Overhaul of authentication.

* Added new configuration options: ** bytemark_calendar_url ** bytemark_auth_url ** remote_https_verify_mode ** remote_http_timeout ** failed_login_delay * Added authentication tests * Removed remote auth tests in from the web interface tests. * If no bytemark_auth_url is set, then no remote auth takes place. * SSL peer cert validation now takes place by default. * Removed old logic tests * Tidied the way tests take place a little.
author: Patrick J Cherry <patrick@bytemark.co.uk> 2012-04-21 13:37:12 +0100
committer: Patrick J Cherry <patrick@bytemark.co.uk> 2012-04-21 13:37:12 +0100
commit: 84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 (patch)
tree: 403433b040d2b51b5d40c56b10a530e7fcf2aef4 /lib/mauve/authentication.rb
parent: 392a87cfa181a762bf4b3244aa3c6d065ef15253 (diff)
1 files changed, 26 insertions, 45 deletions
diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb
index 0fc6823..c467a1d 100644
--- a/lib/mauve/authentication.rb
+++ b/lib/mauve/authentication.rb
@@ -1,7 +1,6 @@
 # encoding: UTF-8
 require 'sha1'
 require 'xmlrpc/client'
-require 'timeout'
 
 #
 # This allows poking of the SSL attributes of the http client.
@@ -28,8 +27,6 @@ module Mauve
       raise ArgumentError.new("Password must be a string, not a #{password.class}") if String != password.class
       raise ArgumentError.new("Login or/and password is/are empty.") if login.empty? || password.empty?
 
-      return false unless Mauve::Configuration.current.people.has_key?(login)
-
       false
     end
 
@@ -73,7 +70,7 @@ module Mauve
       unless true == result
         logger.info "Authentication for #{login} failed"
         # Rate limit
-        sleep 5
+        sleep Server.instance.failed_login_delay
       end
 
       result
@@ -88,45 +85,6 @@ module Mauve
 
     Mauve::Authentication::ORDER << self
 
-    # Set up the Bytemark authenticator
-    #
-    # @todo allow configuration of where the server is.
-    #
-    # @param [String] srv Authentication server name
-    # @param [String] port Port overwhich authentication should take place
-    #
-    # @return [Mauve::AuthBytemark]
-    #
-    def initialize (srv='auth.bytemark.co.uk', port=443)
-      raise ArgumentError.new("Server must be a String, not a #{srv.class}") if String != srv.class
-      raise ArgumentError.new("Port must be a Fixnum, not a #{port.class}") if Fixnum != port.class
-      @srv = srv
-      @port = port
-      @timeout = 7
-
-      self
-    end
-
-    # Tests to see if a server is alive, alive-o.
-    #
-    # @deprecated Not really needed.
-    #
-    # @return [Boolean]
-    def ping
-      begin
-        Timeout.timeout(@timeout) do
-          s = TCPSocket.open(@srv, @port)
-          s.close()
-          return true
-        end
-      rescue Timeout::Error => ex
-        return false
-      rescue => ex 
-        return false
-      end
-      return false
-    end
-
     # Authenticate against the Bytemark server
     #
     # @param [String] login
@@ -136,14 +94,27 @@ module Mauve
     def authenticate(login, password)
       super
 
-      client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout)
+      #
+      # Don't bother checking if no auth_url has been set.
+      #
+      return false unless Server.instance.bytemark_auth_url.is_a?(URI)
+
+      #
+      # Don't bother checking if the person doesn't exist.
+      #
+      return false unless Mauve::Configuration.current.people.has_key?(login)
+
+      uri     = Server.instance.bytemark_auth_url
+      timeout = Server.instance.remote_http_timeout
+      # host=nil, path=nil, port=nil, proxy_host=nil, proxy_port=nil, user=nil, password=nil, use_ssl=nil, timeout=nil)
+      client  = XMLRPC::Client.new(uri.host, uri.path, uri.port, nil, nil, uri.user, uri.password, uri.scheme == "https", timeout)
 
       #
       # Make sure we verify our peer before attempting login.
       #
       if client.http.use_ssl?
         client.http.ca_path     = "/etc/ssl/certs/"
-        client.http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        client.http.verify_mode = Server.instance.remote_https_verify_mode
       end
 
       begin
@@ -179,6 +150,16 @@ module Mauve
     # @return [Boolean]
     def authenticate(login,password)
       super
+      #
+      # Don't bother checking if the person doesn't exist.
+      #
+      return false unless Mauve::Configuration.current.people.has_key?(login)
+
+      #
+      # Don't bother checking if no password has been set.
+      #
+      return false if Mauve::Configuration.current.people[login].password.nil?
+
       if ( Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password )
         return true
       else
author	Patrick J Cherry <patrick@bytemark.co.uk>	2012-04-21 13:37:12 +0100
committer	Patrick J Cherry <patrick@bytemark.co.uk>	2012-04-21 13:37:12 +0100
commit	84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 (patch)
tree	403433b040d2b51b5d40c56b10a530e7fcf2aef4 /lib/mauve/authentication.rb
parent	392a87cfa181a762bf4b3244aa3c6d065ef15253 (diff)