From 96db2d58443e2fc2dbed143539363db4955a7a81 Mon Sep 17 00:00:00 2001
From: Daniel Molina <danmolin@fdi.ucm.es>
Date: Tue, 20 Sep 2011 18:27:36 +0200
Subject: [PATCH] feature #795: Adapt Sunstone to the new Cloud Auth system

---
 src/sunstone/etc/sunstone-server.conf |  5 +++
 src/sunstone/models/SunstoneServer.rb | 33 +---------------
 src/sunstone/sunstone-server.rb       | 54 +++++++++++++++------------
 3 files changed, 37 insertions(+), 55 deletions(-)

diff --git a/src/sunstone/etc/sunstone-server.conf b/src/sunstone/etc/sunstone-server.conf
index 37ff230bdc..87e53d4047 100644
--- a/src/sunstone/etc/sunstone-server.conf
+++ b/src/sunstone/etc/sunstone-server.conf
@@ -1,7 +1,12 @@
+# OpenNebula sever contact information
+ONE_XMLRPC=http://localhost:2633/RPC2
+
 # Server Configuration
 HOST=127.0.0.1
 PORT=9869
 
+AUTH=basic
+
 # VNC Configuration
 VNC_PROXY_BASE_PORT=29876
 NOVNC_PATH=
diff --git a/src/sunstone/models/SunstoneServer.rb b/src/sunstone/models/SunstoneServer.rb
index fc09d4632f..02283816a4 100644
--- a/src/sunstone/models/SunstoneServer.rb
+++ b/src/sunstone/models/SunstoneServer.rb
@@ -23,37 +23,8 @@ class SunstoneServer
     # FLAG that will filter the elements retrieved from the Pools
     POOL_FILTER = Pool::INFO_GROUP
 
-    def initialize(username, password)
-        # TBD one_client_user(name) from CloudServer
-        @client = Client.new("dummy:dummy")
-        @client.one_auth = "#{username}:#{password}"
-    end
-
-    ############################################################################
-    #
-    ############################################################################
-    def self.authorize(user="", sha1_pass="")
-        if user.empty? || sha1_pass.empty?
-            return [401, false]
-        end
-
-        # TBD get_user_password(name) from CloudServer
-        user_pool = UserPool.new(Client.new)
-        rc = user_pool.info
-        if OpenNebula.is_error?(rc)
-            return [500, false]
-        end
-
-        user_pass   =  user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
-        user_id     =  user_pool["USER[NAME=\"#{user}\"]/ID"]
-        user_gid    =  user_pool["USER[NAME=\"#{user}\"]/GID"]
-        user_gname  =  user_pool["USER[NAME=\"#{user}\"]/GNAME"]
-
-        if user_pass == sha1_pass
-            return [204, [user_id, user_gid, user_gname]]
-        else
-            return [401, nil]
-        end
+    def initialize(token, xmlrpc)
+        @client = Client.new(token, xmlrpc, false)
     end
 
     ############################################################################
diff --git a/src/sunstone/sunstone-server.rb b/src/sunstone/sunstone-server.rb
index d348cf41f1..c4935e8b61 100755
--- a/src/sunstone/sunstone-server.rb
+++ b/src/sunstone/sunstone-server.rb
@@ -36,6 +36,7 @@ end
 SUNSTONE_ROOT_DIR = File.dirname(__FILE__)
 
 $: << RUBY_LIB_LOCATION
+$: << RUBY_LIB_LOCATION+'/cloud'
 $: << SUNSTONE_ROOT_DIR+'/models'
 
 ##############################################################################
@@ -45,7 +46,7 @@ require 'rubygems'
 require 'sinatra'
 require 'erb'
 
-require 'cloud/Configuration'
+require 'Configuration'
 require 'SunstoneServer'
 require 'SunstonePlugins'
 
@@ -67,32 +68,35 @@ helpers do
     end
 
     def build_session
-        auth = Rack::Auth::Basic::Request.new(request.env)
-        if auth.provided? && auth.basic? && auth.credentials
-            user = auth.credentials[0]
-            sha1_pass = Digest::SHA1.hexdigest(auth.credentials[1])
+        cloud_auth = CloudAuth.new(settings.config)
 
-            rc = SunstoneServer.authorize(user, sha1_pass)
-            if rc[1]
-                session[:user]          = user
-                session[:user_id]       = rc[1][0]
-                session[:user_gid]      = rc[1][1]
-                session[:user_gname]    = rc[1][2]
-                session[:password]      = sha1_pass
-                session[:ip]            = request.ip
-                session[:remember]      = params[:remember]
+        result = cloud_auth.auth(request.env, params)
+        if result
+            return [401, ""]
+        else
+            user_id = OpenNebula::User::SELF
+            user    = OpenNebula::User.new_with_id(user_id, cloud_auth.client)
 
-                if params[:remember]
-                    env['rack.session.options'][:expire_after] = 30*60*60*24
-                end
-
-                return [204, ""]
-            else
-                return [rc.first, ""]
+            rc = user.info
+            if OpenNebula.is_error?(rc)
+                # Add a log message
+                return [500, ""]
             end
-        end
+            
+            session[:user]       = user['NAME']
+            session[:user_id]    = user['ID']
+            session[:user_gid]   = user['GID']
+            session[:user_gname] = user['GNAME']
+            session[:token]      = cloud_auth.token
+            session[:ip]         = request.ip
+            session[:remember]   = params[:remember]
 
-        return [401, ""]
+            if params[:remember]
+                env['rack.session.options'][:expire_after] = 30*60*60*24
+            end
+
+            return [204, ""]
+        end
     end
 
     def destroy_session
@@ -105,7 +109,9 @@ before do
     unless request.path=='/login' || request.path=='/'
         halt 401 unless authorized?
 
-        @SunstoneServer = SunstoneServer.new(session[:user], session[:password])
+        @SunstoneServer = SunstoneServer.new(
+                                session[:token],
+                                settings.config[:one_xmlrpc])
     end
 end