Revert "CHEF-363: Make the chef-server check oid authz"

This reverts commit ff40019. Conflicts: chef-server-slice/app/controllers/application.rb
ehaselwanter · Jun 26, 2009 · db58451 · db58451
1 parent 9746550
commit db58451
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 39 deletions.
diff --git a/chef-server-slice/app/controllers/application.rb b/chef-server-slice/app/controllers/application.rb
@@ -62,47 +62,8 @@ def escape_node_id(arg=nil)
     arg.gsub(/\./, '_')
   end
 
-  def authorized_openid
-    oid = session[:openid]
-    Chef::Log.debug("Checking for #{oid} for OpenID authorization.")
-    raise(Unauthorized, "Sorry, #{oid} is not an authorized OpenID.") unless is_authorized_openid_identifier?(oid, Chef::Config[:authorized_openid_identifiers])
-    raise(Unauthorized, "Sorry, #{oid} is not an authorized OpenID Provider.") unless is_authorized_openid_provider?(oid, Chef::Config[:authorized_openid_providers])
-  end
-
-
-  #
-  # both is_authorized_openid_provider and _identifier perform case insensitive regexes.
-  #
-
-  def is_authorized_openid_provider?(openid, authorized_providers)
-    if authorized_providers and openid
-      Chef::Log.debug("checking for valid openid provider: openid: #{openid}, authorized providers: #{authorized_providers.join(", ")}")
-      if authorized_providers.length > 0
-        authorized_providers.detect { |p| Chef::Log.debug("openid: #{openid} (#{openid.class}), provider: #{p} (#{p.class})"); openid =~ /#{p}/i }
-      else
-        true
-      end
-    else
-      true
-    end
-  end
-
-  def is_authorized_openid_identifier?(openid, authorized_identifiers)
-    if authorized_identifiers and openid
-      Chef::Log.debug("checking for valid openid identifier: openid: #{openid}, authorized openids: #{authorized_identifiers.join(", ")}")
-      if authorized_identifiers.length > 0 
-        authorized_identifiers.detect { |p| Chef::Log.debug("openid: #{openid} (#{openid.class}), identifier: #{p} (#{p.class})"); openid =~ /#{p}/i } 
-      else
-        true
-      end
-    else
-      true
-    end
-  end
-
   def login_required
     if session[:openid]
-      authorized_openid
       return session[:openid]
     else  
       self.store_location

diff --git a/chef-server-slice/app/controllers/openid_consumer.rb b/chef-server-slice/app/controllers/openid_consumer.rb
@@ -95,6 +95,31 @@ def logout
   end
 
   private
+  def is_authorized_openid_provider?(openid, authorized_providers)
+    Chef::Log.debug("checking for valid openid provider: openid: #{openid}, authorized providers: #{authorized_providers}")
+    if authorized_providers and openid
+      if authorized_providers.length > 0
+        authorized_providers.detect { |p| Chef::Log.debug("openid: #{openid} (#{openid.class}), p: #{p} (#{p.class})"); openid.match(p) }
+      else
+        true
+      end
+    else
+      true
+    end
+  end
+
+  def is_authorized_openid_identifier?(openid, authorized_identifiers)
+    Chef::Log.debug("checking for valid openid identifier: openid: #{openid}, authorized openids: #{authorized_identifiers}")
+    if authorized_identifiers and openid
+      if authorized_identifiers.length > 0 
+        authorized_identifiers.detect { |p| Chef::Log.debug("openid: #{openid} (#{openid.class}), p: #{p} (#{p.class})"); openid == p } 
+      else
+        true
+      end
+    else
+      true
+    end
+  end
 
   def consumer
     @consumer ||= OpenID::Consumer.new(session,