contour 0.8.4 → 0.9.0

data/CHANGELOG.rdoc

@@ -1,3 +1,19 @@
+== 0.9.0
+
+* Enhancements
+  * Updated Contour to work with OmniAuth 1.0
+    * Contour will now provide support for the following providers:
+      * OmniAuth OpenID
+      * OmniAuth LDAP
+      * OmniAuth Twitter
+      * OmniAuth Facebook
+      * OmniAuth LinkedIn
+      * OmniAuth CAS
+    * Authentication provider names now rely on the OmniAuth camelizations
+
+* Testing
+  * SimpleCov testing updated to show gem test coverage
+
 == 0.8.4
 
 * Bug Fix

data/README.rdoc

@@ -46,7 +46,7 @@ Make sure you have Rails 3.2.0
   
 Modify Gemfile and add
 
-  gem 'contour', '~> 0.8.4'          # Basic Layout and Assets
+  gem 'contour', '~> 0.9.0'          # Basic Layout and Assets
 
 Run Bundle install
 
@@ -118,10 +118,10 @@ Add the following to your app/models/user.rb
   end
 
   def apply_omniauth(omniauth)
-    unless omniauth['user_info'].blank?
-      self.email = omniauth['user_info']['email'] if email.blank?
-      self.first_name = omniauth['user_info']['first_name'] if first_name.blank?
-      self.last_name = omniauth['user_info']['last_name'] if last_name.blank?
+    unless omniauth['info'].blank?
+      self.email = omniauth['info']['email'] if email.blank?
+      self.first_name = omniauth['info']['first_name'] if first_name.blank?
+      self.last_name = omniauth['info']['last_name'] if last_name.blank?
     end
     authentications.build(:provider => omniauth['provider'], :uid => omniauth['uid'])
   end
@@ -135,11 +135,7 @@ Add the following to your app/models/authentication.rb
   belongs_to :user
 
   def provider_name
-    if provider == 'open_id'
-      "OpenID"
-    else
-      provider.titleize
-    end
+    OmniAuth.config.camelizations[provider.to_s.downcase] || provider.to_s.titleize
   end
 
 Edit config/initializers/devise.rb and comment out the sign_out_via delete line

data/app/controllers/contour/authentications_controller.rb

@@ -4,11 +4,11 @@ class Contour::AuthenticationsController < ApplicationController
   end
 
   def passthru
-    render :file => "#{Rails.root}/public/404", :formats => [:html], :status => 404, :layout => false
+    render file: "#{Rails.root}/public/404", formats: [:html], status: 404, layout: false
   end
 
   def failure
-    redirect_to new_user_session_path, :alert => params[:message].blank? ? nil : params[:message].humanize
+    redirect_to new_user_session_path, alert: params[:message].blank? ? nil : params[:message].humanize
   end
 
   def create
@@ -18,10 +18,10 @@ class Contour::AuthenticationsController < ApplicationController
     
     if omniauth
     
-      omniauth['uid'] = omniauth['user_info']['email'] if omniauth['provider'] == 'google_apps' and omniauth['user_info']
+      omniauth['uid'] = omniauth['info']['email'] if omniauth['provider'] == 'google_apps' and omniauth['info']
       authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])
       logger.info "OMNI AUTH INFO: #{omniauth.inspect}"
-      omniauth['user_info']['email'] = omniauth['extra']['user_hash']['email'] if omniauth['user_info'] and omniauth['user_info']['email'].blank? and omniauth['extra'] and omniauth['extra']['user_hash']
+      omniauth['info']['email'] = omniauth['extra']['raw_info']['email'] if omniauth['info'] and omniauth['info']['email'].blank? and omniauth['extra'] and omniauth['extra']['raw_info']
       if authentication
         logger.info "Existing authentication found."
         session["user_return_to"] = request.env["action_dispatch.request.unsigned_session_cookie"]["user_return_to"] if request.env and request.env["action_dispatch.request.unsigned_session_cookie"] and request.env["action_dispatch.request.unsigned_session_cookie"]["user_return_to"] and session["user_return_to"].blank?
@@ -29,8 +29,8 @@ class Contour::AuthenticationsController < ApplicationController
         sign_in_and_redirect(:user, authentication.user)
       elsif current_user
         logger.info "Logged in user found, creating associated authentication."
-        current_user.authentications.create!(:provider => omniauth['provider'], :uid => omniauth['uid'])
-        redirect_to authentications_path, :notice => "Authentication successful."
+        current_user.authentications.create!( provider: omniauth['provider'], uid: omniauth['uid'] )
+        redirect_to authentications_path, notice: "Authentication successful."
       else
         logger.info "Creating new user with new authentication."
         user = User.new(params[:user])
@@ -49,7 +49,7 @@ class Contour::AuthenticationsController < ApplicationController
       request.env.keys.each do |key|
         logger.info "request.env[#{key}]: #{request.env[key]}"
       end
-      redirect_to authentications_path, :alert => "Authentication not successful."
+      redirect_to authentications_path, alert: "Authentication not successful."
     end
     
   end

data/app/models/authentication.rb

@@ -2,10 +2,6 @@ class Authentication < ActiveRecord::Base
   belongs_to :user
   
   def provider_name
-    if provider == 'open_id'
-      "OpenID"
-    else
-      provider.to_s.titleize
-    end
+    OmniAuth.config.camelizations[provider.to_s.downcase] || provider.to_s.titleize
   end
 end

data/app/views/contour/authentications/_index.html.erb

@@ -2,21 +2,10 @@
   <tr>
     <% PROVIDERS.each do |provider| %>
       <% url_params = (provider == :google_apps) ? '?domain=gmail.com' : '' %>
-      <% if provider == :open_id %>
-        <% provider_name = 'OpenID' %>
-        <% image_name = 'openid' %>
-      <% elsif provider == :linked_in %>
-        <% provider_name = 'LinkedIn' %>
-        <% image_name = 'linkedin' %>
-      <% elsif [:LDAP, :CAS].include?(provider) %>
-        <% provider_name = provider.to_s.upcase %>
-        <% image_name = provider.to_s.downcase %>
-      <% else %>
-        <% provider_name = provider.to_s.titleize %>
-        <% image_name = provider.to_s.downcase %>
-      <% end %>
+      <% provider_name = OmniAuth.config.camelizations[provider.to_s.downcase] || provider.to_s.titleize %>
+      <% image_name = provider.to_s.downcase %>
       <td style="white-space:nowrap;text-align:center;border-width:0px">
-        <a href="<%= request.script_name %><%= "/" + OmniAuth.config.path_prefix.split('/').last.to_s %><%= "/" + provider.to_s.downcase %><%= url_params %>" class="noicon"><%= image_tag "contour/#{image_name}_64.png", :align => 'absmiddle', :height => "64px", :alt => provider_name %></a>
+        <a href="<%= request.script_name %><%= "/" + OmniAuth.config.path_prefix.split('/').last.to_s %><%= "/" + provider.to_s.downcase %><%= url_params %>" class="noicon"><%= image_tag "contour/#{image_name}_64.png", align: 'absmiddle', height: "64px", alt: provider_name %></a>
         <br /><br />
         <%= provider_name %>
       </td>

data/app/views/contour/authentications/_menu.html.erb

@@ -1,21 +1,10 @@
 <% PROVIDERS.each do |provider| %>
   <% url_params = (provider == :google_apps) ? '?domain=gmail.com' : '' %>
-  <% if provider == :open_id %>
-    <% provider_name = 'OpenID' %>
-    <% image_name = 'openid' %>
-  <% elsif provider == :linked_in %>
-    <% provider_name = 'LinkedIn' %>
-    <% image_name = 'linkedin' %>
-  <% elsif [:LDAP, :CAS].include?(provider) %>
-    <% provider_name = provider.to_s.upcase %>
-    <% image_name = provider.to_s.downcase %>
-  <% else %>
-    <% provider_name = provider.to_s.titleize %>
-    <% image_name = provider.to_s.downcase %>
-  <% end %>
-  <li class="parent li_right" style="top:-4px;height:20px;"> <%# margin-right:15px;padding-left:0px;padding-right:0px %>
+  <% provider_name = OmniAuth.config.camelizations[provider.to_s.downcase] || provider.to_s.titleize %>
+  <% image_name = provider.to_s.downcase %>
+  <li class="parent li_right" style="top:-4px;height:20px;">
     <a href="<%= request.script_name %><%= "/" + OmniAuth.config.path_prefix.split('/').last.to_s %><%= "/" + provider.to_s.downcase %><%= url_params %>" class="noicon">
-      <%= image_tag "contour/#{image_name}_32.png", :align => 'absmiddle', :height => "28px", :title => provider_name %>
+      <%= image_tag "contour/#{image_name}_32.png", align: 'absmiddle', height: "28px", title: provider_name %>
     </a>
   </li>
 <% end %>

data/contour.gemspec

@@ -20,10 +20,16 @@ Gem::Specification.new do |s|
   
   s.platform = Gem::Platform::RUBY
   
-  s.add_dependency 'rails',         '~> 3.2.0.rc2'
-  s.add_dependency 'devise',        '~> 1.4.9'
-  s.add_dependency 'omniauth',      '=0.2.6'
-  s.add_dependency 'jquery-rails',  '~> 2.0.0'
+  s.add_dependency 'rails',                   '~> 3.2.0.rc2'
+  s.add_dependency 'jquery-rails',            '~> 2.0.0'
+  s.add_dependency 'devise',                  '~> 1.5.3'
+  s.add_dependency 'omniauth',                '~> 1.0.1'
+  s.add_dependency 'omniauth-openid',         '~> 1.0.1'
+  s.add_dependency 'omniauth-ldap',           '~> 1.0.2'
+  s.add_dependency 'omniauth-twitter',        '~> 0.0.7'
+  s.add_dependency 'omniauth-facebook',       '~> 1.2.0'
+  s.add_dependency 'omniauth-linkedin',       '~> 0.0.6'
+  s.add_dependency 'omniauth-cas',            '~> 0.0.3'
   
   s.files = Dir["{app,config,db,lib}/**/*"] + ["CHANGELOG.rdoc", "contour.gemspec", "LICENSE", "Rakefile", "README.rdoc"]
   s.test_files = Dir["test/**/*"]

data/lib/contour/fixes/omniauth.rb

@@ -1,4 +1,5 @@
 require 'omniauth'
+require 'omniauth-ldap'
 
 # Overwriting methods from Rack
 module OmniAuth
@@ -13,11 +14,11 @@ module OmniAuth
     def on_failure(&block)
       OmniAuth.config.on_failure = block
     end
-
+  
     def configure(&block)
       OmniAuth.configure(&block)
     end
-
+  
     def provider(klass, *args, &block)
       if klass.is_a?(Class)
         middleware = klass
@@ -28,114 +29,89 @@ module OmniAuth
           raise LoadError, "Could not find matching strategy for #{klass.inspect}. You may need to install an additional gem (such as omniauth-#{klass})."
         end
       end
-
+  
       use middleware, *args, &block
     end
-
+  
     def call(env)
       to_app.call(env)
     end
   end
+end
 
-  module Strategies
-    class LDAP
-      # include OmniAuth::Strategy
+# Fix for LDAP Authentication with Domains
+module OmniAuth
+  class Form
+    def hidden_field(name, value)
+      @html << "<input type='hidden' id='#{name}' name='#{name}' value='#{value}'/>"
+      self
+    end
+  end
+  
+  module LDAP
+    class Adaptor
+      class LdapError < StandardError; end
+      class ConfigurationError < StandardError; end
+      class AuthenticationError < StandardError; end
+      class ConnectionError < StandardError; end
+
+      attr_accessor :bind_dn, :password
+      attr_reader :connection, :uid, :base, :auth
+      def self.validate(configuration={})
+        message = []
+        MUST_HAVE_KEYS.each do |name|
+           message << name if configuration[name].nil?
+        end
+        raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
+      end
       
-      def initialize(app, options = {}, &block)
-        # Rails.logger.debug "Contour::Fixes => Omniauth::Strategies::LDAP::initialize"
-        super(app, options[:name] || :ldap, options.dup, &block)
-        @name_proc = (@options.delete(:name_proc) || Proc.new {|name| name})
-        @adaptor = OmniAuth::Strategies::LDAP::Adaptor.new(options)
-        @domain = options[:domain] # Added
+      def bind_as(args = {})
+        result = false
+        ldap = @connection
+        ldap.auth args[:username], args[:password]
+        rs = ldap.search(base: args[:base], filter: Net::LDAP::Filter.eq(@uid, args[:username].split('\\').last.to_s))
+        result = rs.first if rs
+        result
       end
       
-      protected
+    end
+  end
+
+  module Strategies
+    class LDAP
+      include OmniAuth::Strategy
+      
+      option :domain, ''
       
-      # Reroutes directly to callback_phase instead of redirecting to callback_path
-      # TODO: Possibility that this could be removed in the future.
       def request_phase
-        # Rails.logger.info "Contour::Fixes => Omniauth::Strategies::LDAP::request_phase Request Phase Hook"
-        if env['REQUEST_METHOD'] == 'GET'
-          get_credentials
-        else
-          session['omniauth.ldap'] = {'username' => request['username'], 'password' => request['password']}
-          if true
-            # Rails.logger.info "Contour::Fixes => Omniauth::Strategies::LDAP::request_phase Skipping Redirect"
-            callback_phase # Added
-          else
-            redirect callback_path
-          end
-        end
+        OmniAuth::LDAP::Adaptor.validate @options
+        f = OmniAuth::Form.new(:title => (options[:title] || "LDAP Authentication"), :url => "#{@env['SCRIPT_NAME']}" + callback_path)
+        f.hidden_field 'domain', options[:domain] # Added to allow domains from option
+        f.text_field 'Login', 'username'
+        f.password_field 'Password', 'password'
+        f.to_response
       end
       
-      # Includes addition of a "domain"
       def callback_phase
-        failure_temp_path = "#{@env['SCRIPT_NAME']}/#{OmniAuth.config.path_prefix.split('/').last}/failure?message=invalid_credentials"
-        
+        failure_temp_path = "#{@env['SCRIPT_NAME']}/#{OmniAuth.config.path_prefix.split('/').last}/failure?message=invalid_credentials" # Added
+        bind_dn = "#{request['domain'] + '\\' unless request['domain'].blank?}#{request['username']}" # Added
+        @options[:bind_dn] = bind_dn if @options[:bind_dn].blank? # Added
+        @adaptor = OmniAuth::LDAP::Adaptor.new @options
+
+        raise MissingCredentialsError.new("Missing login credentials") if request['username'].nil? || request['password'].nil?
         begin
-          creds = session['omniauth.ldap']
-          session.delete 'omniauth.ldap'
-          @ldap_user_info = {}
-          begin
-            creds['username'] = @domain.to_s + '\\' + creds['username'] unless @domain.blank?
-            @adaptor.bind(:bind_dn => creds['username'], :password => creds['password'])
-          rescue Exception => e
-            Rails.logger.info "Failed to bind with the default credentials: " + e.message
-            return redirect failure_temp_path
-            # return fail!(:invalid_credentials, e)
-          end
-          
-          @ldap_user_info = @adaptor.search(:base => @adaptor.base, :filter => Net::LDAP::Filter.eq(@adaptor.uid, creds['username'].split('\\').last.to_s),:limit => 1)
-          @ldap_user_info.each do |key, val|
-            @ldap_user_info[key] = val.first if val.class == Array and val.size == 1
-          end
-          
-          @user_info = self.class.map_user(@@config, @ldap_user_info)
+          @ldap_user_info = @adaptor.bind_as(base: @adaptor.base, username: bind_dn, :password => request['password']) # Modified
+
+          # return fail!(:invalid_credentials) if !@ldap_user_info
+          return redirect failure_temp_path if !@ldap_user_info
 
-          @env['REQUEST_METHOD'] = 'GET'
-          # @env['PATH_INFO'] = callback_path
-          @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix.split('/').last}/#{name}/callback"
-          
-          @env['omniauth.auth'] = {'provider' => 'ldap', 'uid' => @user_info['uid'], 'user_info' => @user_info, 'bla' => 5}
+          @user_info = self.class.map_user(@@config, @ldap_user_info)
+          super
         rescue Exception => e
-          Rails.logger.info "Exception in callback_phase: #{e.inspect}"
+          # return fail!(:ldap_error, e)
           return redirect failure_temp_path
-          # return fail!(:invalid_credentials, e)
         end
-        
-        call_app!
       end
-      
-      def self.map_user mapper, object
-        user = {}
-        mapper.each do |key, value|
-          case value
-            when String
-              if object[value.downcase.to_sym]
-                if object[value.downcase.to_sym].kind_of?(Array)
-                  user[key] = object[value.downcase.to_sym].join(', ')
-                else
-                  user[key] = object[value.downcase.to_sym].to_s 
-                end
-              end
-            when Array
-              # value.each {|v| (user[key] = object[v.downcase.to_sym].to_s; break;) if object[v.downcase.to_sym]}
-              value.each {|v| (user[key] = object[v.downcase.to_sym].join(', '); break;) if object[v.downcase.to_sym]}
-            when Hash
-              value.map do |key1, value1|
-                pattern = key1.dup
-                value1.each_with_index do |v,i|
-                  part = '';
-                  v.each {|v1| (part = object[v1.downcase.to_sym].to_s; break;) if object[v1.downcase.to_sym]}
-                  pattern.gsub!("%#{i}",part||'') 
-                end 
-                user[key] = pattern
-              end
-            end
-          end
-        user
-      end
-      
     end
   end
 end

data/lib/contour/version.rb

@@ -1,8 +1,8 @@
 module Contour
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 8
-    TINY = 4
+    MINOR = 9
+    TINY = 0
     BUILD = nil # nil, "pre", "rc", "rc2"
 
     STRING = [MAJOR, MINOR, TINY, BUILD].compact.join('.')

data/test/dummy/app/models/user.rb

@@ -30,10 +30,10 @@ class User < ActiveRecord::Base
   end
   
   def apply_omniauth(omniauth)
-    unless omniauth['user_info'].blank?
-      self.email = omniauth['user_info']['email'] if email.blank?
-      self.first_name = omniauth['user_info']['first_name'] if first_name.blank?
-      self.last_name = omniauth['user_info']['last_name'] if last_name.blank?
+    unless omniauth['info'].blank?
+      self.email = omniauth['info']['email'] if email.blank?
+      self.first_name = omniauth['info']['first_name'] if first_name.blank?
+      self.last_name = omniauth['info']['last_name'] if last_name.blank?
     end
     authentications.build(:provider => omniauth['provider'], :uid => omniauth['uid'])
   end

data/test/dummy/config/initializers/omniauth.rb

@@ -1,22 +1,33 @@
+require 'omniauth-openid'
+require 'omniauth-ldap'
+require 'omniauth-twitter'
+require 'omniauth-facebook'
+require 'omniauth-linkedin'
+require 'omniauth-cas'
+
 require 'openid/store/filesystem'
 Rails.application.config.middleware.use OmniAuth::Builder do
-  # provider :open_id, OpenID::Store::Filesystem.new('/tmp'), :name => 'google_apps', :identifier => 'https://www.google.com/accounts/o8/id'
-  # provider :twitter, 'CONSUMER_KEY', 'CONSUMER_SECRET'
-  # provider :facebook, 'APP_ID', 'APP_SECRET'
-  # provider :linked_in, 'CONSUMER_KEY', 'CONSUMER_SECRET'
-  # provider :open_id, OpenID::Store::Filesystem.new('/tmp')
-  # provider :CAS, :cas_server => 'https://www.example.com/cas'
-  # provider :LDAP, :host => 'ldap.example.com', :port => 389, :method => :simple, :base => 'cn=users,dc=example,dc=com', :uid => 'sAMAccountName', :try_sasl => true, :sasl_mechanisms => "GSS-SPNEGO", :domain => ''
+  provider :open_id, store: OpenID::Store::Filesystem.new('/tmp'), name: 'google_apps', identifier: 'https://www.google.com/accounts/o8/id'
+  provider :open_id, store: OpenID::Store::Filesystem.new('/tmp')
+  provider :LDAP, host: 'ldap.example.com', port: 389, method: :plain, base: 'cn=users,dc=example,dc=com', uid: 'sAMAccountName', domain: '' #, try_sasl: true, sasl_mechanisms: "GSS-SPNEGO"
+  
+  provider :twitter, 'CONSUMER_KEY', 'CONSUMER_SECRET'
+  provider :facebook, 'APP_ID', 'APP_SECRET'
+  provider :linked_in, 'CONSUMER_KEY', 'CONSUMER_SECRET'
+  provider :cas, host: 'cas.yourdomain.com', login_url: 'https://www.example.com/cas'
+  
+  # Other providers will need gems added in your Gemfile, and the provider configured in this block.
+  #   https://github.com/intridea/omniauth/wiki/List-of-Strategies
 end
 
 # This list will show the first choice as the default, and the rest as potential secondary login methods.
-PROVIDERS = [:google_apps, :twitter, :facebook, :linked_in, :open_id, :CAS, :LDAP]
+PROVIDERS = [:google_apps, :open_id, :LDAP, :twitter, :facebook, :linked_in, :cas]
 
 # LDAP
 # :port (required) - The LDAP server port.
 # :method (required) - May be :plain, :ssl, or :tls.
 # :base (required) - The distinguished name (DN) for your organization; all users should be searchable under this base.
 # :uid (required) - The LDAP attribute name for the user name in the login form. Typically AD would be 'sAMAccountName' or 'UniquePersonalIdentifier', while OpenLDAP is 'uid'. You can also use 'dn' for the user to put in the dn in the login form (but usually is too long for user to remember or know).
+# :domain - Enter to keep users from having to enter the LDAP domain, usually in the form domain\username. Backslash will be appended automatically.
 # :try_sasl - Try to use SASL connection to server.
-# :sasl_mechanisms - Mechanisms supported are 'DIGEST-MD5' and 'GSS-SPNEGO'
-# :domain - Enter to keep users from having to enter the LDAP domain, usually in the form domain\username. Backslash will be appended automatically.
+# :sasl_mechanisms - Mechanisms supported are 'DIGEST-MD5' and 'GSS-SPNEGO'