From 84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 Mon Sep 17 00:00:00 2001
From: Patrick J Cherry <patrick@bytemark.co.uk>
Date: Sat, 21 Apr 2012 13:37:12 +0100
Subject: Overhaul of authentication. * Added new configuration options:  **
 bytemark_calendar_url  ** bytemark_auth_url  ** remote_https_verify_mode  **
 remote_http_timeout  ** failed_login_delay * Added authentication tests *
 Removed remote auth tests in from the web interface tests. * If no
 bytemark_auth_url is set, then no remote auth takes place. * SSL peer cert
 validation now takes place by default. * Removed old logic tests * Tidied the
 way tests take place a little.

---
 lib/mauve/server.rb | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 94 insertions(+), 4 deletions(-)

(limited to 'lib/mauve/server.rb')

diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb
index db5fda6..2b0e101 100644
--- a/lib/mauve/server.rb
+++ b/lib/mauve/server.rb
@@ -27,6 +27,7 @@ module Mauve
 
     attr_reader   :hostname, :database, :initial_sleep
     attr_reader   :packet_buffer, :notification_buffer, :started_at
+    attr_reader   :bytemark_auth_url, :bytemark_calendar_url, :remote_http_timeout, :remote_https_verify_mode, :failed_login_delay
 
     include Singleton
 
@@ -48,6 +49,23 @@ module Mauve
       @packet_buffer       = []
       @notification_buffer = []
 
+      #
+      # Set the auth/calendar URLs
+      #
+      @bytemark_auth_url     = nil
+      @bytemark_calendar_url = nil
+
+      #
+      # Set a couple of params for remote HTTP requests.
+      #
+      @remote_http_timeout = 5
+      @remote_https_verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+      #
+      # Rate limit login attempts to limit the success of brute-forcing.
+      #
+      @failed_login_delay = 1
+
       #
       # Set up a blank config.
       #
@@ -70,14 +88,12 @@ module Mauve
       @database = d
     end
 
-    #
     # Sets up the packet buffer (or not).  The argument can be "false" or "no"
     # or a FalseClass object for no.  Anything else makes no change.
     #
     # @param [String] arg
     # @return [Array or nil]
     def use_packet_buffer=(arg)
-      logger.debug(arg)
       if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i
         @packet_buffer = nil
       end
@@ -85,14 +101,12 @@ module Mauve
       @packet_buffer
     end
  
-    #
     # Sets up the notification buffer (or not).  The argument can be "false" or
     # "no" or a FalseClass object for no.  Anything else makes no change.
     #
     # @param [String] arg
     # @return [Array or nil]
     def use_notification_buffer=(arg)
-      logger.debug(arg)
       if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i
         @notification_buffer = nil
       end
@@ -100,6 +114,82 @@ module Mauve
       @notification_buffer
     end
 
+    # Set the calendar URL.
+    #
+    # @param [String] arg 
+    # @return [URI]
+    def bytemark_calendar_url=(arg)
+      raise ArgumentError, "bytemark_calendar_url must be a string" unless arg.is_a?(String)
+
+      @bytemark_calendar_url = URI.parse(arg)
+
+      #
+      # Make sure we get an HTTP URL.
+      #
+      raise ArgumentError, "bytemark_calendar_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_calendar_url.scheme)
+
+      #
+      # Set a default request path, if none was given
+      #
+      @bytemark_calendar_url.path="/" if @bytemark_calendar_url.path.empty?
+
+      @bytemark_calendar_url
+    end
+
+    # Set the Bytemark Authentication URL
+    #
+    # @param [String] arg 
+    # @return [URI]
+    def bytemark_auth_url=(arg)
+      raise ArgumentError, "bytemark_auth_url must be a string" unless arg.is_a?(String)
+
+      @bytemark_auth_url = URI.parse(arg)
+      #
+      # Make sure we get an HTTP URL.
+      #
+      raise ArgumentError, "bytemark_auth_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_auth_url.scheme)
+
+      #
+      # Set a default request path, if none was given
+      #
+      @bytemark_auth_url.path="/" if @bytemark_auth_url.path.empty?
+
+      @bytemark_auth_url 
+    end
+
+    # Sets the timeout when making remote HTTP requests
+    #
+    # @param [Integer] arg
+    # @return [Integer]
+    def remote_http_timeout=(arg)
+      raise ArgumentError, "initial_sleep must be an integer" unless s.is_a?(Integer)
+      @remote_http_timeout = arg
+    end
+
+    # Sets the SSL verification mode when makeing remote HTTPS requests
+    #
+    # @param [String] arg must be one of "none" or "peer"
+    # @return [Constant]
+    def remote_https_verify_mode=(arg)
+      @remote_https_verify_mode = case arg
+      when "peer" 
+        OpenSSL::SSL::VERIFY_PEER
+      when "none" 
+        OpenSSL::SSL::VERIFY_NONE
+      else
+        raise ArgumentError, "remote_https_verify_mode must be either 'peer' or 'none'"
+      end
+    end
+
+    # Set the delay added following a failed login attempt.
+    #
+    # @param [Numeric] arg Number of seconds to delay following a failed login attempt
+    # @return [Numeric]
+    #
+    def failed_login_delay=(arg)
+      raise ArgumentError, "initial_sleep must be numeric" unless arg.is_a?(Numeric)
+      @failed_login_delay = arg
+    end
 
     # Set the sleep period during which notifications about old alerts are
     # suppressed.
-- 
cgit v1.2.1