devise-radius-authenticatable 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +1 -0
- data/README.md +16 -12
- data/devise-radius-authenticatable.gemspec +1 -1
- data/lib/devise/models/radius_authenticatable.rb +12 -2
- data/lib/devise/radius_authenticatable.rb +5 -0
- data/lib/devise/radius_authenticatable/version.rb +1 -1
- data/lib/generators/devise_radius_authenticatable/install_generator.rb +6 -0
- data/spec/devise/models/radius_authenticatable_spec.rb +25 -1
- data/spec/generators/install_generator_spec.rb +23 -6
- data/spec/support/generator_helpers.rb +0 -3
- metadata +4 -4
data/.travis.yml
CHANGED
data/README.md
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
Devise Radius Authenticatable
|
|
2
2
|
=============================
|
|
3
3
|
|
|
4
|
+
[](http://badge.fury.io/rb/devise-radius-authenticatable)
|
|
4
5
|
[](https://travis-ci.org/cbascom/devise-radius-authenticatable)
|
|
6
|
+
[](https://codeclimate.com/github/cbascom/devise-radius-authenticatable)
|
|
5
7
|
|
|
6
8
|
Devise Radius Authenticatable is a Radius authentication strategy for [Devise](http://github.com/plataformatec/devise).
|
|
7
9
|
|
|
@@ -10,7 +12,7 @@ Dependencies
|
|
|
10
12
|
|
|
11
13
|
- Rails ~> 3.2
|
|
12
14
|
- Devise ~> 2.0
|
|
13
|
-
- radiustar ~> 0.0.
|
|
15
|
+
- radiustar ~> 0.0.8
|
|
14
16
|
|
|
15
17
|
Installation
|
|
16
18
|
------------
|
|
@@ -36,15 +38,17 @@ This will update the devise.rb initializer. The IP and SECRET parameters specify
|
|
|
36
38
|
|
|
37
39
|
Options:
|
|
38
40
|
|
|
39
|
-
[--uid-field=UID_FIELD]
|
|
40
|
-
|
|
41
|
-
[--port=PORT]
|
|
42
|
-
|
|
43
|
-
[--timeout=TIMEOUT]
|
|
44
|
-
|
|
45
|
-
[--retries=RETRIES]
|
|
46
|
-
|
|
47
|
-
[--dictionary-path=DICTIONARY_PATH]
|
|
41
|
+
[--uid-field=UID_FIELD] # What database column to use for the UID
|
|
42
|
+
# Default: uid
|
|
43
|
+
[--port=PORT] # The port to connect to the radius server on
|
|
44
|
+
# Default: 1812
|
|
45
|
+
[--timeout=TIMEOUT] # How long to wait for a response from the radius server
|
|
46
|
+
# Default: 60
|
|
47
|
+
[--retries=RETRIES] # How many times to retry a radius request
|
|
48
|
+
# Default: 0
|
|
49
|
+
[--dictionary-path=DICTIONARY_PATH] # The path to load radius dictionary files from
|
|
50
|
+
[--handle-timeout-as-failure=HANDLE_TIMEOUT_AS_FAILURE] # Option to handle radius timeout as authentication failure
|
|
51
|
+
# Default: false
|
|
48
52
|
|
|
49
53
|
Documentation
|
|
50
54
|
-------------
|
|
@@ -70,7 +74,7 @@ The field that is used for logins is the first key that's configured in the Devi
|
|
|
70
74
|
Configuration
|
|
71
75
|
-------------
|
|
72
76
|
|
|
73
|
-
The radius_authenticatable module is configured through the normal devise initializer `config/initializers/devise.rb`. The initial values are added to the file when you run the devise_radius_authenticatable:install generator as
|
|
77
|
+
The radius_authenticatable module is configured through the normal devise initializer `config/initializers/devise.rb`. The initial values are added to the file when you run the devise_radius_authenticatable:install generator as described previously.
|
|
74
78
|
|
|
75
79
|
References
|
|
76
80
|
----------
|
|
@@ -79,4 +83,4 @@ References
|
|
|
79
83
|
* [Devise](http://github.com/plataformatec/devise)
|
|
80
84
|
* [Warden](http://github.com/hassox/warden)
|
|
81
85
|
|
|
82
|
-
Copyright (c) 2012 Calvin Bascom Released under the MIT license
|
|
86
|
+
Copyright (c) 2012-2013 Calvin Bascom Released under the MIT license
|
|
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
|
|
|
17
17
|
s.require_paths = ["lib"]
|
|
18
18
|
|
|
19
19
|
s.add_dependency('devise', '~> 2.0')
|
|
20
|
-
s.add_dependency('radiustar', '~> 0.0.
|
|
20
|
+
s.add_dependency('radiustar', '~> 0.0.8')
|
|
21
21
|
|
|
22
22
|
s.add_development_dependency('rake', '~> 0.9')
|
|
23
23
|
s.add_development_dependency('rails', '~> 3.2')
|
|
@@ -36,6 +36,7 @@ module Devise
|
|
|
36
36
|
# * +radius_uid_generator+: A proc that takes the username and server as parameters
|
|
37
37
|
# and returns a string representing the UID
|
|
38
38
|
# * +radius_dictionary_path+: The path containing the radius dictionary files to load
|
|
39
|
+
# * +handle_radius_timeout_as_failure+: Option to handle radius timeout as authentication failure
|
|
39
40
|
#
|
|
40
41
|
# == Callbacks
|
|
41
42
|
#
|
|
@@ -74,7 +75,15 @@ module Devise
|
|
|
74
75
|
end
|
|
75
76
|
|
|
76
77
|
req = Radiustar::Request.new("#{server}:#{port}", options)
|
|
77
|
-
|
|
78
|
+
|
|
79
|
+
# The authenticate method will raise a RuntimeError if we time
|
|
80
|
+
# out waiting for a response from the server.
|
|
81
|
+
begin
|
|
82
|
+
reply = req.authenticate(username, password, secret)
|
|
83
|
+
rescue
|
|
84
|
+
return false if self.class.handle_radius_timeout_as_failure
|
|
85
|
+
raise
|
|
86
|
+
end
|
|
78
87
|
|
|
79
88
|
if reply[:code] == 'Access-Accept'
|
|
80
89
|
reply.extract!(:code)
|
|
@@ -98,7 +107,8 @@ module Devise
|
|
|
98
107
|
Devise::Models.config(self, :radius_server, :radius_server_port,
|
|
99
108
|
:radius_server_secret, :radius_server_timeout,
|
|
100
109
|
:radius_server_retries, :radius_uid_field,
|
|
101
|
-
:radius_uid_generator, :radius_dictionary_path
|
|
110
|
+
:radius_uid_generator, :radius_dictionary_path,
|
|
111
|
+
:handle_radius_timeout_as_failure)
|
|
102
112
|
|
|
103
113
|
# Invoked by the RadiusAuthenticatable stratgey to perform the authentication
|
|
104
114
|
# against the radius server. The username is extracted from the authentication
|
|
@@ -29,6 +29,11 @@ module Devise
|
|
|
29
29
|
|
|
30
30
|
# The path to load radius dictionary files from
|
|
31
31
|
mattr_accessor :radius_dictionary_path
|
|
32
|
+
|
|
33
|
+
# Option to handle radius timeout as authentication failure
|
|
34
|
+
mattr_accessor :handle_radius_timeout_as_failure
|
|
35
|
+
@@handle_radius_timeout_as_failure = false
|
|
36
|
+
|
|
32
37
|
end
|
|
33
38
|
|
|
34
39
|
Devise.add_module(:radius_authenticatable, :route => :session, :strategy => true,
|
|
@@ -24,6 +24,8 @@ module DeviseRadiusAuthenticatable
|
|
|
24
24
|
:desc => 'How many times to retry a radius request')
|
|
25
25
|
class_option(:dictionary_path, :default => nil,
|
|
26
26
|
:desc => 'The path to load radius dictionary files from')
|
|
27
|
+
class_option(:handle_timeout_as_failure, :default => false,
|
|
28
|
+
:desc => 'Option to handle radius timeout as authentication failure')
|
|
27
29
|
|
|
28
30
|
def install
|
|
29
31
|
inject_into_file("config/initializers/devise.rb", default_devise_settings,
|
|
@@ -81,6 +83,10 @@ module DeviseRadiusAuthenticatable
|
|
|
81
83
|
# be loaded.
|
|
82
84
|
#
|
|
83
85
|
# config.radius_dictionary_path = '#{options[:dictionary_path]}'
|
|
86
|
+
|
|
87
|
+
# Option to handle radius timeout as authentication failure
|
|
88
|
+
#
|
|
89
|
+
config.handle_radius_timeout_as_failure = #{options[:handle_timeout_as_failure]}
|
|
84
90
|
CONFIG
|
|
85
91
|
end
|
|
86
92
|
end
|
|
@@ -8,7 +8,8 @@ class Configurable < Admin
|
|
|
8
8
|
:radius_uid_generator => Proc.new { |username, server|
|
|
9
9
|
"#{username}_#{server}"
|
|
10
10
|
},
|
|
11
|
-
:radius_dictionary_path => Rails.root.join('config/dictionaries')
|
|
11
|
+
:radius_dictionary_path => Rails.root.join('config/dictionaries'),
|
|
12
|
+
:handle_radius_timeout_as_failure => true)
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
describe Devise::Models::RadiusAuthenticatable do
|
|
@@ -46,6 +47,10 @@ describe Devise::Models::RadiusAuthenticatable do
|
|
|
46
47
|
Configurable.radius_dictionary_path.should == Rails.root.join('config/dictionaries')
|
|
47
48
|
end
|
|
48
49
|
|
|
50
|
+
it "allows configuration of the radius exception handling" do
|
|
51
|
+
Configurable.handle_radius_timeout_as_failure.should == true
|
|
52
|
+
end
|
|
53
|
+
|
|
49
54
|
it "extracts radius credentials based on the configured authentication keys" do
|
|
50
55
|
swap(Devise, :authentication_keys => [:username, :domain]) do
|
|
51
56
|
auth_hash = { :username => 'cbascom', :password => 'testing' }
|
|
@@ -142,5 +147,24 @@ describe Devise::Models::RadiusAuthenticatable do
|
|
|
142
147
|
@admin.valid_radius_password?('testuser', 'password')
|
|
143
148
|
@admin.radius_attributes.should == radius_server.attributes('testuser')
|
|
144
149
|
end
|
|
150
|
+
|
|
151
|
+
context "when handle_radius_timeout_as_failure is false" do
|
|
152
|
+
it "does not catch the RuntimeError exception" do
|
|
153
|
+
Radiustar::Request.any_instance.stub(:authenticate).
|
|
154
|
+
and_raise(RuntimeError)
|
|
155
|
+
expect { @admin.valid_radius_password?('testuser', 'password') }.
|
|
156
|
+
to raise_error(RuntimeError)
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
context "when handle_radius_timeout_as_failure is true" do
|
|
161
|
+
it "returns false when the authentication times out" do
|
|
162
|
+
swap(Devise, :handle_radius_timeout_as_failure => true) do
|
|
163
|
+
Radiustar::Request.any_instance.stub(:authenticate).
|
|
164
|
+
and_raise(RuntimeError)
|
|
165
|
+
@admin.valid_radius_password?('testuser', 'password').should be_false
|
|
166
|
+
end
|
|
167
|
+
end
|
|
168
|
+
end
|
|
145
169
|
end
|
|
146
170
|
end
|
|
@@ -2,14 +2,22 @@ require 'spec_helper'
|
|
|
2
2
|
require 'generators/devise_radius_authenticatable/install_generator'
|
|
3
3
|
|
|
4
4
|
describe DeviseRadiusAuthenticatable::InstallGenerator do
|
|
5
|
+
destination File.expand_path("../../../tmp", __FILE__)
|
|
6
|
+
|
|
7
|
+
before do
|
|
8
|
+
prepare_devise
|
|
9
|
+
end
|
|
10
|
+
|
|
5
11
|
it "requires the radius server IP to be specified" do
|
|
6
12
|
expect { run_generator }.
|
|
7
|
-
to raise_error(Thor::RequiredArgumentMissingError,
|
|
13
|
+
to raise_error(Thor::RequiredArgumentMissingError,
|
|
14
|
+
/required arguments 'server'/)
|
|
8
15
|
end
|
|
9
16
|
|
|
10
17
|
it "requires the radius server shared secret to be specified" do
|
|
11
18
|
expect { run_generator ['1.1.1.1'] }.
|
|
12
|
-
to raise_error(Thor::RequiredArgumentMissingError,
|
|
19
|
+
to raise_error(Thor::RequiredArgumentMissingError,
|
|
20
|
+
/required arguments 'secret'/)
|
|
13
21
|
end
|
|
14
22
|
|
|
15
23
|
context "with required arguments" do
|
|
@@ -17,8 +25,11 @@ describe DeviseRadiusAuthenticatable::InstallGenerator do
|
|
|
17
25
|
subject { file('config/initializers/devise.rb') }
|
|
18
26
|
|
|
19
27
|
context "with default options" do
|
|
20
|
-
before
|
|
28
|
+
before do
|
|
29
|
+
run_generator ['1.1.1.1', 'secret']
|
|
30
|
+
end
|
|
21
31
|
|
|
32
|
+
it { should exist }
|
|
22
33
|
it { should contain('==> Configuration for radius_authenticatable') }
|
|
23
34
|
it { should contain("config.radius_server = '1.1.1.1'") }
|
|
24
35
|
it { should contain("config.radius_server_port = 1812") }
|
|
@@ -28,13 +39,18 @@ describe DeviseRadiusAuthenticatable::InstallGenerator do
|
|
|
28
39
|
it { should contain("config.radius_uid_field = :uid") }
|
|
29
40
|
it { should contain("config.radius_uid_generator =") }
|
|
30
41
|
it { should contain("config.radius_dictionary_path =") }
|
|
42
|
+
it { should contain("config.handle_radius_timeout_as_failure = false") }
|
|
31
43
|
end
|
|
32
44
|
|
|
33
45
|
context "with custom options" do
|
|
34
|
-
before
|
|
35
|
-
|
|
36
|
-
|
|
46
|
+
before do
|
|
47
|
+
run_generator ['1.1.1.2', 'password', '--port=1813',
|
|
48
|
+
'--timeout=120', '--retries=3', '--uid_field=email',
|
|
49
|
+
'--dictionary_path=/tmp/dictionaries',
|
|
50
|
+
'--handle_timeout_as_failure=true']
|
|
51
|
+
end
|
|
37
52
|
|
|
53
|
+
it { should exist }
|
|
38
54
|
it { should contain('==> Configuration for radius_authenticatable') }
|
|
39
55
|
it { should contain("config.radius_server = '1.1.1.2'") }
|
|
40
56
|
it { should contain("config.radius_server_port = 1813") }
|
|
@@ -44,6 +60,7 @@ describe DeviseRadiusAuthenticatable::InstallGenerator do
|
|
|
44
60
|
it { should contain("config.radius_uid_field = :email") }
|
|
45
61
|
it { should contain("config.radius_uid_generator =") }
|
|
46
62
|
it { should contain("config.radius_dictionary_path = '/tmp/dictionaries'") }
|
|
63
|
+
it { should contain("config.handle_radius_timeout_as_failure = true") }
|
|
47
64
|
end
|
|
48
65
|
end
|
|
49
66
|
end
|
|
@@ -13,7 +13,4 @@ RSpec::configure do |c|
|
|
|
13
13
|
c.include GeneratorHelpers, :type => :generator, :example_group => {
|
|
14
14
|
:file_path => /spec[\\\/]generators/
|
|
15
15
|
}
|
|
16
|
-
|
|
17
|
-
c.before(:all, :type => :generator) { destination GeneratorHelpers::DESTINATION_PATH }
|
|
18
|
-
c.before(:each, :type => :generator) { prepare_devise }
|
|
19
16
|
end
|
metadata
CHANGED
|
@@ -2,14 +2,14 @@
|
|
|
2
2
|
name: devise-radius-authenticatable
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease:
|
|
5
|
-
version: 0.0.
|
|
5
|
+
version: 0.0.5
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Calvin Bascom
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
12
|
+
date: 2013-09-08 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
type: :runtime
|
|
@@ -35,13 +35,13 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - ~>
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: 0.0.
|
|
38
|
+
version: 0.0.8
|
|
39
39
|
none: false
|
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
41
|
requirements:
|
|
42
42
|
- - ~>
|
|
43
43
|
- !ruby/object:Gem::Version
|
|
44
|
-
version: 0.0.
|
|
44
|
+
version: 0.0.8
|
|
45
45
|
none: false
|
|
46
46
|
- !ruby/object:Gem::Dependency
|
|
47
47
|
type: :development
|