Overhaul of authentication.

* Added new configuration options: ** bytemark_calendar_url ** bytemark_auth_url ** remote_https_verify_mode ** remote_http_timeout ** failed_login_delay * Added authentication tests * Removed remote auth tests in from the web interface tests. * If no bytemark_auth_url is set, then no remote auth takes place. * SSL peer cert validation now takes place by default. * Removed old logic tests * Tidied the way tests take place a little.
author: Patrick J Cherry <patrick@bytemark.co.uk> 2012-04-21 13:37:12 +0100
committer: Patrick J Cherry <patrick@bytemark.co.uk> 2012-04-21 13:37:12 +0100
commit: 84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 (patch)
tree: 403433b040d2b51b5d40c56b10a530e7fcf2aef4 /lib/mauve/server.rb
parent: 392a87cfa181a762bf4b3244aa3c6d065ef15253 (diff)
1 files changed, 94 insertions, 4 deletions
diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb
index db5fda6..2b0e101 100644
--- a/lib/mauve/server.rb
+++ b/lib/mauve/server.rb
@@ -27,6 +27,7 @@ module Mauve
 
     attr_reader   :hostname, :database, :initial_sleep
     attr_reader   :packet_buffer, :notification_buffer, :started_at
+    attr_reader   :bytemark_auth_url, :bytemark_calendar_url, :remote_http_timeout, :remote_https_verify_mode, :failed_login_delay
 
     include Singleton
 
@@ -49,6 +50,23 @@ module Mauve
       @notification_buffer = []
 
       #
+      # Set the auth/calendar URLs
+      #
+      @bytemark_auth_url     = nil
+      @bytemark_calendar_url = nil
+
+      #
+      # Set a couple of params for remote HTTP requests.
+      #
+      @remote_http_timeout = 5
+      @remote_https_verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+      #
+      # Rate limit login attempts to limit the success of brute-forcing.
+      #
+      @failed_login_delay = 1
+
+      #
       # Set up a blank config.
       #
       Configuration.current = Configuration.new if Mauve::Configuration.current.nil?
@@ -70,14 +88,12 @@ module Mauve
       @database = d
     end
 
-    #
     # Sets up the packet buffer (or not).  The argument can be "false" or "no"
     # or a FalseClass object for no.  Anything else makes no change.
     #
     # @param [String] arg
     # @return [Array or nil]
     def use_packet_buffer=(arg)
-      logger.debug(arg)
       if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i
         @packet_buffer = nil
       end
@@ -85,14 +101,12 @@ module Mauve
       @packet_buffer
     end
  
-    #
     # Sets up the notification buffer (or not).  The argument can be "false" or
     # "no" or a FalseClass object for no.  Anything else makes no change.
     #
     # @param [String] arg
     # @return [Array or nil]
     def use_notification_buffer=(arg)
-      logger.debug(arg)
       if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i
         @notification_buffer = nil
       end
@@ -100,6 +114,82 @@ module Mauve
       @notification_buffer
     end
 
+    # Set the calendar URL.
+    #
+    # @param [String] arg 
+    # @return [URI]
+    def bytemark_calendar_url=(arg)
+      raise ArgumentError, "bytemark_calendar_url must be a string" unless arg.is_a?(String)
+
+      @bytemark_calendar_url = URI.parse(arg)
+
+      #
+      # Make sure we get an HTTP URL.
+      #
+      raise ArgumentError, "bytemark_calendar_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_calendar_url.scheme)
+
+      #
+      # Set a default request path, if none was given
+      #
+      @bytemark_calendar_url.path="/" if @bytemark_calendar_url.path.empty?
+
+      @bytemark_calendar_url
+    end
+
+    # Set the Bytemark Authentication URL
+    #
+    # @param [String] arg 
+    # @return [URI]
+    def bytemark_auth_url=(arg)
+      raise ArgumentError, "bytemark_auth_url must be a string" unless arg.is_a?(String)
+
+      @bytemark_auth_url = URI.parse(arg)
+      #
+      # Make sure we get an HTTP URL.
+      #
+      raise ArgumentError, "bytemark_auth_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_auth_url.scheme)
+
+      #
+      # Set a default request path, if none was given
+      #
+      @bytemark_auth_url.path="/" if @bytemark_auth_url.path.empty?
+
+      @bytemark_auth_url 
+    end
+
+    # Sets the timeout when making remote HTTP requests
+    #
+    # @param [Integer] arg
+    # @return [Integer]
+    def remote_http_timeout=(arg)
+      raise ArgumentError, "initial_sleep must be an integer" unless s.is_a?(Integer)
+      @remote_http_timeout = arg
+    end
+
+    # Sets the SSL verification mode when makeing remote HTTPS requests
+    #
+    # @param [String] arg must be one of "none" or "peer"
+    # @return [Constant]
+    def remote_https_verify_mode=(arg)
+      @remote_https_verify_mode = case arg
+      when "peer" 
+        OpenSSL::SSL::VERIFY_PEER
+      when "none" 
+        OpenSSL::SSL::VERIFY_NONE
+      else
+        raise ArgumentError, "remote_https_verify_mode must be either 'peer' or 'none'"
+      end
+    end
+
+    # Set the delay added following a failed login attempt.
+    #
+    # @param [Numeric] arg Number of seconds to delay following a failed login attempt
+    # @return [Numeric]
+    #
+    def failed_login_delay=(arg)
+      raise ArgumentError, "initial_sleep must be numeric" unless arg.is_a?(Numeric)
+      @failed_login_delay = arg
+    end
 
     # Set the sleep period during which notifications about old alerts are
     # suppressed.
author	Patrick J Cherry <patrick@bytemark.co.uk>	2012-04-21 13:37:12 +0100
committer	Patrick J Cherry <patrick@bytemark.co.uk>	2012-04-21 13:37:12 +0100
commit	84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 (patch)
tree	403433b040d2b51b5d40c56b10a530e7fcf2aef4 /lib/mauve/server.rb
parent	392a87cfa181a762bf4b3244aa3c6d065ef15253 (diff)