authlogic_radius 0.0.4

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Brad Langhorst of New England Biolabs
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,57 @@
+== Authlogic RADIUS
+
+
+This is a simple gem to allow authentication against a radius server
+
+Mostly it is a duplication or authlogic_ldap, with a global replace of "ldap" with "radius"...
+and a few RADIUS specific bits.
+
+
+== Links
+*  <b>radiustar</b> http://github.com/pjdavis/radiustar
+*  <b>authlogic</b> http://github.com/binarylogic/authlogic
+*  <b>authlogic_ldap</b> http://github.com/binarylogic/authlogic_ldap
+
+
+== Installation
+ === 1. Add fields to your database
+
+  class AddRadiusFields < ActiveRecord::Migration
+    def self.up
+      add_column :users, :radius_login, :string
+      add_index :users, :radius_login
+
+      change_column :users, :login, :string, :default => nil, :null => true
+      change_column :users, :crypted_password, :string, :default => nil, :null => true
+      change_column :users, :password_salt, :string, :default => nil, :null => true
+    end
+
+    def self.down
+      remove_column :users, :radius_login
+
+      [:login, :crypted_password, :password_salt].each do |field|
+        User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? }
+        change_column :users, field, :string, :default => "", :null => false
+      end
+    end
+  end
+
+=== 2. Install authlogic_radius gem
+    Add the gem to your environment's list of gems
+        config.gem "authlogic_radius"
+   $ sudo rake gems:install
+
+
+=== 3. Update your views to use :radius_login and :radius_password
+
+=== 4. Add/update configuration in your UserSession model with the RADIUS details
+    class UserSession < Authlogic::Session::Base
+      ...
+      self.radius_host = "your.radius.server"
+      self.radius_shared_secret = 'super-secret' #not the same as the user password...
+      #optionally
+      self.radius_port = 1812
+      self.radius_timeout = 2
+      ...
+    end
+    

data/lib/authlogic_radius/acts_as_authentic.rb

@@ -0,0 +1,44 @@
+require 'authlogic'
+
+module AuthlogicRadius
+  module ActsAsAuthentic
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        add_acts_as_authentic_module(Methods, :prepend)
+      end
+    end
+    
+    module Config
+      # Whether or not to validate the radius_login field. If set to false ALL radius validation will need to be
+      # handled by you.
+      #
+      # * <tt>Default:</tt> true
+      # * <tt>Accepts:</tt> Boolean
+      def validate_radius_login(value = nil)
+        rw_config(:validate_radius_login, value, true)
+      end
+      alias_method :validate_radius_login=, :validate_radius_login
+    end
+    
+    module Methods
+      def self.included(klass)
+        klass.class_eval do
+          attr_accessor :radius_password
+          
+          if validate_radius_login
+            validates_uniqueness_of :radius_login, :scope => validations_scope, :if => :using_radius?
+          end
+        end
+      end
+
+      private
+
+      def using_radius?
+        respond_to?(:radius_login) && respond_to?(:radius_password) &&
+          (!radius_login.blank? || !radius_password.blank?)
+      end
+      
+    end
+  end
+end

data/lib/authlogic_radius/session.rb

@@ -0,0 +1,167 @@
+require 'timeout'
+require 'radiustar'
+
+module AuthlogicRadius
+  module Session
+    
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        include Methods
+      end
+    end
+    
+    module Config
+      # The host of your RADIUS server.
+      #
+      # * <tt>Default:</tt> nil
+      # * <tt>Accepts:</tt> String
+      def radius_host(value = nil)
+        rw_config(:radius_host, value)
+      end
+      alias_method :radius_host=, :radius_host
+      
+      # The port of your RADIUS server.
+      #
+      # * <tt>Default:</tt> 18121
+      # * <tt>Accepts:</tt> Fixnum, integer
+      def radius_port(value = nil)
+        rw_config(:radius_port, value, 1812)
+      end
+      alias_method :radius_port=, :radius_port
+
+      # The shared secret issued by your RADIUS server
+      #
+      # * <tt>Default:</tt> nil
+      # * <tt>Accepts:</tt> String
+      def radius_shared_secret(value = nil)
+        rw_config(:radius_shared_secret, value)
+      end
+      alias_method :radius_shared_secret=, :radius_shared_secret
+
+
+      # How long to wait for a response from the RADIUS server
+      # * <tt>Default:</tt> 2 seconds
+      # * <tt>Accepts:</tt> Fixnum, integer
+      def radius_timeout(value = 2)
+        rw_config(:radius_timeout, value)
+      end
+      alias_method :radius_timeout=, :radius_timeout
+
+      # Which database field should be used to store the radius login
+      # * <tt>Defaults:</tt> :radius_login
+      # * <tt>Accepts:</tt> Symbol
+      def radius_login_field(value=nil)
+        rw_config(:radius_login_field, value, :radius_login)
+      end
+      alias_method :radius_login_field=, :radius_login_field
+
+      # Once RADIUS authentication has succeeded we need to find the user in the database. By default this just calls the
+      # find_by_radius_login method provided by ActiveRecord. If you have a more advanced set up and need to find users
+      # differently specify your own method and define your logic in there.
+      #
+      # For example, if you allow users to store multiple radius logins with their account, you might do something like:
+      #
+      #   class User < ActiveRecord::Base
+      #     def self.find_by_radius_login(login)
+      #       first(:conditions => ["#{RadiusLogin.table_name}.login = ?", login], :join => :radius_logins)
+      #     end
+      #   end
+      #
+      # * <tt>Default:</tt> :find_by_radius_login
+      # * <tt>Accepts:</tt> Symbol
+      def find_by_radius_login_method(value = nil)
+        rw_config(:find_by_radius_login_method, value, :find_by_radius_login)
+      end
+      alias_method :find_by_radius_login_method=, :find_by_radius_login_method
+    end
+    
+    module Methods
+      def self.included(klass)
+        klass.class_eval do
+          attr_accessor :radius_login
+          attr_accessor :radius_password
+          validate :validate_by_radius, :if => :authenticating_with_radius?
+        end
+      end
+      
+      # Hooks into credentials to print out meaningful credentials for RADIUS authentication.
+      def credentials
+        if authenticating_with_radius?
+          details = {}
+          details[:radius_login] = send(radius_login_field)
+          details[:radius_host] = radius_host
+          details[:radius_password] = "<protected>"
+          details[:radius_shared_secret] = "<protected>"
+          details
+        else
+          super
+        end
+      end
+      
+      # Hooks into credentials so that you can pass an :radius_login and :radius_password key.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+        if !hash.nil?
+          self.radius_login = hash[:radius_login] if hash.key?(:radius_login)
+          self.radius_password = hash[:radius_password] if hash.key?(:radius_password)
+        end
+      end
+      
+      private
+        def authenticating_with_radius?
+          return radius_host && radius_shared_secret && radius_login
+        end
+        
+        def validate_by_radius
+          errors.add(:radius_login, I18n.t('error_messages.radius_login_blank', :default => "can not be blank")) if radius_login.blank?
+          errors.add(:radius_password, I18n.t('error_messages.radius_password_blank', :default => "can not be blank")) if radius_password.blank?
+          return if errors.count > 0
+
+          begin
+            req = Radiustar::Request.new("#{radius_host}:#{radius_port}")
+          rescue => e
+            errors.add_to_base("Unable to contact RADIUS server at #{radius_host}:#{radius_port}")
+            return
+          end
+
+          begin
+            Timeout.timeout(radius_timeout) do
+              if req.authenticate(radius_login,radius_password,radius_shared_secret)
+                self.attempted_record = search_for_record(find_by_radius_login_method, radius_login)
+                errors.add(:radius_login, I18n.t('error_messages.radius_login_not_found', :default => "does not exist")) if attempted_record.blank?
+              else
+                errors.add_to_base("Authentication failed")
+              end
+            end
+          rescue Timeout::Error
+            errors.add_to_base("No response from RADIUS server at #{radius_host}:#{radius_port}")
+          rescue => e
+            errors.add_to_base(e.to_s)
+          end
+        end
+        
+        def radius_host
+          self.class.radius_host
+        end
+        
+        def radius_port
+          self.class.radius_port
+        end
+        
+        def radius_shared_secret
+          self.class.radius_shared_secret
+        end
+        
+        def radius_timeout
+          self.class.radius_timeout
+        end
+
+        def find_by_radius_login_method
+          self.class.find_by_radius_login_method
+        end
+    end
+  end
+end

data/lib/authlogic_radius/version.rb

@@ -0,0 +1,51 @@
+module AuthlogicRadius
+  # A class for describing the current version of a library. The version
+  # consists of three parts: the +major+ number, the +minor+ number, and the
+  # +tiny+ (or +patch+) number.
+  class Version
+    include Comparable
+  
+    # A convenience method for instantiating a new Version instance with the
+    # given +major+, +minor+, and +tiny+ components.
+    def self.[](major, minor, tiny)
+      new(major, minor, tiny)
+    end
+
+    attr_reader :major, :minor, :tiny
+
+    # Create a new Version object with the given components.
+    def initialize(major, minor, tiny)
+      @major, @minor, @tiny = major, minor, tiny
+    end
+
+    # Compare this version to the given +version+ object.
+    def <=>(version)
+      to_i <=> version.to_i
+    end
+
+    # Converts this version object to a string, where each of the three
+    # version components are joined by the '.' character. E.g., 2.0.0.
+    def to_s
+      @to_s ||= [@major, @minor, @tiny].join(".")
+    end
+
+    # Converts this version to a canonical integer that may be compared
+    # against other version objects.
+    def to_i
+      @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+    end
+    
+    def to_a
+      [@major, @minor, @tiny]
+    end
+
+    MAJOR = 0
+    MINOR = 0
+    TINY  = 1
+
+    # The current version as a Version instance
+    CURRENT = new(MAJOR, MINOR, TINY)
+    # The current version as a String
+    STRING = CURRENT.to_s
+  end
+end

data/lib/authlogic_radius.rb

@@ -0,0 +1,6 @@
+require "authlogic_radius/version"
+require "authlogic_radius/acts_as_authentic"
+require "authlogic_radius/session"
+
+ActiveRecord::Base.send(:include, AuthlogicRadius::ActsAsAuthentic)
+Authlogic::Session::Base.send(:include, AuthlogicRadius::Session)

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification 
+name: authlogic_radius
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 4
+  version: 0.0.4
+platform: ruby
+authors: 
+- Brad Langhorst
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-01 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: authlogic
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 0
+        version: "2.0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: radiustar
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 0
+        - 3
+        version: 0.0.3
+  type: :runtime
+  version_requirements: *id002
+description: |
+  This is a simple gem to allow authentication against a RADIUS server.
+
+email: langhorst@neb.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- lib/authlogic_radius.rb
+- lib/authlogic_radius/acts_as_authentic.rb
+- lib/authlogic_radius/session.rb
+- lib/authlogic_radius/version.rb
+- LICENSE
+- README.rdoc
+has_rdoc: true
+homepage: http://github.com/bwlang/authlogic_radius
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: Extension of the Authlogic library adding RADIUS support.
+test_files: []
+