summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-19 15:07:02 +0200
committerAzul <azul@leap.se>2014-05-19 15:21:42 +0200
commit3a84578cf33685800c9216cfb4da12ea1fb0032f (patch)
treeb2f3f2dcd5da823f371f0cc2e2deb3159de6a3c8
parente8ba98df64cb537e85de8624c0ebb08c4135ccca (diff)
store fingerprints with timestamp
Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
-rw-r--r--app/controllers/v1/smtp_certs_controller.rb18
-rw-r--r--app/models/identity.rb12
-rw-r--r--test/integration/api/smtp_cert_test.rb3
-rw-r--r--test/support/api_integration_test.rb3
4 files changed, 31 insertions, 5 deletions
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index 533a19a..fcc00b8 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -2,22 +2,36 @@ class V1::SmtpCertsController < ApplicationController
before_filter :require_login
before_filter :require_email_account
+ before_filter :fetch_identity
# GET /1/smtp_cert
def show
@cert = ClientCertificate.new prefix: current_user.email_address
- current_user.identity.cert_fingerprints << @cert.fingerprint
- current_user.identity.save
+ @identity.register_cert(@cert)
+ @identity.save
render text: @cert.to_s, content_type: 'text/plain'
end
protected
+ #
+ # Filters
+ #
+
def require_email_account
access_denied unless service_level.provides? 'email'
end
+ def fetch_identity
+ @identity = current_user.identity
+ end
+
+ #
+ # Helper methods
+ #
+
def service_level
current_user.effective_service_level
end
+
end
diff --git a/app/models/identity.rb b/app/models/identity.rb
index 2f8d4eb..a4225e7 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -8,7 +8,7 @@ class Identity < CouchRest::Model::Base
property :address, LocalEmail
property :destination, Email
property :keys, HashWithIndifferentAccess
- property :cert_fingerprints, [String]
+ property :cert_fingerprints, Hash
validate :unique_forward
validate :alias_available
@@ -108,6 +108,16 @@ class Identity < CouchRest::Model::Base
write_attribute('keys', keys.merge(type => key.to_s))
end
+ def cert_fingerprints
+ read_attribute('cert_fingerprints') || Hash.new
+ end
+
+ def register_cert(cert)
+ today = DateTime.now.to_date.to_s
+ write_attribute 'cert_fingerprints',
+ cert_fingerprints.merge(cert.fingerprint => today)
+ end
+
# for LoginFormatValidation
def login
self.address.handle
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 4f0f4a6..992249b 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest
assert_text_response
cert = OpenSSL::X509::Certificate.new(get_response.body)
fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
- assert_equal fingerprint, @user.identity.cert_fingerprints.last
+ today = DateTime.now.to_date.to_s
+ assert_equal({fingerprint => today}, @user.identity.cert_fingerprints)
end
test "fetching smtp certs requires email account" do
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
index 0e8e261..bd10f11 100644
--- a/test/support/api_integration_test.rb
+++ b/test/support/api_integration_test.rb
@@ -5,7 +5,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
def login(user = nil)
@user ||= user ||= FactoryGirl.create(:user)
- @token ||= DUMMY_TOKEN
+ # DUMMY_TOKEN will be frozen. So let's use a dup
+ @token ||= DUMMY_TOKEN.dup
# make sure @token is up to date if it already exists
@token.reload if @token.persisted?
@token.user_id = @user.id