diff options
author | Azul <azul@leap.se> | 2014-05-19 15:07:02 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-05-19 15:21:42 +0200 |
commit | 3a84578cf33685800c9216cfb4da12ea1fb0032f (patch) | |
tree | b2f3f2dcd5da823f371f0cc2e2deb3159de6a3c8 | |
parent | e8ba98df64cb537e85de8624c0ebb08c4135ccca (diff) |
store fingerprints with timestamp
Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
-rw-r--r-- | app/controllers/v1/smtp_certs_controller.rb | 18 | ||||
-rw-r--r-- | app/models/identity.rb | 12 | ||||
-rw-r--r-- | test/integration/api/smtp_cert_test.rb | 3 | ||||
-rw-r--r-- | test/support/api_integration_test.rb | 3 |
4 files changed, 31 insertions, 5 deletions
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index 533a19a..fcc00b8 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -2,22 +2,36 @@ class V1::SmtpCertsController < ApplicationController before_filter :require_login before_filter :require_email_account + before_filter :fetch_identity # GET /1/smtp_cert def show @cert = ClientCertificate.new prefix: current_user.email_address - current_user.identity.cert_fingerprints << @cert.fingerprint - current_user.identity.save + @identity.register_cert(@cert) + @identity.save render text: @cert.to_s, content_type: 'text/plain' end protected + # + # Filters + # + def require_email_account access_denied unless service_level.provides? 'email' end + def fetch_identity + @identity = current_user.identity + end + + # + # Helper methods + # + def service_level current_user.effective_service_level end + end diff --git a/app/models/identity.rb b/app/models/identity.rb index 2f8d4eb..a4225e7 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -8,7 +8,7 @@ class Identity < CouchRest::Model::Base property :address, LocalEmail property :destination, Email property :keys, HashWithIndifferentAccess - property :cert_fingerprints, [String] + property :cert_fingerprints, Hash validate :unique_forward validate :alias_available @@ -108,6 +108,16 @@ class Identity < CouchRest::Model::Base write_attribute('keys', keys.merge(type => key.to_s)) end + def cert_fingerprints + read_attribute('cert_fingerprints') || Hash.new + end + + def register_cert(cert) + today = DateTime.now.to_date.to_s + write_attribute 'cert_fingerprints', + cert_fingerprints.merge(cert.fingerprint => today) + end + # for LoginFormatValidation def login self.address.handle diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 4f0f4a6..992249b 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - assert_equal fingerprint, @user.identity.cert_fingerprints.last + today = DateTime.now.to_date.to_s + assert_equal({fingerprint => today}, @user.identity.cert_fingerprints) end test "fetching smtp certs requires email account" do diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index 0e8e261..bd10f11 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -5,7 +5,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) - @token ||= DUMMY_TOKEN + # DUMMY_TOKEN will be frozen. So let's use a dup + @token ||= DUMMY_TOKEN.dup # make sure @token is up to date if it already exists @token.reload if @token.persisted? @token.user_id = @user.id |