crowd_rails 0.5.11

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Stefan Wille
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,88 @@
+= crowd_rails
+
+Single sign on (SSO) with Atlassian Crowd 2.0 for Ruby on Rails.
+
+
+== INSTALL:
+
+  sudo gem install crowd_rails
+
+== REQUIREMENTS:
+
+* gem crowd-stefanwille
+* soap4r[http://dev.ctor.org/soap4r] v1.5.8
+* Atlassian Crowd v2.0
+* Ruby v1.8.6 (or later)
+* Rails 2.3.8 (or later)
+
+== USE:
+
+Add a file config/initializers/crowd_setup.rb and configure:
+
+  require 'crowd'
+
+  Crowd.crowd_url = 'http://127.0.0.1:8095/crowd/services/SecurityServer'
+  Crowd.crowd_app_name = 'soaptest'
+  Crowd.crowd_app_pword = 'soaptest'
+  Crowd.crowd_validation_factors_need_user_agent = false  # false for Crowd 2.0.5, true for Crowd 2.0.2
+  Crowd.crowd_session_validationinterval = 0  # Set > 0 for authentication caching. 
+
+Then add this to your ApplicationController class:
+
+  class ApplicationController < ActionController::Base
+    include Crowd::SingleSignOn
+
+    ...
+    before_filter :authenticate 
+
+    private
+      def authenticate      
+        return if RAILS_ENV == "test"
+      
+        return if crowd_authenticated?
+      
+        authenticate_or_request_with_http_basic('My Application') do |user_name, password| 
+          crowd_authenticate(user_name, password)
+        end
+      end
+  end
+
+This will give you the usual gray password box (aka 'basic auth'). 
+Replace Rails' the call to authenticate_or_request_with_http_basic() 
+that asks the user for username and password if you want some fancier.
+
+There is an example Rails app at http://github.com/stefanwille/crowd_rails_test that implements this approach.
+
+Assumptions (used above):
+
+* Crowd Server is on localhost, port 8095
+* There is an application configured in Crowd with name and password 'soaptest'
+* Application 'soaptest' directory set to 'True'
+
+== FEATURES:
+
+* Interoperable single sign on with Atlassian Crowd 2.0.2 and 2.0.5.
+* Can be configured for authentication caching.
+
+Available methods in module Crowd::SingleSignOn:
+* crowd_authenticated? - Returns whether the user is already authenticated.
+* crowd_authenticate(user_name, password) - Authenticates the user with the given user name and password and marks the user as authenticated on success.
+* crowd_authenticate!(user_name, password) - Same as #crowd_authenticate, but raises an AuthenticationException on failure.
+* crowd_current_user_display_name - Returns the current users display name.
+* crowd_current_user - Returns the current user, as seen by crowd.
+* crowd_token - Returns the crowd token or nil.
+* crowd_log_out - Logs the user out
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Stefan Wille. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,62 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "crowd_rails"
+    gem.summary = %Q{Single Sign On for Atlassian Crowd 2.0 with Ruby on Rails}
+    gem.description = %Q{Single Sign On for Atlassian Crowd 2.0 with Ruby on Rails}
+    gem.email = "post @nospam@ stefanwille.com"
+    gem.homepage = "http://github.com/stefanwille/crowd_rails"
+    gem.authors = ["Stefan Wille"]
+    gem.add_dependency "crowd-stefanwille", "= 0.5.11"
+    # Silence a warning about missing rubyforge_project
+    gem.rubyforge_project = "nowarning"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+def version
+  File.exist?('VERSION') ? File.read('VERSION') : ""
+end
+
+task :push => [:test, :build] do
+  system("gem push pkg/crowd_rails-#{version}.gem")
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "crowd_rails #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+

data/VERSION

@@ -0,0 +1,2 @@
+0.5.11
+

data/crowd_rails.gemspec

@@ -0,0 +1,54 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{crowd_rails}
+  s.version = "0.5.11"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Stefan Wille"]
+  s.date = %q{2010-07-27}
+  s.description = %q{Single Sign On for Atlassian Crowd 2.0 with Ruby on Rails}
+  s.email = %q{post @nospam@ stefanwille.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "crowd_rails.gemspec",
+     "lib/crowd_rails.rb",
+     "lib/single_sign_on.rb",
+     "test/helper.rb"
+  ]
+  s.homepage = %q{http://github.com/stefanwille/crowd_rails}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{nowarning}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Single Sign On for Atlassian Crowd 2.0 with Ruby on Rails}
+  s.test_files = [
+    "test/helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<crowd-stefanwille>, ["= 0.5.11"])
+    else
+      s.add_dependency(%q<crowd-stefanwille>, ["= 0.5.11"])
+    end
+  else
+    s.add_dependency(%q<crowd-stefanwille>, ["= 0.5.11"])
+  end
+end
+

data/lib/crowd_rails.rb

@@ -0,0 +1 @@
+require File.join(File.dirname(__FILE__), 'single_sign_on')

data/lib/single_sign_on.rb

@@ -0,0 +1,183 @@
+class Crowd
+  
+  # The single sign on (SSO) functionality for Atlassian Crowd as a mixin module. 
+  # 
+  # To use this module, include it in your Rails ApplicationController class.
+  # The module uses controller methods such as cookies, session, params.  
+  #
+  # Author::    Stefan Wille
+  # Copyright:: Copyright (c) 2010 Stefan Wille
+  # License::   BSD
+  
+  module SingleSignOn
+      
+    # Returns whether the user is already authenticated.
+    def crowd_authenticated?
+      logger.info "Crowd: All cookies: #{cookies.inspect}"
+      
+      token = crowd_token
+      if token.blank?
+        logger.info "Crowd: No token"
+        return false
+      end
+      
+      if crowd_authentication_cached?
+        logger.info "Crowd: Authentication is cached"
+        return true
+      else 
+        logger.info "Crowd: Authentication is not cached"
+      end      
+      
+      if Crowd.is_valid_principal_token?(token, crowd_validation_factors)
+        logger.info "Crowd: Token is valid"      
+        crowd_mark_session_as_authenticated(token)
+        return true
+      else 
+        logger.info "Crowd: Token is invalid"      
+        return false
+      end
+    end
+      
+    # Authenticates the user with the given user name and password and 
+    # marks the user as authenticated on success.
+    # 
+    # Returns the crowd token on success, false on failure.
+    
+    def crowd_authenticate(user_name, password)      
+      crowd_authenticate!(user_name, password)
+    rescue Crowd::AuthenticationException => e
+      false
+    end
+
+    # Same as #crowd_authenticate, but raises an AuthenticationException on failure.
+    
+    def crowd_authenticate!(user_name, password)
+      logger.info "Crowd: Authenticating user #{user_name}"
+      token = Crowd.authenticate_principal(user_name, password, crowd_validation_factors)
+      crowd_mark_session_as_authenticated(token)      
+      logger.info "Crowd: Authentication successful, token #{token}"
+      token
+    end  
+
+    # Returns the current users display name.
+    
+    def crowd_current_user_display_name
+      user = crowd_current_user
+      user && user[:attributes][:displayName]
+    end
+
+    # Returns the current user, as seen by crowd.
+    
+    def crowd_current_user
+      crowd_token && Crowd.find_principal_by_token(crowd_token)
+    end
+
+    # Returns the crowd token or nil.
+    
+    def crowd_token
+      logger.info "params token: #{params[Crowd.crowd_cookie_tokenkey]}"
+      logger.info "cookies token: #{cookies[Crowd.crowd_cookie_tokenkey]}"
+      logger.info "session token: #{session[Crowd.crowd_session_tokenkey]}"
+      token = params[Crowd.crowd_cookie_tokenkey] || cookies[Crowd.crowd_cookie_tokenkey] || session[Crowd.crowd_session_tokenkey]
+      logger.info "token = #{token}"
+      token
+    end
+
+    # Marks the user as unauthenticated
+
+    def crowd_log_out
+      logger.info "Crowd: log out"
+      crowd_update_token(nil)
+      crowd_clear_cache
+    end
+        
+    private
+
+    # Returns the client's validation factors. 
+    # Validation factors are essential for interoperation with Atlassian's client library!
+
+    def crowd_validation_factors
+      validation_factors = { 'remote_address' => crowd_remote_address }
+
+      if Crowd.crowd_validation_factors_need_user_agent
+        validation_factors['User-Agent'] = crowd_user_agent
+      end
+            
+      forwarded_for = request.env['X-Forwarded-For']
+      if forwarded_for.present? && forwarded_for != request.remote_ip
+        validation_factors['X-Forwarded-For'] = forwarded_for
+      end
+
+      logger.info "Crowd validation_factors: #{validation_factors.inspect}"
+      
+      validation_factors
+    end
+    
+    # Returns the client's IP address. 
+    
+    def crowd_remote_address
+      # For localhost, Crowd wants the IPv6 address.
+      (request.remote_ip == '127.0.0.1' || request.remote_ip == '0.0.0.0') ? '0:0:0:0:0:0:0:1%0' : request.remote_ip
+    end
+    
+
+    # Returns the client's user agent. 
+
+    def crowd_user_agent
+      request.env['HTTP_USER_AGENT']
+    end
+
+    # Whether a successful authentication is in cache.
+    
+    def crowd_authentication_cached?
+      last_validation = session[Crowd.crowd_session_lastvalidation]
+
+      if last_validation.present? && crowd_caching_enabled?
+        time_diff = crowd_time_diff_in_minutes(Time.now,  last_validation)
+        return time_diff < Crowd.crowd_session_validationinterval
+      else
+        return false
+      end      
+    end
+    
+    # Marks the session as successfully authenticated and sets the SSO cookie.
+    
+    def crowd_mark_session_as_authenticated(token)
+      crowd_update_token(token)
+      if crowd_caching_enabled?
+        logger.info "Crowd: Caching authentication"
+        session[Crowd.crowd_session_lastvalidation] = Time.now
+      end
+    end    
+        
+    def crowd_update_token(token)
+      session[Crowd.crowd_session_tokenkey] = token
+      cookies[Crowd.crowd_cookie_tokenkey] = { :value	=> token, :domain => crowd_cookie_domain, :path => "/", :secure => Crowd.get_cookie_info.secure }
+    end
+    
+    def crowd_clear_cache
+      session[Crowd.crowd_session_lastvalidation] = nil
+    end
+
+    def crowd_cookie_domain
+      cookie_domain = Crowd.get_cookie_info.domain
+      if cookie_domain
+        cookie_domain
+      else
+        request.domain ? '.' + request.domain : nil
+      end
+    end
+
+    # Returns the difference between two timestamps in minutes.
+    def crowd_time_diff_in_minutes(first_time, second_time)
+      (first_time - second_time).round / 1.minute
+    end
+    
+    # Whether caching of successful authentication is enabled.
+    def crowd_caching_enabled?
+      Crowd.crowd_session_validationinterval > 0
+    end    
+
+  end  
+end
+

data/test/helper.rb

@@ -0,0 +1,8 @@
+require 'rubygems'
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+class Test::Unit::TestCase
+end

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification 
+name: crowd_rails
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: false
+  segments: 
+  - 0
+  - 5
+  - 11
+  version: 0.5.11
+platform: ruby
+authors: 
+- Stefan Wille
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-27 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: crowd-stefanwille
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 29
+        segments: 
+        - 0
+        - 5
+        - 11
+        version: 0.5.11
+  type: :runtime
+  version_requirements: *id001
+description: Single Sign On for Atlassian Crowd 2.0 with Ruby on Rails
+email: post @nospam@ stefanwille.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- crowd_rails.gemspec
+- lib/crowd_rails.rb
+- lib/single_sign_on.rb
+- test/helper.rb
+has_rdoc: true
+homepage: http://github.com/stefanwille/crowd_rails
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: nowarning
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Single Sign On for Atlassian Crowd 2.0 with Ruby on Rails
+test_files: 
+- test/helper.rb