concerto_shib_auth 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/LICENSE +13 -0
- data/README.md +4 -0
- data/Rakefile +34 -0
- data/app/assets/javascripts/concerto_shib_auth/application.js +13 -0
- data/app/assets/stylesheets/concerto_shib_auth/application.css +15 -0
- data/app/controllers/concerto_shib_auth/application_controller.rb +85 -0
- data/app/controllers/concerto_shib_auth/omniauth_callback_controller.rb +27 -0
- data/app/helpers/concerto_shib_auth/application_helper.rb +4 -0
- data/app/views/concerto_shib_auth/omniauth_shibboleth/_signin.html.erb +1 -0
- data/config/initializers/omniauth.rb +56 -0
- data/config/routes.rb +3 -0
- data/lib/concerto_shib_auth/engine.rb +27 -0
- data/lib/concerto_shib_auth/version.rb +3 -0
- data/lib/concerto_shib_auth.rb +4 -0
- data/lib/tasks/concerto_shib_auth_tasks.rake +0 -0
- metadata +100 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
N2NmMDJhNGQ4ZGNjYWU0MThlMmUzNjAyMmY2ZTA3MTA4MjA2NDA3Ng==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
NmZhZTk5ODAyODA0MTMzZDZjZGU5NTYyNzNmN2E5OWM4YzMxODI3OQ==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
YjUzYjVhZTZkYTA4MjI3NjJhY2UzYzhjMDZjMTMzNDkxODkwOGI3MTRiNTg2
|
10
|
+
MzEwNjNlODlhNzEzODFmODJiMGE5MzlkODM0MTUzOTkxNDU5OGRjYTAzNDEx
|
11
|
+
MGU0ZmMyZDk2NmM3OWJiMzIzMmI1OGIxOGY3YmJmMGQ4YzY0N2E=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
ZjBlZTk4MTRjNjcxM2VmOWVjMmQwYzFiZmQyM2Q5NzQxZWE1NzZlNDY5ZDJk
|
14
|
+
NTY2NTgyZjg4Mzg3ZjkwYmQzODQ4NmU2ZWNmNDkwMDQ1MWFiNGIzNzI3Y2Yy
|
15
|
+
YWM4MzEyYjhhZjAwZDZjN2JhY2ZiMDBiNmU5NWRlZDYwNWYxM2Q=
|
data/LICENSE
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
Copyright 2014 Concerto Authors
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
you may not use this file except in compliance with the License.
|
5
|
+
You may obtain a copy of the License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
See the License for the specific language governing permissions and
|
13
|
+
limitations under the License.
|
data/README.md
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'ConcertoShibAuth'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
|
18
|
+
load 'rails/tasks/engine.rake'
|
19
|
+
|
20
|
+
|
21
|
+
|
22
|
+
Bundler::GemHelper.install_tasks
|
23
|
+
|
24
|
+
require 'rake/testtask'
|
25
|
+
|
26
|
+
Rake::TestTask.new(:test) do |t|
|
27
|
+
t.libs << 'lib'
|
28
|
+
t.libs << 'test'
|
29
|
+
t.pattern = 'test/**/*_test.rb'
|
30
|
+
t.verbose = false
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
task default: :test
|
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,15 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any styles
|
10
|
+
* defined in the other CSS/SCSS files in this directory. It is generally better to create a new
|
11
|
+
* file per style scope.
|
12
|
+
*
|
13
|
+
*= require_tree .
|
14
|
+
*= require_self
|
15
|
+
*/
|
@@ -0,0 +1,85 @@
|
|
1
|
+
module ConcertoCasAuth
|
2
|
+
class ApplicationController < ::ApplicationController
|
3
|
+
|
4
|
+
# Used to map a user id with a corresponding authentication provider in the
|
5
|
+
# database (in this case it's Shibboleth)
|
6
|
+
require 'concerto_identity'
|
7
|
+
|
8
|
+
# Find or create a new user based on values returned by the shib callback
|
9
|
+
def find_from_omniauth(shib_hash)
|
10
|
+
# Get configuration options for customized shib return value identifiers
|
11
|
+
omniauth_keys = ConcertoShibAuth::Engine.config.omniauth_keys
|
12
|
+
|
13
|
+
# Check if an identity records exists for the user attempting to sign in
|
14
|
+
if identity = ConcertoIdentity::Identity.find_by_external_id(
|
15
|
+
shib_hash[omniauth_keys[:uid_key]])
|
16
|
+
# Return the matching user record
|
17
|
+
return identity.user
|
18
|
+
else
|
19
|
+
# Add a new user via omniauth shib details
|
20
|
+
user = User.new
|
21
|
+
|
22
|
+
# Set user attributes
|
23
|
+
|
24
|
+
# First name is required for user validation
|
25
|
+
if !shib_hash[omniauth_keys[:first_name_key]].nil?
|
26
|
+
user.first_name = shib_hash[omniauth_keys[:first_name_key]]
|
27
|
+
else
|
28
|
+
user.first_name = shib_hash[omniauth_keys[:uid_key]]
|
29
|
+
end
|
30
|
+
|
31
|
+
# Email is required for user validation
|
32
|
+
if !shib_hash[omniauth_keys[:email_key]].nil?
|
33
|
+
user.email = shib_hash[omniauth_keys[:email_key]]
|
34
|
+
else
|
35
|
+
user.email = shib_hash[omniauth_keys[:uid_key]] +
|
36
|
+
"@" + omniauth_keys[:email_suffix].tr("@", "")
|
37
|
+
end
|
38
|
+
|
39
|
+
# Set user admin flag to false
|
40
|
+
user.is_admin = false
|
41
|
+
# Set user password and confirmation to random tokens
|
42
|
+
user.password,user.password_confirmation=Devise.friendly_token.first(8)
|
43
|
+
|
44
|
+
# Check if this is our application's first user
|
45
|
+
if !User.exists?
|
46
|
+
# First user is an admin
|
47
|
+
first_user_setup = true
|
48
|
+
user.is_admin = true
|
49
|
+
|
50
|
+
# Error reporting
|
51
|
+
user.recieve_moderation_notifications = true
|
52
|
+
user.confirmed_at = Date.today
|
53
|
+
|
54
|
+
# Set concerto system config variables
|
55
|
+
if ConcertoConfig["setup_complete"] == false
|
56
|
+
ConcertoConfig.set("setup_complete", "true")
|
57
|
+
ConcertoConfig.set("send_errors", "true")
|
58
|
+
end
|
59
|
+
|
60
|
+
# Create Concerto Admin Group
|
61
|
+
group = Group.where(:name => "Concerto Admins").first_or_create
|
62
|
+
membership = Membership.create(:user_id => user.id,
|
63
|
+
:group_id => group.id,
|
64
|
+
:level => Membership::LEVELS[:leader])
|
65
|
+
end
|
66
|
+
|
67
|
+
# Attempt to save our new user
|
68
|
+
if user.save
|
69
|
+
# Create a matching identity to track our new user for future
|
70
|
+
# sessions and return our new user record
|
71
|
+
ConcertoIdentity::Identity.create(provider: "shibboleth",
|
72
|
+
external_id: shib_hash[omniauth_keys[:uid_key]],
|
73
|
+
user_id: user.id)
|
74
|
+
return user
|
75
|
+
else
|
76
|
+
# User save failed, an error occurred
|
77
|
+
flash.notice = "Failed to sign in with Shib.
|
78
|
+
#{user.errors.full_messages.to_sentence}."
|
79
|
+
return nil
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require_dependency "concerto_shib_auth/application_controller"
|
2
|
+
|
3
|
+
module ConcertoShibAuth
|
4
|
+
class OmniauthCallbackController < ApplicationController
|
5
|
+
|
6
|
+
def shib_auth
|
7
|
+
shib_hash = request.env["omniauth.auth"]
|
8
|
+
user = find_from_omniauth(shib_hash)
|
9
|
+
|
10
|
+
if !user
|
11
|
+
# Redirect showing flash notice with errors
|
12
|
+
redirect_to "/"
|
13
|
+
elsif user.persisted?
|
14
|
+
flash.notice = "Signed in through Shibboleth"
|
15
|
+
session["devise.user_attributes"] = user.attributes
|
16
|
+
sign_in user
|
17
|
+
redirect_to "/"
|
18
|
+
else
|
19
|
+
flash.notice = "Signed in through Shibboleth"
|
20
|
+
session["devise.user_attributes"] = user.attributes
|
21
|
+
sign_in user
|
22
|
+
redirect_to "/"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
<%= link_to 'Log in', 'auth/shibboleth/' %>
|
@@ -0,0 +1,56 @@
|
|
1
|
+
if ActiveRecord::Base.connection.table_exists? 'concerto_configs'
|
2
|
+
# Concerto Configs are created if they don't exist already
|
3
|
+
# these are used to initialize and configure omniauth-shibboleth
|
4
|
+
ConcertoConfig.make_concerto_config("shib_url", "https://shibboleth.main.ad.rit.edu/idp/Authn/UserPassword",
|
5
|
+
:value_type => "string",
|
6
|
+
:value_default => "https://shibboleth.main.ad.rit.edu/idp/Authn/UserPassword",
|
7
|
+
:category => "Shibboleth User Authentication",
|
8
|
+
:seq_no => 1,
|
9
|
+
:description =>"Defines the url of your Shibboleth server")
|
10
|
+
|
11
|
+
ConcertoConfig.make_concerto_config("shib_uid_key", "uid",
|
12
|
+
:value_type => "string",
|
13
|
+
:category => "Shibboleth User Authentication",
|
14
|
+
:seq_no => 2,
|
15
|
+
:description => "Shibboleth field name containing user login names")
|
16
|
+
|
17
|
+
ConcertoConfig.make_concerto_config("shib_email_key", "email",
|
18
|
+
:value_type => "string",
|
19
|
+
:category => "Shibboleth User Authentication",
|
20
|
+
:seq_no => 3,
|
21
|
+
:description => "Shibboleth field name containing user email addresses")
|
22
|
+
|
23
|
+
ConcertoConfig.make_concerto_config("shib_email_suffix", "@",
|
24
|
+
:value_type => "string",
|
25
|
+
:category => "Shibboleth User Authentication",
|
26
|
+
:seq_no => 4,
|
27
|
+
:description => "Appends this suffix to a Shibboleth returned user id. Leave blank if using email_key above")
|
28
|
+
|
29
|
+
ConcertoConfig.make_concerto_config("shib_first_name_key", "first_name",
|
30
|
+
:value_type => "string",
|
31
|
+
:category => "Shibboleth User Authentication",
|
32
|
+
:seq_no => 5,
|
33
|
+
:description => "Shibboleth field name containing first name")
|
34
|
+
|
35
|
+
# Store omniauth config values from main application's ConcertoConfig
|
36
|
+
omniauth_config = {
|
37
|
+
:host => URI.parse(ConcertoConfig[:shib_url]).host,
|
38
|
+
:url => ConcertoConfig[:shib_url],
|
39
|
+
:uid_key => ConcertoConfig[:shib_uid_key],
|
40
|
+
:first_name_key => ConcertoConfig[:shib_first_name_key],
|
41
|
+
:email_key => ConcertoConfig[:shib_email_key],
|
42
|
+
:email_suffix => ConcertoConfig[:shib_email_suffix],
|
43
|
+
:callback_url => "/auth/shib/callback"
|
44
|
+
}
|
45
|
+
|
46
|
+
# configure omniauth-shib gem based on specified yml configs
|
47
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
48
|
+
provider :shibboleth, omniauth_config
|
49
|
+
end
|
50
|
+
|
51
|
+
# save omniauth configuration for later use in application
|
52
|
+
# to reference any unique identifiers for extra shib options
|
53
|
+
ConcertoShibAuth::Engine.configure do
|
54
|
+
config.omniauth_keys = omniauth_config
|
55
|
+
end
|
56
|
+
end
|
data/config/routes.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
module ConcertoCasAuth
|
2
|
+
|
3
|
+
require 'omniauth'
|
4
|
+
require 'omniauth-shibboleth'
|
5
|
+
require 'concerto_identity'
|
6
|
+
|
7
|
+
class Engine < ::Rails::Engine
|
8
|
+
isolate_namespace ConcertoShibAuth
|
9
|
+
engine_name 'concerto_cas_auth'
|
10
|
+
|
11
|
+
# Define plugin information for the Concerto application to read.
|
12
|
+
# Do not modify @plugin_info outside of this static configuration block.
|
13
|
+
def plugin_info(plugin_info_class)
|
14
|
+
@plugin_info ||= plugin_info_class.new do
|
15
|
+
|
16
|
+
# Add our concerto_cas_auth route to the main application
|
17
|
+
add_route("concerto_shib_auth", ConcertoCasAuth::Engine)
|
18
|
+
|
19
|
+
# View hook to override Devise sign in links in the main application
|
20
|
+
add_view_hook "ApplicationController", :signin_hook,
|
21
|
+
:partial => "concerto_cas_auth/omniauth_cas/signin"
|
22
|
+
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
File without changes
|
metadata
ADDED
@@ -0,0 +1,100 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: concerto_shib_auth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Joshua Foster, based from Gabe Perez
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-11-18 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ! '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ! '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: omniauth-shibboleth
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ! '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ! '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: concerto_identity
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ! '>='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ! '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
description: Authorize Concerto users with Shibboleth
|
56
|
+
email:
|
57
|
+
- jfosterrit@gmail.com
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- LICENSE
|
63
|
+
- README.md
|
64
|
+
- Rakefile
|
65
|
+
- app/assets/javascripts/concerto_shib_auth/application.js
|
66
|
+
- app/assets/stylesheets/concerto_shib_auth/application.css
|
67
|
+
- app/controllers/concerto_shib_auth/application_controller.rb
|
68
|
+
- app/controllers/concerto_shib_auth/omniauth_callback_controller.rb
|
69
|
+
- app/helpers/concerto_shib_auth/application_helper.rb
|
70
|
+
- app/views/concerto_shib_auth/omniauth_shibboleth/_signin.html.erb
|
71
|
+
- config/initializers/omniauth.rb
|
72
|
+
- config/routes.rb
|
73
|
+
- lib/concerto_shib_auth.rb
|
74
|
+
- lib/concerto_shib_auth/engine.rb
|
75
|
+
- lib/concerto_shib_auth/version.rb
|
76
|
+
- lib/tasks/concerto_shib_auth_tasks.rake
|
77
|
+
homepage: http://www.concerto-signage.org
|
78
|
+
licenses: []
|
79
|
+
metadata: {}
|
80
|
+
post_install_message:
|
81
|
+
rdoc_options: []
|
82
|
+
require_paths:
|
83
|
+
- lib
|
84
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ! '>='
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
90
|
+
requirements:
|
91
|
+
- - ! '>='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
94
|
+
requirements: []
|
95
|
+
rubyforge_project:
|
96
|
+
rubygems_version: 2.4.4
|
97
|
+
signing_key:
|
98
|
+
specification_version: 4
|
99
|
+
summary: Provides user authentication using Shibboleth
|
100
|
+
test_files: []
|