diff --git a/app/models/concerns/external_user.rb b/app/models/concerns/external_user.rb index daa5119..0989232 100644 --- a/app/models/concerns/external_user.rb +++ b/app/models/concerns/external_user.rb @@ -28,16 +28,35 @@ module ExternalUser end end + def build_request(uri) + request = Net::HTTP.new(uri.host, uri.port) + if uri.scheme == "https" # enable SSL/TLS + request.use_ssl = true + #TODO There may be self-signed certificates that we would not be able + #to verify, so we'll not verify the ssl certificate for now. Since + #this requests will go only towards trusted federated networks the admin + #configured we consider this not to be a big deal. Nonetheless we may be + #able in the future to require/provide the CA Files on the federation + #process which would allow us to verify the certificate. + request.verify_mode = OpenSSL::SSL::VERIFY_NONE + end + request + end + def external_login(login, password, domain) # Call Noosfero /api/login result = nil + response = nil + redirections_allowed = 3 + location = 'http://' + domain + '/api/v1/login' + request_params = CGI.unescape({ login: login, password: password }.to_query) begin - uri = URI.parse('http://' + domain + '/api/v1/login') - response = Net::HTTP.post_form(uri, { login: login, password: password }) - if response.code == '301' - # Follow a redirection - uri = URI.parse(response.header['location']) - response = Net::HTTP.post_form(uri, { login: login, password: password }) + while redirections_allowed > 0 && (response.blank? || response.code == '301') + uri = URI.parse(location) + request = build_request(uri) + response = request.post(uri.to_s, request_params) + location = response.header['location'] + redirections_allowed -= 1 end result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil rescue -- libgit2 0.21.2