concerto_shib_auth 0.0.2

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    N2NmMDJhNGQ4ZGNjYWU0MThlMmUzNjAyMmY2ZTA3MTA4MjA2NDA3Ng==
+  data.tar.gz: !binary |-
+    NmZhZTk5ODAyODA0MTMzZDZjZGU5NTYyNzNmN2E5OWM4YzMxODI3OQ==
+SHA512:
+  metadata.gz: !binary |-
+    YjUzYjVhZTZkYTA4MjI3NjJhY2UzYzhjMDZjMTMzNDkxODkwOGI3MTRiNTg2
+    MzEwNjNlODlhNzEzODFmODJiMGE5MzlkODM0MTUzOTkxNDU5OGRjYTAzNDEx
+    MGU0ZmMyZDk2NmM3OWJiMzIzMmI1OGIxOGY3YmJmMGQ4YzY0N2E=
+  data.tar.gz: !binary |-
+    ZjBlZTk4MTRjNjcxM2VmOWVjMmQwYzFiZmQyM2Q5NzQxZWE1NzZlNDY5ZDJk
+    NTY2NTgyZjg4Mzg3ZjkwYmQzODQ4NmU2ZWNmNDkwMDQ1MWFiNGIzNzI3Y2Yy
+    YWM4MzEyYjhhZjAwZDZjN2JhY2ZiMDBiNmU5NWRlZDYwNWYxM2Q=

data/LICENSE

@@ -0,0 +1,13 @@
+  Copyright 2014 Concerto Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,4 @@
+Concerto Shibboleth Auth
+=====================
+
+Authenticate Concerto users through your own Shibboleth deployment. 

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ConcertoShibAuth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/assets/javascripts/concerto_shib_auth/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/concerto_shib_auth/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/concerto_shib_auth/application_controller.rb

@@ -0,0 +1,85 @@
+module ConcertoCasAuth
+  class ApplicationController < ::ApplicationController
+
+    # Used to map a user id with a corresponding authentication provider in the
+    #   database (in this case it's Shibboleth)
+    require 'concerto_identity'
+
+    # Find or create a new user based on values returned by the shib callback
+    def find_from_omniauth(shib_hash)
+      # Get configuration options for customized shib return value identifiers
+      omniauth_keys = ConcertoShibAuth::Engine.config.omniauth_keys
+
+      # Check if an identity records exists for the user attempting to sign in
+      if identity = ConcertoIdentity::Identity.find_by_external_id(
+                                            shib_hash[omniauth_keys[:uid_key]])
+        # Return the matching user record
+        return identity.user
+      else
+        # Add a new user via omniauth shib details
+        user = User.new
+
+        # Set user attributes
+
+        # First name is required for user validation
+        if !shib_hash[omniauth_keys[:first_name_key]].nil?
+          user.first_name = shib_hash[omniauth_keys[:first_name_key]]
+        else 
+          user.first_name = shib_hash[omniauth_keys[:uid_key]]
+        end
+
+        # Email is required for user validation
+        if !shib_hash[omniauth_keys[:email_key]].nil?
+          user.email = shib_hash[omniauth_keys[:email_key]]
+        else
+          user.email = shib_hash[omniauth_keys[:uid_key]] + 
+                       "@" + omniauth_keys[:email_suffix].tr("@", "")
+        end
+
+        # Set user admin flag to false
+        user.is_admin = false
+        # Set user password and confirmation to random tokens
+        user.password,user.password_confirmation=Devise.friendly_token.first(8)
+
+        # Check if this is our application's first user
+        if !User.exists?
+          # First user is an admin
+          first_user_setup = true
+          user.is_admin = true
+
+          # Error reporting
+          user.recieve_moderation_notifications = true
+          user.confirmed_at = Date.today
+
+          # Set concerto system config variables
+          if ConcertoConfig["setup_complete"] == false
+            ConcertoConfig.set("setup_complete", "true")
+            ConcertoConfig.set("send_errors", "true")
+          end
+
+          # Create Concerto Admin Group
+          group = Group.where(:name => "Concerto Admins").first_or_create
+          membership = Membership.create(:user_id => user.id, 
+            :group_id => group.id, 
+            :level => Membership::LEVELS[:leader])
+        end
+
+        # Attempt to save our new user
+        if user.save
+          # Create a matching identity to track our new user for future 
+          #   sessions and return our new user record 
+          ConcertoIdentity::Identity.create(provider: "shibboleth", 
+            external_id: shib_hash[omniauth_keys[:uid_key]], 
+            user_id: user.id)
+          return user
+        else
+          # User save failed, an error occurred 
+          flash.notice = "Failed to sign in with Shib. 
+            #{user.errors.full_messages.to_sentence}."
+          return nil
+        end
+      end
+    end
+
+  end
+end

data/app/controllers/concerto_shib_auth/omniauth_callback_controller.rb

@@ -0,0 +1,27 @@
+require_dependency "concerto_shib_auth/application_controller"
+
+module ConcertoShibAuth
+  class OmniauthCallbackController < ApplicationController
+
+    def shib_auth
+      shib_hash = request.env["omniauth.auth"]
+      user = find_from_omniauth(shib_hash)
+
+      if !user
+        # Redirect showing flash notice with errors
+        redirect_to "/"
+      elsif user.persisted?
+        flash.notice = "Signed in through Shibboleth"
+        session["devise.user_attributes"] = user.attributes
+        sign_in user
+        redirect_to "/"
+      else 
+        flash.notice = "Signed in through Shibboleth"
+        session["devise.user_attributes"] = user.attributes
+        sign_in user
+        redirect_to "/"
+      end
+    end
+
+  end
+end

data/app/helpers/concerto_shib_auth/application_helper.rb

@@ -0,0 +1,4 @@
+module ConcertoShibAuth
+  module ApplicationHelper
+  end
+end

data/app/views/concerto_shib_auth/omniauth_shibboleth/_signin.html.erb

@@ -0,0 +1 @@
+<%= link_to 'Log in', 'auth/shibboleth/' %>

data/config/initializers/omniauth.rb

@@ -0,0 +1,56 @@
+if ActiveRecord::Base.connection.table_exists? 'concerto_configs'
+  # Concerto Configs are created if they don't exist already
+  #   these are used to initialize and configure omniauth-shibboleth
+  ConcertoConfig.make_concerto_config("shib_url", "https://shibboleth.main.ad.rit.edu/idp/Authn/UserPassword",
+    :value_type => "string",
+    :value_default => "https://shibboleth.main.ad.rit.edu/idp/Authn/UserPassword",
+    :category => "Shibboleth User Authentication",
+    :seq_no => 1,
+    :description =>"Defines the url of your Shibboleth server")
+
+  ConcertoConfig.make_concerto_config("shib_uid_key", "uid",
+    :value_type => "string",
+    :category => "Shibboleth User Authentication",
+    :seq_no => 2,
+    :description => "Shibboleth field name containing user login names")
+
+  ConcertoConfig.make_concerto_config("shib_email_key", "email",
+    :value_type => "string",
+    :category => "Shibboleth User Authentication",
+    :seq_no => 3,
+    :description => "Shibboleth field name containing user email addresses")
+
+  ConcertoConfig.make_concerto_config("shib_email_suffix", "@",
+    :value_type => "string",
+    :category => "Shibboleth User Authentication",
+    :seq_no => 4,
+    :description => "Appends this suffix to a Shibboleth returned user id. Leave blank if using email_key above")
+
+  ConcertoConfig.make_concerto_config("shib_first_name_key", "first_name",
+    :value_type => "string",
+    :category => "Shibboleth User Authentication",
+    :seq_no => 5,
+    :description => "Shibboleth field name containing first name")
+
+  # Store omniauth config values from main application's ConcertoConfig
+  omniauth_config = {
+    :host => URI.parse(ConcertoConfig[:shib_url]).host,
+    :url => ConcertoConfig[:shib_url],
+    :uid_key => ConcertoConfig[:shib_uid_key],
+    :first_name_key => ConcertoConfig[:shib_first_name_key],
+    :email_key => ConcertoConfig[:shib_email_key],
+    :email_suffix => ConcertoConfig[:shib_email_suffix],
+    :callback_url => "/auth/shib/callback"
+  }
+
+  # configure omniauth-shib gem based on specified yml configs
+  Rails.application.config.middleware.use OmniAuth::Builder do
+    provider :shibboleth, omniauth_config
+  end
+
+  # save omniauth configuration for later use in application
+  #  to reference any unique identifiers for extra shib options
+  ConcertoShibAuth::Engine.configure do
+     config.omniauth_keys = omniauth_config
+  end
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+Concerto::Application.routes.draw do
+  get "/auth/shibboleth/callback", :to => "concerto_shib_auth/omniauth_callback#shib_auth"
+end

data/lib/concerto_shib_auth/engine.rb

@@ -0,0 +1,27 @@
+module ConcertoCasAuth
+
+  require 'omniauth'
+  require 'omniauth-shibboleth'
+  require 'concerto_identity'
+
+  class Engine < ::Rails::Engine
+    isolate_namespace ConcertoShibAuth
+    engine_name 'concerto_cas_auth'
+
+    # Define plugin information for the Concerto application to read.
+    # Do not modify @plugin_info outside of this static configuration block.
+    def plugin_info(plugin_info_class)
+      @plugin_info ||= plugin_info_class.new do
+
+        # Add our concerto_cas_auth route to the main application
+        add_route("concerto_shib_auth", ConcertoCasAuth::Engine)
+
+        # View hook to override Devise sign in links in the main application
+        add_view_hook "ApplicationController", :signin_hook,
+          :partial => "concerto_cas_auth/omniauth_cas/signin"
+
+      end
+    end
+
+  end
+end

data/lib/concerto_shib_auth/version.rb

@@ -0,0 +1,3 @@
+module ConcertoShibAuth
+  VERSION = "0.0.2"
+end

data/lib/concerto_shib_auth.rb

@@ -0,0 +1,4 @@
+require "concerto_shib_auth/engine"
+
+module ConcertoShibAuth
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: concerto_shib_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Joshua Foster, based from Gabe Perez
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-11-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-shibboleth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: concerto_identity
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Authorize Concerto users with Shibboleth
+email:
+- jfosterrit@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- app/assets/javascripts/concerto_shib_auth/application.js
+- app/assets/stylesheets/concerto_shib_auth/application.css
+- app/controllers/concerto_shib_auth/application_controller.rb
+- app/controllers/concerto_shib_auth/omniauth_callback_controller.rb
+- app/helpers/concerto_shib_auth/application_helper.rb
+- app/views/concerto_shib_auth/omniauth_shibboleth/_signin.html.erb
+- config/initializers/omniauth.rb
+- config/routes.rb
+- lib/concerto_shib_auth.rb
+- lib/concerto_shib_auth/engine.rb
+- lib/concerto_shib_auth/version.rb
+- lib/tasks/concerto_shib_auth_tasks.rake
+homepage: http://www.concerto-signage.org
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.4
+signing_key: 
+specification_version: 4
+summary: Provides user authentication using Shibboleth
+test_files: []