Skip to content

Commit

Permalink
First draft of Shibboleth auth
Browse files Browse the repository at this point in the history
  • Loading branch information
siefkenj committed May 16, 2021
1 parent 8ec6441 commit 1e3ac8a
Showing 1 changed file with 22 additions and 12 deletions.
34 changes: 22 additions & 12 deletions backend/app/services/active_user_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,41 @@ def self.active_user(request)

# If we're configured to use Apache's Basic Auth, use that. The alternative is Shibboleth (not yet implemented)
if Rails.application.config.allow_basic_auth &&
ActionController::HttpAuthentication::Basic
.has_basic_credentials?(request)
ActionController::HttpAuthentication::Basic
.has_basic_credentials?(request)
credentials =
ActionController::HttpAuthentication::Basic.decode_credentials(
request
)
request
)
utorid, _password = credentials.split(':')
user = User.find_by(utorid: utorid)

user = User.find_by(utorid: utorid) || User.new(utorid: utorid)
return User.new(utorid: utorid, roles: user.computed_roles)
end

if (Rails.application.config.respond_to? :active_user_override) &&
Rails.application.config.active_user_override
user = User.find_by(id: Rails.application.config.active_user_id)
return User.new(utorid: user.utorid, roles: user.computed_roles) if user

Rails.application.config.active_user_override
# If we're here, the database doesn't have the specified active user,
# so create a fake one with all the permissions. We *do not* save this
# user to the database.
return User.new(utorid: 'defaultactive', roles: %w[admin instructor ta])
user =
User.find_by(id: Rails.application.config.active_user_id) ||
User.new(
utorid: 'defaultactive', roles: %w[admin instructor ta]
)
return User.new(utorid: user.utorid, roles: user.computed_roles)
end

# If we made it here, we should be using Shibboleth authentication.
# According to TAPP-CP (tapp v1), this means the 'HTTP_X_FORWARDED_USER' env var
# should be set to the utorid.
if request.env['HTTP_X_FORWARDED_USER']
utorid = request.env['HTTP_X_FORWARDED_USER']
user = User.find_by(utorid: utorid) || User.new(utorid: utorid)
return User.new(utorid: utorid, roles: user.computed_roles)
end

# rubocop:disable Style/RaiseArgs
raise NotImplementedError.new 'active_user Route is not implemented yet for production mode'
raise NotImplementedError.new 'active_user Route is not implemented for this authentication type'
# rubocop:enable Style/RaiseArgs
end
end

0 comments on commit 1e3ac8a

Please sign in to comment.