Revision fceb1f89
Added by Petr Chalupa almost 12 years ago
- ID fceb1f895c20019ad71863d23316a446c216845e
Gemfile | ||
---|---|---|
gem 'rabl'
|
||
# Previous versions collide with Environment model
|
||
gem "ruby_parser", ">= 2.3.1"
|
||
gem 'oauth'
|
||
|
||
Dir["#{File.dirname(__FILE__)}/bundler.d/*.rb"].each do |bundle|
|
||
# puts "adding custom gem file #{bundle}"
|
app/controllers/api/base_controller.rb | ||
---|---|---|
end
|
||
|
||
def process_success(response = nil)
|
||
response ||= get_resource
|
||
respond_with response
|
||
response ||= get_resource
|
||
respond_with response
|
||
end
|
||
|
||
def process_response(condition, response = nil)
|
||
... | ... | |
end
|
||
end
|
||
|
||
# Authorize the user for the requested action
|
||
def authorize(ctrl = params[:controller], action = params[:action])
|
||
|
||
if SETTINGS[:login]
|
||
unless User.current
|
||
user_login = nil
|
||
result = authenticate_with_http_basic do |u, p|
|
||
user_login = u
|
||
User.try_to_login(u, p)
|
||
end
|
||
if result
|
||
User.current = result
|
||
else
|
||
render_error 'unauthorized', :status => :unauthorized, :locals => { :user_login => user_login }
|
||
return false
|
||
end
|
||
end
|
||
else
|
||
# We assume we always have a user logged in, if authentication is disabled, the user is the build-in admin account.
|
||
User.current = User.find_by_login("admin")
|
||
def authorize
|
||
auth = Api::Authorization.new self
|
||
|
||
unless auth.authenticate
|
||
render_error('unauthorized', :status => :unauthorized, :locals => { :user_login => auth.user_login })
|
||
return false
|
||
end
|
||
|
||
unless auth.authorize
|
||
deny_access
|
||
return false
|
||
end
|
||
|
||
User.current.allowed_to?(:controller => ctrl.gsub(/::/, "_").underscore, :action => action) or deny_access
|
||
return true
|
||
end
|
||
|
||
def deny_access(details = nil)
|
||
... | ... | |
# store params[:id] under correct predicable key
|
||
def set_resource_params
|
||
if (id_or_name = params.delete(:id))
|
||
suffix = (id_or_name.is_a?(Fixnum) || id_or_name =~ /^\d+$/) ? 'id' : 'name'
|
||
suffix = (id_or_name.is_a?(Fixnum) || id_or_name =~ /^\d+$/) ? 'id' : 'name'
|
||
params[:"#{resource_name}_#{suffix}"] = id_or_name
|
||
end
|
||
end
|
app/controllers/api/v1/architectures_controller.rb | ||
---|---|---|
process_response @architecture.update_attributes(params[:architecture])
|
||
end
|
||
|
||
api :DELETE, "/architecturess/:id/", "Delete an architecture."
|
||
api :DELETE, "/architectures/:id/", "Delete an architecture."
|
||
def destroy
|
||
process_response @architecture.destroy
|
||
end
|
lib/api/authorization.rb | ||
---|---|---|
require 'oauth/client/action_controller_request'
|
||
|
||
module Api
|
||
class Authorization
|
||
attr_reader :controller, :user_login
|
||
|
||
def initialize(controller)
|
||
@controller = controller
|
||
end
|
||
|
||
def authenticate
|
||
unless SETTINGS[:login]
|
||
# We assume we always have a user logged in,
|
||
# if authentication is disabled, the user is the build-in admin account.
|
||
User.current = User.find_by_login("admin")
|
||
else
|
||
authorization_method = if oauth?
|
||
:oauth
|
||
else
|
||
:http_basic
|
||
end
|
||
User.current ||= send(authorization_method) || (return false)
|
||
end
|
||
|
||
return true
|
||
end
|
||
|
||
def authorize
|
||
User.current.allowed_to?(
|
||
:controller => controller.params[:controller].gsub(/::/, "_").underscore,
|
||
:action => controller.params[:action])
|
||
end
|
||
|
||
def http_basic
|
||
controller.authenticate_with_http_basic do |u, p|
|
||
@user_login = u
|
||
User.try_to_login(u, p)
|
||
end
|
||
end
|
||
|
||
def oauth?
|
||
!!(controller.request.authorization =~ /^OAuth/)
|
||
end
|
||
|
||
def oauth
|
||
unless Setting['oauth_active'] &&
|
||
(OAuth::RequestProxy.proxy(controller.request).oauth_consumer_key == Setting['oauth_consumer_key'])
|
||
return nil
|
||
end
|
||
|
||
if OAuth::Signature.verify(controller.request, :consumer_secret => Setting['oauth_consumer_secret'])
|
||
# TODO find user by header
|
||
return User.find_by_login("admin")
|
||
else
|
||
return nil
|
||
end
|
||
end
|
||
end
|
||
end
|
lib/foreman/default_settings/loader.rb | ||
---|---|---|
set('use_uuid_for_certificates', "Should Foreman use random UUID's for certificate signing instead of hostnames", false),
|
||
set('update_environment_from_facts', "Should Foreman update a host's environment from its facts", false)
|
||
].compact.each { |s| create s.update(:category => "Puppet")}
|
||
|
||
[ set('oauth_active', "Should foreman use OAuth for authorization in API", false),
|
||
set('oauth_consumer_key', "OAuth consumer key", 'katello'),
|
||
set('oauth_consumer_secret', "OAuth consumer secret", 'shhhh')
|
||
].compact.each { |s| create s.update(:category => "Auth")}
|
||
end
|
||
true
|
||
end
|
Also available in: Unified diff
fixes #1576 - api v1 - oauth support