external-user: skip certificate verification over ssl authentications

Rodrigo Souto · Larissa Reis
1 parent ea211396
Showing 1 changed file with 25 additions and 6 deletions Show diff stats
app/models/concerns/external_user.rb
@@ -28,16 +28,35 @@ module ExternalUser
       end
     end
  
+    def build_request(uri)
+      request = Net::HTTP.new(uri.host, uri.port)
+      if uri.scheme == "https"  # enable SSL/TLS
+        request.use_ssl = true
+        #TODO There may be self-signed certificates that we would not be able
+        #to verify, so we'll not verify the ssl certificate for now. Since
+        #this requests will go only towards trusted federated networks the admin
+        #configured we consider this not to be a big deal. Nonetheless we may be
+        #able in the future to require/provide the CA Files on the federation
+        #process which would allow us to verify the certificate.
+        request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      request
+    end
+
     def external_login(login, password, domain)
       # Call Noosfero /api/login
       result = nil
+      response = nil
+      redirections_allowed = 3
+      location = 'http://' + domain + '/api/v1/login'
+      request_params = CGI.unescape({ login: login, password: password }.to_query)
       begin
-        uri = URI.parse('http://' + domain + '/api/v1/login')
-        response = Net::HTTP.post_form(uri, { login: login, password: password })
-        if response.code == '301'
-          # Follow a redirection
-          uri = URI.parse(response.header['location'])
-          response = Net::HTTP.post_form(uri, { login: login, password: password })
+        while redirections_allowed > 0 && (response.blank? || response.code == '301')
+          uri = URI.parse(location)
+          request = build_request(uri)
+          response = request.post(uri.to_s, request_params)
+          location = response.header['location']
+          redirections_allowed -= 1
         end
         result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil
       rescue
...	...	@@ -28,16 +28,35 @@ module ExternalUser
28	28	end
29	29	end
30	30
	31	+ def build_request(uri)
	32	+ request = Net::HTTP.new(uri.host, uri.port)
	33	+ if uri.scheme == "https" # enable SSL/TLS
	34	+ request.use_ssl = true
	35	+ #TODO There may be self-signed certificates that we would not be able
	36	+ #to verify, so we'll not verify the ssl certificate for now. Since
	37	+ #this requests will go only towards trusted federated networks the admin
	38	+ #configured we consider this not to be a big deal. Nonetheless we may be
	39	+ #able in the future to require/provide the CA Files on the federation
	40	+ #process which would allow us to verify the certificate.
	41	+ request.verify_mode = OpenSSL::SSL::VERIFY_NONE
	42	+ end
	43	+ request
	44	+ end
	45	+
31	46	def external_login(login, password, domain)
32	47	# Call Noosfero /api/login
33	48	result = nil
	49	+ response = nil
	50	+ redirections_allowed = 3
	51	+ location = 'http://' + domain + '/api/v1/login'
	52	+ request_params = CGI.unescape({ login: login, password: password }.to_query)
34	53	begin
35		- uri = URI.parse('http://' + domain + '/api/v1/login')
36		- response = Net::HTTP.post_form(uri, { login: login, password: password })
37		- if response.code == '301'
38		- # Follow a redirection
39		- uri = URI.parse(response.header['location'])
40		- response = Net::HTTP.post_form(uri, { login: login, password: password })
	54	+ while redirections_allowed > 0 && (response.blank? \|\| response.code == '301')
	55	+ uri = URI.parse(location)
	56	+ request = build_request(uri)
	57	+ response = request.post(uri.to_s, request_params)
	58	+ location = response.header['location']
	59	+ redirections_allowed -= 1
41	60	end
42	61	result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil
43	62	rescue
...	...