blueauth 0.0.16 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -0
- data/CHANGELOG.md +3 -0
- data/README.md +11 -8
- data/lib/blueauth.rb +19 -22
- data/lib/blueauth/certificates.rb +1 -1
- data/lib/blueauth/error.rb +1 -1
- data/lib/blueauth/version.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8165645faa29f6da46652f30a954374db6a58b1d
|
4
|
+
data.tar.gz: 1c8f22b04657dfdf1e67560ba22995a3b87f696a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9f28eecefafbb396aecbb2890654401990581bbfc6037fea41fb76a8716238332d2e70e871f16b7f70dc131f971cfadd4fa4cfa8c548a03c667259090e6d01ac
|
7
|
+
data.tar.gz: de90394c5e6e6cad96c24a75b11d1d7627efc29e762c205cba5b845382c1a5b7e45140896e4aaf163ee2d91d01df136442008e8a5bf538567a84787ce01a8f1f
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -24,9 +24,10 @@ Or install it yourself as:
|
|
24
24
|
|
25
25
|
The userid can be Intranet ID or Notes ID or Common name
|
26
26
|
|
27
|
-
Blueauth
|
28
|
-
|
29
|
-
|
27
|
+
blueauth = Blueauth.new
|
28
|
+
blueauth.search 'istvan.kovacs@hu.ibm.com'
|
29
|
+
blueauth.search 'Istvan Kovacs/Hungary/IBM'
|
30
|
+
blueauth.search 'Istvan Kovacs'
|
30
31
|
|
31
32
|
If the user is found, then the returned object will be a hash: {:name, :country, :intranetid, :dn}. If the user is not found, then nil
|
32
33
|
|
@@ -35,8 +36,9 @@ If the user is found, then the returned object will be a hash: {:name, :country,
|
|
35
36
|
|
36
37
|
First, the user must exist in Enterprise Directory, and the Bluegroup can be queried based on the DN of the user
|
37
38
|
|
38
|
-
|
39
|
-
|
39
|
+
blueauth = Blueauth.new
|
40
|
+
user = blueauth.search 'istvan.kovacs@hu.ibm.com'
|
41
|
+
blueauth.bluegroups user[:dn]
|
40
42
|
|
41
43
|
Returned object will be an Array of strings containing the names of Bluegroups where the user is assigned to.
|
42
44
|
|
@@ -44,9 +46,10 @@ Returned object will be an Array of strings containing the names of Bluegroups w
|
|
44
46
|
|
45
47
|
The userid can be Intranet ID or Notes ID or Common name
|
46
48
|
|
47
|
-
Blueauth
|
48
|
-
|
49
|
-
|
49
|
+
blueauth = Blueauth.new
|
50
|
+
blueauth.authenticate 'istvan.kovacs@hu.ibm.com', 'password'
|
51
|
+
blueauth.authenticate 'Istvan Kovacs/Hungary/IBM', 'password'
|
52
|
+
blueauth.authenticate 'Istvan Kovacs', 'password'
|
50
53
|
|
51
54
|
If the user is found, then the returned object will be a hash: {:name, :country, :intranetid, :dn, :groups}. Groups is an array containing all Bluegroups. If the user is not found, then nil
|
52
55
|
|
data/lib/blueauth.rb
CHANGED
@@ -3,44 +3,43 @@ require 'blueauth/error'
|
|
3
3
|
require 'blueauth/certificates'
|
4
4
|
require 'net-ldap'
|
5
5
|
|
6
|
-
|
6
|
+
class Blueauth
|
7
7
|
|
8
8
|
BPBASE = 'ou=bluepages,o=ibm.com'
|
9
9
|
BGBASE = 'ou=memberlist,ou=ibmgroups,o=ibm.com'
|
10
|
-
|
11
10
|
BPHOSTS = [['bluepages.ibm.com',636]]
|
12
11
|
|
13
12
|
old_verbose, $VERBOSE = $VERBOSE, nil
|
14
13
|
Net::LDAP::LDAPControls::PAGED_RESULTS = FALSE
|
15
14
|
$VERBOSE = old_verbose
|
16
15
|
|
17
|
-
|
18
|
-
|
19
|
-
|
16
|
+
def initialize
|
17
|
+
|
18
|
+
cert_store = OpenSSL::X509::Store.new
|
19
|
+
cert_store.add_cert OpenSSL::X509::Certificate.new(NEW_CERT)
|
20
|
+
cert_store.add_cert OpenSSL::X509::Certificate.new(OLD_CERT)
|
20
21
|
|
21
|
-
|
22
|
-
Net::LDAP.new hosts: BPHOSTS, encryption: {
|
22
|
+
@ldap = Net::LDAP.new hosts: BPHOSTS, encryption: {
|
23
23
|
method: :simple_tls,
|
24
|
-
connect_timeout:
|
24
|
+
connect_timeout: 20,
|
25
25
|
tls_options: {
|
26
26
|
ssl_version: :TLSv1_2,
|
27
27
|
verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
28
|
-
cert_store:
|
28
|
+
cert_store: cert_store
|
29
29
|
}
|
30
30
|
}
|
31
31
|
end
|
32
32
|
|
33
33
|
# using this method a user can be authenticated
|
34
34
|
# Intraned ID, password are mandatory
|
35
|
-
def
|
35
|
+
def authenticate(id, password)
|
36
36
|
user = search id.strip
|
37
37
|
unless user.nil?
|
38
|
-
ldap
|
39
|
-
ldap.auth user[:dn], password.strip
|
38
|
+
@ldap.auth user[:dn], password.strip
|
40
39
|
begin
|
41
|
-
auth = ldap.bind
|
40
|
+
auth = @ldap.bind
|
42
41
|
rescue => e
|
43
|
-
raise
|
42
|
+
raise BlueError, "BluePages Bind issue -> #{e.message}"
|
44
43
|
end
|
45
44
|
if auth
|
46
45
|
groups = bluegroups user[:dn]
|
@@ -58,7 +57,7 @@ module Blueauth
|
|
58
57
|
# - Common name (none of the previous two)
|
59
58
|
# return object contains
|
60
59
|
# :name, :country, :intranetid, :dn
|
61
|
-
def
|
60
|
+
def search(id)
|
62
61
|
if id.include? '@'
|
63
62
|
searchfield = 'mail'
|
64
63
|
elsif id.include? '/'
|
@@ -83,10 +82,9 @@ module Blueauth
|
|
83
82
|
end
|
84
83
|
filter = Net::LDAP::Filter.eq(searchfield, id) & Net::LDAP::Filter.eq('objectclass', "ibmPerson")
|
85
84
|
begin
|
86
|
-
|
87
|
-
user_array = ldap.search(base: BPBASE, filter: filter, size: 1)
|
85
|
+
user_array = @ldap.search(base: BPBASE, filter: filter, size: 1)
|
88
86
|
rescue => e
|
89
|
-
raise
|
87
|
+
raise BlueError, "BluePages Search issue -> #{e.message}"
|
90
88
|
end
|
91
89
|
|
92
90
|
if user_array.count == 0
|
@@ -98,15 +96,14 @@ module Blueauth
|
|
98
96
|
return result
|
99
97
|
end
|
100
98
|
|
101
|
-
def
|
99
|
+
def bluegroups(dn)
|
102
100
|
result = []
|
103
101
|
filter = Net::LDAP::Filter.eq('uniquemember', dn)
|
104
102
|
begin
|
105
|
-
|
106
|
-
bgres = ldap.search(base: BGBASE, filter: filter, attributes: ['cn'])
|
103
|
+
bgres = @ldap.search(base: BGBASE, filter: filter, attributes: ['cn'])
|
107
104
|
bgres.each {|g| result << g.cn.first}
|
108
105
|
rescue => e
|
109
|
-
raise
|
106
|
+
raise BlueError, "BlueGroup Search issue -> #{e.message}"
|
110
107
|
end
|
111
108
|
return result
|
112
109
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
class Blueauth
|
2
2
|
|
3
3
|
# Having only the root signer certificate (DigiCert Global Root G2) in the TLS client truststore is sufficient.
|
4
4
|
# https://w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/W1f849f7604cc_43a5_a6d9_2ad1fcbc532e/page/Digital%20Certificate%20FAQs
|
data/lib/blueauth/error.rb
CHANGED
data/lib/blueauth/version.rb
CHANGED
@@ -1,3 +1,3 @@
|
|
1
|
-
|
2
|
-
VERSION = "0.0
|
1
|
+
class Blueauth
|
2
|
+
VERSION = "1.0.0"
|
3
3
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: blueauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- zoltan-izso
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-02-
|
11
|
+
date: 2018-02-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: net-ldap
|