adva_user 0.0.1

data/vendor/gems/authentication/lib/authentication/active_record_extensions.rb

@@ -0,0 +1,11 @@
+class ActiveRecord::Base
+    # Utility method to easily see if the model contains all columns
+    # given. Most authentication modules use this to see if they are
+    # enabled or not by checking for their required columns.
+    def self.includes_all_columns?(*columns)
+      columns = columns.flatten.compact
+      columns.collect! {|c| c.to_s}
+
+      columns.all? {|c| self.column_names.include? c}
+    end
+end

data/vendor/gems/authentication/lib/authentication/bogus.rb

@@ -0,0 +1,13 @@
+module Authentication
+
+  # A fake authentication system for use in a development environments.
+  # This is ideal for cases where the productino environment uses some
+  # complex authentication that cannot be simulated in the development
+  # environment easily.
+  class Bogus
+
+    # Any password will authenticate. This is to encourage people
+    # to not use this in the production environment.
+    def authenticate(user, password); true end
+  end
+end

data/vendor/gems/authentication/lib/authentication/hash_helper.rb

@@ -0,0 +1,26 @@
+require 'digest/sha1'
+
+module Authentication
+
+  # Generating a hash is a common task across many authentication
+  # modules. This mixin makes the task easier.
+  module HashHelper
+    protected
+
+    # Will hash the given string based on the given salt. The default
+    # salt is the site salt. This is defined by the constant
+    # AUTHENTICATION_SALT. If not defined then the installation
+    # directory of the application will be used as the site salt.
+    def hash_string(string, salt=site_salt)
+      Digest::SHA1.hexdigest("#{salt}---#{string}")
+    end
+
+    private
+
+    # Will retrieve the site salt.
+    def site_salt
+      return AUTHENTICATION_SALT if Object.const_defined? 'AUTHENTICATION_SALT'
+      File.expand_path Rails.root
+    end
+  end
+end

data/vendor/gems/authentication/lib/authentication/ldap.rb

@@ -0,0 +1,49 @@
+require 'ldap'
+
+module Authentication
+
+class Ldap
+  attr_reader :options
+
+  def initialize(options={})
+    @options = options.reverse_merge(
+      :host => '127.0.0.1',
+      :port => LDAP::LDAP_PORT,
+      :base => "dc=example,dc=com",
+      :bind_dn => nil,
+      :bind_password => nil,
+      :uid_attribute => "uid",    # uid for ldap ; sAMAccountName for AD
+      :uid_column => 'name'
+    )
+  end
+
+  def authenticate(user, password)
+    # connect to the ldap server
+    conn = LDAP::Conn.new(options[:host],options[:port])
+    # using proto v3
+    conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
+    # optionally bind as specific user
+    conn.bind(options[:bind_dn],options[:bind_password]) if options[:bind_dn]
+    # get the user uid from active record object
+    uid = user.send options[:uid_column]
+    # search the DN is the ldap using the uid on the specified attribute
+    res = conn.search2(options[:base],LDAP::LDAP_SCOPE_SUBTREE,"#{options[:uid_attribute]}=#{uid}",['dn'])
+    if ! res.empty?
+      dn = res[0]['dn'][0]
+      begin
+        conn.unbind if conn.bound?
+        conn.simple_bind(dn,password)
+        conn.unbind
+        conn = nil
+        return true
+      rescue LDAP::ResultError => e
+        return false
+      end
+    end
+    return false
+  end
+
+end
+
+end
+

data/vendor/gems/authentication/lib/authentication/remember_me.rb

@@ -0,0 +1,52 @@
+require 'authentication/hash_helper'
+
+module Authentication
+
+  # This token module works mostly like the SingleToken module with
+  # three differences:
+  #
+  # * It uses a different field name (remember_me CHAR(40))
+  # * It doesn't care about any expiration time set
+  # * It will only assign a token if the token name is /remember.?me/i
+  #
+  # This module is ideally suited for the remember me functionality
+  # because of these changes. This module would probably not be
+  # necessary if you are using a token module that supports more than
+  # one token. Since the default one (SingleToken) only supports one
+  # we need a seperate module for the remember me functionality so
+  # we can basically now store two tokens by default.
+  #
+  # This module supports the same "verified_at" hidden feature that
+  # the Authentication::SaltedHash module supports
+  class RememberMe
+    include HashHelper
+
+    # Will test to see if the given remember me key is valid
+    def authenticate(user, key)
+      return false unless valid_model? user
+      return false unless key.to_s.length == 40
+
+      conditions = ['id = ? AND remember_me = ?', user.id, hash_string(key)]
+      conditions[0] << ' AND verified_at IS NOT NULL' if user.respond_to? :verified_at
+      0 < user.class.count(:conditions => conditions)
+    end
+
+    # Will create a new remember me token. We will ignore the expiration
+    # since a remember me is always forever.
+    def assign_token(user, name, expire=nil)
+      return nil unless valid_model? user
+      return nil unless name =~ /remember.?me/i
+
+      token = hash_string "remember-me-#{Time.zone.now}"
+      user.remember_me = hash_string token
+      token
+    end
+
+    private
+
+    # This functionality is only used if remember me an available column
+    def valid_model?(user)
+      user.class.column_names.include? 'remember_me'
+    end
+  end
+end

data/vendor/gems/authentication/lib/authentication/salted_hash.rb

@@ -0,0 +1,53 @@
+require 'authentication/hash_helper'
+
+module Authentication
+  # Implements a basic salted hash authentication is the model's table.
+  # The model must implement the fields "password_hash" and
+  # "password_salt". If those fields are not implemented then this
+  # module cannot authenticate the user. These fields should be a
+  # string of 40 characters.
+  #
+  # NOTE: Some concepts here were borrowed from the Salted Login
+  # Generator/Engine. I am not a security expert but this seems like it
+  # would be quite safe and implements "best practice" methods for
+  # authentication. I'm sure there are better ones but this is much
+  # better than my old apps which used clear text passwords in the
+  # databse. :)
+  #
+  # NOTE: There is a hidden feature here. If the model contains
+  # the column "verified_at" then the user will not authenticate
+  # until the verified_at column has a value. This is to support the
+  # common practice of requiring a user to verify their email address
+  # before being able to login. If the column is not defined then
+  # the user can login as long as their password is correct.
+  class SaltedHash
+    include HashHelper
+
+    # Carries out actual authentication procedure. If the password
+    # given is correct for the given user then true is returned.
+    # Otherwise false will be returned.
+    def authenticate(user, password)
+      return false unless valid_model?(user)
+
+      password_hash = hash_string password, user.password_salt
+      conditions = ['id = ? AND password_hash = ?', user.id, password_hash]
+      conditions[0] << ' AND verified_at IS NOT NULL' if user.respond_to? :verified_at
+      0 < user.class.where(conditions).count
+    end
+
+    # Will assign a new password for the given user.
+    def assign_password(user, password)
+      return unless valid_model? user
+
+      user.password_salt = hash_string "salt-#{Time.zone.now}"
+      user.password_hash = hash_string password, user.password_salt
+    end
+
+    private
+
+    # True if password_hash and password_salt not in the table
+    def valid_model?(user)
+      user.class.includes_all_columns? :password_hash, :password_salt
+    end
+  end
+end

data/vendor/gems/authentication/lib/authentication/single_token.rb

@@ -0,0 +1,53 @@
+require 'authentication/hash_helper'
+
+module Authentication
+  # Implements a token with expiration that is stored on the model
+  # being authenticated. This is designed to implement the common
+  # practice of having a token in the URL that will automatically
+  # authenticate the user. 
+  #
+  # The model should implement the fields "token_key" (a 40 character
+  # field) and "token_expiration" (a datetime field). If they are not
+  # implemented this class cannot authenticate or assign tokens.
+  #
+  # This token module is called SingleToken because it only can
+  # store one token. If another token is assigned the first is lost
+  # and will not authenticate the user anymore. For common needs such
+  # as forgot my password and account restoration this is fine.
+  #
+  # This token does NOT honor the verified_at field that the
+  # Authentication::SaltedHash module and Authentication::RememberMe
+  # module do since this token may be used to actually implement the
+  # email verification.
+  class SingleToken
+    include HashHelper
+
+    # Will test to see if the given key is valid for the given user
+    def authenticate(user, key)
+      return false unless valid_model? user
+      return false unless key.to_s.length == 40
+
+      conditions = [
+        'id = ? AND token_key = ? AND (token_expiration >= ? OR token_expiration IS NULL)',
+        user.id, hash_string(key), Time.zone.now
+      ]
+      0 < user.class.count(:conditions => conditions)
+    end
+
+    # Will create a new token for the given user with the given expiration
+    def assign_token(user, name, expire)
+      return nil unless valid_model? user
+
+      user.token_expiration = expire
+      token = hash_string "token-#{Time.zone.now}"
+      user.token_key = hash_string token
+      token
+    end
+
+    private
+
+    def valid_model?(user)
+      user.class.includes_all_columns? :token_key, :token_expiration
+    end
+  end
+end

data/vendor/gems/authentication/lib/authentication/version.rb

@@ -0,0 +1,3 @@
+module Authentication
+  VERSION = "0.0.1"
+end

data/vendor/gems/authentication/lib/radius/dictionary

@@ -0,0 +1,207 @@
+#
+#	This file contains dictionary translations for parsing
+#	requests and generating responses.  All transactions are
+#	composed of Attribute/Value Pairs.  The value of each attribute
+#	is specified as one of 4 data types.  Valid data types are:
+#
+#	string - 0-253 octets
+#	ipaddr - 4 octets in network byte order
+#	integer - 32 bit value in big endian order (high byte first)
+#	date - 32 bit value in big endian order - seconds since
+#					00:00:00 GMT,  Jan.  1,	 1970
+#
+#	Enumerated values are stored in the user file with dictionary
+#	VALUE translations for easy administration.
+#
+#	Example:
+#
+#	ATTRIBUTE	  VALUE
+#	---------------	  -----
+#	Framed-Protocol = PPP
+#	7		= 1	(integer encoding)
+#
+
+
+
+#
+# Proper names for everything - use this instead of the above
+#
+ATTRIBUTE	User-Name		1	string
+ATTRIBUTE	User-Password		2	string
+ATTRIBUTE	CHAP-Password		3	string
+ATTRIBUTE	NAS-IP-Address		4	ipaddr
+ATTRIBUTE	NAS-Port		5	integer
+ATTRIBUTE	Service-Type		6	integer
+ATTRIBUTE	Framed-Protocol		7	integer
+ATTRIBUTE	Framed-IP-Address	8	ipaddr
+ATTRIBUTE	Framed-IP-Netmask	9	ipaddr
+ATTRIBUTE	Framed-Routing		10	integer
+ATTRIBUTE	Filter-Id		11	string
+ATTRIBUTE	Framed-MTU		12	integer
+ATTRIBUTE	Framed-Compression	13	integer
+ATTRIBUTE	Login-IP-Host		14	ipaddr
+ATTRIBUTE	Login-Service		15	integer
+ATTRIBUTE	Login-TCP-Port		16	integer
+ATTRIBUTE	Reply-Message		18	string
+ATTRIBUTE	Callback-Number		19	string
+ATTRIBUTE	Callback-Id		20	string
+ATTRIBUTE	Expiration		21	date
+ATTRIBUTE	Framed-Route		22	string
+ATTRIBUTE	Framed-IPX-Network	23	ipaddr
+ATTRIBUTE	State			24	string
+ATTRIBUTE	Session-Timeout		27	integer
+ATTRIBUTE	Idle-Timeout		28	integer
+ATTRIBUTE	Termination-Action	29	integer
+ATTRIBUTE	Called-Station-Id	30	string
+ATTRIBUTE	Calling-Station-Id	31	string
+ATTRIBUTE	Acct-Status-Type	40	integer
+ATTRIBUTE	Acct-Delay-Time		41	integer
+ATTRIBUTE	Acct-Input-Octets	42	integer
+ATTRIBUTE	Acct-Output-Octets	43	integer
+ATTRIBUTE	Acct-Session-Id		44	string
+ATTRIBUTE	Acct-Authentic		45	integer
+ATTRIBUTE	Acct-Session-Time	46	integer
+ATTRIBUTE	Acct-Terminate-Cause	49	integer
+ATTRIBUTE	NAS-Port-Type		61	integer
+ATTRIBUTE	Port-Limit		62	integer
+
+
+#
+#	Integer Translations
+#
+
+#	User Types
+
+VALUE		Service-Type	Login-User		1
+VALUE		Service-Type	Framed-User		2
+VALUE		Service-Type	Callback-Login-User	3
+VALUE		Service-Type	Callback-Framed-User	4
+VALUE		Service-Type	Outbound-User		5
+VALUE		Service-Type	Administrative-User	6
+VALUE		Service-Type	NAS-Prompt-User		7
+
+#	Framed Protocols
+
+VALUE		Framed-Protocol		PPP			1
+VALUE		Framed-Protocol		SLIP			2
+
+#	Framed Routing Values
+
+VALUE		Framed-Routing		None			0
+VALUE		Framed-Routing		Broadcast		1
+VALUE		Framed-Routing		Listen			2
+VALUE		Framed-Routing		Broadcast-Listen	3
+
+#	Framed Compression Types
+
+VALUE		Framed-Compression	None			0
+VALUE		Framed-Compression	Van-Jacobson-TCP-IP	1
+
+#	Login Services
+
+VALUE		Login-Service		Telnet			0
+VALUE		Login-Service		Rlogin			1
+VALUE		Login-Service		TCP-Clear		2
+VALUE		Login-Service		PortMaster		3
+
+#	Status Types
+
+VALUE		Acct-Status-Type	Start			1
+VALUE		Acct-Status-Type	Stop			2
+
+#	Authentication Types
+
+VALUE		Acct-Authentic		RADIUS			1
+VALUE		Acct-Authentic		Local			2
+VALUE		Acct-Authentic		PowerLink128		100
+
+#	Termination Options
+
+VALUE		Termination-Action	Default			0
+VALUE		Termination-Action	RADIUS-Request		1
+
+#	NAS Port Types, available in ComOS 3.3.1 and later
+
+VALUE		NAS-Port-Type		Async			0
+VALUE		NAS-Port-Type		Sync			1
+VALUE		NAS-Port-Type		ISDN			2
+VALUE		NAS-Port-Type		ISDN-V120		3
+VALUE		NAS-Port-Type		ISDN-V110		4
+
+#	Acct Terminate Causes, available in ComOS 3.3.2 and later
+
+VALUE		Acct-Terminate-Cause	User-Request		1
+VALUE		Acct-Terminate-Cause	Lost-Carrier		2
+VALUE		Acct-Terminate-Cause	Lost-Service		3
+VALUE		Acct-Terminate-Cause	Idle-Timeout		4
+VALUE		Acct-Terminate-Cause	Session-Timeout		5
+VALUE		Acct-Terminate-Cause	Admin-Reset		6
+VALUE		Acct-Terminate-Cause	Admin-Reboot		7
+VALUE		Acct-Terminate-Cause	Port-Error		8
+VALUE		Acct-Terminate-Cause	NAS-Error		9
+VALUE		Acct-Terminate-Cause	NAS-Request		10
+VALUE		Acct-Terminate-Cause	NAS-Reboot		11
+VALUE		Acct-Terminate-Cause	Port-Unneeded		12
+VALUE		Acct-Terminate-Cause	Port-Preempted		13
+VALUE		Acct-Terminate-Cause	Port-Suspended		14
+VALUE		Acct-Terminate-Cause	Service-Unavailable	15
+VALUE		Acct-Terminate-Cause	Callback		16
+VALUE		Acct-Terminate-Cause	User-Error		17
+VALUE		Acct-Terminate-Cause	Host-Request		18
+
+
+#
+# Obsolete names for backwards compatibility with older users files
+# If you want RADIUS accounting logs to use the new names instead of
+# these, move this section to the beginning of the dictionary file
+# and kill and restart radiusd
+# If you don't have a RADIUS 1.16 users file that you're still using,
+# you can delete or ignore this section.
+#
+ATTRIBUTE	Client-Id		4	ipaddr
+ATTRIBUTE	Client-Port-Id		5	integer
+ATTRIBUTE	User-Service-Type	6	integer
+ATTRIBUTE	Framed-Address		8	ipaddr
+ATTRIBUTE	Framed-Netmask		9	ipaddr
+ATTRIBUTE	Framed-Filter-Id	11	string
+ATTRIBUTE	Login-Host		14	ipaddr
+ATTRIBUTE	Login-Port		16	integer
+ATTRIBUTE	Old-Password		17	string
+ATTRIBUTE	Port-Message		18	string
+ATTRIBUTE	Dialback-No		19	string
+ATTRIBUTE	Dialback-Name		20	string
+ATTRIBUTE	Challenge-State		24	string
+VALUE		Service-Type		Dialback-Login-User	3
+VALUE		Service-Type		Dialback-Framed-User	4
+VALUE		Service-Type		Shell-User		6
+VALUE		Framed-Compression	Van-Jacobsen-TCP-IP	1
+#VALUE		Auth-Type		Unix			1
+#
+# END of obsolete names for backwards compatibility
+#
+
+#
+#	Configuration Values
+#	uncomment out these two lines to turn account expiration on
+#
+
+#VALUE		Server-Config		Password-Expiration	30
+#VALUE		Server-Config		Password-Warning	5
+
+##
+## VENDOR SPECIFIC ATTRIBUTES
+##
+## The following entries demonstrate the use of VSAs
+##
+
+# cisco-avpair is used for various functions by cisco IOS. Most
+# notably, it's used to create VPDN tunnels.
+#
+VENDORATTR	9	cisco-avpair	1	string
+
+# This is a fake attribute to demonstrate how to write named-value
+# attributes.
+VENDORATTR	1	ibm-enum	254	integer
+VENDORVALUE	1	ibm-enum	value-1	1
+VENDORVALUE	1	ibm-enum	value-2	2
+VENDORVALUE	1	ibm-enum	value-3	3