casino-moped_authenticator 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cc4f881350257f5e33a8d782da20cf82c70ba491
+  data.tar.gz: 8f064650fc86b59e5f706d713f890e42baef14a9
+SHA512:
+  metadata.gz: b431084b22b452c0ef538e4c52b47a0e9f68b6b6460914d3b42c5c150230bf5af1f691ae6c7bc7d6852f7d9d4613bf43c3072ac63b528e595b72db8f2aa2dd9c
+  data.tar.gz: 81b51967183a1324e5ea2fa08a1b513904fdd38f9a4f10bb1318780b8967c238c3c601f6b1e9e3506663b45c746ed0db008e53513d7686ffbc1f4f25b2fe98a8

data/.gitignore

@@ -0,0 +1,19 @@
+# rcov generated
+coverage
+coverage.data
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+bin/
+
+# jeweler generated
+pkg
+
+/Gemfile.lock

data/.rspec

@@ -0,0 +1 @@
+--color --format documentation

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+services:
+  - mongodb

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2013 Digital Natives
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,40 @@
+# casino-moped_authenticator
+[![Build Status](https://travis-ci.org/digitalnatives/casino-moped_authenticator.svg?branch=master)](https://travis-ci.org/digitalnatives/casino-moped_authenticator)
+[![Coverage Status](https://img.shields.io/coveralls/digitalnatives/casino-moped_authenticator.svg)](https://coveralls.io/r/digitalnatives/casino-moped_authenticator?branch=master)
+
+Provides mechanism to use Moped/Mongoid as an authenticator for [CASino](https://github.com/rbCAS/CASino).
+
+To use the Moped authenticator, configure it in your cas.yml:
+
+    authenticators:
+      my_company_mongo:
+        authenticator: "Moped"
+        options:
+          database_url: "mongodb://localhost:27017/my_db"
+          collection: "users"
+          username_column: "username"
+          password_column: "password"
+          pepper: "suffix of the password" # optional
+          extra_attributes:
+            email: "email_database_column"
+            fullname: "displayname_database_column"
+
+## Contributing to casino-moped_authenticator
+
+* Check out the latest master to make sure the feature hasn't been implemented
+  or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it
+  and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in
+  a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to
+  have your own version, or is otherwise necessary, that is fine, but please
+  isolate to its own commit so I can cherry-pick around it.
+
+## Copyright
+
+Copyright (c) 2013 Digital Natives. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,11 @@
+require 'bundler'
+require 'rake'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+task :default => :spec
+
+desc 'Run all specs'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end

data/casino-moped_authenticator.gemspec

@@ -0,0 +1,30 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'casino/moped_authenticator/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'casino-moped_authenticator'
+  s.version     = CASino::MopedAuthenticator::VERSION
+  s.authors     = ['Gergo Sulymosi']
+  s.email       = ['gergo@digitalnatives.hu']
+  s.homepage    = 'http://rbcas.org/'
+  s.license     = 'MIT'
+  s.summary     = 'Provides mechanism to use Moped as an authenticator for CASino.'
+  s.description = 'This gem can be used to allow the CASino backend to authenticate against an MongoDB server using Moped.'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = [] # `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_development_dependency 'rake', '~> 10.0'
+  s.add_development_dependency 'rspec', '~> 2.12'
+  s.add_development_dependency 'simplecov', '~> 0.7'
+  s.add_development_dependency 'coveralls'
+
+  s.add_runtime_dependency 'moped', '~> 1.5'
+  s.add_runtime_dependency 'unix-crypt', '~> 1.1'
+  s.add_runtime_dependency 'bcrypt', '~> 3.0'
+  s.add_runtime_dependency 'casino', '~> 2.0'
+  s.add_runtime_dependency 'phpass-ruby', '~> 0.1'
+end

data/lib/casino-moped_authenticator.rb

@@ -0,0 +1,2 @@
+require 'casino/moped_authenticator/version'
+require 'casino/moped_authenticator'

data/lib/casino/moped_authenticator.rb

@@ -0,0 +1,68 @@
+require 'moped'
+require 'unix_crypt'
+require 'bcrypt'
+require 'phpass'
+
+class CASino::MopedAuthenticator
+
+  # @param [Hash] options
+  def initialize(options)
+    @options = options
+    @connection = Moped::Session.connect(options[:database_url])
+  end
+
+  def validate(username, password)
+    return false unless user = collection.find(@options[:username_column] => username).first
+    password_from_database = user[@options[:password_column]]
+
+    if valid_password?(password, password_from_database)
+      { username: user[@options[:username_column]], extra_attributes: extra_attributes(user) }
+    else
+      false
+    end
+  end
+
+  private
+
+  def valid_password?(password, password_from_database)
+    return false if password_from_database.to_s.strip == ''
+    magic = password_from_database.split('$')[1]
+    case magic
+    when /\A2a?\z/
+      valid_password_with_bcrypt?(password, password_from_database)
+    when /\AH\z/, /\AP\z/
+      valid_password_with_phpass?(password, password_from_database)
+    else
+      valid_password_with_unix_crypt?(password, password_from_database)
+    end
+  end
+
+  def valid_password_with_bcrypt?(password, password_from_database)
+    password_with_pepper = password + @options[:pepper].to_s
+    BCrypt::Password.new(password_from_database) == password_with_pepper
+  end
+
+  def valid_password_with_unix_crypt?(password, password_from_database)
+    UnixCrypt.valid?(password, password_from_database)
+  end
+
+  def valid_password_with_phpass?(password, password_from_database)
+    Phpass.new().check(password, password_from_database)
+  end
+
+  def extra_attributes(user)
+    attributes = {}
+    extra_attributes_option.each do |attribute_name, database_column|
+      attributes[attribute_name] = user[database_column]
+    end
+    attributes
+  end
+
+  def extra_attributes_option
+    @options[:extra_attributes] || {}
+  end
+
+  def collection
+    @connection[@options[:collection]]
+  end
+end

data/lib/casino/moped_authenticator/version.rb

@@ -0,0 +1,5 @@
+module CASino
+  class MopedAuthenticator
+    VERSION = '0.1.0'
+  end
+end

data/spec/casino_core/moped_authenticator_spec.rb

@@ -0,0 +1,128 @@
+require 'spec_helper'
+require 'casino/moped_authenticator'
+
+module CASino
+  describe MopedAuthenticator do
+
+    let(:pepper) { nil }
+    let(:extra_attributes) {{ email: 'mail_address' }}
+    let(:options) {{
+      database_url: 'mongodb://localhost:27017/my_db?safe=true',
+      collection: 'users',
+      username_column: 'username',
+      password_column: 'password',
+      pepper: pepper,
+      extra_attributes: extra_attributes
+    }}
+
+    subject { described_class.new(options) }
+
+    before do
+      create_user(
+        'test',
+        '$5$cegeasjoos$vPX5AwDqOTGocGjehr7k1IYp6Kt.U4FmMUa.1l6NrzD', # password: testpassword
+        mail_address: 'mail@example.org'
+      )
+    end
+    after { @session.drop }
+
+    describe '#validate' do
+
+      context 'valid username' do
+        context 'valid password' do
+          it 'returns the username' do
+            subject.validate('test', 'testpassword')[:username].should eq('test')
+          end
+
+          it 'returns the extra attributes' do
+            subject.validate('test', 'testpassword')[:extra_attributes][:email].should eq('mail@example.org')
+          end
+
+          context 'when no extra attributes given' do
+            let(:extra_attributes) { nil }
+
+            it 'returns an empty hash for extra attributes' do
+              subject.validate('test', 'testpassword')[:extra_attributes].should eq({})
+            end
+          end
+        end
+
+        context 'invalid password' do
+          it 'returns false' do
+            subject.validate('test', 'wrongpassword').should eq(false)
+          end
+        end
+
+        context 'NULL password field' do
+          it 'returns false' do
+            update_user_pw 'test', nil
+
+            subject.validate('test', 'wrongpassword').should eq(false)
+          end
+        end
+
+        context 'empty password field' do
+          it 'returns false' do
+            update_user_pw 'test', ''
+
+            subject.validate('test', 'wrongpassword').should eq(false)
+          end
+        end
+      end
+
+      context 'invalid username' do
+        it 'returns false' do
+          subject.validate('does-not-exist', 'testpassword').should eq(false)
+        end
+      end
+
+      context 'support for bcrypt' do
+        it 'is able to handle bcrypt password hashes' do
+          create_user(
+            'test2',
+            '$2a$10$dRFLSkYedQ05sqMs3b265e0nnJSoa9RhbpKXU79FDPVeuS1qBG7Jq', # password: testpassword2
+            mail_address: 'mail@example.org')
+          subject.validate('test2', 'testpassword2').should be_instance_of(Hash)
+        end
+      end
+
+      context 'support for bcrypt with pepper' do
+        let(:pepper) { 'abcdefg' }
+
+        it 'is able to handle bcrypt password hashes' do
+          create_user(
+            'test3',
+            '$2a$10$ndCGPWg5JFMQH/Kl6xKe.OGNaiG7CFIAVsgAOJU75Q6g5/FpY5eX6', # password: testpassword3, pepper: abcdefg
+            mail_address: 'mail@example.org')
+          subject.validate('test3', 'testpassword3').should be_instance_of(Hash)
+        end
+      end
+
+      context 'support for phpass' do
+        it 'is able to handle phpass password hashes' do
+          create_user(
+            'test4',
+            '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0', # password: test12345
+            mail_address: 'mail@example.org')
+          subject.validate('test4', 'test12345').should be_instance_of(Hash)
+        end
+      end
+
+    end
+
+    def create_user(username, password, extra = {})
+      session[options[:collection]].insert({
+        username: username,
+        password: password,
+      }.merge(extra))
+    end
+
+    def update_user_pw(username, new_password)
+      session[options[:collection]].find(username: username).update(password: new_password)
+    end
+
+    def session
+      @session ||= ::Moped::Session.connect(options[:database_url])
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,24 @@
+require 'rubygems'
+require 'bundler/setup'
+
+require 'simplecov'
+require 'coveralls'
+SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+SimpleCov.start do
+  add_filter '/spec'
+end
+
+require 'rspec'
+require 'casino-moped_authenticator'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification
+name: casino-moped_authenticator
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Gergo Sulymosi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-07-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.12'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: moped
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: unix-crypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: casino
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: phpass-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: This gem can be used to allow the CASino backend to authenticate against
+  an MongoDB server using Moped.
+email:
+- gergo@digitalnatives.hu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- casino-moped_authenticator.gemspec
+- lib/casino-moped_authenticator.rb
+- lib/casino/moped_authenticator.rb
+- lib/casino/moped_authenticator/version.rb
+- spec/casino_core/moped_authenticator_spec.rb
+- spec/spec_helper.rb
+homepage: http://rbcas.org/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Provides mechanism to use Moped as an authenticator for CASino.
+test_files:
+- spec/casino_core/moped_authenticator_spec.rb
+- spec/spec_helper.rb