Class: ChefServerSlice::OpenidServer

Inherits:
Application
  • Object
show all
Includes:
Merb::ChefServerSlice::OpenidServerHelper, OpenID::Server
Defined in:
app/controllers/openid_server.rb

Overview

end

Instance Method Summary collapse

Methods included from Merb::ChefServerSlice::OpenidServerHelper

#url_for_user

Methods inherited from Application

#absolute_slice_url, #access_denied, #authorized_node, #escape_node_id, #expand_cookbook_deps, #fix_up_node_id, #get_available_recipes, #load_all_files, #load_cookbook_segment, #login_required, #redirect_back_or_default, #segment_files, #specific_cookbooks, #store_location

Instance Method Details

#decisionObject 



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
 
# File 'app/controllers/openid_server.rb', line 141

def decision
  oidreq = session[:last_oidreq]
  session[:last_oidreq] = nil

  if params.has_key?(:cancel)
    Chef::Log.info("Cancelling OpenID Authentication")
    return(redirect(oidreq.cancel_url))
  else      
    identity = oidreq.identity
    identity =~ /node\/(.+)$/
    openid_node = Chef::OpenIDRegistration.load($1)
    unless openid_node.validated
      raise Unauthorized, "This nodes registration has not been validated"
    end
    if openid_node.password == encrypt_password(openid_node.salt, params[:password])     
      if session[:approvals] and !session[:approvals].include?(oidreq.trust_root)
        session[:approvals] << oidreq.trust_root 
      else
        session[:approvals] = [oidreq.trust_root]
      end
      oidresp = oidreq.answer(true, nil, identity)
      return self.render_response(oidresp)
    else
      raise Unauthorized, "Invalid credentials"
    end
  end
end

#idp_xrdsObject 



133
134
135
136
137
138
139
 
# File 'app/controllers/openid_server.rb', line 133

def idp_xrds
  types = [
           OpenID::OPENID_IDP_2_0_TYPE,
          ]

  render_xrds(types)
end

#indexObject 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/controllers/openid_server.rb', line 45

def index
      
  oidreq = server.decode_request(params.reject{|k,v| k == "controller" || k == "action"})
  
  # no openid.mode was given
  unless oidreq
    return "This is the Chef OpenID server endpoint."
  end

  oidresp = nil

  if oidreq.kind_of?(CheckIDRequest)
    identity = oidreq.identity

    if oidresp
      nil
    elsif self.is_authorized(identity, oidreq.trust_root)
      oidresp = oidreq.answer(true, nil, identity)
    elsif oidreq.immediate
      server_url = slice_url :openid_server
      oidresp = oidreq.answer(false, server_url)
    else
      if content_type == :json
        session[:last_oidreq] = oidreq
        response = { :action => slice_url(:openid_server_decision) }
        return response.to_json
      else
        return show_decision_page(oidreq)
      end
    end
  else
    oidresp = server.handle_request(oidreq)
  end

  self.render_response(oidresp)
end

#node_pageObject 



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'app/controllers/openid_server.rb', line 93

def node_page
  unless Chef::OpenIDRegistration.has_key?(params[:id])
    raise NotFound, "Cannot find registration for #{params[:id]}"
  end
  
  # Yadis content-negotiation: we want to return the xrds if asked for.
  accept = request.env['HTTP_ACCEPT']

  # This is not technically correct, and should eventually be updated
  # to do real Accept header parsing and logic.  Though I expect it will work
  # 99% of the time.
  if accept and accept.include?('application/xrds+xml')
    return node_xrds
  end

  # content negotiation failed, so just render the user page
  xrds_url = absolute_slice_url(:openid_node_xrds, :id => params[:id])
  identity_page = <<EOS
<html><head>
<meta http-equiv="X-XRDS-Location" content="#{xrds_url}" />
<link rel="openid.server" href="#{absolute_slice_url(:openid_node, :id => params[:id])}" />
</head><body><p>OpenID identity page for registration #{params[:id]}</p>
</body></html>
EOS

  # Also add the Yadis location header, so that they don't have
  # to parse the html unless absolutely necessary.
  @headers['X-XRDS-Location'] = xrds_url
  render identity_page
end

#node_xrdsObject 



124
125
126
127
128
129
130
131
 
# File 'app/controllers/openid_server.rb', line 124

def node_xrds
  types = [
           OpenID::OPENID_2_0_TYPE,
           OpenID::OPENID_1_0_TYPE
          ]

  render_xrds(types)
end

#show_decision_page(oidreq, message = "Do you trust this site with your identity?") ⇒ Object 



82
83
84
85
86
87
88
89
90
91
 
# File 'app/controllers/openid_server.rb', line 82

def show_decision_page(oidreq, message="Do you trust this site with your identity?")
  session[:last_oidreq] = oidreq
  @oidreq = oidreq

  if message
    session[:notice] = message
  end

  render :template => 'openid_server/decide'
end