Skip to content

Commit

Permalink
Always set new admin token when checking login
Browse files Browse the repository at this point in the history
  • Loading branch information
@codez
codez committed Nov 7, 2022
1 parent f3ccb37 commit 5831a70
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 63 deletions.
4 changes: 4 additions & 0 deletions TODO.md
View file
@@ -1,5 +1,9 @@
# TODOs

* update to rails 7
* update to ruby 3
* fix github action

## Code

* create script to manually import partial broadcasts
Expand Down
70 changes: 29 additions & 41 deletions app/controllers/login_controller.rb
View file
Expand Up @@ -6,7 +6,8 @@ class LoginController < ApplicationController
operation :get do
key :description,
'Get the user object of the currently logged in user. ' \
'The user may be identified by an API token, an access code, a JWT token or over FreeIPA.'
'The user may be identified by an API token, an access code, ' \
'a JWT token or over the REMOTE_USER header.'
key :tags, [:user]

response_entity('User')
Expand All @@ -21,24 +22,11 @@ class LoginController < ApplicationController

operation :post do
key :description,
'Login with the FreeIPA username and password. ' \
'Login with the REMOTE_USER header. ' \
'Returns the user object including the api_token for further requests. ' \
'If the user has admin priviledges, a X-Auth-Token header with a JWT token ' \
'is returned to be used in the /admin section.'
key :tags, [:user]
key :consumes, ['application/x-www-form-urlencoded']

parameter name: :username,
in: :formData,
description: 'The username of the user to login.',
required: true,
type: :string

parameter name: :password,
in: :formData,
description: 'The password of the user to login.',
required: true,
type: :string

response_entity('User')
response 401 do
Expand All @@ -47,7 +35,7 @@ class LoginController < ApplicationController
end

operation :patch do
key :description, 'Regenerates the api key of the current FreeIPA user.'
key :description, 'Regenerates the api key of the user given in the REMOTE_USER header.'
key :tags, [:user]

response_entity('User')
Expand All @@ -57,41 +45,40 @@ class LoginController < ApplicationController
end
end

before_action :set_current_user_from_remote_header, only: [:create, :update]

def show
set_current_user
if current_user
render json: current_user, serializer: UserSerializer
else
render json: { errors: 'Not authenticated' },
status: :unauthorized
end
set_user_from_any_auth
render_current_user
end

# POST /login: Placeholder login action to act as FreeIPA endpoint.
def create
if current_user
headers['X-Auth-Token'] = Auth::Jwt.generate_token(current_user) if current_user.admin?
render json: current_user, serializer: UserSerializer
else
render json: { errors: request.headers['EXTERNAL_AUTH_ERROR'] || 'Not authenticated' },
status: :unauthorized
end
set_user_from_remote_header
render_current_user
end

def update
set_user_from_remote_header
current_user&.regenerate_api_key!
render_current_user
end

private

def render_current_user
if current_user
current_user.regenerate_api_key!
generate_admin_token if current_user.admin?
render json: current_user, serializer: UserSerializer
else
render json: { errors: 'Not authenticated' }, status: :unauthorized
render json: { errors: request.headers['EXTERNAL_AUTH_ERROR'] || 'Not authenticated' },
status: :unauthorized
end
end

private
def generate_admin_token
headers['X-Auth-Token'] = Auth::Jwt.generate_token(current_user)
end

def set_current_user_from_remote_header
def set_user_from_remote_header
@current_user =
if Rails.env.development?
User.find_by(username: params[:username])
Expand All @@ -100,11 +87,12 @@ def set_current_user_from_remote_header
end
end

def set_current_user
@current_user = Auth::ApiToken.new(request).fetch_user ||
Auth::AccessCode.new(request).fetch_user ||
Auth::Jwt.new(request).fetch_user ||
Auth::RemoteHeader.new(request).fetch_user
def set_user_from_any_auth
@current_user =
Auth::ApiToken.new(request).fetch_user ||
Auth::AccessCode.new(request).fetch_user ||
Auth::Jwt.new(request).fetch_user ||
Auth::RemoteHeader.new(request).fetch_user
end

end
25 changes: 3 additions & 22 deletions doc/swagger.json
View file
Expand Up @@ -584,7 +584,7 @@
},
"/login": {
"get": {
"description": "Get the user object of the currently logged in user. The user may be identified by an API token, an access code, a JWT token or over FreeIPA.",
"description": "Get the user object of the currently logged in user. The user may be identified by an API token, an access code, a JWT token or over the REMOTE_USER header.",
"tags": [
"user"
],
Expand Down Expand Up @@ -627,29 +627,10 @@
]
},
"post": {
"description": "Login with the FreeIPA username and password. Returns the user object including the api_token for further requests. If the user has admin priviledges, a X-Auth-Token header with a JWT token is returned to be used in the /admin section.",
"description": "Login with the REMOTE_USER header. Returns the user object including the api_token for further requests. If the user has admin priviledges, a X-Auth-Token header with a JWT token is returned to be used in the /admin section.",
"tags": [
"user"
],
"consumes": [
"application/x-www-form-urlencoded"
],
"parameters": [
{
"name": "username",
"in": "formData",
"description": "The username of the user to login.",
"required": true,
"type": "string"
},
{
"name": "password",
"in": "formData",
"description": "The password of the user to login.",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "successfull operation",
Expand All @@ -667,7 +648,7 @@
}
},
"patch": {
"description": "Regenerates the api key of the current FreeIPA user.",
"description": "Regenerates the api key of the user given in the REMOTE_USER header.",
"tags": [
"user"
],
Expand Down

0 comments on commit 5831a70

Please sign in to comment.