diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/tasks/leap_web_users_tasks.rake | 10 | ||||
-rw-r--r-- | lib/warden/session_serializer.rb | 13 | ||||
-rw-r--r-- | lib/warden/strategies/secure_remote_password.rb | 81 | ||||
-rw-r--r-- | lib/webfinger.rb | 6 | ||||
-rw-r--r-- | lib/webfinger/host_meta_presenter.rb | 30 | ||||
-rw-r--r-- | lib/webfinger/user_presenter.rb | 35 |
6 files changed, 175 insertions, 0 deletions
diff --git a/lib/tasks/leap_web_users_tasks.rake b/lib/tasks/leap_web_users_tasks.rake new file mode 100644 index 0000000..62bcbe9 --- /dev/null +++ b/lib/tasks/leap_web_users_tasks.rake @@ -0,0 +1,10 @@ +# desc "Explaining what the task does" +# task :leap_web_users do +# # Task goes here +# end + +# recommended that for our setup, we should have this triggered from a cron job in puppet rather than using whenever gem +desc "Send one month warning messages" +task :leap_web_users do + User.send_one_month_warnings +end diff --git a/lib/warden/session_serializer.rb b/lib/warden/session_serializer.rb new file mode 100644 index 0000000..81d7076 --- /dev/null +++ b/lib/warden/session_serializer.rb @@ -0,0 +1,13 @@ +module Warden + # Setup Session Serialization + class SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.constantize.find(id) + end + end +end diff --git a/lib/warden/strategies/secure_remote_password.rb b/lib/warden/strategies/secure_remote_password.rb new file mode 100644 index 0000000..2c334c6 --- /dev/null +++ b/lib/warden/strategies/secure_remote_password.rb @@ -0,0 +1,81 @@ +module Warden + module Strategies + class SecureRemotePassword < Warden::Strategies::Base + + def valid? + handshake? || authentication? + end + + def authenticate! + if authentication? + validate! + else # handshake + initialize! + end + end + + protected + + def handshake? + params['A'] && params['login'] + end + + def authentication? + params['client_auth'] && session[:handshake] + end + + def validate! + if client = validate + success!(User.find_by_login(client.username)) + else + Rails.logger.warn "Login attempt failed." + Rails.logger.debug debug_info + Rails.logger.debug "Received: #{params['client_auth']}" + session.delete(:handshake) + fail!(:base => "invalid_user_pass") + end + end + + def validate + session[:handshake].authenticate(params['client_auth']) + end + + def initialize! + if user = User.find_by_login(id) + client = SRP::Client.new user.username, + :verifier => user.verifier, + :salt => user.salt + session[:handshake] = SRP::Session.new(client, params['A']) + custom! json_response(session[:handshake]) + else + fail! :base => 'invalid_user_pass' + end + rescue SRP::InvalidEphemeral + fail!(:base => "invalid_ephemeral") + end + + def json_response(object) + [ 200, + {"Content-Type" => "application/json; charset=utf-8"}, + [object.to_json] + ] + end + + def id + params["id"] || params["login"] + end + + protected + + def debug_info + JSON.pretty_generate(session[:handshake].internal_state) + end + + end + end + Warden::Strategies.add :secure_remote_password, + Warden::Strategies::SecureRemotePassword + +end + + diff --git a/lib/webfinger.rb b/lib/webfinger.rb new file mode 100644 index 0000000..dd49b41 --- /dev/null +++ b/lib/webfinger.rb @@ -0,0 +1,6 @@ +module Webfinger + + autoload :HostMetaPresenter, 'webfinger/host_meta_presenter' + autoload :UserPresenter, 'webfinger/user_presenter' + +end diff --git a/lib/webfinger/host_meta_presenter.rb b/lib/webfinger/host_meta_presenter.rb new file mode 100644 index 0000000..84ab7a9 --- /dev/null +++ b/lib/webfinger/host_meta_presenter.rb @@ -0,0 +1,30 @@ +require 'uri' + +class Webfinger::HostMetaPresenter + def initialize(request) + @request = request + end + + def to_json(options = {}) + { + subject: subject, + links: links + }.to_json(options) + end + + def subject + url = URI.parse(@request.url) + url.path = '' + url.to_s + end + + def links + { lrdd: { type: 'application/xrd+xml', template: webfinger_template } } + end + + protected + + def webfinger_template(path = 'webfinger', query_param='q') + "#{subject}/#{path}?#{query_param}={uri}" + end +end diff --git a/lib/webfinger/user_presenter.rb b/lib/webfinger/user_presenter.rb new file mode 100644 index 0000000..329f477 --- /dev/null +++ b/lib/webfinger/user_presenter.rb @@ -0,0 +1,35 @@ +class Webfinger::UserPresenter + include Rails.application.routes.url_helpers + attr_accessor :user + + def initialize(user, request) + @user = user + @request = request + end + + def to_json(options = {}) + { + subject: subject, + links: links + }.to_json(options) + end + + def subject + "acct:#{@user.email_address}" + end + + def links + links = {} + links[:public_key] = { type: 'PGP', href: key } if key + return links + end + + protected + + def key + if @user.public_key.present? + Base64.encode64(@user.public_key.to_s) + end + end + +end |