tasks/password.rake @@ -4,6 +4,7 @@ == ruote-rest - 0.9.21 not yet released +- todo #25167 : rake password:generate - todo #25799 : post /expressions/:wfid/:expid linked to engine.reapply(exp) - todo #25858 : reply page for things like "process x got cancelled" - todo #25710 : made workitem [payload] editable at error replay time CHANGELOG.txt @@ -1,6 +1,12 @@ + + +** Note : most of this documentation got integrated into README.txt + Thanks to Gonzalo and Nando for all their work ! ** + + This is a draft for a new authentication model in ruote-rest. -authors: Gonzalo<gonzalo@abstra.cc> +authors: Gonzalo <gonzalo@abstra.cc> "Nando Sola"<nando@abstra.cc> Our main goal was to avoid storing passwords in plain text (conf/authentication.yaml) README.newauth @@ -47,6 +47,22 @@ To prepare the dev database with the admin 'toto' rake mysql:setup dbadmin=toto ) +The last step of the database preparation is loading the authentication settings : + + rake mysql:populate + +These settings may be modified by editing tasks/fixtures/host.yml and/or tasks/fixtures/users.yml + +To generate a password for a user : + + rake password:generate smd5 my_very_secret_password + +or + + rake password:generate ssha my_very_secret_password + +The resulting string (something like "{SMD5}HKBKsOPQ1PleLG3KOlmHTWtoNW9HVGxC") can be inserted in the fixture or in the 'password' column database for the given user. + == starting it README.txt @@ -2,31 +2,23 @@ # Copyright (c) 2009, Gonzalo Suarez, Nando Sola and John Mettraux. # All rights reserved. # -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: # -# . Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. # -# . Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# . Neither the name of the "OpenWFE" nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. # # Made in Spain. #++ lib/models/auth.rb @@ -2,7 +2,7 @@ user_01: id: 1 login: admin name: The Admin - password: "{SMD5}+52vrCz6JG9/AaZ7zIohgWVSVkQ4NUN3" + password: "{SSHA}VSxRjpEGUJEhc1/xxAGTZ8at9p9ZMkdNMnFrTg==" email: admin@example.com created_at: 2009-01-28 10:40:19 updated_at: 2009-01-28 10:40:19 @@ -11,7 +11,7 @@ user_02: id: 2 login: alice name: Alice Foonderbar - password: "{SSHA}nWUg7XIW6HXSSOdg9X99LB7YUpZqZnZtdDFyTQ==" + password: "{SMD5}/hgD1KbpZ7x/+XyFe4JVRWJKdVpVWXlp" email: alice@example.com created_at: 2009-01-28 10:40:19 updated_at: 2009-01-28 10:40:19 @@ -20,7 +20,7 @@ user_03: id: 3 login: bob name: Bob Morane - password: "{SMD5}8smFhHMcMQkLXJAMqeDAIjhGTFp4dk55" + password: "{SMD5}8J3E5qre9kfzgS3cCYJvK3A5QVZ6T3VQ" email: bob@example.com created_at: 2009-01-28 10:40:19 updated_at: 2009-01-28 10:40:19 @@ -29,7 +29,7 @@ user_04: id: 4 login: charly name: Charly - password: "{SSHA}ub8LX3pn6nvHBw5e1r8ZcEZqQmtlTndXRXo0YQ==" + password: "{SMD5}HKBKsOPQ1PleLG3KOlmHTWtoNW9HVGxC" email: charly@example.com created_at: 2009-01-28 10:40:19 updated_at: 2009-01-28 10:40:19 tasks/fixtures/users.yml @@ -75,6 +75,12 @@ namespace :mysql do Fixtures.create_fixtures( 'tasks/fixtures', File.basename(fixture_file, '.*')) end + + $: << File.dirname(__FILE__) + '/../lib' + require 'models/auth.rb' + + puts "loaded #{RuoteRest::Host.find(:all).size} hosts" + puts "loaded #{RuoteRest::User.find(:all).size} users" end def determine_stage tasks/mysql.rake @@ -86,7 +86,7 @@ class FtAuthTest < Test::Unit::TestCase def test_basicauth_in_alice - env = { 'HTTP_AUTHORIZATION' => basic('alice', 'secret') } + env = { 'HTTP_AUTHORIZATION' => basic('alice', 'alice') } res = RuoteRest::RackBasicAuth.new(@ab, :realm => 'test-realm').call(env) @@ -98,7 +98,7 @@ class FtAuthTest < Test::Unit::TestCase # Bob uses a different hash algo than Alice - env = { 'HTTP_AUTHORIZATION' => basic('bob', 'secret') } + env = { 'HTTP_AUTHORIZATION' => basic('bob', 'bob') } res = RuoteRest::RackBasicAuth.new(@ab, :realm => 'test-realm').call(env) @@ -139,7 +139,7 @@ class FtAuthTest < Test::Unit::TestCase env = { 'REMOTE_ADDR' => '192.168.168.128', - 'HTTP_AUTHORIZATION' => basic('bob', 'secret') } + 'HTTP_AUTHORIZATION' => basic('bob', 'bob') } res = build_classic_auth_chain.call(env) test/ft_auth.rb 0e9d2b243aca49fa23b57b158998198a80f8ba7f John Mettraux jmettraux@gmail.com http://github.com/jmettraux/ruote-rest/commit/c7ea3063907c59adcd77d8ae9abae1c58b5d9aeb c7ea3063907c59adcd77d8ae9abae1c58b5d9aeb 2009-05-17T18:56:04-07:00 2009-05-17T18:56:04-07:00 todo #25167 : rake password:generate 6534e41791063c4af90c1a2ccaad87427837628d John Mettraux jmettraux@gmail.com