shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-02-21 13:57:56 +03:00
Code Releases Wiki Activity

M #-: treat Sunstone auth header exceptions (#2616)

Browse Source 
(cherry picked from commit b01536603d1627b57c7e0043516d4a0529e8fb7a)
This commit is contained in:
brodriguez-opennebula 2023-05-19 11:33:42 +02:00 committed by Tino Vázquez
parent 84eace6877
commit 9976d68487
No known key found for this signature in database
GPG Key ID: 14201E424D02047E
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/sunstone/sunstone-server.rb
View File

@ -564,25 +564,30 @@ helpers do
session[:federation_mode] = active_zone_configuration['FEDERATION/MODE'].upcase
session[:mode] = $conf[:mode]
if RUBY_VERSION > '2.0.0'
if request.env['HTTP_AUTHORIZATION']
auth = request.env['HTTP_AUTHORIZATION'].match(/(?<basic>\w+) (?<pass>(\w|\W)+)/)
session[:auth] = auth[:pass]
else
session[:auth] = Base64.encode64("#{user['NAME']}:#{user['PASSWORD']}")
end
begin
http_authorization_header = request.env['HTTP_AUTHORIZATION']
rescue StandardError => e
logger.error { 'Authorization header not received' }
else
auth = request.env['HTTP_AUTHORIZATION'].split(" ")
if auth[0] && auth[0].downcase === 'basic'
session[:auth] = auth[1]
else
logger.info { 'Unauthorized login attempt' }
return [401, '']
end
begin
if RUBY_VERSION > '2.0.0'
auth = http_authorization_header.match(/(?<basic>\w+) (?<pass>(\w|\W)+)/)
type, pass = auth[:basic], auth[:pass]
else
type, pass = http_authorization_header.split(' ')
end
rescue StandardError => e
logger.error { 'Invalid authorization header format' }
else
if type && type.downcase == 'basic'
session[:auth] = pass
else
logger.info { 'Unauthorized login attempt or invalid authorization header' }
return [401, '']
end
end
end
#get firedge JWT
session[:fireedge_token] = get_fireedge_token(two_factor_auth_token)