external-user: skip certificate verification over ssl authentications

Rodrigo Souto · Larissa Reis
1 parent ea211396
Showing 1 changed file with 25 additions and 6 deletions Show diff stats
app/models/concerns/external_user.rb
@@ -28,16 +28,35 @@ module ExternalUser
       end
     end
+    def build_request(uri)
+      request = Net::HTTP.new(uri.host, uri.port)
+      if uri.scheme == "https"  # enable SSL/TLS
+        request.use_ssl = true
+        #TODO There may be self-signed certificates that we would not be able
+        #to verify, so we'll not verify the ssl certificate for now. Since
+        #this requests will go only towards trusted federated networks the admin
+        #configured we consider this not to be a big deal. Nonetheless we may be
+        #able in the future to require/provide the CA Files on the federation
+        #process which would allow us to verify the certificate.
+        request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      request
+    end
+
     def external_login(login, password, domain)
       # Call Noosfero /api/login
       result = nil
+      response = nil
+      redirections_allowed = 3
+      location = 'http://' + domain + '/api/v1/login'
+      request_params = CGI.unescape({ login: login, password: password }.to_query)
       begin
-        uri = URI.parse('http://' + domain + '/api/v1/login')
-        response = Net::HTTP.post_form(uri, { login: login, password: password })
-        if response.code == '301'
-          # Follow a redirection
-          uri = URI.parse(response.header['location'])
-          response = Net::HTTP.post_form(uri, { login: login, password: password })
+        while redirections_allowed > 0 && (response.blank? || response.code == '301')
+          uri = URI.parse(location)
+          request = build_request(uri)
+          response = request.post(uri.to_s, request_params)
+          location = response.header['location']
+          redirections_allowed -= 1
         end
         result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil
       rescue
	@@ -28,16 +28,35 @@ module ExternalUser		@@ -28,16 +28,35 @@ module ExternalUser
28	end	28	end
29	end	29	end
30		30
		31	+ def build_request(uri)
		32	+ request = Net::HTTP.new(uri.host, uri.port)
		33	+ if uri.scheme == "https" # enable SSL/TLS
		34	+ request.use_ssl = true
		35	+ #TODO There may be self-signed certificates that we would not be able
		36	+ #to verify, so we'll not verify the ssl certificate for now. Since
		37	+ #this requests will go only towards trusted federated networks the admin
		38	+ #configured we consider this not to be a big deal. Nonetheless we may be
		39	+ #able in the future to require/provide the CA Files on the federation
		40	+ #process which would allow us to verify the certificate.
		41	+ request.verify_mode = OpenSSL::SSL::VERIFY_NONE
		42	+ end
		43	+ request
		44	+ end
		45	+
31	def external_login(login, password, domain)	46	def external_login(login, password, domain)
32	# Call Noosfero /api/login	47	# Call Noosfero /api/login
33	result = nil	48	result = nil
		49	+ response = nil
		50	+ redirections_allowed = 3
		51	+ location = 'http://' + domain + '/api/v1/login'
		52	+ request_params = CGI.unescape({ login: login, password: password }.to_query)
34	begin	53	begin
35	- uri = URI.parse('http://' + domain + '/api/v1/login')
36	- response = Net::HTTP.post_form(uri, { login: login, password: password })
37	- if response.code == '301'
38	- # Follow a redirection
39	- uri = URI.parse(response.header['location'])
40	- response = Net::HTTP.post_form(uri, { login: login, password: password })	54	+ while redirections_allowed > 0 && (response.blank? \|\| response.code == '301')
		55	+ uri = URI.parse(location)
		56	+ request = build_request(uri)
		57	+ response = request.post(uri.to_s, request_params)
		58	+ location = response.header['location']
		59	+ redirections_allowed -= 1
41	end	60	end
42	result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil	61	result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil
43	rescue	62	rescue