Class: ICFS::Web::AuthSsl

Inherits:
Object
  • Object
show all
Defined in:
lib/icfs/web/auth_ssl.rb

Overview

Authtication using SSL client certificates - Rack Middleware

Instance Method Summary collapse

Constructor Details

#initialize(app, map, api) ⇒ AuthSsl

New instance

Parameters:

  • app (Object)

    The rack app

  • map (Object)

    Maps DN to user name

  • api (ICFS::Api)

    the Api



30
31
32
33
34
 
# File 'lib/icfs/web/auth_ssl.rb', line 30

def initialize(app, map, api)
  @app = app
  @map = map
  @api = api
end

Instance Method Details

#call(env) ⇒ Object

Handle requests

Expects SSL_CLIENT_VERIFY to be set to SUCCESS and SSL_CLIENT_S_DN to contain the client subject DN



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/icfs/web/auth_ssl.rb', line 43

def call(env)

  # check if verified
  unless env['SSL_CLIENT_VERIFY'] == 'SUCCESS'
    return [
      400,
      {'Content-Type' => 'text/plain'},
      ['Client certificate required.']
    ]
  end

  # lookup
  user = @map[env['SSL_CLIENT_S_DN']]
  if user.nil?
    return [
      400,
      {'Content-Type' => 'text/plain'},
      ['%s: No User' % env['SSL_CLIENT_S_DN']]
    ]
  end

  # pass to app
  begin
    @api.user = user
  rescue Error::NotFound, Error::Value => err
    return [
      400,
      {'Content-Type' => 'text/plain'},
      ['%s: %s' % [err.message, env['SSL_CLIENT_S_DN']]]
    ]
  end
  env['icfs'] = @api
  return @app.call(env)
end