From b2c77c6e0a779057ab4eab8cac43ad9a960706cf Mon Sep 17 00:00:00 2001 From: Ahmad Farhat Date: Fri, 7 Jun 2024 14:53:42 -0400 Subject: [PATCH] Changes to LRS Basic Authentication --- app/models/tenant.rb | 10 ++++++---- app/services/lrs_payload_service.rb | 22 ++++++++++++++-------- lib/tasks/tenants.rake | 15 +++++++++------ spec/factories/tenant.rb | 3 ++- spec/services/lrs_payload_service_spec.rb | 15 ++++----------- 5 files changed, 35 insertions(+), 30 deletions(-) diff --git a/app/models/tenant.rb b/app/models/tenant.rb index 4244b8cf..39bbf86e 100644 --- a/app/models/tenant.rb +++ b/app/models/tenant.rb @@ -3,8 +3,8 @@ class Tenant < ApplicationRedisRecord SECRETS_SEPARATOR = ':' - define_attribute_methods :id, :name, :secrets, :lrs_endpoint, :lrs_basic_token, :kc_token_url, :kc_client_id, :kc_client_secret, :kc_username, -:kc_password + define_attribute_methods :id, :name, :secrets, :lrs_endpoint, :lrs_username, :lrs_password, + :kc_token_url, :kc_client_id, :kc_client_secret, :kc_username, :kc_password # Unique ID for this tenant application_redis_attr :id @@ -17,7 +17,8 @@ class Tenant < ApplicationRedisRecord # Custom LRS work application_redis_attr :lrs_endpoint - application_redis_attr :lrs_basic_token + application_redis_attr :lrs_username + application_redis_attr :lrs_password application_redis_attr :kc_token_url application_redis_attr :kc_client_id application_redis_attr :kc_client_secret @@ -45,7 +46,8 @@ def save! pipeline.hset(id_key, 'name', name) if name_changed? pipeline.hset(id_key, 'secrets', secrets) if secrets_changed? pipeline.hset(id_key, 'lrs_endpoint', lrs_endpoint) if lrs_endpoint_changed? - pipeline.hset(id_key, 'lrs_basic_token', lrs_basic_token) if lrs_basic_token_changed? + pipeline.hset(id_key, 'lrs_username', lrs_username) if lrs_username_changed? + pipeline.hset(id_key, 'lrs_password', lrs_password) if lrs_password_changed? pipeline.hset(id_key, 'kc_token_url', kc_token_url) if kc_token_url_changed? pipeline.hset(id_key, 'kc_client_id', kc_client_id) if kc_client_id_changed? pipeline.hset(id_key, 'kc_client_secret', kc_client_secret) if kc_client_secret_changed? diff --git a/app/services/lrs_payload_service.rb b/app/services/lrs_payload_service.rb index 1233dded..97954a43 100644 --- a/app/services/lrs_payload_service.rb +++ b/app/services/lrs_payload_service.rb @@ -7,18 +7,24 @@ def initialize(tenant:, secret:) end def call - token = @tenant.kc_token_url.present? ? fetch_token_from_keycloak : @tenant.lrs_basic_token - - if token.nil? - Rails.logger.warn("LRS Token not found") - return nil - end - lrs_payload = { lrs_endpoint: @tenant.lrs_endpoint, - lrs_token: token } + if @tenant.lrs_username.present? + lrs_payload[:lrs_username] = @tenant.lrs_username + lrs_payload[:lrs_password] = @tenant.lrs_password + else + token = fetch_token_from_keycloak + + if token.nil? + Rails.logger.warn("LRS Token not found") + return nil + end + + lrs_payload[:lrs_token] = token + end + # Generate a random salt salt = SecureRandom.random_bytes(8) diff --git a/lib/tasks/tenants.rake b/lib/tasks/tenants.rake index 91563b66..523edec6 100644 --- a/lib/tasks/tenants.rake +++ b/lib/tasks/tenants.rake @@ -15,7 +15,8 @@ task tenants: :environment do |_t, _args| puts("\tname: #{tenant.name}") puts("\tsecrets: #{tenant.secrets}") puts("\tlrs_endpoint: #{tenant.lrs_endpoint}") if tenant.lrs_endpoint.present? - puts("\tlrs_basic_token: #{tenant.lrs_basic_token}") if tenant.lrs_basic_token.present? + puts("\tlrs_username: #{tenant.lrs_username}") if tenant.lrs_username.present? + puts("\tlrs_password: #{tenant.lrs_password}") if tenant.lrs_password.present? puts("\tkc_token_url: #{tenant.kc_token_url}") if tenant.kc_token_url.present? puts("\tkc_client_id: #{tenant.kc_client_id}") if tenant.kc_client_id.present? puts("\tkc_client_secret: #{tenant.kc_client_secret}") if tenant.kc_client_secret.present? @@ -68,20 +69,22 @@ namespace :tenants do end desc 'Update an existing Tenants LRS credentials with basic authentication' - task :update_lrs_basic, [:id, :lrs_endpoint, :lrs_basic_token] => :environment do |_t, args| + task :update_lrs_basic, [:id, :lrs_endpoint, :lrs_username, :lrs_password] => :environment do |_t, args| check_multitenancy id = args[:id] lrs_endpoint = args[:lrs_endpoint] - lrs_basic_token = args[:lrs_basic_token] + lrs_username = args[:lrs_username] + lrs_password = args[:lrs_password] - if id.blank? || lrs_endpoint.blank? || lrs_basic_token.blank? - puts('Error: id, LRS_ENDPOINT, LRS_BASIC_TOKEN are required to update a Tenant') + if id.blank? || lrs_endpoint.blank? || lrs_username.blank? || lrs_password.blank? + puts('Error: id, LRS_ENDPOINT, LRS_USERNAME, LRS_PASSWORD are required to update a Tenant') exit(1) end tenant = Tenant.find(id) tenant.lrs_endpoint = lrs_endpoint - tenant.lrs_basic_token = lrs_basic_token + tenant.lrs_username = lrs_username + tenant.lrs_password = lrs_password tenant.save! diff --git a/spec/factories/tenant.rb b/spec/factories/tenant.rb index 7af50c8e..dbacd596 100644 --- a/spec/factories/tenant.rb +++ b/spec/factories/tenant.rb @@ -5,7 +5,8 @@ name { Faker::Creature::Animal.name } secrets { "#{Faker::Crypto.sha256}:#{Faker::Crypto.sha512}" } lrs_endpoint { nil } - lrs_basic_token { nil } + lrs_username { nil } + lrs_password { nil } kc_token_url { nil } kc_client_id { nil } kc_client_secret { nil } diff --git a/spec/services/lrs_payload_service_spec.rb b/spec/services/lrs_payload_service_spec.rb index bbf53cf2..2be525aa 100644 --- a/spec/services/lrs_payload_service_spec.rb +++ b/spec/services/lrs_payload_service_spec.rb @@ -5,20 +5,13 @@ RSpec.describe LrsPayloadService, type: :service do describe '#call' do context 'Basic Auth' do - it 'uses the lrs_basic_token if set' do - tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com', lrs_basic_token: 'basic_token') + it 'uses the lrs_username and lrs_password if set' do + tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com', lrs_username: 'basic_username', lrs_password: 'basic_password') encrypted_value = described_class.new(tenant: tenant, secret: 'server-secret').call - expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_token"]).to eq(tenant.lrs_basic_token) - end - - it 'logs a warning and returns nil if lrs_basic_token is not set' do - tenant = create(:tenant, name: 'bn', lrs_endpoint: 'https://lrs_endpoint.com') - - expect(Rails.logger).to receive(:warn) - - expect(described_class.new(tenant: tenant, secret: 'server-secret').call).to be_nil + expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_username"]).to eq(tenant.lrs_username) + expect(JSON.parse(decrypt(encrypted_value, 'server-secret'))["lrs_password"]).to eq(tenant.lrs_password) end end