devise_aaf_rc_authenticatable 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 912d174bde0b9d41951b5ef751a68e3331709865
4
+ data.tar.gz: 77fea7ba019546f867f2e2aa3b589f65ac0c96b3
5
+ SHA512:
6
+ metadata.gz: aac9c7896eda68e13a24d486504592099a09793853fd43525c5232d06606810ce11f301ce3efd3bd491c754916613ea3342229d19e094ee06bc87714a7437394
7
+ data.tar.gz: 79e4c5f4b50714cdb1760cb08c85feb3881e57fb864ef8960e21c252503a37a64ca6c65a341ee0def370e701796ae7e215f93f516bc599bb7798788eab55330d
data/.ruby-gemset ADDED
@@ -0,0 +1 @@
1
+ devise_aaf_rc
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ ruby-2.1.2
data/Gemfile ADDED
@@ -0,0 +1,11 @@
1
+ source "https://rubygems.org"
2
+
3
+ group :development do
4
+ gem "shoulda", ">= 0"
5
+ gem "bundler", ">= 1.0.0"
6
+ gem "jeweler", "~> 2.0.1"
7
+ gem "simplecov", ">= 0"
8
+ gem "json", ">= 0"
9
+ gem "json-jwt", ">= 0"
10
+ gem "builder", ">= 0"
11
+ end
data/Gemfile.lock ADDED
@@ -0,0 +1,70 @@
1
+ GEM
2
+ remote: https://rubygems.org/
3
+ specs:
4
+ activesupport (3.2.15)
5
+ i18n (~> 0.6, >= 0.6.4)
6
+ multi_json (~> 1.0)
7
+ addressable (2.3.6)
8
+ builder (3.2.2)
9
+ faraday (0.7.6)
10
+ addressable (~> 2.2)
11
+ multipart-post (~> 1.1)
12
+ rack (~> 1.1)
13
+ git (1.2.7)
14
+ github_api (0.4.10)
15
+ faraday (~> 0.7.6)
16
+ hashie (~> 1.2.0)
17
+ multi_json (~> 1.0)
18
+ oauth2 (~> 0.5.2)
19
+ hashie (1.2.0)
20
+ highline (1.6.21)
21
+ i18n (0.6.5)
22
+ jeweler (2.0.1)
23
+ builder
24
+ bundler (>= 1.0)
25
+ git (>= 1.2.5)
26
+ github_api
27
+ highline (>= 1.6.15)
28
+ nokogiri (>= 1.5.10)
29
+ rake
30
+ rdoc
31
+ json (1.8.1)
32
+ json-jwt (0.4.1)
33
+ activesupport (>= 2.3)
34
+ i18n
35
+ json (>= 1.4.3)
36
+ url_safe_base64
37
+ mini_portile (0.6.0)
38
+ multi_json (1.2.0)
39
+ multipart-post (1.2.0)
40
+ nokogiri (1.6.2.1)
41
+ mini_portile (= 0.6.0)
42
+ oauth2 (0.5.2)
43
+ faraday (~> 0.7)
44
+ multi_json (~> 1.0)
45
+ rack (1.5.2)
46
+ rake (10.3.2)
47
+ rdoc (4.1.1)
48
+ json (~> 1.4)
49
+ shoulda (3.0.1)
50
+ shoulda-context (~> 1.0.0)
51
+ shoulda-matchers (~> 1.0.0)
52
+ shoulda-context (1.0.0)
53
+ shoulda-matchers (1.0.0)
54
+ simplecov (0.6.1)
55
+ multi_json (~> 1.0)
56
+ simplecov-html (~> 0.5.3)
57
+ simplecov-html (0.5.3)
58
+ url_safe_base64 (0.2.2)
59
+
60
+ PLATFORMS
61
+ ruby
62
+
63
+ DEPENDENCIES
64
+ builder
65
+ bundler (>= 1.0.0)
66
+ jeweler (~> 2.0.1)
67
+ json
68
+ json-jwt
69
+ shoulda
70
+ simplecov
data/LICENSE.txt ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2013 Intersect Australia Limited
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,4 @@
1
+ devise_aaf_rc_authenticatable
2
+ =============================
3
+
4
+ Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework.
data/README.rdoc ADDED
@@ -0,0 +1,62 @@
1
+ = devise_aaf_rc_authenticatable
2
+
3
+ Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework.
4
+
5
+ This is customised for Intersect Australia.
6
+
7
+ == Prerequisites
8
+ * devise ~> 1.5.4 (which requires rails ~> 3.1)
9
+
10
+ == Usage
11
+ In the Gemfile for your application:
12
+
13
+ gem "devise_aaf_rc_authenticatable"
14
+
15
+ To get the latest version, pull directly from github instead of the gem:
16
+
17
+ gem "devise_aaf_rc_authenticatable", :git => "git://github.com/IntersectAustralia/devise_aaf_rc_authenticatable.git"
18
+
19
+ == Setup
20
+ Run the rails generators for devise (please check the devise[http://github.com/plataformatec/devise] documents for further instructions)
21
+
22
+ rails generate devise:install
23
+ rails generate devise MODEL_NAME
24
+
25
+ Run the rails generator for 'devise_aaf_rc_authenticatable'
26
+
27
+ rails generate devise_aaf_rc_authenticatable:install
28
+
29
+ == Configuration
30
+ In initializer 'config/initializers/devise.rb' :
31
+
32
+ * config.aaf_rc_logger <em>(default: true)</em>
33
+ * config.aaf_rc_create_user <em>(default: true)</em>
34
+ * config.aaf_rc_config <em>(default:#{Rails.root}/config/aaf_rc.yml)</em>
35
+
36
+ In configuration 'config/aaf_rc.yml' :
37
+
38
+ * user-mapping
39
+ * A hash-map of the AAF attributes that you want saved to your User model.
40
+
41
+ * aaf_rc_login_url
42
+ * The URL to your AAF IdP
43
+
44
+ == Contributing to devise_aaf_rc_authenticatable
45
+
46
+ * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
47
+ * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
48
+ * Fork the project
49
+ * Start a feature/bugfix branch
50
+ * Commit and push until you are happy with your contribution
51
+ * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
52
+ * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
53
+
54
+ == References
55
+ * Devise[http://github.com/plataformatec/devise]
56
+ * AAF Rapid Connect[http://rapid.aaf.edu.au]
57
+
58
+ == Copyright
59
+
60
+ Copyright (c) 2013 Intersect Australia Limited. See LICENSE.txt for
61
+ further details.
62
+
data/Rakefile ADDED
@@ -0,0 +1,41 @@
1
+ require 'rake'
2
+ require 'rake/testtask'
3
+ require 'rdoc/task'
4
+
5
+ desc 'Default: run unit tests.'
6
+ task :default => :test
7
+
8
+ desc 'Test the devise_imapable plugin.'
9
+ Rake::TestTask.new(:test) do |t|
10
+ # t.libs << 'lib'
11
+ # t.libs << 'test'
12
+ # t.pattern = 'test/**/*_test.rb'
13
+ # t.verbose = true
14
+ end
15
+
16
+ desc 'Generate documentation for the devise_aaf_rc_authenticatable plugin.'
17
+ Rake::RDocTask.new(:rdoc) do |rdoc|
18
+ rdoc.rdoc_dir = 'rdoc'
19
+ rdoc.title = 'DeviseAafRcAuthenticatable'
20
+ rdoc.options << '--line-numbers' << '--inline-source'
21
+ rdoc.rdoc_files.include('README')
22
+ rdoc.rdoc_files.include('lib/**/*.rb')
23
+ end
24
+
25
+
26
+ begin
27
+ require 'jeweler'
28
+ Jeweler::Tasks.new do |gemspec|
29
+ gemspec.name = "devise_aaf_rc_authenticatable"
30
+ gemspec.summary = "AAF Rapid Connect authentication module for Devise"
31
+ gemspec.description = "Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework."
32
+ gemspec.email = ["gabriel@intersect.org.au", "shuqian@intersect.org.au", "danielt@intersect.org.au", "jake@intersect.org.au"]
33
+ gemspec.homepage = "http://github.com/IntersectAustralia/devise_aaf_rc_authenticatable"
34
+ gemspec.authors = ["Gabriel Gasser Noblia", "Shuqian Hon", "Daniel Theodosius", "Jake Farrell"]
35
+ gemspec.add_runtime_dependency "devise", ">= 1.5.4"
36
+ gemspec.version = "0.0.2"
37
+ end
38
+ Jeweler::GemcutterTasks.new
39
+ rescue LoadError
40
+ puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
41
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.0.2
@@ -0,0 +1,32 @@
1
+ class Devise::AafRcSessionsController < Devise::SessionsController
2
+ unloadable
3
+ prepend_before_filter :require_no_authentication, :only => [:aaf_new, :aaf_create]
4
+ prepend_before_filter :allow_params_authentication!, :only => :aaf_create
5
+
6
+ def aaf_new
7
+ config = YAML.load(ERB.new(File.read(::Devise.aaf_rc_config || "#{Rails.root}/config/aaf_rc.yml")).result)[Rails.env]
8
+
9
+ redirect_to config['aaf_rc_login_url']
10
+ end
11
+
12
+ def aaf_create
13
+ self.resource = warden.authenticate!(auth_options)
14
+ set_flash_message(:notice, :signed_in) if is_navigational_format?
15
+ sign_in(resource_name, resource)
16
+ respond_with resource, :location => after_sign_in_path_for(resource)
17
+ end
18
+
19
+ def aaf_destroy
20
+ session.delete(:attributes)
21
+ session.delete(:jwt)
22
+ session.delete(:jwt_unauthorized)
23
+ end
24
+
25
+ def destroy
26
+ session.delete(:attributes)
27
+ session.delete(:jwt)
28
+ session.delete(:jwt_unauthorized)
29
+ super
30
+ end
31
+
32
+ end
@@ -0,0 +1,10 @@
1
+ en:
2
+ devise:
3
+ failure:
4
+ invalid_aaf: 'You must be an approved user to access this site.'
5
+ invalid_audience: 'Invalid audience.'
6
+ invalid_timing: 'Invalid timing.'
7
+ invalid_jwt: 'Signature was invalid or JWT was otherwise erroneous.'
8
+ aaf_rc_sessions:
9
+ signed_in: 'Logged in successfully.'
10
+ signed_out: 'Logged out successfully.'
@@ -0,0 +1,84 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+ # stub: devise_aaf_rc_authenticatable 0.0.2 ruby lib
6
+
7
+ Gem::Specification.new do |s|
8
+ s.name = "devise_aaf_rc_authenticatable"
9
+ s.version = "0.0.2"
10
+
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib"]
13
+ s.authors = ["Gabriel Gasser Noblia", "Shuqian Hon", "Daniel Theodosius", "Jake Farrell"]
14
+ s.date = "2014-06-26"
15
+ s.description = "Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework."
16
+ s.email = ["gabriel@intersect.org.au", "shuqian@intersect.org.au", "danielt@intersect.org.au", "jake@intersect.org.au"]
17
+ s.extra_rdoc_files = [
18
+ "LICENSE.txt",
19
+ "README.md",
20
+ "README.rdoc"
21
+ ]
22
+ s.files = [
23
+ ".ruby-gemset",
24
+ ".ruby-version",
25
+ "Gemfile",
26
+ "Gemfile.lock",
27
+ "LICENSE.txt",
28
+ "README.md",
29
+ "README.rdoc",
30
+ "Rakefile",
31
+ "VERSION",
32
+ "app/controllers/devise/aaf_rc_sessions_controller.rb",
33
+ "config/locales/en.yml",
34
+ "devise_aaf_rc_authenticatable.gemspec",
35
+ "lib/devise_aaf_rc_authenticatable.rb",
36
+ "lib/devise_aaf_rc_authenticatable/exception.rb",
37
+ "lib/devise_aaf_rc_authenticatable/logger.rb",
38
+ "lib/devise_aaf_rc_authenticatable/model.rb",
39
+ "lib/devise_aaf_rc_authenticatable/routes.rb",
40
+ "lib/devise_aaf_rc_authenticatable/schema.rb",
41
+ "lib/devise_aaf_rc_authenticatable/strategy.rb",
42
+ "lib/devise_aaf_rc_authenticatable/version.rb",
43
+ "lib/generators/devise_aaf_rc_authenticatable/install_generator.rb",
44
+ "lib/generators/devise_aaf_rc_authenticatable/templates/aaf_rc.yml",
45
+ "rails/init.rb"
46
+ ]
47
+ s.homepage = "http://github.com/IntersectAustralia/devise_aaf_rc_authenticatable"
48
+ s.rubygems_version = "2.2.2"
49
+ s.summary = "AAF Rapid Connect authentication module for Devise"
50
+
51
+ if s.respond_to? :specification_version then
52
+ s.specification_version = 4
53
+
54
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
55
+ s.add_development_dependency(%q<shoulda>, [">= 0"])
56
+ s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
57
+ s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
58
+ s.add_development_dependency(%q<simplecov>, [">= 0"])
59
+ s.add_development_dependency(%q<json>, [">= 0"])
60
+ s.add_development_dependency(%q<json-jwt>, [">= 0"])
61
+ s.add_development_dependency(%q<builder>, [">= 0"])
62
+ s.add_runtime_dependency(%q<devise>, [">= 1.5.4"])
63
+ else
64
+ s.add_dependency(%q<shoulda>, [">= 0"])
65
+ s.add_dependency(%q<bundler>, [">= 1.0.0"])
66
+ s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
67
+ s.add_dependency(%q<simplecov>, [">= 0"])
68
+ s.add_dependency(%q<json>, [">= 0"])
69
+ s.add_dependency(%q<json-jwt>, [">= 0"])
70
+ s.add_dependency(%q<builder>, [">= 0"])
71
+ s.add_dependency(%q<devise>, [">= 1.5.4"])
72
+ end
73
+ else
74
+ s.add_dependency(%q<shoulda>, [">= 0"])
75
+ s.add_dependency(%q<bundler>, [">= 1.0.0"])
76
+ s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
77
+ s.add_dependency(%q<simplecov>, [">= 0"])
78
+ s.add_dependency(%q<json>, [">= 0"])
79
+ s.add_dependency(%q<json-jwt>, [">= 0"])
80
+ s.add_dependency(%q<builder>, [">= 0"])
81
+ s.add_dependency(%q<devise>, [">= 1.5.4"])
82
+ end
83
+ end
84
+
@@ -0,0 +1,40 @@
1
+ # encoding: utf-8
2
+ require 'devise'
3
+
4
+ require 'devise_aaf_rc_authenticatable/exception'
5
+ require 'devise_aaf_rc_authenticatable/logger'
6
+ require 'devise_aaf_rc_authenticatable/schema'
7
+ require 'devise_aaf_rc_authenticatable/routes'
8
+
9
+ begin
10
+ Rails::Engine
11
+ rescue
12
+ else
13
+ module DeviseAafRcAuthenticatable
14
+ class Engine < Rails::Engine
15
+ end
16
+ end
17
+ end
18
+
19
+ # Get aaf_rc information from config/aaf_rc.yml now
20
+ module Devise
21
+ # Allow logging
22
+ mattr_accessor :aaf_rc_logger
23
+ @@aaf_rc_logger = true
24
+
25
+ # Add valid users to database
26
+ mattr_accessor :aaf_rc_create_user
27
+ @@aaf_rc_create_user = false
28
+
29
+ mattr_accessor :aaf_rc_config
30
+ @@aaf_rc_config = "#{Rails.root}/config/aaf_rc.yml"
31
+
32
+ end
33
+
34
+ # Add aaf_rc_authenticatable strategy to defaults.
35
+ #
36
+ Devise.add_module(:aaf_rc_authenticatable,
37
+ :route => :aaf_rc_authenticatable,
38
+ :strategy => true,
39
+ :controller => :aaf_rc_sessions,
40
+ :model => 'devise_aaf_rc_authenticatable/model')
@@ -0,0 +1,6 @@
1
+ module DeviseAafRcAuthenticatable
2
+
3
+ class AafRcException < Exception
4
+ end
5
+
6
+ end
@@ -0,0 +1,11 @@
1
+ module DeviseAafRcAuthenticatable
2
+
3
+ class Logger
4
+ def self.send(message, logger = Rails.logger)
5
+ if ::Devise.aaf_rc_logger
6
+ logger.add 0, " \e[36mAAF Rapid Connect:\e[0m #{message}"
7
+ end
8
+ end
9
+ end
10
+
11
+ end
@@ -0,0 +1,70 @@
1
+ require 'devise_aaf_rc_authenticatable/strategy'
2
+
3
+ module Devise
4
+ module Models
5
+ module AafRcAuthenticatable
6
+ extend ActiveSupport::Concern
7
+
8
+ # Need to determine why these need to be included
9
+ included do
10
+ attr_reader :password, :current_password
11
+ attr_accessor :password_confirmation
12
+ end
13
+
14
+ def update_with_password(params={})
15
+ params.delete(:current_password)
16
+ self.update_without_password(params)
17
+ end
18
+
19
+ def update_without_password(params={})
20
+ params.delete(:password)
21
+ params.delete(:password_confirmation)
22
+
23
+ result = update_attributes(params)
24
+ result
25
+ end
26
+
27
+ # Hook called after AAF authentication.
28
+ def after_aaf_rc_authentication
29
+ end
30
+
31
+ module ClassMethods
32
+
33
+ def authenticate_with_aaf_rc(attributes={})
34
+
35
+ auth_key = self.authentication_keys.first
36
+
37
+ auth_key_value = (self.case_insensitive_keys || []).include?(auth_key) ? attributes['mail'].downcase : attributes['mail']
38
+
39
+ resource = where(auth_key => auth_key_value).first
40
+
41
+ if (resource.nil? && !Devise.aaf_rc_create_user)
42
+ logger.info("User(#{auth_key_value}) not found. Not configured to create the user.")
43
+ return nil
44
+ end
45
+
46
+ if (resource.nil? && Devise.aaf_rc_create_user)
47
+ logger.info("Creating user(#{auth_key_value}).")
48
+ resource = new
49
+ save_user_aaf_rc_attributes(resource, attributes)
50
+ resource.aaf_rc_before_save if resource.respond_to?(:aaf_rc_before_save)
51
+ resource.save
52
+ end
53
+
54
+ resource
55
+ end
56
+
57
+ private
58
+ def save_user_aaf_rc_attributes(resource, attributes)
59
+ config = YAML.load(ERB.new(File.read(::Devise.aaf_rc_config || "#{Rails.root}/config/aaf_rc.yml")).result)[Rails.env]
60
+ config['user-mapping'].each do |aaf_attr, db_field|
61
+ logger.info("Saving #{attributes[aaf_attr]} to #{db_field}")
62
+ field = "#{db_field}="
63
+ value = attributes[aaf_attr]
64
+ resource.send(field, value.to_s) if resource.respond_to?(field)
65
+ end
66
+ end
67
+ end
68
+ end
69
+ end
70
+ end
@@ -0,0 +1,12 @@
1
+ ActionDispatch::Routing::Mapper.class_eval do
2
+ protected
3
+
4
+ def devise_aaf_rc_authenticatable(mapping, controllers)
5
+ resource :session, :only => [], :controller => controllers[:aaf_rc_sessions], :path => "" do
6
+ get :aaf_new, :path => mapping.path_names[:aaf_new]
7
+ post :aaf_create, :path => mapping.path_names[:aaf_sign_in]
8
+ get :aaf_destroy, :path => mapping.path_names[:aaf_sign_out]
9
+ end
10
+
11
+ end
12
+ end
@@ -0,0 +1,14 @@
1
+ ## Using email now instead of login. Will add an option later on.
2
+
3
+ # Devise::Schema.class_eval do
4
+ # # Creates login
5
+ # #
6
+ # # == Options
7
+ # # * :null - When true, allow columns to be null.
8
+ # def aaf_rc_authenticatable(options={})
9
+ # null = options[:null] || false
10
+ #
11
+ # apply_schema :login, String, :null => null
12
+ # end
13
+ #
14
+ # end
@@ -0,0 +1,63 @@
1
+ require 'devise/strategies/authenticatable'
2
+ require 'json'
3
+ require 'json/jwt'
4
+
5
+ module Devise
6
+ module Strategies
7
+ class AafRcAuthenticatable < Authenticatable
8
+
9
+ def valid?
10
+ params["assertion"].present? || (session["jwt"].present? && !session["jwt_unauthorized"].present?)
11
+ end
12
+
13
+ def authenticate!
14
+ # params["assertion"] is checked for presence in valid? method.
15
+ jws = params["assertion"]
16
+ if jws
17
+ begin
18
+
19
+ config = YAML.load(ERB.new(File.read(::Devise.aaf_rc_config || "#{Rails.root}/config/aaf_rc.yml")).result)[Rails.env]
20
+
21
+ jwt = JSON::JWT.decode(jws.to_s, config['secret_token'])
22
+ aaf_host = config['aaf_rc_login_url'][/^https:\/\/[\w\.]+/] if config['aaf_rc_login_url']
23
+ aaf_host ||= "https://rapid.aaf.edu.au"
24
+
25
+ # In a complete app we'd also store and validate the jti value to ensure there is no replay attack
26
+ if jwt['iss'] == aaf_host && jwt['aud'] == config['hostname']
27
+ current_time = Time.now
28
+ if current_time > Time.at(jwt['nbf']) && current_time < Time.at(jwt['exp'])
29
+ session[:attributes] = jwt['https://aaf.edu.au/attributes']
30
+ session[:jwt] = jwt
31
+ else
32
+ logger.error(" Timing is invalid. #{current_time} out of range of #{Time.at(jwt['nbf'])} to #{Time.at(jwt['exp'])}")
33
+ return fail(:invalid_timing)
34
+ end
35
+ else
36
+ logger.error(" Audience is invalid. #{jwt['aud']} vs #{config['hostname']}")
37
+ return fail(:invalid_audience)
38
+ end
39
+ rescue Exception => e
40
+ logger.error(" Signature was invalid or JWT was otherwise erroneous. #{e.message}")
41
+ return fail(:invalid_jwt)
42
+ end
43
+ end
44
+
45
+ resource = mapping.to.authenticate_with_aaf_rc(session[:attributes])
46
+
47
+ if validate(resource)
48
+ begin
49
+ resource.after_aaf_rc_authentication
50
+ session.delete(:jwt_unauthorized)
51
+ rescue Exception
52
+ session["jwt_unauthorized"] = 'Unauthorized'
53
+ end
54
+ success!(resource)
55
+ elsif !halted?
56
+ fail(:invalid)
57
+ end
58
+ end
59
+ end
60
+ end
61
+ end
62
+
63
+ Warden::Strategies.add(:aaf_rc_authenticatable, Devise::Strategies::AafRcAuthenticatable)
@@ -0,0 +1,4 @@
1
+ module DeviseAafRcAuthenticatable
2
+ VERSION = "0.0.2"
3
+ end
4
+
@@ -0,0 +1,60 @@
1
+ module DeviseAafRcAuthenticatable
2
+ class InstallGenerator < Rails::Generators::Base
3
+ source_root File.expand_path("../templates", __FILE__)
4
+
5
+ class_option :user_model, :type => :string, :default => "user", :desc => "Model to update"
6
+ class_option :update_model, :type => :boolean, :default => false, :desc => "Update model to change from database_authenticatable to aaf_rc_authenticatable"
7
+ class_option :add_rescue, :type => :boolean, :default => true, :desc => "Update Application Controller with resuce_from for DeviseAafRcAuthenticatable::AafRcException"
8
+ class_option :advanced, :type => :boolean, :desc => "Add advanced config options to the devise initializer"
9
+
10
+
11
+ def create_aaf_rc_config
12
+ copy_file "aaf_rc.yml", "config/aaf_rc.yml"
13
+ end
14
+
15
+ def copy_locale
16
+ copy_file "../../../../config/locales/en.yml", "config/locales/devise_aaf_rc.en.yml"
17
+ end
18
+
19
+ def create_default_devise_settings
20
+ inject_into_file "config/initializers/devise.rb", default_devise_settings, :after => "Devise.setup do |config|\n"
21
+ end
22
+
23
+ def update_user_model
24
+ gsub_file "app/models/#{options.user_model}.rb", /:database_authenticatable/, ":aaf_rc_authenticatable" if options.update_model?
25
+ end
26
+
27
+ def update_application_controller
28
+ inject_into_class "app/controllers/application_controller.rb", ApplicationController, rescue_from_exception if options.add_rescue?
29
+ end
30
+
31
+ private
32
+
33
+ def default_devise_settings
34
+ settings = <<-eof
35
+ # ==> AAF Rapid Connect Configuration
36
+ # config.aaf_rc_logger = true
37
+ # config.aaf_rc_create_user = false
38
+ # config.aaf_rc_config = "\#{Rails.root}/config/aaf_rc.yml"
39
+
40
+ eof
41
+ if options.advanced?
42
+ settings << <<-eof
43
+ # ==> Advanced AAF Rapid Connect Configuration
44
+
45
+ eof
46
+ end
47
+
48
+ settings
49
+ end
50
+
51
+ def rescue_from_exception
52
+ <<-eof
53
+ rescue_from DeviseAafRcAuthenticatable::AafRcException do |exception|
54
+ render :text => exception, :status => 500
55
+ end
56
+ eof
57
+ end
58
+
59
+ end
60
+ end
@@ -0,0 +1,43 @@
1
+ common: &common
2
+ # this is to map attributes as described in http://aaf.edu.au/technical/aaf-core-attributes/
3
+ # to their respective field in the database
4
+ # uncomment them if need be
5
+ user-mapping:
6
+ cn: ""
7
+ displayname: ""
8
+ edupersontargetedid: ""
9
+ edupersonscopedaffiliation: ""
10
+ edupersonprincipalname: ""
11
+ mail: email
12
+ givenname: first_name
13
+ surname: last_name
14
+
15
+ development:
16
+ <<: *common
17
+ hostname: hostname.com
18
+ secret_token: REPLACE_ME
19
+ aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
20
+
21
+ qa:
22
+ <<: *common
23
+ hostname: hostname.com
24
+ secret_token: REPLACE_ME
25
+ aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
26
+
27
+ staging:
28
+ <<: *common
29
+ hostname: hostname.com
30
+ secret_token: REPLACE_ME
31
+ aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
32
+
33
+ test:
34
+ <<: *common
35
+ hostname: hostname.com
36
+ secret_token: REPLACE_ME
37
+ aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
38
+
39
+ production:
40
+ <<: *common
41
+ hostname: hostname.com
42
+ secret_token: REPLACE_ME
43
+ aaf_rc_login_url: https://rapid.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
data/rails/init.rb ADDED
@@ -0,0 +1,2 @@
1
+ # Include hook code here
2
+ require 'devise_aaf_rc_authenticatable'
metadata ADDED
@@ -0,0 +1,188 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: devise_aaf_rc_authenticatable
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - Gabriel Gasser Noblia
8
+ - Shuqian Hon
9
+ - Daniel Theodosius
10
+ - Jake Farrell
11
+ autorequire:
12
+ bindir: bin
13
+ cert_chain: []
14
+ date: 2014-06-26 00:00:00.000000000 Z
15
+ dependencies:
16
+ - !ruby/object:Gem::Dependency
17
+ name: shoulda
18
+ requirement: !ruby/object:Gem::Requirement
19
+ requirements:
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: '0'
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: bundler
32
+ requirement: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - ">="
35
+ - !ruby/object:Gem::Version
36
+ version: 1.0.0
37
+ type: :development
38
+ prerelease: false
39
+ version_requirements: !ruby/object:Gem::Requirement
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ version: 1.0.0
44
+ - !ruby/object:Gem::Dependency
45
+ name: jeweler
46
+ requirement: !ruby/object:Gem::Requirement
47
+ requirements:
48
+ - - "~>"
49
+ - !ruby/object:Gem::Version
50
+ version: 2.0.1
51
+ type: :development
52
+ prerelease: false
53
+ version_requirements: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - "~>"
56
+ - !ruby/object:Gem::Version
57
+ version: 2.0.1
58
+ - !ruby/object:Gem::Dependency
59
+ name: simplecov
60
+ requirement: !ruby/object:Gem::Requirement
61
+ requirements:
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: '0'
65
+ type: :development
66
+ prerelease: false
67
+ version_requirements: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - ">="
70
+ - !ruby/object:Gem::Version
71
+ version: '0'
72
+ - !ruby/object:Gem::Dependency
73
+ name: json
74
+ requirement: !ruby/object:Gem::Requirement
75
+ requirements:
76
+ - - ">="
77
+ - !ruby/object:Gem::Version
78
+ version: '0'
79
+ type: :development
80
+ prerelease: false
81
+ version_requirements: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ - !ruby/object:Gem::Dependency
87
+ name: json-jwt
88
+ requirement: !ruby/object:Gem::Requirement
89
+ requirements:
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: '0'
93
+ type: :development
94
+ prerelease: false
95
+ version_requirements: !ruby/object:Gem::Requirement
96
+ requirements:
97
+ - - ">="
98
+ - !ruby/object:Gem::Version
99
+ version: '0'
100
+ - !ruby/object:Gem::Dependency
101
+ name: builder
102
+ requirement: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ type: :development
108
+ prerelease: false
109
+ version_requirements: !ruby/object:Gem::Requirement
110
+ requirements:
111
+ - - ">="
112
+ - !ruby/object:Gem::Version
113
+ version: '0'
114
+ - !ruby/object:Gem::Dependency
115
+ name: devise
116
+ requirement: !ruby/object:Gem::Requirement
117
+ requirements:
118
+ - - ">="
119
+ - !ruby/object:Gem::Version
120
+ version: 1.5.4
121
+ type: :runtime
122
+ prerelease: false
123
+ version_requirements: !ruby/object:Gem::Requirement
124
+ requirements:
125
+ - - ">="
126
+ - !ruby/object:Gem::Version
127
+ version: 1.5.4
128
+ description: Devise AAF Rapid Connect Authenticatable is an authentication strategy
129
+ for the Devise[http://github.com/plataformatec/devise] authentication framework.
130
+ email:
131
+ - gabriel@intersect.org.au
132
+ - shuqian@intersect.org.au
133
+ - danielt@intersect.org.au
134
+ - jake@intersect.org.au
135
+ executables: []
136
+ extensions: []
137
+ extra_rdoc_files:
138
+ - LICENSE.txt
139
+ - README.md
140
+ - README.rdoc
141
+ files:
142
+ - ".ruby-gemset"
143
+ - ".ruby-version"
144
+ - Gemfile
145
+ - Gemfile.lock
146
+ - LICENSE.txt
147
+ - README.md
148
+ - README.rdoc
149
+ - Rakefile
150
+ - VERSION
151
+ - app/controllers/devise/aaf_rc_sessions_controller.rb
152
+ - config/locales/en.yml
153
+ - devise_aaf_rc_authenticatable.gemspec
154
+ - lib/devise_aaf_rc_authenticatable.rb
155
+ - lib/devise_aaf_rc_authenticatable/exception.rb
156
+ - lib/devise_aaf_rc_authenticatable/logger.rb
157
+ - lib/devise_aaf_rc_authenticatable/model.rb
158
+ - lib/devise_aaf_rc_authenticatable/routes.rb
159
+ - lib/devise_aaf_rc_authenticatable/schema.rb
160
+ - lib/devise_aaf_rc_authenticatable/strategy.rb
161
+ - lib/devise_aaf_rc_authenticatable/version.rb
162
+ - lib/generators/devise_aaf_rc_authenticatable/install_generator.rb
163
+ - lib/generators/devise_aaf_rc_authenticatable/templates/aaf_rc.yml
164
+ - rails/init.rb
165
+ homepage: http://github.com/IntersectAustralia/devise_aaf_rc_authenticatable
166
+ licenses: []
167
+ metadata: {}
168
+ post_install_message:
169
+ rdoc_options: []
170
+ require_paths:
171
+ - lib
172
+ required_ruby_version: !ruby/object:Gem::Requirement
173
+ requirements:
174
+ - - ">="
175
+ - !ruby/object:Gem::Version
176
+ version: '0'
177
+ required_rubygems_version: !ruby/object:Gem::Requirement
178
+ requirements:
179
+ - - ">="
180
+ - !ruby/object:Gem::Version
181
+ version: '0'
182
+ requirements: []
183
+ rubyforge_project:
184
+ rubygems_version: 2.2.2
185
+ signing_key:
186
+ specification_version: 4
187
+ summary: AAF Rapid Connect authentication module for Devise
188
+ test_files: []