adal 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (98) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +5 -0
  3. data/.rubocop.yml +7 -0
  4. data/.travis.yml +7 -0
  5. data/Gemfile +25 -0
  6. data/LICENSE.txt +21 -0
  7. data/README.md +97 -0
  8. data/Rakefile +39 -0
  9. data/adal.gemspec +52 -0
  10. data/contributing.md +127 -0
  11. data/lib/adal.rb +24 -0
  12. data/lib/adal/authentication_context.rb +202 -0
  13. data/lib/adal/authentication_parameters.rb +126 -0
  14. data/lib/adal/authority.rb +165 -0
  15. data/lib/adal/cache_driver.rb +171 -0
  16. data/lib/adal/cached_token_response.rb +190 -0
  17. data/lib/adal/client_assertion.rb +63 -0
  18. data/lib/adal/client_assertion_certificate.rb +89 -0
  19. data/lib/adal/client_credential.rb +46 -0
  20. data/lib/adal/core_ext.rb +26 -0
  21. data/lib/adal/core_ext/hash.rb +34 -0
  22. data/lib/adal/jwt_parameters.rb +39 -0
  23. data/lib/adal/logger.rb +90 -0
  24. data/lib/adal/logging.rb +98 -0
  25. data/lib/adal/memory_cache.rb +95 -0
  26. data/lib/adal/mex_request.rb +52 -0
  27. data/lib/adal/mex_response.rb +141 -0
  28. data/lib/adal/noop_cache.rb +38 -0
  29. data/lib/adal/oauth_request.rb +76 -0
  30. data/lib/adal/request_parameters.rb +48 -0
  31. data/lib/adal/self_signed_jwt_factory.rb +96 -0
  32. data/lib/adal/templates/rst.13.xml.erb +35 -0
  33. data/lib/adal/templates/rst.2005.xml.erb +32 -0
  34. data/lib/adal/token_request.rb +231 -0
  35. data/lib/adal/token_response.rb +144 -0
  36. data/lib/adal/user_assertion.rb +57 -0
  37. data/lib/adal/user_credential.rb +152 -0
  38. data/lib/adal/user_identifier.rb +83 -0
  39. data/lib/adal/user_information.rb +49 -0
  40. data/lib/adal/util.rb +49 -0
  41. data/lib/adal/version.rb +36 -0
  42. data/lib/adal/wstrust_request.rb +100 -0
  43. data/lib/adal/wstrust_response.rb +168 -0
  44. data/lib/adal/xml_namespaces.rb +64 -0
  45. data/samples/authorization_code_example/README.md +10 -0
  46. data/samples/authorization_code_example/web_app.rb +139 -0
  47. data/samples/client_assertion_certificate_example/README.md +42 -0
  48. data/samples/client_assertion_certificate_example/app.rb +55 -0
  49. data/samples/on_behalf_of_example/README.md +35 -0
  50. data/samples/on_behalf_of_example/native_app.rb +52 -0
  51. data/samples/on_behalf_of_example/web_api.rb +71 -0
  52. data/samples/user_credentials_example/README.md +7 -0
  53. data/samples/user_credentials_example/app.rb +52 -0
  54. data/spec/adal/authentication_context_spec.rb +186 -0
  55. data/spec/adal/authentication_parameters_spec.rb +107 -0
  56. data/spec/adal/authority_spec.rb +122 -0
  57. data/spec/adal/cache_driver_spec.rb +191 -0
  58. data/spec/adal/cached_token_response_spec.rb +148 -0
  59. data/spec/adal/client_assertion_certificate_spec.rb +113 -0
  60. data/spec/adal/client_assertion_spec.rb +38 -0
  61. data/spec/adal/core_ext/hash_spec.rb +47 -0
  62. data/spec/adal/logging_spec.rb +48 -0
  63. data/spec/adal/memory_cache_spec.rb +107 -0
  64. data/spec/adal/mex_request_spec.rb +57 -0
  65. data/spec/adal/mex_response_spec.rb +143 -0
  66. data/spec/adal/self_signed_jwt_factory_spec.rb +63 -0
  67. data/spec/adal/token_request_spec.rb +150 -0
  68. data/spec/adal/token_response_spec.rb +102 -0
  69. data/spec/adal/user_credential_spec.rb +125 -0
  70. data/spec/adal/user_identifier_spec.rb +115 -0
  71. data/spec/adal/wstrust_request_spec.rb +51 -0
  72. data/spec/adal/wstrust_response_spec.rb +152 -0
  73. data/spec/fixtures/mex/insecureaddress.xml +924 -0
  74. data/spec/fixtures/mex/invalid_namespaces.xml +916 -0
  75. data/spec/fixtures/mex/malformed.xml +914 -0
  76. data/spec/fixtures/mex/microsoft.xml +916 -0
  77. data/spec/fixtures/mex/multiple_endpoints.xml +922 -0
  78. data/spec/fixtures/mex/no_matching_bindings.xml +916 -0
  79. data/spec/fixtures/mex/no_username_token_policies.xml +914 -0
  80. data/spec/fixtures/mex/no_wstrust_endpoints.xml +838 -0
  81. data/spec/fixtures/mex/only_13.xml +842 -0
  82. data/spec/fixtures/mex/only_2005.xml +842 -0
  83. data/spec/fixtures/oauth/error.json +1 -0
  84. data/spec/fixtures/oauth/success.json +1 -0
  85. data/spec/fixtures/oauth/success_with_id_token.json +1 -0
  86. data/spec/fixtures/wstrust/error.xml +24 -0
  87. data/spec/fixtures/wstrust/invalid_namespaces.xml +136 -0
  88. data/spec/fixtures/wstrust/missing_security_tokens.xml +90 -0
  89. data/spec/fixtures/wstrust/success.xml +136 -0
  90. data/spec/fixtures/wstrust/token.xml +1 -0
  91. data/spec/fixtures/wstrust/too_many_security_tokens.xml +219 -0
  92. data/spec/fixtures/wstrust/unrecognized_token_type.xml +136 -0
  93. data/spec/fixtures/wstrust/wstrust.13.xml +1 -0
  94. data/spec/fixtures/wstrust/wstrust.2005.xml +89 -0
  95. data/spec/spec_helper.rb +53 -0
  96. data/spec/support/fake_data.rb +40 -0
  97. data/spec/support/fake_token_endpoint.rb +108 -0
  98. metadata +265 -0
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: c96492646dd174e111a054d678cd34b5563ff70a
4
+ data.tar.gz: 7066e6d539a67d4f13f4a1c2aca63f85308c3cd8
5
+ SHA512:
6
+ metadata.gz: c4563d608dac6f70d178c553bbbb146b0d6821e0aeae7b45bac8f6ae95923845d26fda3018fe9cc96ac20fc42005e689d39fd72f4695c6da8621d1c611bcad3e
7
+ data.tar.gz: ff604ebc6495fa3509bcb4411c51bde99d08597a8c91755be7b4d44b71a6245469533894d93c95e7767c5f3fd67195a39cb2b6d8a1faeeab98cc4aeefb242099
@@ -0,0 +1,5 @@
1
+ *.swp
2
+ *.gem
3
+ Gemfile.lock
4
+ doc
5
+ coverage
@@ -0,0 +1,7 @@
1
+ # This file lists exceptions to the default configuration, which can be found at
2
+ # https://github.com/bbatsov/rubocop/tree/master/config.
3
+
4
+ AllCops:
5
+ Exclude:
6
+ # Ignore XML templates.
7
+ - '**/*.erb'
@@ -0,0 +1,7 @@
1
+ language: ruby
2
+
3
+ rvm:
4
+ - 2.1
5
+ - 2.2
6
+
7
+ script: bundle exec rake spec
data/Gemfile ADDED
@@ -0,0 +1,25 @@
1
+ #-------------------------------------------------------------------------------
2
+ # Copyright (c) 2015 Micorosft Corporation
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
5
+ # of this software and associated documentation files (the "Software"), to deal
6
+ # in the Software without restriction, including without limitation the rights
7
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ # copies of the Software, and to permit persons to whom the Software is
9
+ # furnished to do so, subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in
12
+ # all copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20
+ # THE SOFTWARE.
21
+ #-------------------------------------------------------------------------------
22
+
23
+ source 'https://rubygems.org'
24
+
25
+ gemspec
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2015 Micorosft Corporation
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,97 @@
1
+ # Windows Azure Active Directory Authentication Library (ADAL) for Ruby
2
+ [![Build Status](https://travis-ci.org/Azure/azure-activedirectory-library-for-ruby.png?branch=dev)](https://travis-ci.org/AzureAD/azure-activedirectory-library-for-ruby)
3
+
4
+ The ADAL for Ruby library makes it easy for Ruby applications to authenticate to AAD in order to access AAD protected web resources.
5
+
6
+ ## Installation
7
+
8
+ You can install the ADAL gem with Rubygems.
9
+
10
+ ```
11
+ gem install adal
12
+ ```
13
+
14
+ Alternatively, you can build the gem from scratch.
15
+
16
+ ```
17
+ git clone git@github.com:AzureAD/azure-activedirectory-for-ruby.git
18
+ cd azure-activedirectory-for-ruby
19
+ gem build adal.gemspec
20
+ gem install adal
21
+ ```
22
+
23
+ ## Samples
24
+
25
+ The `samples` folder contains several applications demonstrating different ways to authenticate. None of the samples will work out of the box, they require set-up and configuration through the Azure portal. Make sure to check out the README for each sample to get them running.
26
+
27
+ ## How to run tests
28
+
29
+ The tests in this repo use the RSpec framework for behavior-driven testing. RSpec can be invoked directly or as a Rake task. The preferred way to execute the test suite is
30
+
31
+ Checkout the repo
32
+
33
+ `git clone git@github.com:AzureAD/azure-activedirectory-library-for-ruby`
34
+
35
+ Install the dependencies
36
+
37
+ `bundle install`
38
+
39
+ Run the tests
40
+
41
+ `bundle exec rake spec`
42
+
43
+ ## How to run Rubocop
44
+
45
+ This gem abides by the [Rubocop](https://github.com/bbatsov/rubocop) defaults. Rubocop is set up as a Rake task. The preferred way to execute Rubocop for this repo is
46
+
47
+ Checkout the repo
48
+
49
+ `git clone git@github.com:AzureAD/azure-activedirectory-library-for-ruby`
50
+
51
+ Install the dependencies
52
+
53
+ `bundle install`
54
+
55
+ Run Rubocop
56
+
57
+ `bundle exec rake rubocop`
58
+
59
+ ## Diagnostics
60
+
61
+ **Logs, correlation ids and timestamps are required with all requests for help in debugging.**
62
+
63
+ You can configure ADAL to generate log messages that you can use to help diagnose issues. The log outputs are standard to Ruby's built-in logger. An example ADAL log message looks like this:
64
+
65
+ ```
66
+ I, [2015-08-18T06:58:12.767490 #9231] INFO -- 969f3e30-8f42-4342-b135-f5c754a6b4a8: Multiple WS-Trust endpoints were found in the mex response. Only one was used.
67
+ ```
68
+
69
+ The `I` is a shorthand for `INFO` that makes parsing logs easier. ADAL supports five different logging levels, `VERBOSE`, `INFO`, `WARN`, `ERROR` and `FATAL`. The timestamp is taken from the client machine. The GUID before the message is a correlation id that is used to track logs from the client to the server.
70
+
71
+
72
+ To set the lowest log level to output, include something like this in your configuration:
73
+
74
+ ```
75
+ ADAL::Logging.log_level = ADAL::Logger::VERBOSE
76
+ ```
77
+
78
+ By default, ADAL logs are printed to `STDOUT`. To change the log output, pass a Ruby `IO` object to ADAL like this in your configuration:
79
+
80
+ ```
81
+ ADAL::Logging.log_output = File.open('/path/to/adal.logs', 'w')
82
+ ```
83
+
84
+ ## Community Help and Support
85
+
86
+ We leverage [Stack Overflow](http://stackoverflow.com/) to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.
87
+
88
+ We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: [http://stackoverflow.com/questions/tagged/adal](http://stackoverflow.com/questions/tagged/adal)
89
+
90
+ ## Contributing
91
+
92
+ All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. You can fork the repo and start contributing now. [More details](https://github.com/AzureAD/azure-activedirectory-library-for-ruby/blob/master/contributing.md) about contributing.
93
+
94
+
95
+ ## License
96
+
97
+ Copyright (c) Microsoft Corporation. Licensed under the MIT License.
@@ -0,0 +1,39 @@
1
+ #-------------------------------------------------------------------------------
2
+ # Copyright (c) 2015 Micorosft Corporation
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
5
+ # of this software and associated documentation files (the "Software"), to deal
6
+ # in the Software without restriction, including without limitation the rights
7
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ # copies of the Software, and to permit persons to whom the Software is
9
+ # furnished to do so, subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in
12
+ # all copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20
+ # THE SOFTWARE.
21
+ #-------------------------------------------------------------------------------
22
+
23
+ require 'rake'
24
+ require 'rspec/core/rake_task'
25
+ require 'rubocop/rake_task'
26
+
27
+ # This can be run with `bundle exec rake spec`.
28
+ RSpec::Core::RakeTask.new(:spec) do |t|
29
+ t.pattern = `git ls-files`.split("\n").select { |f| f.end_with? 'spec.rb' }
30
+ t.rspec_opts = '--format documentation'
31
+ end
32
+
33
+ # This can be run with `bundle exec rake rubocop`.
34
+ RuboCop::RakeTask.new(:rubocop) do |t|
35
+ t.patterns = `git ls-files`.split("\n").select { |f| f.end_with? '.rb' }
36
+ t.fail_on_error = false
37
+ end
38
+
39
+ task default: :spec
@@ -0,0 +1,52 @@
1
+ #-------------------------------------------------------------------------------
2
+ # Copyright (c) 2015 Micorosft Corporation
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
5
+ # of this software and associated documentation files (the "Software"), to deal
6
+ # in the Software without restriction, including without limitation the rights
7
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ # copies of the Software, and to permit persons to whom the Software is
9
+ # furnished to do so, subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in
12
+ # all copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20
+ # THE SOFTWARE.
21
+ #-------------------------------------------------------------------------------
22
+
23
+ require File.expand_path('../lib/adal/version', __FILE__)
24
+
25
+ Gem::Specification.new do |s|
26
+ s.name = 'adal'
27
+ s.version = ADAL::Version
28
+
29
+ s.summary = 'ADAL for Ruby'
30
+ s.description = 'Windows Azure Active Directory authentication client library'
31
+ s.homepage = 'http://github.com/AzureAD/azure-activedirectory-library-for-ruby'
32
+ s.license = 'MIT'
33
+
34
+ s.require_paths = ['lib']
35
+ s.files = `git ls-files`.split("\n")
36
+
37
+ s.author = 'Microsoft Corporation'
38
+ s.email = 'nugetaad@microsoft.com'
39
+
40
+ s.required_ruby_version = '>= 2.1.0'
41
+
42
+ s.add_runtime_dependency 'jwt', '~> 1.5'
43
+ s.add_runtime_dependency 'nokogiri', '~> 1.6'
44
+ s.add_runtime_dependency 'uri_template', '~> 0.7'
45
+
46
+ s.add_development_dependency 'rake', '~> 10.4'
47
+ s.add_development_dependency 'rspec', '~> 3.3'
48
+ s.add_development_dependency 'rubocop', '~> 0.32'
49
+ s.add_development_dependency 'simplecov', '~> 0.10'
50
+ s.add_development_dependency 'sinatra', '~> 1.4'
51
+ s.add_development_dependency 'webmock', '~> 1.21'
52
+ end
@@ -0,0 +1,127 @@
1
+ # CONTRIBUTING
2
+
3
+ Azure Active Directory SDK projects welcomes new contributors. This document will guide you
4
+ through the process.
5
+
6
+ ### CONTRIBUTOR LICENSE AGREEMENT
7
+
8
+ Please visit [https://cla.microsoft.com/](https://cla.microsoft.com/) and sign the Contributor License
9
+ Agreement. You only need to do that once. We can not look at your code until you've submitted this request.
10
+
11
+
12
+ ### FORK
13
+
14
+ Fork the project [on GitHub][] and check out
15
+ your copy.
16
+
17
+ Example for Ruby:
18
+
19
+ ```
20
+ $ git clone git@github.com:username/azure-activedirectory-library-for-ruby.git
21
+ $ cd azure-activedirectory-library-for-ruby
22
+ $ git remote add upstream git@github.com:AzureAD/azure-activedirectory-library-for-ruby.git
23
+ ```
24
+
25
+ Now decide if you want your feature or bug fix to go into the dev branch
26
+ or the master branch. **All bug fixes and new features should go into the dev branch.**
27
+
28
+ The master branch is effectively frozen; patches that change the SDKs
29
+ protocols or API surface area or affect the run-time behavior of the SDK will be rejected.
30
+
31
+ Some of our SDKs have bundled dependencies that are not part of the project proper. Any changes to files in those directories or its subdirectories should be sent to their respective
32
+ projects. Do not send your patch to us, we cannot accept it.
33
+
34
+ In case of doubt, open an issue in the [issue tracker][].
35
+
36
+ Especially do so if you plan to work on a major change in functionality. Nothing is more
37
+ frustrating than seeing your hard work go to waste because your vision
38
+ does not align with our goals for the SDK.
39
+
40
+
41
+ ### BRANCH
42
+
43
+ Okay, so you have decided on the proper branch. Create a feature branch
44
+ and start hacking:
45
+
46
+ ```
47
+ $ git checkout -b topic/my-feature-branch
48
+ ```
49
+
50
+
51
+ ### COMMIT
52
+
53
+ Make sure git knows your name and email address:
54
+
55
+ ```
56
+ $ git config --global user.name "J. Random User"
57
+ $ git config --global user.email "j.random.user@example.com"
58
+ ```
59
+
60
+ Writing good commit logs is important. A commit log should describe what
61
+ changed and why. Follow these guidelines when writing one:
62
+
63
+ 1. The first line should be 50 characters or less and contain a short
64
+ description of the change prefixed with the name of the changed
65
+ subsystem (e.g. "net: add localAddress and localPort to Socket").
66
+ 2. Keep the second line blank.
67
+ 3. Wrap all other lines at 72 columns.
68
+
69
+ A good commit log looks like this:
70
+
71
+ ```
72
+ fix: explaining the commit in one line
73
+
74
+ Body of commit message is a few lines of text, explaining things
75
+ in more detail, possibly giving some background about the issue
76
+ being fixed, etc etc.
77
+
78
+ The body of the commit message can be several paragraphs, and
79
+ please do proper word-wrap and keep columns shorter than about
80
+ 72 characters or so. That way `git log` will show things
81
+ nicely even when it is indented.
82
+ ```
83
+
84
+ The header line should be meaningful; it is what other people see when they
85
+ run `git shortlog` or `git log --oneline`.
86
+
87
+ Check the output of `git log --oneline files_that_you_changed` to find out
88
+ what directories your changes touch.
89
+
90
+
91
+ ### REBASE
92
+
93
+ Use `git rebase` (not `git merge`) to sync your work from time to time.
94
+
95
+ ```
96
+ $ git fetch upstream
97
+ $ git rebase upstream/v0.1 # or upstream/master
98
+ ```
99
+
100
+
101
+ ### TEST
102
+
103
+ Bug fixes and features should come with tests. Add your tests in the
104
+ test directory. This varies by repository but often follows the same convention of /src/test. Look at other tests to see how they should be
105
+ structured (license boilerplate, common includes, etc.).
106
+
107
+
108
+ Make sure that all tests pass.
109
+
110
+
111
+ ### PUSH
112
+
113
+ ```
114
+ $ git push origin topic/my-feature-branch
115
+ ```
116
+
117
+ Go to https://github.com/username/azure-activedirectory-library-for-ruby.git and select your feature branch. Click
118
+ the 'Pull Request' button and fill out the form.
119
+
120
+ Pull requests are usually reviewed within a few days. If there are comments
121
+ to address, apply your changes in a separate commit and push that to your
122
+ feature branch. Post a comment in the pull request afterwards; GitHub does
123
+ not send out notifications when you add commits.
124
+
125
+
126
+ [on GitHub]: https://github.com/AzureAD/azure-activedirectory-library-for-ruby
127
+ [issue tracker]: https://github.com/AzureAD/azure-activedirectory-library-for-ruby/issues
@@ -0,0 +1,24 @@
1
+ #-------------------------------------------------------------------------------
2
+ # Copyright (c) 2015 Micorosft Corporation
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
5
+ # of this software and associated documentation files (the "Software"), to deal
6
+ # in the Software without restriction, including without limitation the rights
7
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ # copies of the Software, and to permit persons to whom the Software is
9
+ # furnished to do so, subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in
12
+ # all copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20
+ # THE SOFTWARE.
21
+ #-------------------------------------------------------------------------------
22
+
23
+ # Extract all Ruby files in $DIR/lib/adal/ regardless of where the gem is built.
24
+ Dir[File.expand_path('../adal/*.rb', __FILE__)].each { |f| require_relative f }
@@ -0,0 +1,202 @@
1
+ #-------------------------------------------------------------------------------
2
+ # Copyright (c) 2015 Micorosft Corporation
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
5
+ # of this software and associated documentation files (the "Software"), to deal
6
+ # in the Software without restriction, including without limitation the rights
7
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ # copies of the Software, and to permit persons to whom the Software is
9
+ # furnished to do so, subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in
12
+ # all copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20
+ # THE SOFTWARE.
21
+ #-------------------------------------------------------------------------------
22
+
23
+ require_relative './authority'
24
+ require_relative './core_ext'
25
+ require_relative './memory_cache'
26
+ require_relative './request_parameters'
27
+ require_relative './token_request'
28
+ require_relative './util'
29
+
30
+ using ADAL::CoreExt
31
+
32
+ module ADAL
33
+ # Retrieves authentication tokens from Azure Active Directory and ADFS
34
+ # services. For most users, this is the primary class to authenticate an
35
+ # application.
36
+ class AuthenticationContext
37
+ include RequestParameters
38
+ include Util
39
+
40
+ ##
41
+ # Creates a new AuthenticationContext.
42
+ #
43
+ # @param String authority_host
44
+ # The host name of the authority to verify against, e.g.
45
+ # 'login.windows.net'.
46
+ # @param String tenant
47
+ # The tenant to authenticate to, e.g. 'contoso.onmicrosoft.com'.
48
+ # @optional Boolean validate_authority
49
+ # Whether the authority should be checked for validity before making
50
+ # token requests. Defaults to false.
51
+ # @optional TokenCache token_cache
52
+ # An cache that ADAL will use to store access tokens and refresh tokens
53
+ # in. By default an empty in-memory cache is created. An existing cache
54
+ # can be used to data persistence.
55
+ def initialize(authority_host = Authority::WORLD_WIDE_AUTHORITY,
56
+ tenant = Authority::COMMON_TENANT,
57
+ options = {})
58
+ fail_if_arguments_nil(authority_host, tenant)
59
+ validate_authority = options[:validate_authority] || false
60
+ @authority = Authority.new(authority_host, tenant, validate_authority)
61
+ @token_cache = options[:token_cache] || MemoryCache.new
62
+ end
63
+
64
+ public
65
+
66
+ ##
67
+ # Gets an access token with only the clients credentials and no user
68
+ # information.
69
+ #
70
+ # @param String resource
71
+ # The resource being requested.
72
+ # @param ClientCredential|ClientAssertion|ClientAssertionCertificate
73
+ # An object that validates the client application by adding
74
+ # #request_params to the OAuth request.
75
+ # @return TokenResponse
76
+ def acquire_token_for_client(resource, client_cred)
77
+ fail_if_arguments_nil(resource, client_cred)
78
+ token_request_for(client_cred).get_for_client(resource)
79
+ end
80
+
81
+ ##
82
+ # Gets an access token with a previously acquire authorization code.
83
+ #
84
+ # @param String auth_code
85
+ # The authorization code that was issued by the authorization server.
86
+ # @param URI redirect_uri
87
+ # The URI that was passed to the authorization server with the request
88
+ # for the authorization code.
89
+ # @param ClientCredential|ClientAssertion|ClientAssertionCertificate
90
+ # An object that validates the client application by adding
91
+ # #request_params to the OAuth request.
92
+ # @optional String resource
93
+ # The resource being requested.
94
+ # @return TokenResponse
95
+ def acquire_token_with_authorization_code(
96
+ auth_code, redirect_uri, client_cred, resource = nil)
97
+ fail_if_arguments_nil(auth_code, redirect_uri, client_cred)
98
+ token_request_for(client_cred)
99
+ .get_with_authorization_code(auth_code, redirect_uri, resource)
100
+ end
101
+
102
+ ##
103
+ # Gets an access token using a previously acquire refresh token.
104
+ #
105
+ # @param String refresh_token
106
+ # The previously acquired refresh token.
107
+ # @param String|ClientCredential|ClientAssertion|ClientAssertionCertificate
108
+ # The client application can be validated in four different manners,
109
+ # depending on the OAuth flow. This object must support #request_params.
110
+ # @optional String resource
111
+ # The resource being requested.
112
+ # @return TokenResponse
113
+ def acquire_token_with_refresh_token(
114
+ refresh_token, client_cred, resource = nil)
115
+ fail_if_arguments_nil(refresh_token, client_cred)
116
+ token_request_for(client_cred)
117
+ .get_with_refresh_token(refresh_token, resource)
118
+ end
119
+
120
+ ##
121
+ # Gets an acccess token with a previously acquired user token.
122
+ # Gets an access token for a specific user. This method is relevant for
123
+ # three authentication scenarios:
124
+ #
125
+ # 1. Username/Password flow:
126
+ # Pass in the username and password wrapped in an ADAL::UserCredential.
127
+ #
128
+ # 2. On-Behalf-Of flow:
129
+ # This allows web services to accept access tokens users and then exchange
130
+ # them for access tokens for a different resource. Note that to use this
131
+ # flow you must properly configure permissions settings in the Azure web
132
+ # portal. Pass in the access token wrapped in an ADAL::UserAssertion.
133
+ #
134
+ # 3. User Identifier flow:
135
+ # This will not make any network connections but will merely check the cache
136
+ # for existing tokens matching the request.
137
+ #
138
+ # @param String resource
139
+ # The intended recipient of the requested token.
140
+ # @param ClientCredential|ClientAssertion|ClientAssertionCertificate
141
+ # An object that validates the client application by adding
142
+ # #request_params to the OAuth request.
143
+ # @param UserAssertion|UserCredential|UserIdentifier
144
+ # An object that validates the client that the requested access token is
145
+ # for. See the description above of the various flows.
146
+ # @return TokenResponse
147
+ def acquire_token_for_user(resource, client_cred, user)
148
+ fail_if_arguments_nil(resource, client_cred, user)
149
+ token_request_for(client_cred)
150
+ .get_with_user_credential(user, resource)
151
+ end
152
+
153
+ ##
154
+ # Constructs a URL for an authorization endpoint using query parameters.
155
+ #
156
+ # @param String resource
157
+ # The intended recipient of the requested token.
158
+ # @param String client_id
159
+ # The identifier of the calling client application.
160
+ # @param URI redirect_uri
161
+ # The URI that the the authorization code should be sent back to.
162
+ # @optional Hash extra_query_params
163
+ # Any remaining query parameters to add to the URI.
164
+ # @return URI
165
+ def authorization_request_url(
166
+ resource, client_id, redirect_uri, extra_query_params = {})
167
+ @authority.authorize_endpoint(
168
+ extra_query_params.reverse_merge(
169
+ client_id: client_id,
170
+ response_mode: FORM_POST,
171
+ redirect_uri: redirect_uri,
172
+ resource: resource,
173
+ response_type: CODE))
174
+ end
175
+
176
+ ##
177
+ # Sets the correlation id that will be used in all future request headers
178
+ # and logs.
179
+ #
180
+ # @param String value
181
+ # The UUID to use as the correlation for all subsequent requests.
182
+ def correlation_id=(value)
183
+ Logging.correlation_id = value
184
+ end
185
+
186
+ private
187
+
188
+ # Helper function for creating token requests based on client credentials
189
+ # and the current authentication context.
190
+ def token_request_for(client_cred)
191
+ TokenRequest.new(@authority, wrap_client_cred(client_cred), @token_cache)
192
+ end
193
+
194
+ def wrap_client_cred(client_cred)
195
+ if client_cred.is_a? String
196
+ ClientCredential.new(client_cred)
197
+ else
198
+ client_cred
199
+ end
200
+ end
201
+ end
202
+ end