Add authenticatation endpoints

author: John Keiser <jkeiser@opscode.com> 2014-07-16 20:00:27 -0700
committer: John Keiser <jkeiser@opscode.com> 2014-07-23 19:21:23 -0600
commit: 1e8315cf54a39f78c5b7afeff83f2cc0c1d4721b (patch)
tree: f391c17cc98f4e33c84ffb7fb325856171f0009b /lib
parent: bdcfae41acd00e515e1fc2cb996a07034a61ab4c (diff)
download: chef-zero-1e8315cf54a39f78c5b7afeff83f2cc0c1d4721b.tar.gz
4 files changed, 72 insertions, 15 deletions
diff --git a/lib/chef_zero/endpoints/authenticate_user_endpoint.rb b/lib/chef_zero/endpoints/authenticate_user_endpoint.rb
index f2c26a0..454485e 100644
--- a/lib/chef_zero/endpoints/authenticate_user_endpoint.rb
+++ b/lib/chef_zero/endpoints/authenticate_user_endpoint.rb
@@ -10,14 +10,18 @@ module ChefZero
         name = request_json['name']
         password = request_json['password']
         begin
-          user = data_store.get(request.rest_path[0..1] + ['users', name])
-          verified = JSON.parse(user, :create_additions => false)['password'] == password
-        rescue DataStore::DataNotFoundError
-          verified = false
+          user = data_store.get(request.rest_path[0..-2] + ['users', name])
+        rescue ChefZero::DataStore::DataNotFoundError
+          raise RestErrorResponse.new(401, "Bad username or password")
+        end
+        user = JSON.parse(user, :create_additions => false)
+        user = DataNormalizer.normalize_user(user, name)
+        if user['password'] != password
+          raise RestErrorResponse.new(401, "Bad username or password")
         end
         json_response(200, {
-          'name' => name,
-          'verified' => !!verified
+          'status' => 'linked',
+          'user' => user
         })
       end
     end
diff --git a/lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb b/lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb
new file mode 100644
index 0000000..ea3edae
--- /dev/null
+++ b/lib/chef_zero/endpoints/organization_authenticate_user_endpoint.rb
@@ -0,0 +1,26 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /organizations/NAME/authenticate_user
+    class OrganizationAuthenticateUserEndpoint < RestBase
+      def post(request)
+        request_json = JSON.parse(request.body, :create_additions => false)
+        name = request_json['name']
+        password = request_json['password']
+        begin
+          user = data_store.get(request.rest_path[0..-2] + ['users', name])
+          user = JSON.parse(user, :create_additions => false)
+          verified = user['password'] == password
+        rescue DataStore::DataNotFoundError
+          verified = false
+        end
+        json_response(200, {
+          'name' => name,
+          'verified' => !!verified
+        })
+      end
+    end
+  end
+end
diff --git a/lib/chef_zero/endpoints/system_recovery_endpoint.rb b/lib/chef_zero/endpoints/system_recovery_endpoint.rb
new file mode 100644
index 0000000..9989eef
--- /dev/null
+++ b/lib/chef_zero/endpoints/system_recovery_endpoint.rb
@@ -0,0 +1,26 @@
+require 'json'
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # /system_recovery
+    class SystemRecoveryEndpoint < RestBase
+      def post(request)
+        request_json = JSON.parse(request.body, :create_additions => false)
+        name = request_json['username']
+        password = request_json['password']
+        user = get_data(request, request.rest_path[0..-2] + ['users', name])
+        user = JSON.parse(user, :create_additions => false)
+        user = DataNormalizer.normalize_user(user, name)
+        if !user['recovery_authentication_enabled']
+          raise RestErrorResponse.new(403, "Only users with recovery_authentication_enabled=true may use /system_recovery to log in")
+        end
+        if user['password'] != password
+          raise RestErrorResponse.new(401, "Incorrect password")
+        end
+
+        json_response(200, user)
+      end
+    end
+  end
+end
diff --git a/lib/chef_zero/server.rb b/lib/chef_zero/server.rb
index 25add0e..c3447f8 100644
--- a/lib/chef_zero/server.rb
+++ b/lib/chef_zero/server.rb
@@ -59,11 +59,12 @@ require 'chef_zero/endpoints/environment_role_endpoint'
 require 'chef_zero/endpoints/node_endpoint'
 require 'chef_zero/endpoints/organizations_endpoint'
 require 'chef_zero/endpoints/organization_endpoint'
+require 'chef_zero/endpoints/organization_association_requests_endpoint'
+require 'chef_zero/endpoints/organization_association_request_endpoint'
+require 'chef_zero/endpoints/organization_authenticate_user_endpoint'
 require 'chef_zero/endpoints/organization_users_endpoint'
 require 'chef_zero/endpoints/organization_user_endpoint'
 require 'chef_zero/endpoints/organization_validator_key_endpoint'
-require 'chef_zero/endpoints/organization_association_requests_endpoint'
-require 'chef_zero/endpoints/organization_association_request_endpoint'
 require 'chef_zero/endpoints/principal_endpoint'
 require 'chef_zero/endpoints/role_endpoint'
 require 'chef_zero/endpoints/role_environments_endpoint'
@@ -71,6 +72,7 @@ require 'chef_zero/endpoints/sandboxes_endpoint'
 require 'chef_zero/endpoints/sandbox_endpoint'
 require 'chef_zero/endpoints/searches_endpoint'
 require 'chef_zero/endpoints/search_endpoint'
+require 'chef_zero/endpoints/system_recovery_endpoint'
 require 'chef_zero/endpoints/user_association_requests_endpoint'
 require 'chef_zero/endpoints/user_association_requests_count_endpoint'
 require 'chef_zero/endpoints/user_association_request_endpoint'
@@ -407,7 +409,8 @@ module ChefZero
         # OSC-only
         [
           [ "/organizations/*/users", ActorsEndpoint.new(self) ],
-          [ "/organizations/*/users/*", ActorEndpoint.new(self) ]
+          [ "/organizations/*/users/*", ActorEndpoint.new(self) ],
+          [ "/organizations/*/authenticate_user", OrganizationAuthenticateUserEndpoint.new(self) ],
         ]
       else
         # EC-only
@@ -421,10 +424,9 @@ module ChefZero
           [ "/users/*/association_requests", UserAssociationRequestsEndpoint.new(self) ],
           [ "/users/*/association_requests/count", UserAssociationRequestsCountEndpoint.new(self) ],
           [ "/users/*/association_requests/*", UserAssociationRequestEndpoint.new(self) ],
-          [ "/users/*/organizations", UserOrganizationsEndpoint.new(self) ]
-      #   [ "/verify_password", VerifyPasswordEndpoint.new(self) ],
-      #   [ "/authenticate_user", AuthenticateUserEndpoint.new(self) ],
-      #   [ "/system_recovery", SystemRecoveryEndpoint.new(self) ],
+          [ "/users/*/organizations", UserOrganizationsEndpoint.new(self) ],
+          [ "/authenticate_user", AuthenticateUserEndpoint.new(self) ],
+          [ "/system_recovery", SystemRecoveryEndpoint.new(self) ]
         ]
       end
       result +
@@ -445,7 +447,6 @@ module ChefZero
         [ "/organizations/*/organization/_acl/*", AclEndpoint.new(self) ],
         [ "/organizations/*/*/*/_acl/*", AclEndpoint.new(self) ],
 
-        [ "/organizations/*/authenticate_user", AuthenticateUserEndpoint.new(self) ],
         [ "/organizations/*/clients", ActorsEndpoint.new(self) ],
         [ "/organizations/*/clients/*", ActorEndpoint.new(self) ],
         [ "/organizations/*/cookbooks", CookbooksEndpoint.new(self) ],
@@ -475,7 +476,7 @@ module ChefZero
         [ "/organizations/*/search/*", SearchEndpoint.new(self) ],
 
         # Internal
-        [ "/organizations/*/file_store/**", FileStoreFileEndpoint.new(self) ],
+        [ "/organizations/*/file_store/**", FileStoreFileEndpoint.new(self) ]
       ]
     end
author	John Keiser <jkeiser@opscode.com>	2014-07-16 20:00:27 -0700
committer	John Keiser <jkeiser@opscode.com>	2014-07-23 19:21:23 -0600
commit	1e8315cf54a39f78c5b7afeff83f2cc0c1d4721b (patch)
tree	f391c17cc98f4e33c84ffb7fb325856171f0009b /lib
parent	bdcfae41acd00e515e1fc2cb996a07034a61ab4c (diff)
download	chef-zero-1e8315cf54a39f78c5b7afeff83f2cc0c1d4721b.tar.gz