Skip to content

Commit

Permalink
Changes to LRS Basic Authentication (#1080)
Browse files Browse the repository at this point in the history
  • Loading branch information
farhatahmad authored Jun 7, 2024
1 parent ed3559a commit 40a673a
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 30 deletions.
10 changes: 6 additions & 4 deletions app/models/tenant.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
class Tenant < ApplicationRedisRecord
SECRETS_SEPARATOR = ':'

define_attribute_methods :id, :name, :secrets, :lrs_endpoint, :lrs_basic_token, :kc_token_url, :kc_client_id, :kc_client_secret, :kc_username,
:kc_password
define_attribute_methods :id, :name, :secrets, :lrs_endpoint, :lrs_username, :lrs_password,
:kc_token_url, :kc_client_id, :kc_client_secret, :kc_username, :kc_password

# Unique ID for this tenant
application_redis_attr :id
Expand All @@ -17,7 +17,8 @@ class Tenant < ApplicationRedisRecord

# Custom LRS work
application_redis_attr :lrs_endpoint
application_redis_attr :lrs_basic_token
application_redis_attr :lrs_username
application_redis_attr :lrs_password
application_redis_attr :kc_token_url
application_redis_attr :kc_client_id
application_redis_attr :kc_client_secret
Expand Down Expand Up @@ -45,7 +46,8 @@ def save!
pipeline.hset(id_key, 'name', name) if name_changed?
pipeline.hset(id_key, 'secrets', secrets) if secrets_changed?
pipeline.hset(id_key, 'lrs_endpoint', lrs_endpoint) if lrs_endpoint_changed?
pipeline.hset(id_key, 'lrs_basic_token', lrs_basic_token) if lrs_basic_token_changed?
pipeline.hset(id_key, 'lrs_username', lrs_username) if lrs_username_changed?
pipeline.hset(id_key, 'lrs_password', lrs_password) if lrs_password_changed?
pipeline.hset(id_key, 'kc_token_url', kc_token_url) if kc_token_url_changed?
pipeline.hset(id_key, 'kc_client_id', kc_client_id) if kc_client_id_changed?
pipeline.hset(id_key, 'kc_client_secret', kc_client_secret) if kc_client_secret_changed?
Expand Down
22 changes: 14 additions & 8 deletions app/services/lrs_payload_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,24 @@ def initialize(tenant:, secret:)
end

def call
token = @tenant.kc_token_url.present? ? fetch_token_from_keycloak : @tenant.lrs_basic_token

if token.nil?
Rails.logger.warn("LRS Token not found")
return nil
end

lrs_payload = {
lrs_endpoint: @tenant.lrs_endpoint,
lrs_token: token
}

if @tenant.lrs_username.present?
lrs_payload[:lrs_username] = @tenant.lrs_username
lrs_payload[:lrs_password] = @tenant.lrs_password
else
token = fetch_token_from_keycloak

if token.nil?
Rails.logger.warn("LRS Token not found")
return nil
end

lrs_payload[:lrs_token] = token
end

# Generate a random salt
salt = SecureRandom.random_bytes(8)

Expand Down
15 changes: 9 additions & 6 deletions lib/tasks/tenants.rake
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ task tenants: :environment do |_t, _args|
puts("\tname: #{tenant.name}")
puts("\tsecrets: #{tenant.secrets}")
puts("\tlrs_endpoint: #{tenant.lrs_endpoint}") if tenant.lrs_endpoint.present?
puts("\tlrs_basic_token: #{tenant.lrs_basic_token}") if tenant.lrs_basic_token.present?
puts("\tlrs_username: #{tenant.lrs_username}") if tenant.lrs_username.present?
puts("\tlrs_password: #{tenant.lrs_password}") if tenant.lrs_password.present?
puts("\tkc_token_url: #{tenant.kc_token_url}") if tenant.kc_token_url.present?
puts("\tkc_client_id: #{tenant.kc_client_id}") if tenant.kc_client_id.present?
puts("\tkc_client_secret: #{tenant.kc_client_secret}") if tenant.kc_client_secret.present?
Expand Down Expand Up @@ -68,20 +69,22 @@ namespace :tenants do
end

desc 'Update an existing Tenants LRS credentials with basic authentication'
task :update_lrs_basic, [:id, :lrs_endpoint, :lrs_basic_token] => :environment do |_t, args|
task :update_lrs_basic, [:id, :lrs_endpoint, :lrs_username, :lrs_password] => :environment do |_t, args|
check_multitenancy
id = args[:id]
lrs_endpoint = args[:lrs_endpoint]
lrs_basic_token = args[:lrs_basic_token]
lrs_username = args[:lrs_username]
lrs_password = args[:lrs_password]

if id.blank? || lrs_endpoint.blank? || lrs_basic_token.blank?
puts('Error: id, LRS_ENDPOINT, LRS_BASIC_TOKEN are required to update a Tenant')
if id.blank? || lrs_endpoint.blank? || lrs_username.blank? || lrs_password.blank?
puts('Error: id, LRS_ENDPOINT, LRS_USERNAME, LRS_PASSWORD are required to update a Tenant')
exit(1)
end

tenant = Tenant.find(id)
tenant.lrs_endpoint = lrs_endpoint
tenant.lrs_basic_token = lrs_basic_token
tenant.lrs_username = lrs_username
tenant.lrs_password = lrs_password

tenant.save!

Expand Down
3 changes: 2 additions & 1 deletion spec/factories/tenant.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@
name { Faker::Creature::Animal.name }
secrets { "#{Faker::Crypto.sha256}:#{Faker::Crypto.sha512}" }
lrs_endpoint { nil }
lrs_basic_token { nil }
lrs_username { nil }
lrs_password { nil }
kc_token_url { nil }
kc_client_id { nil }
kc_client_secret { nil }
Expand Down
15 changes: 4 additions & 11 deletions spec/services/lrs_payload_service_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,13 @@
RSpec.describe LrsPayloadService, type: :service do
describe '#call' do
context 'Basic Auth' do
it 'uses the lrs_basic_token if set' do
tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com', lrs_basic_token: 'basic_token')
it 'uses the lrs_username and lrs_password if set' do
tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com', lrs_username: 'basic_username', lrs_password: 'basic_password')

encrypted_value = described_class.new(tenant: tenant, secret: 'server-secret').call

expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_token"]).to eq(tenant.lrs_basic_token)
end

it 'logs a warning and returns nil if lrs_basic_token is not set' do
tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com')

expect(Rails.logger).to receive(:warn)

expect(described_class.new(tenant: tenant, secret: 'server-secret').call).to be_nil
expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_username"]).to eq(tenant.lrs_username)
expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_password"]).to eq(tenant.lrs_password)
end
end

Expand Down

0 comments on commit 40a673a

Please sign in to comment.