openshift-origin-auth-mongo 0.8.9

data/COPYRIGHT

@@ -0,0 +1 @@
+Copyright 2012 Red Hat, Inc. and/or its affiliates.

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,3 @@
+Notice of Export Control Law
+
+This software distribution includes cryptographic software that is subject to the U.S. Export Administration Regulations (the "*EAR*") and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to any country listed in Country Group E:1 in Supplement No. 1 to part 740 of the EAR (currently, Cuba, Iran, North Korea, Sudan & Syria); (b) to any prohibited destination or to any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (c) for use in connection with the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems.You may not download this software or technical information if you are located in one of these countries or otherwise subject to these restrictions. You may not provide this software or technical information to individuals or entities located in one of these countries or otherwise subject to these restrictions. You are also responsible for compliance with foreign law requirements applicable to the import, export and use of this software and technical information.

data/Rakefile

@@ -0,0 +1,11 @@
+#require "bundler/gem_tasks"
+require 'rake'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  sh "/usr/bin/mongo localhost/openshift_origin_broker_test --eval 'db.addUser(\"openshift\", \"mooo\")'"
+  t.libs << 'test'
+  t.warning = false
+  t.verbose = true
+  t.test_files = FileList['test/**/*_test.rb']
+end

data/bin/oo-register-user

@@ -0,0 +1,92 @@
+#!/usr/bin/ruby
+require 'rubygems'
+require 'getoptlong'
+require 'active_resource'
+
+def p_usage
+  puts <<USAGE
+Usage: #{$0}
+Register a new user.
+
+  -l|--login       Login for admin user
+  -p|--password    Password for admin user
+     --username    User name for the new user
+     --userpass    User password for the new user
+  -h|--help        Show usage info
+
+USAGE
+exit 1
+end
+
+begin
+  opts = GetoptLong.new(
+                        ["--login",     "-l", GetoptLong::REQUIRED_ARGUMENT],  
+                        ["--password",  "-p", GetoptLong::REQUIRED_ARGUMENT],                          
+                        ["--username",        GetoptLong::REQUIRED_ARGUMENT],
+                        ["--userpass",        GetoptLong::REQUIRED_ARGUMENT],
+                        ["--help",      "-h", GetoptLong::NO_ARGUMENT]
+                       )
+  opt = {}
+  opts.each do |o, a|
+    opt[o[2..-1]] = a.to_s
+  end
+rescue Exception => e
+  #puts e.message
+  p_usage
+end
+
+if opt['help'] || !opt['login'] || !opt['password'] || !opt['username'] || !opt['userpass']
+    p_usage
+end
+
+ActiveResource::Base.include_root_in_json = false
+module ActiveResource
+  module Formats
+    #
+    # The OpenShift REST API wraps the root resource element whi
+    # to be unwrapped.
+    #
+    module OpenshiftJsonFormat
+      extend ActiveResource::Formats::JsonFormat
+      extend self
+
+      def decode(json)
+        decoded = super
+        if decoded.is_a?(Hash) and decoded.has_key?('data')
+          decoded = decoded['data']
+        end
+        if decoded.is_a?(Array)
+          decoded.each { |i| i.delete 'links' }
+        else
+          decoded.delete 'links'
+        end
+        decoded
+      end
+    end
+  end
+end
+
+$options = opt
+class Account < ActiveResource::Base
+  self.site="https://localhost/broker/rest"
+  self.user = $options['login']
+  self.password = $options['password']
+  self.format = :OpenshiftJson
+
+  def read_errors
+    error_data = JSON.parse(@remote_errors.response.body)
+    error_data["messages"]
+  end
+end
+
+acc = Account.new(:username => opt['username'], :password => opt['userpass'])
+if acc.save
+  print "User created succesfully\n"
+else
+  errors = acc.read_errors
+  if errors.nil? || errors.empty?
+    print "An unknown error has occured"
+  else
+    print "#{errors[0]["text"]}\n"
+  end
+end

data/lib/openshift-origin-auth-mongo/app/controllers/account_controller.rb

@@ -0,0 +1,34 @@
+class AccountController < BaseController
+  respond_to :xml, :json
+  before_filter :authenticate, :check_version
+  
+  def create
+    username = params[:username]
+    password = params[:password]
+    
+    auth_config = Rails.application.config.auth
+    auth_service = OpenShift::MongoAuthService.new(auth_config)
+    
+    Rails.logger.debug "username = #{username}, password = #{password}"
+    
+    if(username.nil? || password.nil? || username.strip.empty? || password.strip.empty?)
+      log_action('nil', 'nil', username, "ADD_USER", false, "Username or password not specified or empty")
+      @reply = RestReply.new(:unprocessable_entity)
+      @reply.messages.push(Message.new(:error, "Invalid username or password", 1001, "username"))
+      respond_with @reply, :status => @reply.status
+      return
+    end
+    
+    if auth_service.user_exists?(username)
+      log_action('nil', 'nil', username, "ADD_USER", false, "User '#{username}' already registered")
+      @reply = RestReply.new(:unprocessable_entity)
+      @reply.messages.push(Message.new(:error, "Error: User '#{username}' already registered.", 1002, "id"))
+      respond_with @reply, :status => @reply.status
+    else
+      log_action('nil', 'nil', username, "ADD_USER", true, "User '#{username}' successfully registered")
+      auth_service.register_user(username,password)
+      @reply = RestReply.new(:created, "domain", RestAccount.new(username, Time.new))
+      respond_with @reply, :status => @reply.status
+    end
+  end
+end

data/lib/openshift-origin-auth-mongo/app/models/rest_account.rb

@@ -0,0 +1,12 @@
+class RestAccount < OpenShift::Model
+  attr_accessor :username, :created_on
+  
+  def initialize(username, created_on)
+    self.username, self.created_on = username, created_on
+  end
+  
+  def to_xml(options={})
+    options[:tag_name] = "account"
+    super(options)
+  end
+end

data/lib/openshift-origin-auth-mongo/config/initializers/openshift-origin-auth-mongo-defaults.conf

@@ -0,0 +1,12 @@
+AUTH_SALT="ClWqe5zKtEW4CJEMyjzQ"
+AUTH_PRIVKEYFILE="/var/www/openshift/broker/config/server_priv.pem"
+AUTH_PRIVKEYPASS=""
+AUTH_PUBKEYFILE="/var/www/openshift/broker/config/server_pub.pem"
+
+MONGO_REPLICA_SETS=false
+# Replica set example: "<host-1>:<port-1> <host-2>:<port-2> ..."
+MONGO_HOST_PORT="localhost:27017"
+MONGO_USER="openshift"
+MONGO_PASSWORD="mooo"
+MONGO_DB="openshift_broker_dev"
+MONGO_COLLECTION="auth_user"

data/lib/openshift-origin-auth-mongo/config/initializers/openshift-origin-auth-mongo.rb

@@ -0,0 +1,62 @@
+require 'openshift-origin-common/config'
+
+Broker::Application.configure do
+  conf = OpenShift::Config.new(File.join(OpenShift::Config::PLUGINS_DIR, File.basename(__FILE__, '.rb') + '.conf'))
+  defaults = OpenShift::Config.new(File.join(File.dirname(__FILE__), File.basename(__FILE__, '.rb') + '-defaults.conf'))
+
+  # Grab this now because we need it for the MONGO_HOST_PORT parsing.
+  replica_sets = conf.get_bool("MONGO_REPLICA_SETS") || defaults.get_bool("MONGO_REPLICA_SETS")
+
+  hp = conf.get("MONGO_HOST_PORT") || defaults.get("MONGO_HOST_PORT")
+
+  # Depending on the value of the MONGO_REPLICA_SETS setting, MONGO_HOST_PORT
+  # must follow one of two formats, as described below.
+
+  if !hp
+    raise "Broker is missing Mongo configuration."
+  elif replica_sets
+    # The string should be of the following form:
+    #
+    #   host-1:port-1 host-2:port-2 ...
+    #
+    # We need to parse into an array of arrays:
+    #
+    #   [[<host-1>, <port-1>], [<host-2>, <port-2>], ...]
+    #
+    # where each host is a string and each port is an integer.
+
+    host_port = hp.split.map do |x|
+      (h,p) = x.split(":")
+      [h, p.to_i]
+    end
+  else
+
+    # The string should be of the following form:
+    #
+    #   host:port
+    #
+    # We need to parse into an array:
+    #
+    #   [host,port]
+    #
+    # where host is a string and port is an integer.
+
+    (h,p) = hp.split(":")
+    host_port = [h, p.to_i]
+  end
+
+  config.auth = {
+    :salt => conf.get("AUTH_SALT") || defaults.get("AUTH_SALT"),
+    :privkeyfile => conf.get("AUTH_PRIVKEYFILE") || defaults.get("AUTH_PRIVKEYFILE"),
+    :privkeypass => conf.get("AUTH_PRIVKEYPASS") || defaults.get("AUTH_PRIVKEYPASS"),
+    :pubkeyfile  => conf.get("AUTH_PUBKEYFILE") || defaults.get("AUTH_PUBKEYFILE"),
+
+    :mongo_replica_sets => replica_sets,
+    :mongo_host_port => host_port,
+
+    :mongo_user => conf.get("MONGO_USER") || defaults.get("MONGO_USER"),
+    :mongo_password => conf.get("MONGO_PASSWORD") || defaults.get("MONGO_PASSWORD"),
+    :mongo_db => conf.get("MONGO_DB") || defaults.get("MONGO_DB"),
+    :mongo_collection => conf.get("MONGO_COLLECTION") || defaults.get("MONGO_COLLECTION")
+  }
+end

data/lib/openshift-origin-auth-mongo/config/routes.rb

@@ -0,0 +1,7 @@
+Rails.application.routes.draw do
+  scope "/rest" do
+    constraints(:ip => %r(127.0.\d+.\d+)) do
+      resource :accounts, :only => [:create], :controller => :account
+    end
+  end
+end

data/lib/openshift-origin-auth-mongo/engine/engine.rb

@@ -0,0 +1,12 @@
+require 'openshift-origin-controller'
+require 'rails'
+
+module OpenShift
+  class MongoAuthServiceEngine < Rails::Engine
+    paths.app.controllers      << "lib/openshift-origin-auth-mongo/app/controllers"
+    paths.lib                  << "lib/openshift-origin-auth-mongo/lib"
+    paths.config               << "lib/openshift-origin-auth-mongo/config"
+    paths.app.models           << "lib/openshift-origin-auth-mongo/app/models"    
+    config.autoload_paths      += %W(#{config.root}/lib)
+  end
+end

data/lib/openshift-origin-auth-mongo/lib/openshift/mongo_auth_service.rb

@@ -0,0 +1,73 @@
+require 'rubygems'
+require 'openshift-origin-controller'
+require 'date'
+
+module OpenShift
+  class MongoAuthService < OpenShift::AuthService
+  
+    def initialize(auth_info = nil)
+      super
+
+      if @auth_info != nil
+        # no-op
+      elsif defined? Rails
+        @auth_info = Rails.application.config.auth
+      else
+        raise Exception.new("Mongo DataStore service is not initialized")
+      end
+    
+      @replica_set  = @auth_info[:mongo_replica_sets]
+      @host_port    = @auth_info[:mongo_host_port]
+      @user         = @auth_info[:mongo_user]
+      @password     = @auth_info[:mongo_password]
+      @db           = @auth_info[:mongo_db]
+      @collection   = @auth_info[:mongo_collection]
+    end
+    
+    def db
+      if @replica_set
+        con = Mongo::ReplSetConnection.new(*@host_port << {:read => :secondary})
+      else
+        con = Mongo::Connection.new(@host_port[0], @host_port[1])
+      end
+      user_db = con.db(@db)
+      user_db.authenticate(@user, @password) unless @user.nil?
+      user_db
+    end
+    
+    def register_user(login,password)
+      encoded_password = Digest::MD5.hexdigest(Digest::MD5.hexdigest(password) + @salt)
+      db.collection(@collection).insert({"_id" => login, "user" => login, "password" => encoded_password})
+    end
+    
+    def user_exists?(login)
+      hash = db.collection(@collection).find_one({"_id" => login})
+      !hash.nil?
+    end
+    
+    def authenticate(request, login, password)
+      params = request.request_parameters()
+      if params['broker_auth_key'] && params['broker_auth_iv']
+        validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
+      else
+        raise OpenShift::AccessDeniedException if login.nil? || login.empty? || password.nil? || password.empty?
+        encoded_password = Digest::MD5.hexdigest(Digest::MD5.hexdigest(password) + @salt)
+        hash = db.collection(@collection).find_one({"_id" => login})
+        if hash && !hash.empty? && (hash["password"] == encoded_password)
+          return {:username => login, :auth_method => :login}
+        else
+          raise OpenShift::AccessDeniedException
+        end
+      end
+    end
+    
+    def login(request, params, cookies)
+      if params['broker_auth_key'] && params['broker_auth_iv']
+        validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
+      else
+        data = JSON.parse(params['json_data'])
+        return authenticate(request, data['rhlogin'], params['password'])
+      end
+    end
+  end
+end

data/lib/openshift-origin-auth-mongo.rb

@@ -0,0 +1,8 @@
+module OpenShift
+  module MongoAuthServiceModule
+    require 'openshift-origin-auth-mongo/engine/engine' if defined?(Rails) && Rails::VERSION::MAJOR == 3
+  end
+end
+
+require "openshift-origin-auth-mongo/lib/openshift/mongo_auth_service.rb"
+OpenShift::AuthService.provider=OpenShift::MongoAuthService

data/openshift-origin-auth-mongo.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+lib_dir  = File.join(File.join("lib", "**"), "*")
+test_dir  = File.join(File.join("test", "**"), "*")
+bin_dir  = File.join("bin","*")
+spec_file = "rubygem-openshift-origin-auth-mongo.spec"
+
+Gem::Specification.new do |s|
+  s.name        = "openshift-origin-auth-mongo"
+  s.version     = `rpm -q --qf "%{version}\n" --specfile #{spec_file}`.split[0]
+  s.license     = `rpm -q --qf "%{license}\n" --specfile #{spec_file}`.split[0]
+  s.authors     = ["Krishna Raman"]
+  s.email       = ["kraman@gmail.com"]
+  s.homepage    = `rpm -q --qf "%{url}\n" --specfile #{spec_file}`.split[0]
+  s.summary     = `rpm -q --qf "%{description}\n" --specfile #{spec_file}`.split[0]
+  s.description = `rpm -q --qf "%{description}\n" --specfile #{spec_file}`.split[0]
+
+  s.rubyforge_project = "openshift-origin-auth-mongo"
+
+  s.files       = Dir[lib_dir] + Dir[bin_dir]
+  s.test_files  = Dir[test_dir]
+  s.executables = Dir[bin_dir].map {|binary| File.basename(binary)}
+  s.files       += %w(README.md Rakefile Gemfile rubygem-openshift-origin-auth-mongo.spec openshift-origin-auth-mongo.gemspec LICENSE COPYRIGHT)
+  s.require_paths = ["lib"]
+
+  s.add_dependency('openshift-origin-controller')
+  s.add_dependency('json')  
+  s.add_development_dependency('rake')  
+  s.add_development_dependency('bundler')
+  s.add_development_dependency('mocha')
+end

data/rubygem-openshift-origin-auth-mongo.spec

@@ -0,0 +1,146 @@
+%global ruby_sitelib %(ruby -rrbconfig -e "puts Config::CONFIG['sitelibdir']")
+%global gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null)
+%global gemname openshift-origin-auth-mongo
+%global geminstdir %{gemdir}/gems/%{gemname}-%{version}
+
+Summary:        OpenShift Origin plugin for mongo auth service
+Name:           rubygem-%{gemname}
+Version:        0.8.9
+Release:        1%{?dist}
+Group:          Development/Languages
+License:        ASL 2.0
+URL:            http://openshift.redhat.com
+Source0:        rubygem-%{gemname}-%{version}.tar.gz
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires:       ruby(abi) = 1.8
+Requires:       rubygems
+Requires:       rubygem(openshift-origin-common)
+Requires:       rubygem(json)
+Requires:       rubygem(mocha)
+Requires:       openshift-origin-broker
+Requires:  		selinux-policy-targeted
+Requires:  		policycoreutils-python
+Obsoletes:      rubygem-swingshift-mongo-plugin
+
+BuildRequires:  ruby
+BuildRequires:  rubygems
+BuildArch:      noarch
+Provides:       rubygem(%{gemname}) = %version
+
+%package -n ruby-%{gemname}
+Summary:        OpenShift Origin plugin for mongo auth service
+Requires:       rubygem(%{gemname}) = %version
+Provides:       ruby(%{gemname}) = %version
+
+%description
+Provides a mongo auth service based plugin
+
+%description -n ruby-%{gemname}
+Provides a mongo auth service based plugin
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}%{gemdir}
+mkdir -p %{buildroot}%{ruby_sitelib}
+mkdir -p %{buildroot}%{_bindir}
+
+# Build and install into the rubygem structure
+gem build %{gemname}.gemspec
+gem install --local --install-dir %{buildroot}%{gemdir} --force %{gemname}-%{version}.gem
+
+# Move the gem binaries to the standard filesystem location
+mv %{buildroot}%{gemdir}/bin/* %{buildroot}%{_bindir}
+rm -rf %{buildroot}%{gemdir}/bin
+
+# Symlink into the ruby site library directories
+ln -s %{geminstdir}/lib/%{gemname} %{buildroot}%{ruby_sitelib}
+ln -s %{geminstdir}/lib/%{gemname}.rb %{buildroot}%{ruby_sitelib}
+
+mkdir -p %{buildroot}/etc/openshift/plugins.d
+cp lib/openshift-origin-auth-mongo/config/initializers/openshift-origin-auth-mongo-defaults.conf %{buildroot}/etc/openshift/plugins.d/openshift-origin-auth-mongo.conf
+
+%clean
+rm -rf %{buildroot}
+
+%post
+/usr/bin/openssl genrsa -out /var/www/openshift/broker/config/server_priv.pem 2048
+/usr/bin/openssl rsa    -in /var/www/openshift/broker/config/server_priv.pem -pubout > /var/www/openshift/broker/config/server_pub.pem
+
+%files
+%defattr(-,root,root,-)
+%dir %{geminstdir}
+%doc %{geminstdir}/Gemfile
+%{gemdir}/doc/%{gemname}-%{version}
+%{gemdir}/gems/%{gemname}-%{version}
+%{gemdir}/cache/%{gemname}-%{version}.gem
+%{gemdir}/specifications/%{gemname}-%{version}.gemspec
+%{_bindir}/*
+%config(noreplace) %{_sysconfdir}/openshift/plugins.d/openshift-origin-auth-mongo.conf
+
+%files -n ruby-%{gemname}
+%{ruby_sitelib}/%{gemname}
+%{ruby_sitelib}/%{gemname}.rb
+
+%changelog
+* Thu Oct 11 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.9-1
+- fix for mongo auth plugin spec file (abhgupta@redhat.com)
+- Centralize plug-in configuration (miciah.masters@gmail.com)
+- Removing old build scripts Moving broker/node setup utilities into util
+  packages Fix Auth service module name conflicts (kraman@gmail.com)
+- Merge pull request #613 from kraman/master (openshift+bot@redhat.com)
+- Module name and gem path fixes for auth plugins (kraman@gmail.com)
+
+* Mon Oct 08 2012 Dan McPherson <dmcphers@redhat.com> 0.8.8-1
+- 
+
+* Fri Oct 05 2012 Krishna Raman <kraman@gmail.com> 0.8.7-1
+- new package built with tito
+
+* Mon Aug 20 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.6-1
+- gemspec refactorings based on Fedora packaging feedback (bleanhar@redhat.com)
+- Providing a better error message for invalid broker iv/token
+  (kraman@gmail.com)
+- fix for cartridge-jenkins_build.feature cucumber test (abhgupta@redhat.com)
+- Bug 836055 - Bypass authentication by making a direct request to broker with
+  broker_auth_key (kraman@gmail.com)
+- MCollective updates - Added mcollective-qpid plugin - Added mcollective-
+  msg-broker plugin - Added mcollective agent and facter plugins - Added
+  option to support ignoring node profile - Added systemu dependency for
+  mcollective-client (kraman@gmail.com)
+- Updated gem info for rails 3.0.13 (admiller@redhat.com)
+
+* Wed May 30 2012 Krishna Raman <kraman@gmail.com> 0.8.5-1
+- Fix for Bugz 825366, 825340. SELinux changes to allow access to
+  user_action.log file. Logging authentication failures and user creation for
+  OpenShift Origin (abhgupta@redhat.com)
+- Raise auth exception when no user/password is provided by web browser. Bug
+  815971 (kraman@gmail.com)
+- Adding livecd build scripts Adding a text only minimal version of livecd
+  Added ability to access livecd dns from outside VM (kraman@gmail.com)
+- Merge pull request #19 from kraman/dev/kraman/bug/815971
+  (dmcphers@redhat.com)
+- Fix bug in mongo auth service where auth failure is returning nil instead of
+  Exception (kraman@gmail.com)
+- Adding a seperate message for errors returned by cartridge when trying to add
+  them. Fixing CLIENT_RESULT error in node Removing tmp editor file
+  (kraman@gmail.com)
+- Added tests (kraman@gmail.com)
+- BugZ# 817957. Adding rest api for creating a user in the mongo auth service.
+  Rest API will be accessabel only from local host and will require login/pass
+  of an existing user. (kraman@gmail.com)
+- moving broker auth key and iv encoding/decoding both into the plugin
+  (abhgupta@redhat.com)
+
+* Thu Apr 26 2012 Krishna Raman <kraman@gmail.com> 0.8.4-1
+- Added README for OpenShift Origin-mongo plugin (rpenta@redhat.com)
+- cleaning up spec files (dmcphers@redhat.com)
+- decoding the broker auth key before returning from login in the auth plugin
+  (abhgupta@redhat.com)
+
+* Sat Apr 21 2012 Krishna Raman <kraman@gmail.com> 0.8.3-1
+- new package built with tito

data/test/dummy/Gemfile

@@ -0,0 +1,32 @@
+source 'http://rubygems.org'
+
+gem 'rails', '3.0.13'
+gem 'openshift-origin-auth-mongo'
+gem 'mocha'
+# Bundle edge Rails instead:
+# gem 'rails', :git => 'git://github.com/rails/rails.git'
+
+gem 'sqlite3'
+
+# Use unicorn as the web server
+# gem 'unicorn'
+
+# Deploy with Capistrano
+# gem 'capistrano'
+
+# To use debugger (ruby-debug for Ruby 1.8.7+, ruby-debug19 for Ruby 1.9.2+)
+# gem 'ruby-debug'
+# gem 'ruby-debug19', :require => 'ruby-debug'
+
+# Bundle the extra gems:
+# gem 'bj'
+# gem 'nokogiri'
+# gem 'sqlite3-ruby', :require => 'sqlite3'
+# gem 'aws-s3', :require => 'aws/s3'
+
+# Bundle gems for the local environment. Make sure to
+# put test-only gems in this group so their generators
+# and rake tasks are available in development mode:
+# group :development, :test do
+#   gem 'webrat'
+# end