Class: NOMS::Command::Auth
- Defined in:
- lib/noms/command/auth.rb,
lib/noms/command/auth/identity.rb
Defined Under Namespace
Classes: Identity
Instance Method Summary collapse
-
#initialize(opts = {}) ⇒ Auth
constructor
A new instance of Auth.
-
#load(url, response) ⇒ Object
TODO: Persistent auth creds Store like a client certificate: encrypted.
- #read_identity_from(file) ⇒ Object
- #retrieve(identity_id) ⇒ Object
- #saved(identity_id) ⇒ Object
Methods inherited from Base
Constructor Details
#initialize(opts = {}) ⇒ Auth
Returns a new instance of Auth.
24 25 26 27 28 29 30 31 32 33 |
# File 'lib/noms/command/auth.rb', line 24 def initialize(opts={}) @log = opts[:logger] || default_logger @loaded = { } (opts[:specified_identities] || []).each do |file| maybe_id = read_identity_from file raise NOMS::Command::Error.now "#{file} contains invalid identity (no 'id')" unless maybe_id['id'] @loaded[maybe_id['id']] = maybe_id end end |
Instance Method Details
#load(url, response) ⇒ Object
TODO: Persistent auth creds Store like a client certificate: encrypted. Then use an agent to store by using <agent>-add and typing passphrase just like a client cert. <agent> expires credentials. also you can explicitly unencrypt identity file
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/noms/command/auth.rb', line 65 def load(url, response) # Prompt auth_header = response.header['www-authenticate'] auth_header = (auth_header.respond_to?(:first) ? auth_header.first : auth_header) case auth_header when /Basic/ if m = /realm=\"([^\"]*)\"/.match(auth_header) realm = m[1] else realm = '' end domain = [url.scheme, '://', url.host, ':', url.port, '/'].join('') identity_id = CGI.escape(realm) + '=' + domain if saved(identity_id) retrieve(identity_id) else if $stdin.tty? default_user = Etc.getlogin prompt = "#{domain} (#{realm}) username: " user = ask(prompt) { |u| u.default = Etc.getlogin } pass = ask('Password: ') { |p| p.echo = false } NOMS::Command::Auth::Identity.new(self, { 'id' => identity_id, 'realm' => realm, 'domain' => domain, 'username' => user, 'password' => pass }) else @log.warn "Can't prompt for #{domain} (#{realm}) authentication (not a terminal)" NOMS::Command::Auth::Identity.new({ 'id' => identity_id, 'realm' => realm, 'domain' => domain, 'username' => '', 'password' => '' }) end end else raise NOMS::Command::Error.new "Authentication not supported: #{auth_header.inspect}" end end |
#read_identity_from(file) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/noms/command/auth.rb', line 35 def read_identity_from(file) @log.debug "Reading identity file #{file}" begin # TODO: Encryption and passphrases raise NOMS::Command::Error.new "Identity file #{file} does not exist" unless File.exist? file s = File.stat file raise NOMS::Command::Error.new "You don't own identity file #{file}" unless s.owned? raise NOMS::Command::Error.new "Permissions on #{file} are too permissive" unless (s.mode & 077 == 0) contents = File.read file case contents[0].chr when '{' NOMS::Command::Auth::Identity.new(self, JSON.parse(contents)) else raise NOMS::Command::Error.new "#{file} contains unsupported or corrupted data" end rescue StandardError => e if e.is_a? NOMS::Command::Error raise e else raise NOMS::Command::Error.new "Couldn't load identity from #{file} (#{e.class}): #{e.message}" end end end |
#retrieve(identity_id) ⇒ Object
113 114 115 |
# File 'lib/noms/command/auth.rb', line 113 def retrieve(identity_id) @loaded[identity_id] end |
#saved(identity_id) ⇒ Object
109 110 111 |
# File 'lib/noms/command/auth.rb', line 109 def saved(identity_id) @loaded.has_key? identity_id end |