zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-28 16:39:55 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add API pki cert check

Browse source
This commit is contained in:
Martin Lensment 2015-05-22 18:59:33 +03:00
parent fe19ac743b
commit f590a107fb
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/epp/sessions_controller.rb
View file

@ -9,13 +9,12 @@ class Epp::SessionsController < EppController
# rubocop: disable Metrics/CyclomaticComplexity
def login
cert_valid = true
if request.ip == ENV['webclient_ip']
@api_user = ApiUser.find_by(login_params)
else
if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username]
@api_user = ApiUser.find_by(login_params)
if request.ip != ENV['webclient_ip'] && @api_user
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
cert_valid = false
end
@api_user = ApiUser.find_by(login_params)
end
if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok?