mirror of
https://github.com/cmur2/dyndnsd.git
synced 2024-12-21 14:54:22 +01:00
daemon: move authorization check to daemon making it testable
This commit is contained in:
parent
26bf1ee3fd
commit
599fa2b718
@ -45,6 +45,15 @@ module Dyndnsd
|
||||
(@db.save; @updater.update(@db)) if @db.changed?
|
||||
end
|
||||
|
||||
def is_authorized?(username, password)
|
||||
allow = ((@users.has_key? username) and (@users[username]['password'] == password))
|
||||
if not allow
|
||||
Dyndnsd.logger.warn "Login failed for #{username}"
|
||||
Metriks.meter('requests.auth_failed').mark
|
||||
end
|
||||
allow
|
||||
end
|
||||
|
||||
def call(env)
|
||||
return [422, {'X-DynDNS-Response' => 'method_forbidden'}, []] if env["REQUEST_METHOD"] != "GET"
|
||||
return [422, {'X-DynDNS-Response' => 'not_found'}, []] if env["PATH_INFO"] != "/nic/update"
|
||||
@ -219,17 +228,10 @@ module Dyndnsd
|
||||
# configure daemon
|
||||
db = Database.new(config['db'])
|
||||
updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
|
||||
daemon = Daemon.new(config, db, updater)
|
||||
|
||||
# configure rack
|
||||
app = Daemon.new(config, db, updater)
|
||||
app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
|
||||
allow = ((config['users'].has_key? user) and (config['users'][user]['password'] == pass))
|
||||
if not allow
|
||||
Dyndnsd.logger.warn "Login failed for #{user}"
|
||||
Metriks.meter('requests.auth_failed').mark
|
||||
end
|
||||
allow
|
||||
end
|
||||
app = Rack::Auth::Basic.new(daemon, "DynDNS", &daemon.method(:is_authorized?))
|
||||
|
||||
if config['responder'] == 'RestStyle'
|
||||
app = Responder::RestStyle.new(app)
|
||||
|
@ -18,11 +18,9 @@ describe Dyndnsd::Daemon do
|
||||
}
|
||||
db = Dyndnsd::DummyDatabase.new({})
|
||||
updater = Dyndnsd::Updater::Dummy.new
|
||||
app = Dyndnsd::Daemon.new(config, db, updater)
|
||||
daemon = Dyndnsd::Daemon.new(config, db, updater)
|
||||
|
||||
app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
|
||||
(config['users'].has_key? user) and (config['users'][user]['password'] == pass)
|
||||
end
|
||||
app = Rack::Auth::Basic.new(daemon, "DynDNS", &daemon.method(:is_authorized?))
|
||||
|
||||
app = Dyndnsd::Responder::DynDNSStyle.new(app)
|
||||
end
|
||||
@ -33,6 +31,13 @@ describe Dyndnsd::Daemon do
|
||||
expect(last_response.body).to eq('badauth')
|
||||
end
|
||||
|
||||
it 'requires configured correct credentials' do
|
||||
authorize 'test', 'wrongsecret'
|
||||
get '/'
|
||||
expect(last_response.status).to eq(401)
|
||||
expect(last_response.body).to eq('badauth')
|
||||
end
|
||||
|
||||
it 'only supports GET requests' do
|
||||
authorize 'test', 'secret'
|
||||
post '/nic/update'
|
||||
@ -94,6 +99,7 @@ describe Dyndnsd::Daemon do
|
||||
|
||||
it 'rejects request if user does not own one hostname' do
|
||||
authorize 'test', 'secret'
|
||||
|
||||
get '/nic/update?hostname=notmyhost.example.org'
|
||||
expect(last_response).to be_ok
|
||||
expect(last_response.body).to eq('nohost')
|
||||
|
Loading…
Reference in New Issue
Block a user