diff options
author | azul <azul@leap.se> | 2014-07-14 07:52:12 +0200 |
---|---|---|
committer | azul <azul@leap.se> | 2014-07-14 07:52:12 +0200 |
commit | 07b141f3d677e993f02380b455738b20b9f0fe42 (patch) | |
tree | 553111ac07f6100738f29ddc7165fa800852f224 /app/models | |
parent | 1c7308207a9ab46cfb60c72aceaee2b3c82281fe (diff) | |
parent | 3bbfdf29bbc40432c21e34fe84060cf9ae70273f (diff) |
Merge pull request #175 from azul/feature/view-for-valid-certs
Feature/view for valid certs
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/client_certificate.rb | 34 | ||||
-rw-r--r-- | app/models/identity.rb | 29 |
2 files changed, 18 insertions, 45 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index d5bb1e0..815801e 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -25,7 +25,7 @@ class ClientCertificate # set expiration cert.not_before = last_month - cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) + cert.not_after = expiry # generate key cert.serial_number.number = cert_serial_number @@ -47,6 +47,10 @@ class ClientCertificate OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':') end + def expiry + @expiry ||= lifespan.months.from_now.utc.at_midnight + end + private def openssl_cert @@ -99,28 +103,18 @@ class ClientCertificate } end - ## - ## TIME HELPERS - ## - ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet - ## are behind UTC. - ## - - def yesterday - t = Time.now - 24*60*60 - Time.utc t.year, t.month, t.day - end + # + # TIME HELPERS + # + # We normalize timestamps at utc and midnight + # to reduce the fingerprinting possibilities. + # def last_month - t = Time.now - 24*60*60*30 - Time.utc t.year, t.month, t.day + 1.month.ago.utc.at_midnight end - def months_from_yesterday(num) - t = yesterday - date = Date.new t.year, t.month, t.day - date = date >> num # >> is months in the future operator - Time.utc date.year, date.month, date.day + def lifespan + APP_CONFIG[:client_cert_lifespan] end - end diff --git a/app/models/identity.rb b/app/models/identity.rb index eb67b1b..9dc9c7a 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -18,32 +18,11 @@ class Identity < CouchRest::Model::Base validate :destination_email design do + own_path = Pathname.new(File.dirname(__FILE__)) + load_views(own_path.join('..', 'designs', 'identity'), nil) view :by_user_id view :by_address_and_destination view :by_address - view :pgp_key_by_email, - map: <<-EOJS - function(doc) { - if (doc.type != 'Identity') { - return; - } - if (typeof doc.keys === "object") { - emit(doc.address, doc.keys["pgp"]); - } - } - EOJS - view :disabled, - map: <<-EOJS - function(doc) { - if (doc.type != 'Identity') { - return; - } - if (typeof doc.user_id === "undefined") { - emit(doc._id, 1); - } - } - EOJS - end def self.address_starts_with(query) @@ -146,9 +125,9 @@ class Identity < CouchRest::Model::Base end def register_cert(cert) - today = DateTime.now.to_date.to_s + expiry = cert.expiry.to_date.to_s write_attribute 'cert_fingerprints', - cert_fingerprints.merge(cert.fingerprint => today) + cert_fingerprints.merge(cert.fingerprint => expiry) end # for LoginFormatValidation |