module Chook::Server::Auth

helper module for authentication

Constants

USE_JAMF_ADMIN_USER

Public Instance Methods

authenticate_admin(user, pw) click to toggle source

admin user auth might come from config, might come from Jamf Pro

# File lib/chook/server/auth.rb, line 68
def authenticate_admin(user, pw)
  return authenticate_jamf_admin(user, pw) if Chook.config.admin_user == USE_JAMF_ADMIN_USER
  authenticate_admin_user(user, pw)
end
authenticate_admin_user(user, pw) click to toggle source

admin auth from config

# File lib/chook/server/auth.rb, line 74
def authenticate_admin_user(user, pw)
  if user == Chook.config.admin_user && pw == Chook::Server.admin_user_pw
    Chook.logger.debug "Got auth for admin user: #{user}@#{request.ip}"
    session[:authed_admin] = user
    true
  else
    Chook.logger.warn "FAILED auth for admin user: #{user}@#{request.ip}"
    session[:authed_admin] = nil
    false
  end
end
authenticate_jamf_admin(user, pw) click to toggle source

admin auth from jamf pro

# File lib/chook/server/auth.rb, line 87
def authenticate_jamf_admin(user, pw)
  require 'ruby-jss'
  JSS::APIConnection.new(
    user: user,
    pw: pw,
    server: Chook.config.jamf_server,
    port: Chook.config.jamf_port,
    use_ssl: Chook.config.jamf_use_ssl,
    verify_cert: Chook.config.jamf_verify_cert
  )
  Chook.logger.debug "Jamf Admin login for: #{user}@#{request.ip}"

  session[:authed_admin] = user
  true
rescue JSS::AuthenticationError
  Chook.logger.warn "Jamf Admin login FAILED for: #{user}@#{request.ip}"
  session[:authed_admin] = nil
  false
end
authenticate_webhooks_user(creds) click to toggle source

webhook user auth always comes from config

# File lib/chook/server/auth.rb, line 57
def authenticate_webhooks_user(creds)
  if creds.first == Chook.config.webhooks_user && creds.last == Chook::Server.webhooks_user_pw
    Chook.logger.debug "Got HTTP Basic auth for webhooks user: #{Chook.config.webhooks_user}@#{request.ip}"
    true
  else
    Chook.logger.error "FAILED auth for webhooks user: #{Chook.config.webhooks_user}@#{request.ip}"
    false
  end
end
protect_via_basic_auth!() click to toggle source
# File lib/chook/server/auth.rb, line 36
def protect_via_basic_auth!
  # don't protect if user isn't defined
  return unless Chook.config.webhooks_user
  return if webhook_user_authorized?
  headers['WWW-Authenticate'] = 'Basic realm="Restricted Area"'
  halt 401, "Not authorized\n"
end
webhook_user_authorized?() click to toggle source
# File lib/chook/server/auth.rb, line 44
def webhook_user_authorized?
  @auth ||= Rack::Auth::Basic::Request.new(request.env)

  # gotta have basic auth presented to us
  unless @auth.provided? && @auth.basic? && @auth.credentials
    Chook.logger.debug "No basic auth provided on protected route: #{request.path_info} from: #{request.ip}"
    return false
  end

  authenticate_webhooks_user @auth.credentials
end