Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #31 from afh/pull/credentials_plugin
Add credentials plugin
- Loading branch information
Showing
7 changed files
with
128 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,75 @@ | |||
module Soca | |||
module Plugins | |||
class Credentials < Soca::Plugin | |||
|
|||
name 'credentials' | |||
|
|||
# Credentials plugin | |||
# This plugin is run after the couchapprc is loaded, | |||
# it checks the db field in every environment, | |||
# searches for strings ending with '_CREDENTIALS' in the URI userinfo field, | |||
# passes the URI host to a method handling the requested credentials, | |||
# and replaces the userinfo with the username and password from the credentials method. | |||
# | |||
# When adding a new credentials method, please make sure the platform | |||
# specific requirements are met (e.g. external tools or gems) | |||
# and configure its platform availability in the credentials_supported? method | |||
|
|||
def after_load_couchapprc | |||
config['couchapprc']['env'].each do |env, cfg| | |||
next unless cfg['db'] =~ /^(https?:\/\/)([^@]+_CREDENTIALS)@(.*)$/i | |||
scheme = $1 | |||
userinfo = $2 | |||
host = $3 | |||
|
|||
unless credentials_supported?(userinfo) | |||
Soca.logger.error "#{userinfo} are not supported on the #{RUBY_PLATFORM} platform" | |||
puts 'skip' | |||
next | |||
end | |||
|
|||
(username, password) = send(userinfo.downcase, host) | |||
unless username and password | |||
Soca.logger.warn "#{userinfo} returned empty credentials for #{host}" | |||
else | |||
credentials = "#{username}:#{password}@" | |||
config['couchapprc']['env'][env]['db'] = "#{scheme}#{credentials}#{host}" | |||
Soca.logger.debug "Replacing #{userinfo} with #{credentials} in #{cfg['db']}" | |||
end | |||
end | |||
end | |||
|
|||
private | |||
def credentials_supported?(type) | |||
Soca.logger.debug "Checking support for #{type} on #{RUBY_PLATFORM}" | |||
available_credentials = { | |||
'darwin' => %w[keychain_credentials], | |||
#'linux' => %w[] | |||
} | |||
supported_credentials = available_credentials.map { |os, list| list if RUBY_PLATFORM =~ /#{os}/i } | |||
supported_credentials.flatten.compact.include?(type.downcase) | |||
end | |||
|
|||
# This methods retrieves the user credentials from the Mac OS X Keychain Services | |||
def keychain_credentials(host) | |||
begin | |||
require 'keychain' | |||
rescue LoadError | |||
warn "Please install the keychain_services gem, in order to retrieve user credentials from your keychain" | |||
return | |||
end | |||
|
|||
Soca.logger.debug "Searching for #{host} in keychain" | |||
item = Keychain.items.find { |item| item if item.label == host } | |||
unless item | |||
# strip url-path from host url and search again | |||
(host, db) = host.split('/', 2) | |||
Soca.logger.debug "Searching for #{host} in keychain" | |||
item = Keychain.items.find { |item| item if item.label == host } | |||
end | |||
[item.account, item.password] if item | |||
end | |||
|
|||
end | |||
end | |||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,40 @@ | |||
require 'helper' | |||
|
|||
class TestCredentialsPlugin < Test::Unit::TestCase | |||
def app_path(relative='') | |||
File.expand_path(@test_app_dir + '/' + relative) | |||
end | |||
|
|||
context 'credentials plugin' do | |||
setup do | |||
@pusher = Soca::Pusher.new(app_path) | |||
@plugin = Soca::Plugins::Credentials.new(@pusher) | |||
end | |||
|
|||
if RUBY_PLATFORM =~ /darwin/i | |||
require 'keychain' | |||
context 'given keychain credentials' do | |||
should 'check for platform availability' do | |||
@plugin.expects(:credentials_supported?). | |||
with('KEYCHAIN_CREDENTIALS'). | |||
returns(true) | |||
@plugin.after_load_couchapprc | |||
end | |||
|
|||
# Note this test requires you have | |||
# an application password item | |||
# in your keychain with the | |||
# name localhost:5894/testapp | |||
# username admin | |||
# password admin | |||
should 'return username and password for host from keychain' do | |||
@plugin.expects(:keychain_credentials). | |||
with('localhost:5984/testapp'). | |||
returns(%w[admin admin]) | |||
@plugin.after_load_couchapprc | |||
end | |||
end | |||
end | |||
|
|||
end | |||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters