crowd-stefanwille 0.5.10 → 0.5.11
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -1
- data/History.txt +5 -2
- data/Rakefile +1 -1
- data/crowd-stefanwille.gemspec +2 -5
- data/lib/crowd.rb +52 -49
- data/lib/crowd/version.rb +1 -1
- data/spec/crowd_spec.rb +5 -1
- metadata +4 -7
- data/lib/crowd/http/request.rb +0 -6
- data/lib/crowd/http/response.rb +0 -5
- data/lib/crowd/http/sso.rb +0 -101
data/.gitignore
CHANGED
data/History.txt
CHANGED
@@ -1,6 +1,9 @@
|
|
1
1
|
|
2
|
-
== 0.5.
|
3
|
-
|
2
|
+
== 0.5.11 / 2010-07-26
|
3
|
+
* 0.5.11
|
4
|
+
* add Crowd.crowd_cookie_tokenkey for SSO
|
5
|
+
* add Crowd.crowd_validation_factors_need_user_agent for SSO
|
6
|
+
* add Crowd.get_cookie_info
|
4
7
|
* 0.5.10
|
5
8
|
* fixed bug in validation factor serialization
|
6
9
|
* 0.5.9
|
data/Rakefile
CHANGED
@@ -33,7 +33,7 @@ begin
|
|
33
33
|
gemspec.name = "crowd-stefanwille"
|
34
34
|
gemspec.version = Crowd::Version::STRING
|
35
35
|
gemspec.summary = "Ruby client for Atlassian Crowd 2.0"
|
36
|
-
gemspec.description = "A client for Atlassian
|
36
|
+
gemspec.description = "A client for Atlassian Crowd v2.0. Tested with Crowd 2.0.2 and 2.0.5."
|
37
37
|
gemspec.email = "post @nospam@ stefanwille.com"
|
38
38
|
gemspec.homepage = "http://github.com/stefanwille/crowd"
|
39
39
|
gemspec.authors = ["Stefan Wille", "Evgeny Zislis", "Jason Rimmer & Daniel Morrison"]
|
data/crowd-stefanwille.gemspec
CHANGED
@@ -5,12 +5,12 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{crowd-stefanwille}
|
8
|
-
s.version = "0.5.
|
8
|
+
s.version = "0.5.11"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Stefan Wille", "Evgeny Zislis", "Jason Rimmer & Daniel Morrison"]
|
12
12
|
s.date = %q{2010-07-26}
|
13
|
-
s.description = %q{A client for Atlassian
|
13
|
+
s.description = %q{A client for Atlassian Crowd v2.0. Tested with Crowd 2.0.2 and 2.0.5.}
|
14
14
|
s.email = %q{post @nospam@ stefanwille.com}
|
15
15
|
s.extra_rdoc_files = [
|
16
16
|
"README.rdoc"
|
@@ -23,9 +23,6 @@ Gem::Specification.new do |s|
|
|
23
23
|
"crowd-stefanwille.gemspec",
|
24
24
|
"demo/crowd_demo.rb",
|
25
25
|
"lib/crowd.rb",
|
26
|
-
"lib/crowd/http/request.rb",
|
27
|
-
"lib/crowd/http/response.rb",
|
28
|
-
"lib/crowd/http/sso.rb",
|
29
26
|
"lib/crowd/soap/SecurityServerClient.rb",
|
30
27
|
"lib/crowd/soap/crowd-2.0.5.wsdl",
|
31
28
|
"lib/crowd/soap/default.rb",
|
data/lib/crowd.rb
CHANGED
@@ -31,6 +31,8 @@ class Crowd
|
|
31
31
|
@@crowd_app_name = nil
|
32
32
|
@@crowd_app_pword = nil
|
33
33
|
@@crowd_url = nil
|
34
|
+
@@crowd_validation_factors_need_user_agent = false
|
35
|
+
@@crowd_cookie_tokenkey = 'crowd.token_key'
|
34
36
|
@@crowd_session_tokenkey = 'session.tokenkey'
|
35
37
|
@@crowd_session_validationinterval = 0
|
36
38
|
@@crowd_session_lastvalidation = 'session.lastvalidation'
|
@@ -41,45 +43,46 @@ class Crowd
|
|
41
43
|
# Configuration
|
42
44
|
#
|
43
45
|
|
44
|
-
|
45
|
-
The URL to use when connecting with the integration libraries to communicate with the Crowd server.
|
46
|
-
'''
|
46
|
+
# The URL to use when connecting with the integration libraries to communicate with the Crowd server.
|
47
47
|
def self.crowd_url=(value); @@crowd_url = value; end
|
48
48
|
|
49
|
-
|
50
|
-
|
51
|
-
This needs to match the name you specified in Crowd server.
|
52
|
-
'''
|
49
|
+
# The name that the application will use when authenticating with the Crowd server.
|
50
|
+
# This needs to match the name you specified in Crowd server.
|
53
51
|
def self.crowd_app_name=(value); @@crowd_app_name = value; end
|
54
52
|
|
55
|
-
|
56
|
-
|
57
|
-
This needs to match the password you specified in Crowd server.
|
58
|
-
'''
|
53
|
+
# The password that the application will use when authenticating with the Crowd server.
|
54
|
+
# This needs to match the password you specified in Crowd server.
|
59
55
|
def self.crowd_app_pword=(value); @@crowd_app_pword = value; end
|
60
56
|
|
61
57
|
#
|
62
58
|
# Relevant for SSO:
|
63
59
|
#
|
60
|
+
|
61
|
+
# This configuration depends on the Crowd java client library version that your other applications use.
|
62
|
+
# For crowd-integration-client-2.0.2.jar this needs to be 'true',
|
63
|
+
# for crowd-integration-client-2.0.5.jar this needs to be 'false'.
|
64
|
+
#
|
65
|
+
# Default is false.
|
66
|
+
def self.crowd_validation_factors_need_user_agent=(value); @@crowd_validation_factors_need_user_agent = value; end
|
64
67
|
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
'''
|
68
|
+
# The number of minutes to cache authentication validation in the session.
|
69
|
+
# If this value is set to 0, each HTTP request will be authenticated with the Crowd server.
|
70
|
+
# The default is 0.
|
69
71
|
def self.crowd_session_validationinterval=(value); @@crowd_session_validationinterval = value; end
|
70
72
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
73
|
+
# The cookie key to use when creating or reading the SSO token.
|
74
|
+
# Has a good default.
|
75
|
+
def self.crowd_cookie_tokenkey=(value); @@crowd_cookie_tokenkey = value; end
|
76
|
+
|
77
|
+
# The session key to use when storing a String value of the users authentication token.
|
78
|
+
# Has a good default.
|
75
79
|
def self.crowd_session_tokenkey=(value); @@crowd_session_tokenkey = value; end
|
76
80
|
|
77
|
-
|
78
|
-
|
79
|
-
Has a good default.
|
80
|
-
'''
|
81
|
+
# The session key to use when storing a timestamp of the users last authentication.
|
82
|
+
# Has a good default.
|
81
83
|
def self.crowd_session_lastvalidation=(value); @@crowd_session_lastvalidation = value; end
|
82
84
|
|
85
|
+
|
83
86
|
# for testing
|
84
87
|
def self.application_token=(value); @@application_token = value; end
|
85
88
|
def self.application_token; @@application_token; end
|
@@ -87,7 +90,9 @@ class Crowd
|
|
87
90
|
def self.crowd_app_name; @@crowd_app_name; end
|
88
91
|
def self.crowd_app_pword; @@crowd_app_pword; end
|
89
92
|
|
93
|
+
def self.crowd_validation_factors_need_user_agent; @@crowd_validation_factors_need_user_agent; end
|
90
94
|
def self.crowd_session_tokenkey; @@crowd_session_tokenkey; end
|
95
|
+
def self.crowd_cookie_tokenkey; @@crowd_cookie_tokenkey; end
|
91
96
|
def self.crowd_session_validationinterval; @@crowd_session_validationinterval; end
|
92
97
|
def self.crowd_session_lastvalidation; @@crowd_session_lastvalidation; end
|
93
98
|
|
@@ -107,7 +112,6 @@ class Crowd
|
|
107
112
|
# Public methods
|
108
113
|
#
|
109
114
|
|
110
|
-
##
|
111
115
|
# Authenticates an application client to the Crowd security server.
|
112
116
|
def self.authenticate_application(validation_factors = {})
|
113
117
|
pword = PasswordCredential.new(@@crowd_app_pword, false)
|
@@ -122,9 +126,10 @@ class Crowd
|
|
122
126
|
@@application_token = response.out
|
123
127
|
end
|
124
128
|
|
125
|
-
##
|
126
129
|
# Authenticates a principal verses the calling who is in the application's assigned directory.
|
127
130
|
#
|
131
|
+
# Validation factors are essential for SSO interoperable with Atlassian's Java client library.
|
132
|
+
#
|
128
133
|
# To use SSO, set:
|
129
134
|
# validation_factors = { 'USER_AGENT' => '...', 'REMOTE_ADDRESS' => '...' }
|
130
135
|
# for proxy users { 'X_FORWARDED_FOR" => '...' } might be useful as well.
|
@@ -158,7 +163,6 @@ class Crowd
|
|
158
163
|
end
|
159
164
|
|
160
165
|
|
161
|
-
##
|
162
166
|
# Authenticates a principal without validating a password.
|
163
167
|
def self.create_principal_token(username, validation_factors = {})
|
164
168
|
response = authenticated_connection do
|
@@ -169,7 +173,6 @@ class Crowd
|
|
169
173
|
response.out
|
170
174
|
end
|
171
175
|
|
172
|
-
##
|
173
176
|
# Checks if the principal's current token is still valid.
|
174
177
|
def self.is_valid_principal_token?(principal_token, validation_factors = {})
|
175
178
|
response = authenticated_connection do
|
@@ -186,8 +189,7 @@ class Crowd
|
|
186
189
|
end
|
187
190
|
end
|
188
191
|
|
189
|
-
|
190
|
-
# Add Principal
|
192
|
+
# Add principal to the crowd directory.
|
191
193
|
def self.add_principal(username, password, description, is_active, attributes)
|
192
194
|
response = authenticated_connection do
|
193
195
|
|
@@ -221,8 +223,7 @@ class Crowd
|
|
221
223
|
end
|
222
224
|
end
|
223
225
|
|
224
|
-
|
225
|
-
# Find Principal via username
|
226
|
+
# Find principal via username.
|
226
227
|
def self.find_principal_by_username(username)
|
227
228
|
response = authenticated_connection do
|
228
229
|
arg = FindPrincipalByName.new(@@application_token, username)
|
@@ -241,8 +242,7 @@ class Crowd
|
|
241
242
|
raise AuthenticationObjectNotFoundException, e
|
242
243
|
end
|
243
244
|
|
244
|
-
|
245
|
-
# Find Principal via token
|
245
|
+
# Find principal via token.
|
246
246
|
def self.find_principal_by_token(token)
|
247
247
|
response = authenticated_connection do
|
248
248
|
arg = FindPrincipalByToken.new(@@application_token, token)
|
@@ -264,8 +264,7 @@ class Crowd
|
|
264
264
|
raise AuthenticationException, e.message
|
265
265
|
end
|
266
266
|
|
267
|
-
|
268
|
-
# Invalidate Principal Token
|
267
|
+
# Invalidate principal token.
|
269
268
|
def self.invalidate_principal_token(token)
|
270
269
|
response = authenticated_connection do
|
271
270
|
arg = InvalidatePrincipalToken.new(@@application_token, token)
|
@@ -280,8 +279,7 @@ class Crowd
|
|
280
279
|
end
|
281
280
|
end
|
282
281
|
|
283
|
-
|
284
|
-
# Remove principal attribute
|
282
|
+
# Remove principal attribute.
|
285
283
|
def self.remove_attribute_principal(username, attributes)
|
286
284
|
if(attributes.class != Array)
|
287
285
|
attributes = [attributes]
|
@@ -304,7 +302,6 @@ class Crowd
|
|
304
302
|
end
|
305
303
|
end
|
306
304
|
|
307
|
-
##
|
308
305
|
# Add attribute to principal
|
309
306
|
def self.add_attribute_principal(username, attributes)
|
310
307
|
attributes.each do |key, val|
|
@@ -335,7 +332,6 @@ class Crowd
|
|
335
332
|
true
|
336
333
|
end
|
337
334
|
|
338
|
-
##
|
339
335
|
# Update attribute on principal
|
340
336
|
def self.update_attribute_principal(username, attributes)
|
341
337
|
attributes.each do |key, val|
|
@@ -366,7 +362,6 @@ class Crowd
|
|
366
362
|
true
|
367
363
|
end
|
368
364
|
|
369
|
-
##
|
370
365
|
# Remove principal
|
371
366
|
def self.remove_principal(username)
|
372
367
|
response = authenticated_connection do
|
@@ -384,7 +379,6 @@ class Crowd
|
|
384
379
|
end
|
385
380
|
end
|
386
381
|
|
387
|
-
##
|
388
382
|
# Find all principal names
|
389
383
|
def self.find_all_principal_names
|
390
384
|
response = authenticated_connection do
|
@@ -402,7 +396,6 @@ class Crowd
|
|
402
396
|
end
|
403
397
|
end
|
404
398
|
|
405
|
-
##
|
406
399
|
# Find all role names
|
407
400
|
def self.find_all_role_names
|
408
401
|
response = authenticated_connection do
|
@@ -420,7 +413,6 @@ class Crowd
|
|
420
413
|
end
|
421
414
|
end
|
422
415
|
|
423
|
-
##
|
424
416
|
# Add Role
|
425
417
|
def self.add_role(name, description, is_active)
|
426
418
|
response = authenticated_connection do
|
@@ -439,7 +431,6 @@ class Crowd
|
|
439
431
|
end
|
440
432
|
end
|
441
433
|
|
442
|
-
##
|
443
434
|
# Add Principal to Role
|
444
435
|
def self.add_principal_to_role(username, role)
|
445
436
|
response = authenticated_connection do
|
@@ -458,7 +449,6 @@ class Crowd
|
|
458
449
|
end
|
459
450
|
end
|
460
451
|
|
461
|
-
##
|
462
452
|
# Remove Principal form Role
|
463
453
|
def self.remove_principal_from_role(username, role)
|
464
454
|
response = authenticated_connection do
|
@@ -476,7 +466,6 @@ class Crowd
|
|
476
466
|
end
|
477
467
|
end
|
478
468
|
|
479
|
-
##
|
480
469
|
# Is Role Member
|
481
470
|
def self.is_role_member(username, role)
|
482
471
|
response = authenticated_connection do
|
@@ -496,7 +485,6 @@ class Crowd
|
|
496
485
|
|
497
486
|
|
498
487
|
|
499
|
-
##
|
500
488
|
# Remove Role
|
501
489
|
def self.remove_role(role)
|
502
490
|
response = authenticated_connection do
|
@@ -514,7 +502,6 @@ class Crowd
|
|
514
502
|
end
|
515
503
|
end
|
516
504
|
|
517
|
-
##
|
518
505
|
# Is Group Member
|
519
506
|
def self.is_group_member(username, group)
|
520
507
|
response = authenticated_connection do
|
@@ -664,7 +651,7 @@ class Crowd
|
|
664
651
|
##
|
665
652
|
# Returns the domain configured in Crowd or null if no domain has been set.
|
666
653
|
#
|
667
|
-
# *Deprecated:* This method has been superceded by
|
654
|
+
# *Deprecated:* This method has been superceded by get_cookie_info.
|
668
655
|
def self.get_domain
|
669
656
|
response = authenticated_connection do
|
670
657
|
arg = GetDomain.new(@@application_token)
|
@@ -679,6 +666,22 @@ class Crowd
|
|
679
666
|
end
|
680
667
|
end
|
681
668
|
|
669
|
+
# Returns the sso cookie configuration.
|
670
|
+
# Properties: cookie_info.domain and cookie_info.secure
|
671
|
+
def self.get_cookie_info
|
672
|
+
response = authenticated_connection do
|
673
|
+
arg = GetCookieInfo.new(@@application_token)
|
674
|
+
server.getCookieInfo(arg)
|
675
|
+
end
|
676
|
+
|
677
|
+
case response
|
678
|
+
when GetCookieInfoResponse
|
679
|
+
return response.out
|
680
|
+
else
|
681
|
+
raise AuthenticationException, response
|
682
|
+
end
|
683
|
+
end
|
684
|
+
|
682
685
|
##
|
683
686
|
# Updates the password credential for a principal who is in the application's assigned directory.
|
684
687
|
def self.update_principal_credential(principal, password)
|
data/lib/crowd/version.rb
CHANGED
data/spec/crowd_spec.rb
CHANGED
@@ -125,7 +125,7 @@ describe Crowd do
|
|
125
125
|
token = Crowd.authenticate_principal('unittest','unittest')
|
126
126
|
# overwrite application token
|
127
127
|
Crowd.application_token.token = 'fake'
|
128
|
-
Crowd.application_token.token.should
|
128
|
+
Crowd.application_token.token.should == 'fake'
|
129
129
|
# application should re-authenticate
|
130
130
|
Crowd.is_valid_principal_token?(token).should be_true
|
131
131
|
end
|
@@ -144,4 +144,8 @@ describe Crowd do
|
|
144
144
|
Crowd.find_all_group_names.should be_true
|
145
145
|
end
|
146
146
|
|
147
|
+
it "should get the cookie info" do
|
148
|
+
Crowd.get_cookie_info.should_not be_nil
|
149
|
+
end
|
150
|
+
|
147
151
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: crowd-stefanwille
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 29
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 5
|
9
|
-
-
|
10
|
-
version: 0.5.
|
9
|
+
- 11
|
10
|
+
version: 0.5.11
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Stefan Wille
|
@@ -48,7 +48,7 @@ dependencies:
|
|
48
48
|
version: "0"
|
49
49
|
type: :development
|
50
50
|
version_requirements: *id002
|
51
|
-
description: A client for Atlassian
|
51
|
+
description: A client for Atlassian Crowd v2.0. Tested with Crowd 2.0.2 and 2.0.5.
|
52
52
|
email: post @nospam@ stefanwille.com
|
53
53
|
executables: []
|
54
54
|
|
@@ -64,9 +64,6 @@ files:
|
|
64
64
|
- crowd-stefanwille.gemspec
|
65
65
|
- demo/crowd_demo.rb
|
66
66
|
- lib/crowd.rb
|
67
|
-
- lib/crowd/http/request.rb
|
68
|
-
- lib/crowd/http/response.rb
|
69
|
-
- lib/crowd/http/sso.rb
|
70
67
|
- lib/crowd/soap/SecurityServerClient.rb
|
71
68
|
- lib/crowd/soap/crowd-2.0.5.wsdl
|
72
69
|
- lib/crowd/soap/default.rb
|
data/lib/crowd/http/request.rb
DELETED
data/lib/crowd/http/response.rb
DELETED
data/lib/crowd/http/sso.rb
DELETED
@@ -1,101 +0,0 @@
|
|
1
|
-
##
|
2
|
-
# This class is used to manage HTTP authentication. It is the fundamental class for
|
3
|
-
# web/SSO authentication integration. For most applications, using the following
|
4
|
-
# methods will be sufficient to achieve SSO:
|
5
|
-
# authenticate:: authenticate a user
|
6
|
-
# +is_authenticated?+:: determine if a request is authenticated
|
7
|
-
# principal:: retrieve the principal for an authenticated request
|
8
|
-
# logoff:: sign the user out
|
9
|
-
|
10
|
-
class Crowd::HTTP::SSO
|
11
|
-
@@request = nil
|
12
|
-
@@response = nil
|
13
|
-
|
14
|
-
##
|
15
|
-
# Retrieve the underlying client properties used
|
16
|
-
# to communicate with the Crowd Security Server.
|
17
|
-
def client_properties
|
18
|
-
end
|
19
|
-
|
20
|
-
##
|
21
|
-
# Retrieve the underlying SecurityServerClient used
|
22
|
-
# to communicate with the Crowd Security Server.
|
23
|
-
def security_server_client
|
24
|
-
end
|
25
|
-
|
26
|
-
|
27
|
-
##
|
28
|
-
# Sets the underlying principal token
|
29
|
-
def principal_token=(token)
|
30
|
-
end
|
31
|
-
|
32
|
-
##
|
33
|
-
# Attempts to retrive the principal from the request.
|
34
|
-
def principal(request)
|
35
|
-
end
|
36
|
-
|
37
|
-
##
|
38
|
-
# Retrieve the Crowd authentication token from the request
|
39
|
-
def token(request)
|
40
|
-
end
|
41
|
-
|
42
|
-
##
|
43
|
-
# Tests whether a request is authenticated via SSO
|
44
|
-
def is_authenticated?
|
45
|
-
end
|
46
|
-
|
47
|
-
##
|
48
|
-
# Authenticate a remote user using SSO
|
49
|
-
def authenticate(username, password)
|
50
|
-
end
|
51
|
-
|
52
|
-
##
|
53
|
-
# Verifies the authentication of a principal's username/password,
|
54
|
-
#
|
55
|
-
# Without validation_factors,
|
56
|
-
# This performs an instant verification of username/password with
|
57
|
-
# the centralised user repository (Crowd Server).
|
58
|
-
#
|
59
|
-
# Given a set of validation factors.
|
60
|
-
# This will authenticate the principal using the username and password
|
61
|
-
# provided, and will use the validation factors to generate an SSO
|
62
|
-
# token. This token can then be used by 3rd party systems to implement
|
63
|
-
# SSO or can be ignored to only provide centralised authentication.
|
64
|
-
#
|
65
|
-
# NOTE: This method will not provide SSO functionality directly - use the
|
66
|
-
# <code>authenticate</code> method instead.
|
67
|
-
def verify_authentication(username, password, validation_factors = {})
|
68
|
-
end
|
69
|
-
|
70
|
-
##
|
71
|
-
# Retrieves validation factors from the request
|
72
|
-
# {
|
73
|
-
# 'USER_AGENT' => "the User-Agent HTTP header",
|
74
|
-
# 'REMOTE_ADDRESS' => "the source IP address of the HTTP request",
|
75
|
-
# 'X_FORWARDED_FOR' => Original Address, if present and distinct from the REMOTE_ADDRESS
|
76
|
-
# }
|
77
|
-
def validation_factors
|
78
|
-
end
|
79
|
-
|
80
|
-
##
|
81
|
-
# Log off the SSO authenticated user. This will also effectively
|
82
|
-
# log them off from all SSO applications.
|
83
|
-
#
|
84
|
-
# This will sign out an authenticated user by invalidating their
|
85
|
-
# SSO token and removing it from their cookies.
|
86
|
-
#
|
87
|
-
# If the request is not authenticated, this method will have
|
88
|
-
# no effect and will not throw an exception.
|
89
|
-
#
|
90
|
-
def logoff
|
91
|
-
end
|
92
|
-
|
93
|
-
##
|
94
|
-
# Generate a PrincipalAuthenticationContext object containing the
|
95
|
-
# provided username and password, and validation factors from the
|
96
|
-
# the request.
|
97
|
-
#
|
98
|
-
def principal_authentication_context(username, password)
|
99
|
-
end
|
100
|
-
|
101
|
-
end
|