From 886585a0f673e0ea70abb99504ff9c70180361d5 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 6 Mar 2013 01:34:16 -0800
Subject: certs - changed the logic of free/paid certs to be limited/unlimited.

---
 certs/app/controllers/certs_controller.rb      | 43 +++++++++++++++++++++++---
 certs/app/models/client_certificate.rb         |  6 ++--
 certs/test/functional/certs_controller_test.rb | 40 +++++++++++++-----------
 certs/test/unit/client_certificate_test.rb     | 12 ++-----
 config/defaults.yml                            |  7 +++--
 5 files changed, 72 insertions(+), 36 deletions(-)

diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
index 977e03e..62ef3fd 100644
--- a/certs/app/controllers/certs_controller.rb
+++ b/certs/app/controllers/certs_controller.rb
@@ -1,16 +1,51 @@
 class CertsController < ApplicationController
 
-  before_filter :logged_in_or_free_certs
+  before_filter :login_if_required
 
   # GET /cert
   def show
-    @cert = ClientCertificate.new(free: !logged_in?)
+    @cert = ClientCertificate.new(:prefix => certificate_prefix)
     render text: @cert.to_s, content_type: 'text/plain'
   end
 
   protected
 
-  def logged_in_or_free_certs
-    authorize unless APP_CONFIG[:free_certs_enabled]
+  def login_if_required
+    authorize unless APP_CONFIG[:allow_anonymous_certs]
+  end
+
+  #
+  # this is some temporary logic until we store the service level in the user db.
+  #
+  # better logic might look like this:
+  #
+  # if logged_in?
+  #   service_level = user.service_level
+  # elsif allow_anonymous?
+  #   service_level = service_levels[:anonymous]
+  # else
+  #   service_level = nil
+  # end
+  #
+  # if service_level.bandwidth == 'limited' && allow_limited?
+  #   prefix = limited
+  # elsif allow_unlimited?
+  #   prefix = unlimited
+  # else
+  #   prefix = nil
+  # end
+  #
+  def certificate_prefix
+    if logged_in?
+      if APP_CONFIG[:allow_unlimited_certs]
+        APP_CONFIG[:unlimited_cert_prefix]
+      elsif APP_CONFIG[:allow_limited_certs]
+        APP_CONFIG[:limited_cert_prefix]
+      end
+    elsif !APP_CONFIG[:allow_limited_certs]
+      APP_CONFIG[:unlimited_cert_prefix]
+    else
+      APP_CONFIG[:limited_cert_prefix]
+    end
   end
 end
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
index 13e0318..76b07a2 100644
--- a/certs/app/models/client_certificate.rb
+++ b/certs/app/models/client_certificate.rb
@@ -21,7 +21,7 @@ class ClientCertificate
     cert = CertificateAuthority::Certificate.new
 
     # set subject
-    cert.subject.common_name = common_name(options[:free])
+    cert.subject.common_name = common_name(options[:prefix])
 
     # set expiration
     cert.not_before = yesterday
@@ -65,8 +65,8 @@ class ClientCertificate
     Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
   end
 
-  def common_name(for_free_cert = false)
-    (for_free_cert ? APP_CONFIG[:free_cert_prefix] : '') + random_common_name
+  def common_name(prefix = nil)
+    [prefix, random_common_name].join
   end
 
   #
diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb
index 7826dd6..503e74b 100644
--- a/certs/test/functional/certs_controller_test.rb
+++ b/certs/test/functional/certs_controller_test.rb
@@ -2,35 +2,39 @@ require 'test_helper'
 
 class CertsControllerTest < ActionController::TestCase
 
-  test "send free cert without login" do
-    cert = stub :to_s => "free cert"
-    ClientCertificate.expects(:new).with(free: true).returns(cert)
-    get :show
-    assert_response :success
-    assert_equal cert.to_s, @response.body
+  test "send limited cert without login" do
+    with_config allow_limited_certs: true, allow_anonymous_certs: true do
+      cert = stub :to_s => "limited cert"
+      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
   end
 
-  test "send cert" do
-    login
-    cert = stub :to_s => "real cert"
-    ClientCertificate.expects(:new).with(free: false).returns(cert)
-    get :show
-    assert_response :success
-    assert_equal cert.to_s, @response.body
+  test "send unlimited cert" do
+    with_config allow_unlimited_certs: true do
+      login
+      cert = stub :to_s => "unlimited cert"
+      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert)
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
   end
 
-  test "login required if free certs disabled" do
-    with_config free_certs_enabled: false do
+  test "login required if anonymous certs disabled" do
+    with_config allow_anonymous_certs: false do
       get :show
       assert_response :redirect
     end
   end
 
-  test "get paid cert if free certs disabled" do
-    with_config free_certs_enabled: false do
+  test "send limited cert" do
+    with_config allow_limited_certs: true, allow_unlimited_certs: false do
       login
       cert = stub :to_s => "real cert"
-      ClientCertificate.expects(:new).with(free: false).returns(cert)
+      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
       get :show
       assert_response :success
       assert_equal cert.to_s, @response.body
diff --git a/certs/test/unit/client_certificate_test.rb b/certs/test/unit/client_certificate_test.rb
index abb5560..036e724 100644
--- a/certs/test/unit/client_certificate_test.rb
+++ b/certs/test/unit/client_certificate_test.rb
@@ -9,18 +9,12 @@ class ClientCertificateTest < ActiveSupport::TestCase
     assert sample.to_s
   end
 
-  test "free cert has configured prefix" do
-    sample = ClientCertificate.new(free: true)
-    prefix = APP_CONFIG[:free_cert_prefix]
+  test "cert has configured prefix" do
+    prefix = "PREFIX"
+    sample = ClientCertificate.new(:prefix => prefix)
     assert sample.cert.subject.common_name.starts_with?(prefix)
   end
 
-  test "real cert has no free cert prefix" do
-    sample = ClientCertificate.new
-    prefix = APP_CONFIG[:free_cert_prefix]
-    assert !sample.cert.subject.common_name.starts_with?(prefix)
-  end
-
   test "cert issuer matches ca subject" do
     sample = ClientCertificate.new
     cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem)
diff --git a/config/defaults.yml b/config/defaults.yml
index d0fb52f..cca827a 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -7,8 +7,11 @@ cert_options: &cert_options
   client_cert_lifespan: 2
   client_cert_bit_size: 2024
   client_cert_hash: "SHA256"
-  free_certs_enabled: true
-  free_cert_prefix: "FREE"
+  allow_limited_certs: false
+  allow_unlimited_certs: true
+  allow_anonymous_certs: false
+  limited_cert_prefix: "LIMITED"
+  unlimited_cert_prefix: "UNLIMITED"
 
 development:
   <<: *dev_ca
-- 
cgit v1.2.3