticate_user def authenticate_user
username, password = Base64.urlsafe_decode64(basic_token).split(':') username, password = Base64.urlsafe_decode64(basic_token).split(':')
@current_user ||= ApiUser.find_by(username: username, plain_text_password: password, @current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
active: true) user_active = @current_user.active?
return if @current_user return if @current_user && user_active
raise(ArgumentError) raise(ArgumentError)
rescue NoMethodError, ArgumentError rescue NoMethodError, ArgumentError
@response = { code: 2202, message: 'Invalid authorization information' } @response = { code: 2202, message: 'Invalid authorization information',
data: { username: username, password: password, active: user_active } }
render(json: @response, status: :unauthorized) render(json: @response, status: :unauthorized)
end end

10
app/controllers/repp/v1/registrar/auth_controller.rb
View file

@ -9,6 +9,11 @@ module Repp
desc 'check user auth info and return data' desc 'check user auth info and return data'
def index def index
registrar = current_user.registrar registrar = current_user.registrar
unless client_certs_ok
handle_non_epp_errors(current_user, 'Invalid certificate')
return
end
render_success(data: auth_values_to_data(registrar: registrar)) render_success(data: auth_values_to_data(registrar: registrar))
end end
@ -43,6 +48,11 @@ module Repp
def auth_params def auth_params
params.require(:auth).permit(:uid, :new_user_id) params.require(:auth).permit(:uid, :new_user_id)
end end
def client_certs_ok
current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
end
end end
end end
end end

2
app/models/api_user.rb
View file

@ -61,6 +61,8 @@ class ApiUser < User
end end
def pki_ok?(crt, com, api: true) def pki_ok?(crt, com, api: true)
p crt
p com
return false if crt.blank? || com.blank? return false if crt.blank? || com.blank?
origin = api ? certificates.api : certificates.registrar origin = api ? certificates.api : certificates.registrar