/usr/share/chef-server-api/app/controllers/application.rb is in chef-server-api 10.12.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 | #
# Author:: Adam Jacob (<adam@opscode.com>)
# Author:: Christopher Brown (<cb@opscode.com>)
# Author:: Christopher Walters (<cw@opscode.com>)
# Author:: Tim Hinderliter (<tim@opscode.com>)
# Copyright:: Copyright (c) 2008-2010 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require "chef/mixin/checksum"
require "chef/cookbook_loader"
require "mixlib/authentication/signatureverification"
require 'chef/json_compat'
class Application < Merb::Controller
include Chef::Mixin::Checksum
def authenticate_every
begin
# Raises an error if required auth headers are missing
authenticator = Mixlib::Authentication::SignatureVerification.new(request)
username = authenticator.user_id
Chef::Log.info("Authenticating client #{username}")
user = Chef::ApiClient.cdb_load(username)
user_key = OpenSSL::PKey::RSA.new(user.public_key)
Chef::Log.debug "Authenticating Client:\n #{user.inspect}\n"
# Store this for later..
@auth_user = user
authenticator.authenticate_request(user_key)
rescue Mixlib::Authentication::MissingAuthenticationHeader => e
Chef::Log.debug "Authentication failed: #{e.class.name}: #{e.message}\n#{e.backtrace.join("\n")}"
raise BadRequest, "#{e.class.name}: #{e.message}"
rescue StandardError => se
Chef::Log.debug "Authentication failed: #{se}, #{se.backtrace.join("\n")}"
raise Unauthorized, "Failed to authenticate. Ensure that your client key is valid."
end
unless authenticator.valid_request?
if authenticator.valid_timestamp?
raise Unauthorized, "Failed to authenticate. Ensure that your client key is valid."
else
raise Unauthorized, "Failed to authenticate. Please synchronize the clock on your client"
end
end
true
end
def is_admin
if @auth_user.admin
true
else
raise Forbidden, "You are not allowed to take this action."
end
end
def is_admin_or_validator
if @auth_user.admin || @auth_user.name == Chef::Config[:validation_client_name]
true
else
raise Forbidden, "You are not allowed to take this action."
end
end
def admin_or_requesting_node
if @auth_user.admin || @auth_user.name == params[:id]
true
else
raise Forbidden, "You are not the correct node (auth_user name: #{@auth_user.name}, params[:id]: #{params[:id]}), or are not an API administrator (admin: #{@auth_user.admin})."
end
end
# Store the URI of the current request in the session.
#
# We can return to this location by calling #redirect_back_or_default.
def store_location
session[:return_to] = request.uri
end
# Redirect to the URI stored by the most recent store_location call or
# to the passed default.
def redirect_back_or_default(default)
loc = session[:return_to] || default
session[:return_to] = nil
redirect loc
end
def access_denied
raise Unauthorized, "You must authenticate first!"
end
def get_available_recipes
all_cookbooks_list = Chef::CookbookVersion.cdb_list(true)
available_recipes = all_cookbooks_list.sort{ |a,b| a.name.to_s <=> b.name.to_s }.inject([]) do |result, element|
element.recipes.sort.each do |r|
if r =~ /^(.+)::default$/
result << $1
else
result << r
end
end
result
end
available_recipes
end
# Fix CHEF-1292/PL-538; cause Merb to pass the max nesting constant into
# obj.to_json, which it calls by default based on the original request's
# accept headers and the type passed into Merb::Controller.display
#--
# TODO: tim, 2010-11-24: would be nice to instead have Merb call
# Chef::JSONCompat.to_json, instead of obj.to_json, but changing that
# behavior is convoluted in Merb. This override is assuming that
# Merb is eventually calling obj.to_json, which takes the :max_nesting
# option.
override! :display
def display(obj)
super(obj, nil, {:max_nesting => Chef::JSONCompat::JSON_MAX_NESTING})
end
end
|