Commit e88a183a authored by Stuart John Watson's avatar Stuart John Watson

First commit

parents
require_relative "SimplePlugin"
class SimplePlugin < Plugin
class << self
attr_accessor :gets
attr_accessor :posts
end
@gets = nil
@posts = nil
def startup
safeApiBase = "/" + self.class.name[0].downcase + self.class.name[1..-1]
if self.class.posts.nil?
postMethodNames = []
else
postMethodNames = self.class.posts
end
if self.class.gets.nil?
getMethodNames = self.class.public_instance_methods(false)
else
getMethodNames = self.class.get
end
getMethodNames -= postMethodNames
getEndpoints = getMethodNames.collect {|x| safeApiBase +"/"+x.to_s }
postEndpoints = postMethodNames.collect {|x| safeApiBase +"/"+x.to_s }
getMethods = getMethodNames.collect {|x| method(x)}
@getMapping = Hash[getEndpoints.zip(getMethods)]
postMethods = postMethodNames.collect {|x| method(x)}
@postMapping = Hash[postEndpoints.zip(postMethods)]
config = {
:status => "success",
:endpoints => {
:get => getEndpoints,
:post => postEndpoints
}
}
return JSON.generate(extraStartup(config))
end
private def extraStartup(config)
return config
end
def request(endpoint,getData)
if @getMapping.key? endpoint
method = @getMapping[endpoint]
else
method = @postMapping[endpoint]
end
parameters = method.parameters
getData = JSON.parse(getData)
poped = []
parameters.each do |type,name|
if getData.key? name.to_s
poped << getData[name.to_s]
else
if type == :req
return {:success => false,:error => "Missing paramater: "+name.to_s}
end
end
end
return method.call(*poped)
end
end
require "net-ldap"
require "digest"
class TokenAuth < SimplePlugin
@posts = [
:authenticate
]
private def extraStartup(config)
@ldap = Net::LDAP.new
@ldap.host = "silver.sucs.swan.ac.uk"
@ldap.port = 389
@storedInfo = {}
@authedTokens = {}
@sign_token_timeout = 60*5
@auth_token_timeout = 60*60*24
return config
end
def auth_login_page(token)
if @storedInfo.has_key?(token)
file = File.open("./plugins/TokenAuth/auth_login_page.html", "r")
data = file.read
file.close
return data.sub! '{{token}}',token
else
return "Bad Token"
end
end
def request_token(customer_id,callback)
token = Digest::MD5.hexdigest(rand.to_s)
secret = Digest::MD5.hexdigest(rand.to_s)
@storedInfo[token] = {
:customerId => customer_id,
:expires => Time.new + @sign_token_timeout,
:callback => callback,
:authed => 0
}
return {:token=>token}
end
def authenticate(token,username,password)
puts token
if not @storedInfo.has_key?(token)
return {:success => false,:error => "Bad token"}
elsif @storedInfo[token][:authed] != 0
return {:success => false,:error => "token already used"}
elsif @storedInfo[token][:expires] < Time.new
@storedInfo.delete(token)
return {:success => false,:error => "token has expired"}
#Ok everything looks good
else
if true or @ldap.bind(
:method => :simple,
:username => "uid="+username+",ou=People,dc=sucs,dc=org",
:password => password
)
@storedInfo[token][:expires] = Time.new + @sign_token_timeout
@storedInfo[token][:authed] = 1
@storedInfo[token][:user] = username
puts
puts '<meta http-equiv="refresh" content="0; url='+@storedInfo[token][:callback]+'?token='+token+'"/>'
return '<meta http-equiv="refresh" content="0; url='+@storedInfo[token][:callback]+'?token='+token+'"/>'
#return {:success => true,:redirect => "",:token => token }
else
#(It stopped looking good)
@storedInfo.delete(token)
return {:success => false,:error => "Bad login"}
end
end
end
def access_token(token)
puts @storedInfo
if not @storedInfo.has_key?(token)
return {:success => false,:error => "Bad token"}
elsif @storedInfo[token][:expires] < Time.new
@storedInfo.delete(token)
return {:success => false,:error => "token has expired"}
else
#We are good to go, generate this boy a auth token for requests!
begin
authToken = Digest::MD5.hexdigest(rand.to_s)
end while @authedTokens.has_key?(authToken)
@authedTokens[authToken] = {
:user => @storedInfo[token][:user],
:customerId => @storedInfo[token][:customerId],
:expires => Time.new + @auth_token_timeout
}
@storedInfo.delete(token)
return {
:success => true, :authToken=>authToken
}
end
end
def auth_token_good(authToken)
if @authedTokens.has_key?(authToken)
return {:success => true,:user => @authedTokens[authToken][:user]}
else
return {:success => false, :error=>"Bad Auth token"}
end
end
end
<html>
<head>
<style>
html{
width:100%
}
body{
width:450px;
font-family: RobotoDraft,Roboto,Helvetica Neue,Helvetica,Arial,sans-serif;
font-weight: 300;
font-size: 14px;
line-height: 1.42857143;
margin:3em auto;
color: #444;
}
.login{
border: #DDD 1px solid;
border-radius:2px;
padding:1em
}
input[type=text],input[type=password] {
width: 100%;
height: 34px;
padding: 6px 12px;
font-size: 14px;
line-height: 1.42857143;
color: #555;
border: 0;
border-bottom: 1px solid #757575;
margin: 0;
box-sizing: border-box;
}
button{
background-color: #0f9d58;
color: rgba(255,255,255,.84);
padding: 8px 30px;
border: 0;
margin: 10px 1px;
cursor: pointer;
border-radius: 2px;
text-transform: uppercase;
text-decoration: none;
transition: box-shadow .28s cubic-bezier(.4,0,.2,1);
outline: none!important;
border-color: #4cae4c;
display: inline-block;
font-size: 14px;
font-weight: 400;
line-height: 1.42857143;
text-align: center;
white-space: nowrap;
vertical-align: middle;
touch-action: manipulation;
-webkit-user-select: none;
}
button:hover{
box-shadow: 0 6px 10px rgba(0,0,0,.23),0 10px 30px rgba(0,0,0,.19);
}
</style>
</head>
<body>
<form class="login" action="/TokenAuth/authenticate.html" method="POST">
<input type="text" name="username" placeholder="SUCS username">
<input type="password" name="password" placeholder="Password">
<input type="text" name="token" value="{{token}}" hidden="hidden"/>
<button type="submit">Login</button>
</div>
</body>
</html>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment