Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(maint) Fix how scooter authenticates with pe console #92

Merged
merged 2 commits into from
Nov 30, 2016
Merged

(maint) Fix how scooter authenticates with pe console #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0884bbb
(maint) Fix how scooter authenticates with pe console
lucywyman Nov 29, 2016
86b55d1
Fix up for merge
lucywyman Nov 29, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 7 additions & 21 deletions lib/scooter/httpdispatchers/consoledispatcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ def acquire_ssl_components(host=self.host)
if !host.is_a?(Unix::Host)
raise 'Can only acquire SSL certs if the host is a Unix::Host'
end
acquire_ca_cert(host)
acquire_ca_cert(host)
end
end

Expand All @@ -93,28 +93,14 @@ def signin(login=self.credentials.login, password=self.credentials.password)
request.body = "username=#{login}&password=#{CGI.escape(password)}"
connection.port = 443
end
#return the response if the status code was not 200
return response if response.status != 200
# try to be helpful and acquire the xcsrf; catch any error that occurs
# in the acquire_xcsrf method
begin
acquire_xcsrf
rescue
# do nothing in the rescue
end
# This just had to be a string...*sigh*
header_array = response.headers['Set-Cookie'].split(';')
pl_ssti = header_array.select{|s| s =~ /pl_ssti/}
pl_ssti_value = pl_ssti[0].partition('pl_ssti=').last
@connection.headers['Cookie'] = response.headers['Set-Cookie']
@connection.headers['X-Authentication'] = pl_ssti_value
# Reset the connection port, since we have to hardcode it to 443 signin
# here
set_url_prefix
end

def acquire_xcsrf
# This simply makes a call to the base_uri and extracts out an
# anti-forgery-token and adds that token to the headers for the
# connection object
response_body = @connection.get('/') { |req| connection.port = 443 }.env.body
parsed_body = Nokogiri::HTML(response_body)
token = parsed_body.css("meta[name='__anti-forgery-token']")[0].attributes['content'].value
@connection.headers['X-CSRF-Token'] = token
set_url_prefix
end

Expand Down
52 changes: 12 additions & 40 deletions spec/scooter/httpdispatchers/consoledispatcher_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,59 +22,31 @@ module Scooter
expect(subject).not_to be_nil
end

context '.signin with a page that returns an xcsrf token' do
let(:mock_page) { <<-XCSRF_PAGE
<!doctype html>
<head>
<meta name="__anti-forgery-token" content="xcsrf-token" />
</head>
</html>
XCSRF_PAGE
}
context '"signin with a page that returns a token' do
before do
index = subject.connection.builder.handlers.index(Faraday::Adapter::NetHttp)
subject.connection.builder.swap(index, Faraday::Adapter::Test) do |stub|
stub.post('/auth/login', "username=#{username}&password=#{password}") {[200, {}, '']}
stub.get('/') {[200, {}, mock_page]}
head = {"server"=>"nginx/1.8.1",
"date"=>"Tue, 29 Nov 2016 22:05:41 GMT",
"content-length"=>"0",
"connection"=>"close",
"set-cookie"=>"JSESSIONID=b05e9b11-5e9f-4d6a-9faf-e28a0415197d; Path=/; Secure; HttpOnly, rememberMe=deleteMe; Path=/auth; Max-Age=0; Expires=Mon, 28-Nov-2016 22:05:41 GMT, pl_ssti=0CeHhpz5PPLna7kpaEMcTHjJ62z9eizHTzsxEXNK8W20;Secure;Path=/",
"location"=>"/",
"x-frame-options"=>"DENY"}
stub.post('/auth/login', "username=#{username}&password=#{password}") {[200, head, '']}
stub.get('/') {[200, {}, '']}
end
end

it 'sends the credentials' do
expect{subject.signin}.to_not raise_error
end

it 'sets the xcsrf token in the header' do
it 'sets the token in the header' do
subject.signin
expect(subject.connection.headers['X-CSRF-Token']).to eq('xcsrf-token')
end
end

context '.signin with a page that has no xcsrf token' do
let(:mock_page) { <<-XCSRF_PAGE
<!doctype html>
<head>
</head>
</html>
XCSRF_PAGE
}
before do
index = subject.connection.builder.handlers.index(Faraday::Adapter::NetHttp)
subject.connection.builder.swap(index, Faraday::Adapter::Test) do |stub|
stub.post('/auth/login', "username=#{username}&password=#{password}") {[200, {}, '']}
stub.get('/') {[200, {}, mock_page]}
end
end

it 'does not raise an error' do
expect{subject.signin}.to_not raise_error
end

it 'There is no xcsrf token set' do
subject.signin
expect(subject.connection.headers['X-CSRF-Token']).to eq(nil)
expect(subject.connection.headers['Cookie']).to include('pl_ssti=')
end
end
end
end
end