diff options
author | John Keiser <jkeiser@opscode.com> | 2014-07-16 20:00:27 -0700 |
---|---|---|
committer | John Keiser <jkeiser@opscode.com> | 2014-07-23 19:21:23 -0600 |
commit | 1e8315cf54a39f78c5b7afeff83f2cc0c1d4721b (patch) | |
tree | f391c17cc98f4e33c84ffb7fb325856171f0009b /lib | |
parent | bdcfae41acd00e515e1fc2cb996a07034a61ab4c (diff) | |
download | chef-zero-1e8315cf54a39f78c5b7afeff83f2cc0c1d4721b.tar.gz |
Add authenticatation endpoints
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef_zero/endpoints/authenticate_user_endpoint.rb | 16 | ||||
-rw-r--r-- | lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb | 26 | ||||
-rw-r--r-- | lib/chef_zero/endpoints/system_recovery_endpoint.rb | 26 | ||||
-rw-r--r-- | lib/chef_zero/server.rb | 19 |
4 files changed, 72 insertions, 15 deletions
diff --git a/lib/chef_zero/endpoints/authenticate_user_endpoint.rb b/lib/chef_zero/endpoints/authenticate_user_endpoint.rb index f2c26a0..454485e 100644 --- a/lib/chef_zero/endpoints/authenticate_user_endpoint.rb +++ b/lib/chef_zero/endpoints/authenticate_user_endpoint.rb @@ -10,14 +10,18 @@ module ChefZero name = request_json['name'] password = request_json['password'] begin - user = data_store.get(request.rest_path[0..1] + ['users', name]) - verified = JSON.parse(user, :create_additions => false)['password'] == password - rescue DataStore::DataNotFoundError - verified = false + user = data_store.get(request.rest_path[0..-2] + ['users', name]) + rescue ChefZero::DataStore::DataNotFoundError + raise RestErrorResponse.new(401, "Bad username or password") + end + user = JSON.parse(user, :create_additions => false) + user = DataNormalizer.normalize_user(user, name) + if user['password'] != password + raise RestErrorResponse.new(401, "Bad username or password") end json_response(200, { - 'name' => name, - 'verified' => !!verified + 'status' => 'linked', + 'user' => user }) end end diff --git a/lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb b/lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb new file mode 100644 index 0000000..ea3edae --- /dev/null +++ b/lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb @@ -0,0 +1,26 @@ +require 'json' +require 'chef_zero/rest_base' + +module ChefZero + module Endpoints + # /organizations/NAME/authenticate_user + class OrganizationAuthenticateUserEndpoint < RestBase + def post(request) + request_json = JSON.parse(request.body, :create_additions => false) + name = request_json['name'] + password = request_json['password'] + begin + user = data_store.get(request.rest_path[0..-2] + ['users', name]) + user = JSON.parse(user, :create_additions => false) + verified = user['password'] == password + rescue DataStore::DataNotFoundError + verified = false + end + json_response(200, { + 'name' => name, + 'verified' => !!verified + }) + end + end + end +end diff --git a/lib/chef_zero/endpoints/system_recovery_endpoint.rb b/lib/chef_zero/endpoints/system_recovery_endpoint.rb new file mode 100644 index 0000000..9989eef --- /dev/null +++ b/lib/chef_zero/endpoints/system_recovery_endpoint.rb @@ -0,0 +1,26 @@ +require 'json' +require 'chef_zero/rest_base' + +module ChefZero + module Endpoints + # /system_recovery + class SystemRecoveryEndpoint < RestBase + def post(request) + request_json = JSON.parse(request.body, :create_additions => false) + name = request_json['username'] + password = request_json['password'] + user = get_data(request, request.rest_path[0..-2] + ['users', name]) + user = JSON.parse(user, :create_additions => false) + user = DataNormalizer.normalize_user(user, name) + if !user['recovery_authentication_enabled'] + raise RestErrorResponse.new(403, "Only users with recovery_authentication_enabled=true may use /system_recovery to log in") + end + if user['password'] != password + raise RestErrorResponse.new(401, "Incorrect password") + end + + json_response(200, user) + end + end + end +end diff --git a/lib/chef_zero/server.rb b/lib/chef_zero/server.rb index 25add0e..c3447f8 100644 --- a/lib/chef_zero/server.rb +++ b/lib/chef_zero/server.rb @@ -59,11 +59,12 @@ require 'chef_zero/endpoints/environment_role_endpoint' require 'chef_zero/endpoints/node_endpoint' require 'chef_zero/endpoints/organizations_endpoint' require 'chef_zero/endpoints/organization_endpoint' +require 'chef_zero/endpoints/organization_association_requests_endpoint' +require 'chef_zero/endpoints/organization_association_request_endpoint' +require 'chef_zero/endpoints/organization_authenticate_user_endpoint' require 'chef_zero/endpoints/organization_users_endpoint' require 'chef_zero/endpoints/organization_user_endpoint' require 'chef_zero/endpoints/organization_validator_key_endpoint' -require 'chef_zero/endpoints/organization_association_requests_endpoint' -require 'chef_zero/endpoints/organization_association_request_endpoint' require 'chef_zero/endpoints/principal_endpoint' require 'chef_zero/endpoints/role_endpoint' require 'chef_zero/endpoints/role_environments_endpoint' @@ -71,6 +72,7 @@ require 'chef_zero/endpoints/sandboxes_endpoint' require 'chef_zero/endpoints/sandbox_endpoint' require 'chef_zero/endpoints/searches_endpoint' require 'chef_zero/endpoints/search_endpoint' +require 'chef_zero/endpoints/system_recovery_endpoint' require 'chef_zero/endpoints/user_association_requests_endpoint' require 'chef_zero/endpoints/user_association_requests_count_endpoint' require 'chef_zero/endpoints/user_association_request_endpoint' @@ -407,7 +409,8 @@ module ChefZero # OSC-only [ [ "/organizations/*/users", ActorsEndpoint.new(self) ], - [ "/organizations/*/users/*", ActorEndpoint.new(self) ] + [ "/organizations/*/users/*", ActorEndpoint.new(self) ], + [ "/organizations/*/authenticate_user", OrganizationAuthenticateUserEndpoint.new(self) ], ] else # EC-only @@ -421,10 +424,9 @@ module ChefZero [ "/users/*/association_requests", UserAssociationRequestsEndpoint.new(self) ], [ "/users/*/association_requests/count", UserAssociationRequestsCountEndpoint.new(self) ], [ "/users/*/association_requests/*", UserAssociationRequestEndpoint.new(self) ], - [ "/users/*/organizations", UserOrganizationsEndpoint.new(self) ] - # [ "/verify_password", VerifyPasswordEndpoint.new(self) ], - # [ "/authenticate_user", AuthenticateUserEndpoint.new(self) ], - # [ "/system_recovery", SystemRecoveryEndpoint.new(self) ], + [ "/users/*/organizations", UserOrganizationsEndpoint.new(self) ], + [ "/authenticate_user", AuthenticateUserEndpoint.new(self) ], + [ "/system_recovery", SystemRecoveryEndpoint.new(self) ] ] end result + @@ -445,7 +447,6 @@ module ChefZero [ "/organizations/*/organization/_acl/*", AclEndpoint.new(self) ], [ "/organizations/*/*/*/_acl/*", AclEndpoint.new(self) ], - [ "/organizations/*/authenticate_user", AuthenticateUserEndpoint.new(self) ], [ "/organizations/*/clients", ActorsEndpoint.new(self) ], [ "/organizations/*/clients/*", ActorEndpoint.new(self) ], [ "/organizations/*/cookbooks", CookbooksEndpoint.new(self) ], @@ -475,7 +476,7 @@ module ChefZero [ "/organizations/*/search/*", SearchEndpoint.new(self) ], # Internal - [ "/organizations/*/file_store/**", FileStoreFileEndpoint.new(self) ], + [ "/organizations/*/file_store/**", FileStoreFileEndpoint.new(self) ] ] end |