Class: Msf::WebServices::Authentication::Strategies::UserPassword

Inherits:
Warden::Strategies::Base
  • Object
show all
Defined in:
lib/msf/core/web_services/authentication/strategies/user_password.rb

Instance Method Summary collapse

Instance Method Details

#authenticate!Object

Authenticate the request.



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# File 'lib/msf/core/web_services/authentication/strategies/user_password.rb', line 30

def authenticate!
  begin
    body = JSON.parse(request.body.read, symbolize_names: true)

    db_manager = env['msf.db_manager']
    user = db_manager.users(username: body[:username]).first

    if user.nil? || !db_manager.authenticate_user(id: user.id, password: body[:password])
      fail("Invalid username or password.")
    else
      success!(user)
    end
  ensure
    request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
  end
end

#valid?Boolean

Check if request contains valid data and should be authenticated.

Returns:

  • (Boolean)

    true if strategy should be run for the request; otherwise, false.



20
21
22
23
24
25
26
27
# File 'lib/msf/core/web_services/authentication/strategies/user_password.rb', line 20

def valid?
  begin
    body = JSON.parse(request.body.read, symbolize_names: true)
    body[:username] && body[:password]
  ensure
    request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
  end
end