Revision fceb1f89
Added by Petr Chalupa almost 12 years ago
- ID fceb1f895c20019ad71863d23316a446c216845e
| Gemfile | ||
|---|---|---|
|
gem 'rabl'
|
||
|
# Previous versions collide with Environment model
|
||
|
gem "ruby_parser", ">= 2.3.1"
|
||
|
gem 'oauth'
|
||
|
|
||
|
Dir["#{File.dirname(__FILE__)}/bundler.d/*.rb"].each do |bundle|
|
||
|
# puts "adding custom gem file #{bundle}"
|
||
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
end
|
||
|
|
||
|
def process_success(response = nil)
|
||
|
response ||= get_resource
|
||
|
respond_with response
|
||
|
response ||= get_resource
|
||
|
respond_with response
|
||
|
end
|
||
|
|
||
|
def process_response(condition, response = nil)
|
||
| ... | ... | |
|
end
|
||
|
end
|
||
|
|
||
|
# Authorize the user for the requested action
|
||
|
def authorize(ctrl = params[:controller], action = params[:action])
|
||
|
|
||
|
if SETTINGS[:login]
|
||
|
unless User.current
|
||
|
user_login = nil
|
||
|
result = authenticate_with_http_basic do |u, p|
|
||
|
user_login = u
|
||
|
User.try_to_login(u, p)
|
||
|
end
|
||
|
if result
|
||
|
User.current = result
|
||
|
else
|
||
|
render_error 'unauthorized', :status => :unauthorized, :locals => { :user_login => user_login }
|
||
|
return false
|
||
|
end
|
||
|
end
|
||
|
else
|
||
|
# We assume we always have a user logged in, if authentication is disabled, the user is the build-in admin account.
|
||
|
User.current = User.find_by_login("admin")
|
||
|
def authorize
|
||
|
auth = Api::Authorization.new self
|
||
|
|
||
|
unless auth.authenticate
|
||
|
render_error('unauthorized', :status => :unauthorized, :locals => { :user_login => auth.user_login })
|
||
|
return false
|
||
|
end
|
||
|
|
||
|
unless auth.authorize
|
||
|
deny_access
|
||
|
return false
|
||
|
end
|
||
|
|
||
|
User.current.allowed_to?(:controller => ctrl.gsub(/::/, "_").underscore, :action => action) or deny_access
|
||
|
return true
|
||
|
end
|
||
|
|
||
|
def deny_access(details = nil)
|
||
| ... | ... | |
|
# store params[:id] under correct predicable key
|
||
|
def set_resource_params
|
||
|
if (id_or_name = params.delete(:id))
|
||
|
suffix = (id_or_name.is_a?(Fixnum) || id_or_name =~ /^\d+$/) ? 'id' : 'name'
|
||
|
suffix = (id_or_name.is_a?(Fixnum) || id_or_name =~ /^\d+$/) ? 'id' : 'name'
|
||
|
params[:"#{resource_name}_#{suffix}"] = id_or_name
|
||
|
end
|
||
|
end
|
||
| app/controllers/api/v1/architectures_controller.rb | ||
|---|---|---|
|
process_response @architecture.update_attributes(params[:architecture])
|
||
|
end
|
||
|
|
||
|
api :DELETE, "/architecturess/:id/", "Delete an architecture."
|
||
|
api :DELETE, "/architectures/:id/", "Delete an architecture."
|
||
|
def destroy
|
||
|
process_response @architecture.destroy
|
||
|
end
|
||
| lib/api/authorization.rb | ||
|---|---|---|
|
require 'oauth/client/action_controller_request'
|
||
|
|
||
|
module Api
|
||
|
class Authorization
|
||
|
attr_reader :controller, :user_login
|
||
|
|
||
|
def initialize(controller)
|
||
|
@controller = controller
|
||
|
end
|
||
|
|
||
|
def authenticate
|
||
|
unless SETTINGS[:login]
|
||
|
# We assume we always have a user logged in,
|
||
|
# if authentication is disabled, the user is the build-in admin account.
|
||
|
User.current = User.find_by_login("admin")
|
||
|
else
|
||
|
authorization_method = if oauth?
|
||
|
:oauth
|
||
|
else
|
||
|
:http_basic
|
||
|
end
|
||
|
User.current ||= send(authorization_method) || (return false)
|
||
|
end
|
||
|
|
||
|
return true
|
||
|
end
|
||
|
|
||
|
def authorize
|
||
|
User.current.allowed_to?(
|
||
|
:controller => controller.params[:controller].gsub(/::/, "_").underscore,
|
||
|
:action => controller.params[:action])
|
||
|
end
|
||
|
|
||
|
def http_basic
|
||
|
controller.authenticate_with_http_basic do |u, p|
|
||
|
@user_login = u
|
||
|
User.try_to_login(u, p)
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def oauth?
|
||
|
!!(controller.request.authorization =~ /^OAuth/)
|
||
|
end
|
||
|
|
||
|
def oauth
|
||
|
unless Setting['oauth_active'] &&
|
||
|
(OAuth::RequestProxy.proxy(controller.request).oauth_consumer_key == Setting['oauth_consumer_key'])
|
||
|
return nil
|
||
|
end
|
||
|
|
||
|
if OAuth::Signature.verify(controller.request, :consumer_secret => Setting['oauth_consumer_secret'])
|
||
|
# TODO find user by header
|
||
|
return User.find_by_login("admin")
|
||
|
else
|
||
|
return nil
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| lib/foreman/default_settings/loader.rb | ||
|---|---|---|
|
set('use_uuid_for_certificates', "Should Foreman use random UUID's for certificate signing instead of hostnames", false),
|
||
|
set('update_environment_from_facts', "Should Foreman update a host's environment from its facts", false)
|
||
|
].compact.each { |s| create s.update(:category => "Puppet")}
|
||
|
|
||
|
[ set('oauth_active', "Should foreman use OAuth for authorization in API", false),
|
||
|
set('oauth_consumer_key', "OAuth consumer key", 'katello'),
|
||
|
set('oauth_consumer_secret', "OAuth consumer secret", 'shhhh')
|
||
|
].compact.each { |s| create s.update(:category => "Auth")}
|
||
|
end
|
||
|
true
|
||
|
end
|
||
Also available in: Unified diff
fixes #1576 - api v1 - oauth support