Skip to content
Snippets Groups Projects
Select Git revision
  • ci-test-ruby-2.5
  • master default protected
  • drop/ruby-2.1
  • version/0.9
  • feat/drop-signup
  • version/0.8
  • version/0.7.1
  • version/0.7
  • version/0.6.1
  • version/0.6
  • 0.9.3
  • 0.9.2
  • 0.9.1
  • 0.9.0
  • 0.8.0
  • 0.7.1
  • 0.7.0
  • 0.6.0
  • 0.5.3
  • 0.5.2
  • 0.5.2-rc
  • 0.5.1
  • 0.5.1-rc2
  • 0.5.1-rc
  • 0.5.0
  • 0.5.0.rc
  • 0.2.8
  • 0.2.8.rc
  • 0.2.7
  • 0.2.6
30 results

webapp

  • Clone with SSH
  • Clone with HTTPS
    • azul's avatar
    Merge pull request #156 from azul/bugfix/5548-hide-signup-forms-without-js
    azul authored 
    hide srp forms when no js is available
    726244f1
    History
    azul's avatar 726244f1
    History
    Name Last commit Last update
    app
    config
    doc
    engines
    lib
    public
    script
    test
    vendor
    .gitignore
    .gitmodules
    .travis.yml
    CUSTOM.md
    Capfile
    DEPLOY.md
    DEVELOP.md
    Gemfile
    Gemfile.lock
    INSTALL.md
    README.md
    Rakefile
    TROUBLESHOOT.md
    config.ru
    leap_web.gemspec
    README.md

    LEAP Web

    "LEAP Web" is the web-based component of the LEAP Platform, providing the following services:

    • REST API for user registration.
    • Admin interface to manage users.
    • Client certificate distribution and renewal.
    • User support help tickets.
    • Billing

    This web application is written in Ruby on Rails 3, using CouchDB as the backend data store.

    Original code specific to this web application is licensed under the GNU Affero General Public License (version 3.0 or higher). See http://www.gnu.org/licenses/agpl-3.0.html for more information.

    Documentation

    For more information, see these files in the doc directory:

    • DEPLOY -- for notes on deployment.
    • DEVELOP -- for developer notes.
    • CUSTOM -- how to customize.

    Known problems

    • Client certificates are generated without a CSR. The problem is that this makes the web application extremely vulnerable to denial of service attacks. This was not an issue until we started to allow the possibility of anonymously fetching a client certificate without authenticating first.

    • By its very nature, the user database is vulnerable to enumeration attacks. These are very hard to prevent, because our protocol is designed to allow query of a user database via proxy in order to provide network perspective.

    Installation

    Typically, this application is installed automatically as part of the LEAP Platform. To install it manually for testing or development, follow these instructions:

    Install system requirements

    sudo apt-get install git ruby1.9.3 rubygems couchdb
sudo gem install bundler

    On Debian Wheezy or later, there is a Debian package for bundler, so you can alternately run sudo apt-get install bundler.

    Download source

    git clone git://leap.se/leap_web
cd leap_web
git submodule update --init

    Install required ruby libraries

    cd leap_web
bundle

    Typically, you run bundle as a normal user and it will ask you for a sudo password when it is time to install the required gems. If you don't have sudo, run bundle as root.

    Configuration

    The configuration file config/defaults.yml providers good defaults for most values. You can override these defaults by creating a file config/config.yml.

    There are a few values you should make sure to modify:

    production:
  admins: ["myusername","otherusername"]
  domain: example.net
  force_ssl: true
  secret_token: "4be2f60fafaf615bd4a13b96bfccf2c2c905898dad34..."
  client_ca_key: "/etc/ssl/ca.key"
  client_ca_cert: "/etc/ssl/ca.crt"
  ca_key_password: nil
    • admins is an array of usernames that are granted special admin privilege.
    • domain is your fully qualified domain name.
    • force_ssl, if set to true, will require secure cookies and turn on HSTS. Don't do this if you are using a self-signed server certificate.
    • secret_token, used for cookie security, you can create one with rake secret. Should be at least 30 characters.
    • client_ca_key, the private key of the CA used to generate client certificates.
    • client_ca_cert, the public certificate the CA used to generate client certificates.
    • ca_key_password, used to unlock the client_ca_key, if needed.

    Running

    cd leap_web
rails server

    Then open http://localhost:3000 in your web browser.

    To peruse the database, visit http://localhost:5984/_utils/

    Testing

    To run all tests

    rake test

    To run an individual test:

    rake test TEST=certs/test/unit/client_certificate_test.rb
or
ruby -Itest certs/test/unit/client_certificate_test.rb