zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-03 09:43:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update registrar sessions

Browse source
This commit is contained in:
Martin Lensment 2015-05-15 17:39:59 +03:00
parent 936c570e1f
commit e72bb0be54
5 changed files with 43 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

22
README.md
View file

@ -183,7 +183,7 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
SSLVerifyClient none SSLVerifyClient none
SSLVerifyDepth 1 SSLVerifyDepth 1
SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl
# Uncomment in Apache 2.4 # Uncomment in Apache 2.4
# SSLCARevocationCheck chain # SSLCARevocationCheck chain
@ -192,6 +192,13 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
SSLVerifyClient require SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
</Location> </Location>
<Location /registrar/id>
SSLVerifyClient require
Options Indexes FollowSymLinks MultiViews
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData
</Location>
</VirtualHost> </VirtualHost>
``` ```
@ -253,7 +260,7 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
SSLVerifyClient none SSLVerifyClient none
SSLVerifyDepth 1 SSLVerifyDepth 1
SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl
# Uncomment in Apache 2.4 # Uncomment in Apache 2.4
# SSLCARevocationCheck chain # SSLCARevocationCheck chain
@ -262,6 +269,13 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
SSLVerifyClient require SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
</Location> </Location>
<Location /registrant/id>
SSLVerifyClient require
Options Indexes FollowSymLinks MultiViews
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData
</Location>
</VirtualHost> </VirtualHost>
``` ```
@ -282,7 +296,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
SSLVerifyClient none SSLVerifyClient none
SSLVerifyDepth 1 SSLVerifyDepth 1
SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl
SSLCARevocationCheck chain SSLCARevocationCheck chain
RequestHeader set SSL_CLIENT_S_DN_CN "" RequestHeader set SSL_CLIENT_S_DN_CN ""
@ -314,7 +328,7 @@ Be sure to update paths to match your system configuration.
SSLVerifyClient require SSLVerifyClient require
SSLVerifyDepth 1 SSLVerifyDepth 1
SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl
# Uncomment this when upgrading to apache 2.4: # Uncomment this when upgrading to apache 2.4:
# SSLCARevocationCheck chain # SSLCARevocationCheck chain

12
app/controllers/registrar/sessions_controller.rb
View file

@ -45,6 +45,18 @@ class Registrar::SessionsController < ::SessionsController
# rubocop:enable Metrics/CyclomaticComplexity # rubocop:enable Metrics/CyclomaticComplexity
# rubocop:enable Metrics/PerceivedComplexity # rubocop:enable Metrics/PerceivedComplexity
def id
@user = ApiUser.find_by_idc_data(request.env['SSL_CLIENT_S_DN'])
if @user
sign_in(@user, event: :authentication)
redirect_to registrant_root_url
else
flash[:alert] = t('no_such_user')
redirect_to registrar_login_url
end
end
def login_mid def login_mid
@user = User.new @user = User.new
end end

9
app/models/api_user.rb
View file

@ -42,5 +42,14 @@ class ApiUser < User
def queued_messages def queued_messages
registrar.messages.queued registrar.messages.queued
end end
class << self
def find_by_idc_data(idc_data)
return false if idc_data.blank?
identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
find_by(identity_code: identity_code)
end
end
end end
# rubocop: enable Metrics/ClassLength # rubocop: enable Metrics/ClassLength

4
app/views/registrar/sessions/login.haml
View file

@ -15,7 +15,7 @@
%hr %hr
= link_to '/registrar/login/mid' do = link_to '/registrar/login/mid' do
= image_tag 'mid.gif' = image_tag 'mid.gif'
-# = link_to '/registrar/login/id' do = link_to '/registrar/id', method: :post do
-# = image_tag 'id_card.gif' = image_tag 'id_card.gif'

1
config/routes.rb
View file

@ -39,6 +39,7 @@ Rails.application.routes.draw do
post 'login/mid_status' => 'sessions#mid_status' post 'login/mid_status' => 'sessions#mid_status'
post 'sessions' => 'sessions#create' post 'sessions' => 'sessions#create'
post 'id' => 'sessions#id'
post 'mid' => 'sessions#mid' post 'mid' => 'sessions#mid'
get 'logout' => '/devise/sessions#destroy' get 'logout' => '/devise/sessions#destroy'
end end