Merge pull request #1 from erasche/develop

Eric Rasche · Eric Rasche · commit 1ffbc4004094 · 2014-09-25T14:54:40.000-05:00
Develop
diff --git a/static/js/crypto/base64.js b/static/js/crypto/base64.js
@@ -1,5 +1,6 @@
+// ==== File: base64.js
 var b64map="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-var b64padchar="=";
+var b64pad="=";
 
 function hex2b64(h) {
   var i;
@@ -17,7 +18,7 @@ function hex2b64(h) {
     c = parseInt(h.substring(i,i+2),16);
     ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4);
   }
-  while((ret.length & 3) > 0) ret += b64padchar;
+  while((ret.length & 3) > 0) ret += b64pad;
   return ret;
 }
 
@@ -28,7 +29,7 @@ function b64tohex(s) {
   var k = 0; // b64 state, 0-3
   var slop;
   for(i = 0; i < s.length; ++i) {
-    if(s.charAt(i) == b64padchar) break;
+    if(s.charAt(i) == b64pad) break;
     v = b64map.indexOf(s.charAt(i));
     if(v < 0) continue;
     if(k == 0) {
@@ -69,3 +70,4 @@ function b64toBA(s) {
   }
   return a;
 }
+
diff --git a/static/js/crypto/jsbn.js b/static/js/crypto/jsbn.js
@@ -1,3 +1,5 @@
+// Downloaded from http://www-cs-students.stanford.edu/~tjw/ at Tue Nov 30 00:42:57 PST 2010
+// ==== File: jsbn.js
 // Copyright (c) 2005  Tom Wu
 // All Rights Reserved.
 // See "LICENSE" for details.
@@ -118,7 +120,7 @@ function bnpFromInt(x) {
   this.t = 1;
   this.s = (x<0)?-1:0;
   if(x > 0) this[0] = x;
-  else if(x < -1) this[0] = x+this.DV;
+  else if(x < -1) this[0] = x+DV;
   else this.t = 0;
 }
 
@@ -212,7 +214,7 @@ function bnCompareTo(a) {
   if(r != 0) return r;
   var i = this.t;
   r = i-a.t;
-  if(r != 0) return (this.s<0)?-r:r;
+  if(r != 0) return r;
   while(--i >= 0) if((r=this[i]-a[i]) != 0) return r;
   return 0;
 }
@@ -557,3 +559,4 @@ BigInteger.prototype.modPowInt = bnModPowInt;
 // "constants"
 BigInteger.ZERO = nbv(0);
 BigInteger.ONE = nbv(1);
+
diff --git a/static/js/crypto/prng4.js b/static/js/crypto/prng4.js
@@ -1,3 +1,4 @@
+// ==== File: prng4.js
 // prng4.js - uses Arcfour as a PRNG
 
 function Arcfour() {
@@ -43,3 +44,4 @@ function prng_newstate() {
 // Pool size must be a multiple of 4 and greater than 32.
 // An array of bytes the size of the pool will be passed to init()
 var rng_psize = 256;
+
diff --git a/static/js/crypto/rng.js b/static/js/crypto/rng.js
@@ -1,3 +1,4 @@
+// ==== File: rng.js
 // Random number generator - requires a PRNG backend, e.g. prng4.js
 
 // For best results, put code like
@@ -27,19 +28,12 @@ if(rng_pool == null) {
   rng_pool = new Array();
   rng_pptr = 0;
   var t;
-  if(window.crypto && window.crypto.getRandomValues) {
-    // Use webcrypto if available
-    var ua = new Uint8Array(32);
-    window.crypto.getRandomValues(ua);
-    for(t = 0; t < 32; ++t)
-      rng_pool[rng_pptr++] = ua[t];
-  }
   if(navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto) {
     // Extract entropy (256 bits) from NS4 RNG if available
     var z = window.crypto.random(32);
     for(t = 0; t < z.length; ++t)
       rng_pool[rng_pptr++] = z.charCodeAt(t) & 255;
-  }  
+  }
   while(rng_pptr < rng_psize) {  // extract some randomness from Math.random()
     t = Math.floor(65536 * Math.random());
     rng_pool[rng_pptr++] = t >>> 8;
@@ -73,3 +67,4 @@ function rng_get_bytes(ba) {
 function SecureRandom() {}
 
 SecureRandom.prototype.nextBytes = rng_get_bytes;
+
diff --git a/static/js/crypto/rsa.js b/static/js/crypto/rsa.js
@@ -1,3 +1,4 @@
+// ==== File: rsa.js
 // Depends on jsbn.js and rng.js
 
 // Version 1.1: support utf-8 encoding in pkcs1pad2
@@ -110,3 +111,4 @@ RSAKey.prototype.doPublic = RSADoPublic;
 RSAKey.prototype.setPublic = RSASetPublic;
 RSAKey.prototype.encrypt = RSAEncrypt;
 //RSAKey.prototype.encrypt_b64 = RSAEncryptB64;
+
diff --git a/static/js/ie.js b/static/js/ie.js
@@ -30,13 +30,17 @@ function test_ie_availability(url, success_callback){
     display_spinner();
     interval = setInterval(function(){
         $.ajax({
+            url: url,
             type: "GET",
+            timeout: 500,
             success: function(){
+                console.log("Connected to IE, returning");
                 clearInterval(interval);
                 success_callback();
             },
-            error: function(){
+            error: function(jqxhr, status, error){
                 request_count++;
+                console.log("Request " + request_count);
                 if(request_count > 30){
                     clearInterval(interval);
                     clear_main_area();
diff --git a/static/js/rstudio.js b/static/js/rstudio.js
@@ -14,14 +14,6 @@ function message_failed_connection(){
     );
 }
 
-function message_no_auth(){
-    toastr.warning(
-        "IPython Notebook was lunched without authentication. This is a security issue. <a href='https://github.com/bgruening/galaxy-ipython/wiki/IPython-Notebook-was-lunched-without-authentication' target='_blank'>More details ...</a>",
-        "Security warning",
-        {'closeButton': true, 'timeOut': 20000, 'tapToDismiss': false}
-    );
-}
-
 
 /**
  * Load an interactive environment (IE) from a remote URL
@@ -30,12 +22,30 @@ function message_no_auth(){
  * @param {String} notebook_access_url: the URL embeded in the page and loaded
  *
  */
-function load_notebook(password, notebook_login_url, notebook_access_url){
+function load_notebook(notebook_login_url, notebook_access_url, notebook_pubkey_url, username){
     $( document ).ready(function() {
         // Test notebook_login_url for accessibility, executing the login+load function whenever
         // we've successfully connected to the IE.
-        test_ie_availability(notebook_login_url, function(){
-            _handle_notebook_loading(password, notebook_login_url, notebook_access_url);
+        test_ie_availability(notebook_pubkey_url, function(){
+            var payload = username + "\n" + ie_password;
+            $.ajax({
+                type: 'GET',
+                url: notebook_pubkey_url,
+                success: function(response_text){
+                    var chunks = response_text.split(':', 2);
+                    var exp = chunks[0];
+                    var mod = chunks[1];
+                    console.log("Found " + exp +" and " + mod);
+                    var rsa = new RSAKey();
+                    rsa.setPublic(mod, exp);
+                    console.log("Encrypting '" + username + "', '" + ie_password + "'");
+                    var enc_hex = rsa.encrypt(payload);
+                    var encrypted = hex2b64(enc_hex);
+                    console.log("E: " + encrypted);
+                    _handle_notebook_loading(encrypted, notebook_login_url, notebook_access_url);
+                }
+            });
+
         });
     });
 }
@@ -52,9 +62,10 @@ function _handle_notebook_loading(password, notebook_login_url, notebook_access_
             url: notebook_login_url,
             // With our password
             data: {
-                'package': password,
+                'v': password,
                 'persist': 1,
-                'clientPath': window.location.pathname,
+                'clientPath': '/rstudio/auth-sign-in',
+                'appUri': '',
             },
             xhrFields: {
                 withCredentials: true
diff --git a/templates/rstudio.mako b/templates/rstudio.mako
@@ -8,8 +8,10 @@ import subprocess
 
 # Sets ID and sets up a lot of other variables
 ie.set_id("rstudio")
-# Inform the IE of the remote port on docker's end
-ie.attr.docker_port = 8787
+# In order to keep 302 redirects happy, nginx needs to be aware there's a proxy in front of it,
+# which may be using a different port. As a result, we have to start nginx on whichever port it is
+# we plan to use.
+ie.attr.docker_port = ie.attr.PORT
 # Create tempdir in galaxy
 temp_dir = os.path.abspath( tempfile.mkdtemp() )
 # Write out conf file...needs work
@@ -18,38 +20,27 @@ USERNAME = "galaxy"
 
 ## General IE specific
 # Access URLs for the notebook from within galaxy.
-notebook_access_url = ie.url_template('${PROTO}://${HOST}/auth-sign-in')
-notebook_login_url = ie.url_template('${PROTO}://${HOST}/auth-sign-in')
+notebook_pubkey_url = ie.url_template('${PROTO}://${HOST}/rstudio/auth-public-key')
+notebook_access_url = ie.url_template('${PROTO}://${HOST}/rstudio/')
+notebook_login_url = ie.url_template('${PROTO}://${HOST}/rstudio/auth-do-sign-in')
 
 docker_cmd = ie.docker_cmd(temp_dir)
 subprocess.call(docker_cmd, shell=True)
 print docker_cmd
-
-time.sleep(5)
-
-try:
-    # Get n, e from public key file
-    with open(os.path.join(temp_dir, 'rserver_pub_key'), 'r') as pub_key_handle:
-        n, e = pub_key_handle.read().split(':')
-except:
-    n = 0
-    e = 0
-    pass
-
-
 %>
 <html>
 <head>
 ${ ie.load_default_js() }
 </head>
 <body>
 
+${ ie.attr.notebook_pw }
 <script type="text/javascript">
 ${ ie.default_javascript_variables() }
 var notebook_login_url = '${ notebook_login_url }';
 var notebook_access_url = '${ notebook_access_url }';
+var notebook_pubkey_url = '${ notebook_pubkey_url }';
 var notebook_username = '${ USERNAME }';
-var payload = "${ USERNAME }" + "\n" + ie_password;
 require.config({
     baseUrl: app_root,
     paths: {
@@ -66,11 +57,7 @@ requirejs([
     'crypto/jsbn',
     'crypto/base64'
 ], function(){
-    var rsa = new RSAKey();
-    rsa.setPublic("${ e }", "${ n }");
-    var res = rsa.encrypt(payload);
-    var v = hex2b64(res);
-    load_notebook(v, notebook_login_url, notebook_access_url);
+    load_notebook(notebook_login_url, notebook_access_url, notebook_pubkey_url, "${ USERNAME }");
 });
 </script>
 <div id="main" width="100%" height="100%">
