devise_aaf_rc_authenticatable 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/Gemfile +11 -0
- data/Gemfile.lock +70 -0
- data/LICENSE.txt +20 -0
- data/README.md +4 -0
- data/README.rdoc +62 -0
- data/Rakefile +41 -0
- data/VERSION +1 -0
- data/app/controllers/devise/aaf_rc_sessions_controller.rb +32 -0
- data/config/locales/en.yml +10 -0
- data/devise_aaf_rc_authenticatable.gemspec +84 -0
- data/lib/devise_aaf_rc_authenticatable.rb +40 -0
- data/lib/devise_aaf_rc_authenticatable/exception.rb +6 -0
- data/lib/devise_aaf_rc_authenticatable/logger.rb +11 -0
- data/lib/devise_aaf_rc_authenticatable/model.rb +70 -0
- data/lib/devise_aaf_rc_authenticatable/routes.rb +12 -0
- data/lib/devise_aaf_rc_authenticatable/schema.rb +14 -0
- data/lib/devise_aaf_rc_authenticatable/strategy.rb +63 -0
- data/lib/devise_aaf_rc_authenticatable/version.rb +4 -0
- data/lib/generators/devise_aaf_rc_authenticatable/install_generator.rb +60 -0
- data/lib/generators/devise_aaf_rc_authenticatable/templates/aaf_rc.yml +43 -0
- data/rails/init.rb +2 -0
- metadata +188 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 912d174bde0b9d41951b5ef751a68e3331709865
|
4
|
+
data.tar.gz: 77fea7ba019546f867f2e2aa3b589f65ac0c96b3
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: aac9c7896eda68e13a24d486504592099a09793853fd43525c5232d06606810ce11f301ce3efd3bd491c754916613ea3342229d19e094ee06bc87714a7437394
|
7
|
+
data.tar.gz: 79e4c5f4b50714cdb1760cb08c85feb3881e57fb864ef8960e21c252503a37a64ca6c65a341ee0def370e701796ae7e215f93f516bc599bb7798788eab55330d
|
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
devise_aaf_rc
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby-2.1.2
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,70 @@
|
|
1
|
+
GEM
|
2
|
+
remote: https://rubygems.org/
|
3
|
+
specs:
|
4
|
+
activesupport (3.2.15)
|
5
|
+
i18n (~> 0.6, >= 0.6.4)
|
6
|
+
multi_json (~> 1.0)
|
7
|
+
addressable (2.3.6)
|
8
|
+
builder (3.2.2)
|
9
|
+
faraday (0.7.6)
|
10
|
+
addressable (~> 2.2)
|
11
|
+
multipart-post (~> 1.1)
|
12
|
+
rack (~> 1.1)
|
13
|
+
git (1.2.7)
|
14
|
+
github_api (0.4.10)
|
15
|
+
faraday (~> 0.7.6)
|
16
|
+
hashie (~> 1.2.0)
|
17
|
+
multi_json (~> 1.0)
|
18
|
+
oauth2 (~> 0.5.2)
|
19
|
+
hashie (1.2.0)
|
20
|
+
highline (1.6.21)
|
21
|
+
i18n (0.6.5)
|
22
|
+
jeweler (2.0.1)
|
23
|
+
builder
|
24
|
+
bundler (>= 1.0)
|
25
|
+
git (>= 1.2.5)
|
26
|
+
github_api
|
27
|
+
highline (>= 1.6.15)
|
28
|
+
nokogiri (>= 1.5.10)
|
29
|
+
rake
|
30
|
+
rdoc
|
31
|
+
json (1.8.1)
|
32
|
+
json-jwt (0.4.1)
|
33
|
+
activesupport (>= 2.3)
|
34
|
+
i18n
|
35
|
+
json (>= 1.4.3)
|
36
|
+
url_safe_base64
|
37
|
+
mini_portile (0.6.0)
|
38
|
+
multi_json (1.2.0)
|
39
|
+
multipart-post (1.2.0)
|
40
|
+
nokogiri (1.6.2.1)
|
41
|
+
mini_portile (= 0.6.0)
|
42
|
+
oauth2 (0.5.2)
|
43
|
+
faraday (~> 0.7)
|
44
|
+
multi_json (~> 1.0)
|
45
|
+
rack (1.5.2)
|
46
|
+
rake (10.3.2)
|
47
|
+
rdoc (4.1.1)
|
48
|
+
json (~> 1.4)
|
49
|
+
shoulda (3.0.1)
|
50
|
+
shoulda-context (~> 1.0.0)
|
51
|
+
shoulda-matchers (~> 1.0.0)
|
52
|
+
shoulda-context (1.0.0)
|
53
|
+
shoulda-matchers (1.0.0)
|
54
|
+
simplecov (0.6.1)
|
55
|
+
multi_json (~> 1.0)
|
56
|
+
simplecov-html (~> 0.5.3)
|
57
|
+
simplecov-html (0.5.3)
|
58
|
+
url_safe_base64 (0.2.2)
|
59
|
+
|
60
|
+
PLATFORMS
|
61
|
+
ruby
|
62
|
+
|
63
|
+
DEPENDENCIES
|
64
|
+
builder
|
65
|
+
bundler (>= 1.0.0)
|
66
|
+
jeweler (~> 2.0.1)
|
67
|
+
json
|
68
|
+
json-jwt
|
69
|
+
shoulda
|
70
|
+
simplecov
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2013 Intersect Australia Limited
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
data/README.rdoc
ADDED
@@ -0,0 +1,62 @@
|
|
1
|
+
= devise_aaf_rc_authenticatable
|
2
|
+
|
3
|
+
Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework.
|
4
|
+
|
5
|
+
This is customised for Intersect Australia.
|
6
|
+
|
7
|
+
== Prerequisites
|
8
|
+
* devise ~> 1.5.4 (which requires rails ~> 3.1)
|
9
|
+
|
10
|
+
== Usage
|
11
|
+
In the Gemfile for your application:
|
12
|
+
|
13
|
+
gem "devise_aaf_rc_authenticatable"
|
14
|
+
|
15
|
+
To get the latest version, pull directly from github instead of the gem:
|
16
|
+
|
17
|
+
gem "devise_aaf_rc_authenticatable", :git => "git://github.com/IntersectAustralia/devise_aaf_rc_authenticatable.git"
|
18
|
+
|
19
|
+
== Setup
|
20
|
+
Run the rails generators for devise (please check the devise[http://github.com/plataformatec/devise] documents for further instructions)
|
21
|
+
|
22
|
+
rails generate devise:install
|
23
|
+
rails generate devise MODEL_NAME
|
24
|
+
|
25
|
+
Run the rails generator for 'devise_aaf_rc_authenticatable'
|
26
|
+
|
27
|
+
rails generate devise_aaf_rc_authenticatable:install
|
28
|
+
|
29
|
+
== Configuration
|
30
|
+
In initializer 'config/initializers/devise.rb' :
|
31
|
+
|
32
|
+
* config.aaf_rc_logger <em>(default: true)</em>
|
33
|
+
* config.aaf_rc_create_user <em>(default: true)</em>
|
34
|
+
* config.aaf_rc_config <em>(default:#{Rails.root}/config/aaf_rc.yml)</em>
|
35
|
+
|
36
|
+
In configuration 'config/aaf_rc.yml' :
|
37
|
+
|
38
|
+
* user-mapping
|
39
|
+
* A hash-map of the AAF attributes that you want saved to your User model.
|
40
|
+
|
41
|
+
* aaf_rc_login_url
|
42
|
+
* The URL to your AAF IdP
|
43
|
+
|
44
|
+
== Contributing to devise_aaf_rc_authenticatable
|
45
|
+
|
46
|
+
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
47
|
+
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
48
|
+
* Fork the project
|
49
|
+
* Start a feature/bugfix branch
|
50
|
+
* Commit and push until you are happy with your contribution
|
51
|
+
* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
|
52
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
|
53
|
+
|
54
|
+
== References
|
55
|
+
* Devise[http://github.com/plataformatec/devise]
|
56
|
+
* AAF Rapid Connect[http://rapid.aaf.edu.au]
|
57
|
+
|
58
|
+
== Copyright
|
59
|
+
|
60
|
+
Copyright (c) 2013 Intersect Australia Limited. See LICENSE.txt for
|
61
|
+
further details.
|
62
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rdoc/task'
|
4
|
+
|
5
|
+
desc 'Default: run unit tests.'
|
6
|
+
task :default => :test
|
7
|
+
|
8
|
+
desc 'Test the devise_imapable plugin.'
|
9
|
+
Rake::TestTask.new(:test) do |t|
|
10
|
+
# t.libs << 'lib'
|
11
|
+
# t.libs << 'test'
|
12
|
+
# t.pattern = 'test/**/*_test.rb'
|
13
|
+
# t.verbose = true
|
14
|
+
end
|
15
|
+
|
16
|
+
desc 'Generate documentation for the devise_aaf_rc_authenticatable plugin.'
|
17
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
18
|
+
rdoc.rdoc_dir = 'rdoc'
|
19
|
+
rdoc.title = 'DeviseAafRcAuthenticatable'
|
20
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
21
|
+
rdoc.rdoc_files.include('README')
|
22
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
23
|
+
end
|
24
|
+
|
25
|
+
|
26
|
+
begin
|
27
|
+
require 'jeweler'
|
28
|
+
Jeweler::Tasks.new do |gemspec|
|
29
|
+
gemspec.name = "devise_aaf_rc_authenticatable"
|
30
|
+
gemspec.summary = "AAF Rapid Connect authentication module for Devise"
|
31
|
+
gemspec.description = "Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework."
|
32
|
+
gemspec.email = ["gabriel@intersect.org.au", "shuqian@intersect.org.au", "danielt@intersect.org.au", "jake@intersect.org.au"]
|
33
|
+
gemspec.homepage = "http://github.com/IntersectAustralia/devise_aaf_rc_authenticatable"
|
34
|
+
gemspec.authors = ["Gabriel Gasser Noblia", "Shuqian Hon", "Daniel Theodosius", "Jake Farrell"]
|
35
|
+
gemspec.add_runtime_dependency "devise", ">= 1.5.4"
|
36
|
+
gemspec.version = "0.0.2"
|
37
|
+
end
|
38
|
+
Jeweler::GemcutterTasks.new
|
39
|
+
rescue LoadError
|
40
|
+
puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
|
41
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.0.2
|
@@ -0,0 +1,32 @@
|
|
1
|
+
class Devise::AafRcSessionsController < Devise::SessionsController
|
2
|
+
unloadable
|
3
|
+
prepend_before_filter :require_no_authentication, :only => [:aaf_new, :aaf_create]
|
4
|
+
prepend_before_filter :allow_params_authentication!, :only => :aaf_create
|
5
|
+
|
6
|
+
def aaf_new
|
7
|
+
config = YAML.load(ERB.new(File.read(::Devise.aaf_rc_config || "#{Rails.root}/config/aaf_rc.yml")).result)[Rails.env]
|
8
|
+
|
9
|
+
redirect_to config['aaf_rc_login_url']
|
10
|
+
end
|
11
|
+
|
12
|
+
def aaf_create
|
13
|
+
self.resource = warden.authenticate!(auth_options)
|
14
|
+
set_flash_message(:notice, :signed_in) if is_navigational_format?
|
15
|
+
sign_in(resource_name, resource)
|
16
|
+
respond_with resource, :location => after_sign_in_path_for(resource)
|
17
|
+
end
|
18
|
+
|
19
|
+
def aaf_destroy
|
20
|
+
session.delete(:attributes)
|
21
|
+
session.delete(:jwt)
|
22
|
+
session.delete(:jwt_unauthorized)
|
23
|
+
end
|
24
|
+
|
25
|
+
def destroy
|
26
|
+
session.delete(:attributes)
|
27
|
+
session.delete(:jwt)
|
28
|
+
session.delete(:jwt_unauthorized)
|
29
|
+
super
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
en:
|
2
|
+
devise:
|
3
|
+
failure:
|
4
|
+
invalid_aaf: 'You must be an approved user to access this site.'
|
5
|
+
invalid_audience: 'Invalid audience.'
|
6
|
+
invalid_timing: 'Invalid timing.'
|
7
|
+
invalid_jwt: 'Signature was invalid or JWT was otherwise erroneous.'
|
8
|
+
aaf_rc_sessions:
|
9
|
+
signed_in: 'Logged in successfully.'
|
10
|
+
signed_out: 'Logged out successfully.'
|
@@ -0,0 +1,84 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
# stub: devise_aaf_rc_authenticatable 0.0.2 ruby lib
|
6
|
+
|
7
|
+
Gem::Specification.new do |s|
|
8
|
+
s.name = "devise_aaf_rc_authenticatable"
|
9
|
+
s.version = "0.0.2"
|
10
|
+
|
11
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
|
+
s.require_paths = ["lib"]
|
13
|
+
s.authors = ["Gabriel Gasser Noblia", "Shuqian Hon", "Daniel Theodosius", "Jake Farrell"]
|
14
|
+
s.date = "2014-06-26"
|
15
|
+
s.description = "Devise AAF Rapid Connect Authenticatable is an authentication strategy for the Devise[http://github.com/plataformatec/devise] authentication framework."
|
16
|
+
s.email = ["gabriel@intersect.org.au", "shuqian@intersect.org.au", "danielt@intersect.org.au", "jake@intersect.org.au"]
|
17
|
+
s.extra_rdoc_files = [
|
18
|
+
"LICENSE.txt",
|
19
|
+
"README.md",
|
20
|
+
"README.rdoc"
|
21
|
+
]
|
22
|
+
s.files = [
|
23
|
+
".ruby-gemset",
|
24
|
+
".ruby-version",
|
25
|
+
"Gemfile",
|
26
|
+
"Gemfile.lock",
|
27
|
+
"LICENSE.txt",
|
28
|
+
"README.md",
|
29
|
+
"README.rdoc",
|
30
|
+
"Rakefile",
|
31
|
+
"VERSION",
|
32
|
+
"app/controllers/devise/aaf_rc_sessions_controller.rb",
|
33
|
+
"config/locales/en.yml",
|
34
|
+
"devise_aaf_rc_authenticatable.gemspec",
|
35
|
+
"lib/devise_aaf_rc_authenticatable.rb",
|
36
|
+
"lib/devise_aaf_rc_authenticatable/exception.rb",
|
37
|
+
"lib/devise_aaf_rc_authenticatable/logger.rb",
|
38
|
+
"lib/devise_aaf_rc_authenticatable/model.rb",
|
39
|
+
"lib/devise_aaf_rc_authenticatable/routes.rb",
|
40
|
+
"lib/devise_aaf_rc_authenticatable/schema.rb",
|
41
|
+
"lib/devise_aaf_rc_authenticatable/strategy.rb",
|
42
|
+
"lib/devise_aaf_rc_authenticatable/version.rb",
|
43
|
+
"lib/generators/devise_aaf_rc_authenticatable/install_generator.rb",
|
44
|
+
"lib/generators/devise_aaf_rc_authenticatable/templates/aaf_rc.yml",
|
45
|
+
"rails/init.rb"
|
46
|
+
]
|
47
|
+
s.homepage = "http://github.com/IntersectAustralia/devise_aaf_rc_authenticatable"
|
48
|
+
s.rubygems_version = "2.2.2"
|
49
|
+
s.summary = "AAF Rapid Connect authentication module for Devise"
|
50
|
+
|
51
|
+
if s.respond_to? :specification_version then
|
52
|
+
s.specification_version = 4
|
53
|
+
|
54
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
55
|
+
s.add_development_dependency(%q<shoulda>, [">= 0"])
|
56
|
+
s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
|
57
|
+
s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
|
58
|
+
s.add_development_dependency(%q<simplecov>, [">= 0"])
|
59
|
+
s.add_development_dependency(%q<json>, [">= 0"])
|
60
|
+
s.add_development_dependency(%q<json-jwt>, [">= 0"])
|
61
|
+
s.add_development_dependency(%q<builder>, [">= 0"])
|
62
|
+
s.add_runtime_dependency(%q<devise>, [">= 1.5.4"])
|
63
|
+
else
|
64
|
+
s.add_dependency(%q<shoulda>, [">= 0"])
|
65
|
+
s.add_dependency(%q<bundler>, [">= 1.0.0"])
|
66
|
+
s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
|
67
|
+
s.add_dependency(%q<simplecov>, [">= 0"])
|
68
|
+
s.add_dependency(%q<json>, [">= 0"])
|
69
|
+
s.add_dependency(%q<json-jwt>, [">= 0"])
|
70
|
+
s.add_dependency(%q<builder>, [">= 0"])
|
71
|
+
s.add_dependency(%q<devise>, [">= 1.5.4"])
|
72
|
+
end
|
73
|
+
else
|
74
|
+
s.add_dependency(%q<shoulda>, [">= 0"])
|
75
|
+
s.add_dependency(%q<bundler>, [">= 1.0.0"])
|
76
|
+
s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
|
77
|
+
s.add_dependency(%q<simplecov>, [">= 0"])
|
78
|
+
s.add_dependency(%q<json>, [">= 0"])
|
79
|
+
s.add_dependency(%q<json-jwt>, [">= 0"])
|
80
|
+
s.add_dependency(%q<builder>, [">= 0"])
|
81
|
+
s.add_dependency(%q<devise>, [">= 1.5.4"])
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require 'devise'
|
3
|
+
|
4
|
+
require 'devise_aaf_rc_authenticatable/exception'
|
5
|
+
require 'devise_aaf_rc_authenticatable/logger'
|
6
|
+
require 'devise_aaf_rc_authenticatable/schema'
|
7
|
+
require 'devise_aaf_rc_authenticatable/routes'
|
8
|
+
|
9
|
+
begin
|
10
|
+
Rails::Engine
|
11
|
+
rescue
|
12
|
+
else
|
13
|
+
module DeviseAafRcAuthenticatable
|
14
|
+
class Engine < Rails::Engine
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
# Get aaf_rc information from config/aaf_rc.yml now
|
20
|
+
module Devise
|
21
|
+
# Allow logging
|
22
|
+
mattr_accessor :aaf_rc_logger
|
23
|
+
@@aaf_rc_logger = true
|
24
|
+
|
25
|
+
# Add valid users to database
|
26
|
+
mattr_accessor :aaf_rc_create_user
|
27
|
+
@@aaf_rc_create_user = false
|
28
|
+
|
29
|
+
mattr_accessor :aaf_rc_config
|
30
|
+
@@aaf_rc_config = "#{Rails.root}/config/aaf_rc.yml"
|
31
|
+
|
32
|
+
end
|
33
|
+
|
34
|
+
# Add aaf_rc_authenticatable strategy to defaults.
|
35
|
+
#
|
36
|
+
Devise.add_module(:aaf_rc_authenticatable,
|
37
|
+
:route => :aaf_rc_authenticatable,
|
38
|
+
:strategy => true,
|
39
|
+
:controller => :aaf_rc_sessions,
|
40
|
+
:model => 'devise_aaf_rc_authenticatable/model')
|
@@ -0,0 +1,70 @@
|
|
1
|
+
require 'devise_aaf_rc_authenticatable/strategy'
|
2
|
+
|
3
|
+
module Devise
|
4
|
+
module Models
|
5
|
+
module AafRcAuthenticatable
|
6
|
+
extend ActiveSupport::Concern
|
7
|
+
|
8
|
+
# Need to determine why these need to be included
|
9
|
+
included do
|
10
|
+
attr_reader :password, :current_password
|
11
|
+
attr_accessor :password_confirmation
|
12
|
+
end
|
13
|
+
|
14
|
+
def update_with_password(params={})
|
15
|
+
params.delete(:current_password)
|
16
|
+
self.update_without_password(params)
|
17
|
+
end
|
18
|
+
|
19
|
+
def update_without_password(params={})
|
20
|
+
params.delete(:password)
|
21
|
+
params.delete(:password_confirmation)
|
22
|
+
|
23
|
+
result = update_attributes(params)
|
24
|
+
result
|
25
|
+
end
|
26
|
+
|
27
|
+
# Hook called after AAF authentication.
|
28
|
+
def after_aaf_rc_authentication
|
29
|
+
end
|
30
|
+
|
31
|
+
module ClassMethods
|
32
|
+
|
33
|
+
def authenticate_with_aaf_rc(attributes={})
|
34
|
+
|
35
|
+
auth_key = self.authentication_keys.first
|
36
|
+
|
37
|
+
auth_key_value = (self.case_insensitive_keys || []).include?(auth_key) ? attributes['mail'].downcase : attributes['mail']
|
38
|
+
|
39
|
+
resource = where(auth_key => auth_key_value).first
|
40
|
+
|
41
|
+
if (resource.nil? && !Devise.aaf_rc_create_user)
|
42
|
+
logger.info("User(#{auth_key_value}) not found. Not configured to create the user.")
|
43
|
+
return nil
|
44
|
+
end
|
45
|
+
|
46
|
+
if (resource.nil? && Devise.aaf_rc_create_user)
|
47
|
+
logger.info("Creating user(#{auth_key_value}).")
|
48
|
+
resource = new
|
49
|
+
save_user_aaf_rc_attributes(resource, attributes)
|
50
|
+
resource.aaf_rc_before_save if resource.respond_to?(:aaf_rc_before_save)
|
51
|
+
resource.save
|
52
|
+
end
|
53
|
+
|
54
|
+
resource
|
55
|
+
end
|
56
|
+
|
57
|
+
private
|
58
|
+
def save_user_aaf_rc_attributes(resource, attributes)
|
59
|
+
config = YAML.load(ERB.new(File.read(::Devise.aaf_rc_config || "#{Rails.root}/config/aaf_rc.yml")).result)[Rails.env]
|
60
|
+
config['user-mapping'].each do |aaf_attr, db_field|
|
61
|
+
logger.info("Saving #{attributes[aaf_attr]} to #{db_field}")
|
62
|
+
field = "#{db_field}="
|
63
|
+
value = attributes[aaf_attr]
|
64
|
+
resource.send(field, value.to_s) if resource.respond_to?(field)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
ActionDispatch::Routing::Mapper.class_eval do
|
2
|
+
protected
|
3
|
+
|
4
|
+
def devise_aaf_rc_authenticatable(mapping, controllers)
|
5
|
+
resource :session, :only => [], :controller => controllers[:aaf_rc_sessions], :path => "" do
|
6
|
+
get :aaf_new, :path => mapping.path_names[:aaf_new]
|
7
|
+
post :aaf_create, :path => mapping.path_names[:aaf_sign_in]
|
8
|
+
get :aaf_destroy, :path => mapping.path_names[:aaf_sign_out]
|
9
|
+
end
|
10
|
+
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
## Using email now instead of login. Will add an option later on.
|
2
|
+
|
3
|
+
# Devise::Schema.class_eval do
|
4
|
+
# # Creates login
|
5
|
+
# #
|
6
|
+
# # == Options
|
7
|
+
# # * :null - When true, allow columns to be null.
|
8
|
+
# def aaf_rc_authenticatable(options={})
|
9
|
+
# null = options[:null] || false
|
10
|
+
#
|
11
|
+
# apply_schema :login, String, :null => null
|
12
|
+
# end
|
13
|
+
#
|
14
|
+
# end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
require 'devise/strategies/authenticatable'
|
2
|
+
require 'json'
|
3
|
+
require 'json/jwt'
|
4
|
+
|
5
|
+
module Devise
|
6
|
+
module Strategies
|
7
|
+
class AafRcAuthenticatable < Authenticatable
|
8
|
+
|
9
|
+
def valid?
|
10
|
+
params["assertion"].present? || (session["jwt"].present? && !session["jwt_unauthorized"].present?)
|
11
|
+
end
|
12
|
+
|
13
|
+
def authenticate!
|
14
|
+
# params["assertion"] is checked for presence in valid? method.
|
15
|
+
jws = params["assertion"]
|
16
|
+
if jws
|
17
|
+
begin
|
18
|
+
|
19
|
+
config = YAML.load(ERB.new(File.read(::Devise.aaf_rc_config || "#{Rails.root}/config/aaf_rc.yml")).result)[Rails.env]
|
20
|
+
|
21
|
+
jwt = JSON::JWT.decode(jws.to_s, config['secret_token'])
|
22
|
+
aaf_host = config['aaf_rc_login_url'][/^https:\/\/[\w\.]+/] if config['aaf_rc_login_url']
|
23
|
+
aaf_host ||= "https://rapid.aaf.edu.au"
|
24
|
+
|
25
|
+
# In a complete app we'd also store and validate the jti value to ensure there is no replay attack
|
26
|
+
if jwt['iss'] == aaf_host && jwt['aud'] == config['hostname']
|
27
|
+
current_time = Time.now
|
28
|
+
if current_time > Time.at(jwt['nbf']) && current_time < Time.at(jwt['exp'])
|
29
|
+
session[:attributes] = jwt['https://aaf.edu.au/attributes']
|
30
|
+
session[:jwt] = jwt
|
31
|
+
else
|
32
|
+
logger.error(" Timing is invalid. #{current_time} out of range of #{Time.at(jwt['nbf'])} to #{Time.at(jwt['exp'])}")
|
33
|
+
return fail(:invalid_timing)
|
34
|
+
end
|
35
|
+
else
|
36
|
+
logger.error(" Audience is invalid. #{jwt['aud']} vs #{config['hostname']}")
|
37
|
+
return fail(:invalid_audience)
|
38
|
+
end
|
39
|
+
rescue Exception => e
|
40
|
+
logger.error(" Signature was invalid or JWT was otherwise erroneous. #{e.message}")
|
41
|
+
return fail(:invalid_jwt)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
resource = mapping.to.authenticate_with_aaf_rc(session[:attributes])
|
46
|
+
|
47
|
+
if validate(resource)
|
48
|
+
begin
|
49
|
+
resource.after_aaf_rc_authentication
|
50
|
+
session.delete(:jwt_unauthorized)
|
51
|
+
rescue Exception
|
52
|
+
session["jwt_unauthorized"] = 'Unauthorized'
|
53
|
+
end
|
54
|
+
success!(resource)
|
55
|
+
elsif !halted?
|
56
|
+
fail(:invalid)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
Warden::Strategies.add(:aaf_rc_authenticatable, Devise::Strategies::AafRcAuthenticatable)
|
@@ -0,0 +1,60 @@
|
|
1
|
+
module DeviseAafRcAuthenticatable
|
2
|
+
class InstallGenerator < Rails::Generators::Base
|
3
|
+
source_root File.expand_path("../templates", __FILE__)
|
4
|
+
|
5
|
+
class_option :user_model, :type => :string, :default => "user", :desc => "Model to update"
|
6
|
+
class_option :update_model, :type => :boolean, :default => false, :desc => "Update model to change from database_authenticatable to aaf_rc_authenticatable"
|
7
|
+
class_option :add_rescue, :type => :boolean, :default => true, :desc => "Update Application Controller with resuce_from for DeviseAafRcAuthenticatable::AafRcException"
|
8
|
+
class_option :advanced, :type => :boolean, :desc => "Add advanced config options to the devise initializer"
|
9
|
+
|
10
|
+
|
11
|
+
def create_aaf_rc_config
|
12
|
+
copy_file "aaf_rc.yml", "config/aaf_rc.yml"
|
13
|
+
end
|
14
|
+
|
15
|
+
def copy_locale
|
16
|
+
copy_file "../../../../config/locales/en.yml", "config/locales/devise_aaf_rc.en.yml"
|
17
|
+
end
|
18
|
+
|
19
|
+
def create_default_devise_settings
|
20
|
+
inject_into_file "config/initializers/devise.rb", default_devise_settings, :after => "Devise.setup do |config|\n"
|
21
|
+
end
|
22
|
+
|
23
|
+
def update_user_model
|
24
|
+
gsub_file "app/models/#{options.user_model}.rb", /:database_authenticatable/, ":aaf_rc_authenticatable" if options.update_model?
|
25
|
+
end
|
26
|
+
|
27
|
+
def update_application_controller
|
28
|
+
inject_into_class "app/controllers/application_controller.rb", ApplicationController, rescue_from_exception if options.add_rescue?
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def default_devise_settings
|
34
|
+
settings = <<-eof
|
35
|
+
# ==> AAF Rapid Connect Configuration
|
36
|
+
# config.aaf_rc_logger = true
|
37
|
+
# config.aaf_rc_create_user = false
|
38
|
+
# config.aaf_rc_config = "\#{Rails.root}/config/aaf_rc.yml"
|
39
|
+
|
40
|
+
eof
|
41
|
+
if options.advanced?
|
42
|
+
settings << <<-eof
|
43
|
+
# ==> Advanced AAF Rapid Connect Configuration
|
44
|
+
|
45
|
+
eof
|
46
|
+
end
|
47
|
+
|
48
|
+
settings
|
49
|
+
end
|
50
|
+
|
51
|
+
def rescue_from_exception
|
52
|
+
<<-eof
|
53
|
+
rescue_from DeviseAafRcAuthenticatable::AafRcException do |exception|
|
54
|
+
render :text => exception, :status => 500
|
55
|
+
end
|
56
|
+
eof
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
common: &common
|
2
|
+
# this is to map attributes as described in http://aaf.edu.au/technical/aaf-core-attributes/
|
3
|
+
# to their respective field in the database
|
4
|
+
# uncomment them if need be
|
5
|
+
user-mapping:
|
6
|
+
cn: ""
|
7
|
+
displayname: ""
|
8
|
+
edupersontargetedid: ""
|
9
|
+
edupersonscopedaffiliation: ""
|
10
|
+
edupersonprincipalname: ""
|
11
|
+
mail: email
|
12
|
+
givenname: first_name
|
13
|
+
surname: last_name
|
14
|
+
|
15
|
+
development:
|
16
|
+
<<: *common
|
17
|
+
hostname: hostname.com
|
18
|
+
secret_token: REPLACE_ME
|
19
|
+
aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
|
20
|
+
|
21
|
+
qa:
|
22
|
+
<<: *common
|
23
|
+
hostname: hostname.com
|
24
|
+
secret_token: REPLACE_ME
|
25
|
+
aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
|
26
|
+
|
27
|
+
staging:
|
28
|
+
<<: *common
|
29
|
+
hostname: hostname.com
|
30
|
+
secret_token: REPLACE_ME
|
31
|
+
aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
|
32
|
+
|
33
|
+
test:
|
34
|
+
<<: *common
|
35
|
+
hostname: hostname.com
|
36
|
+
secret_token: REPLACE_ME
|
37
|
+
aaf_rc_login_url: https://rapid.test.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
|
38
|
+
|
39
|
+
production:
|
40
|
+
<<: *common
|
41
|
+
hostname: hostname.com
|
42
|
+
secret_token: REPLACE_ME
|
43
|
+
aaf_rc_login_url: https://rapid.aaf.edu.au/jwt/authnrequest/research/REPLACE_ME
|
data/rails/init.rb
ADDED
metadata
ADDED
@@ -0,0 +1,188 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: devise_aaf_rc_authenticatable
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Gabriel Gasser Noblia
|
8
|
+
- Shuqian Hon
|
9
|
+
- Daniel Theodosius
|
10
|
+
- Jake Farrell
|
11
|
+
autorequire:
|
12
|
+
bindir: bin
|
13
|
+
cert_chain: []
|
14
|
+
date: 2014-06-26 00:00:00.000000000 Z
|
15
|
+
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: shoulda
|
18
|
+
requirement: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '0'
|
23
|
+
type: :development
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: bundler
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
requirements:
|
34
|
+
- - ">="
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: 1.0.0
|
37
|
+
type: :development
|
38
|
+
prerelease: false
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - ">="
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 1.0.0
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: jeweler
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - "~>"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: 2.0.1
|
51
|
+
type: :development
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - "~>"
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: 2.0.1
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: simplecov
|
60
|
+
requirement: !ruby/object:Gem::Requirement
|
61
|
+
requirements:
|
62
|
+
- - ">="
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '0'
|
65
|
+
type: :development
|
66
|
+
prerelease: false
|
67
|
+
version_requirements: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: '0'
|
72
|
+
- !ruby/object:Gem::Dependency
|
73
|
+
name: json
|
74
|
+
requirement: !ruby/object:Gem::Requirement
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
version: '0'
|
79
|
+
type: :development
|
80
|
+
prerelease: false
|
81
|
+
version_requirements: !ruby/object:Gem::Requirement
|
82
|
+
requirements:
|
83
|
+
- - ">="
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '0'
|
86
|
+
- !ruby/object:Gem::Dependency
|
87
|
+
name: json-jwt
|
88
|
+
requirement: !ruby/object:Gem::Requirement
|
89
|
+
requirements:
|
90
|
+
- - ">="
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: '0'
|
93
|
+
type: :development
|
94
|
+
prerelease: false
|
95
|
+
version_requirements: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - ">="
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '0'
|
100
|
+
- !ruby/object:Gem::Dependency
|
101
|
+
name: builder
|
102
|
+
requirement: !ruby/object:Gem::Requirement
|
103
|
+
requirements:
|
104
|
+
- - ">="
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
version: '0'
|
107
|
+
type: :development
|
108
|
+
prerelease: false
|
109
|
+
version_requirements: !ruby/object:Gem::Requirement
|
110
|
+
requirements:
|
111
|
+
- - ">="
|
112
|
+
- !ruby/object:Gem::Version
|
113
|
+
version: '0'
|
114
|
+
- !ruby/object:Gem::Dependency
|
115
|
+
name: devise
|
116
|
+
requirement: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - ">="
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: 1.5.4
|
121
|
+
type: :runtime
|
122
|
+
prerelease: false
|
123
|
+
version_requirements: !ruby/object:Gem::Requirement
|
124
|
+
requirements:
|
125
|
+
- - ">="
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: 1.5.4
|
128
|
+
description: Devise AAF Rapid Connect Authenticatable is an authentication strategy
|
129
|
+
for the Devise[http://github.com/plataformatec/devise] authentication framework.
|
130
|
+
email:
|
131
|
+
- gabriel@intersect.org.au
|
132
|
+
- shuqian@intersect.org.au
|
133
|
+
- danielt@intersect.org.au
|
134
|
+
- jake@intersect.org.au
|
135
|
+
executables: []
|
136
|
+
extensions: []
|
137
|
+
extra_rdoc_files:
|
138
|
+
- LICENSE.txt
|
139
|
+
- README.md
|
140
|
+
- README.rdoc
|
141
|
+
files:
|
142
|
+
- ".ruby-gemset"
|
143
|
+
- ".ruby-version"
|
144
|
+
- Gemfile
|
145
|
+
- Gemfile.lock
|
146
|
+
- LICENSE.txt
|
147
|
+
- README.md
|
148
|
+
- README.rdoc
|
149
|
+
- Rakefile
|
150
|
+
- VERSION
|
151
|
+
- app/controllers/devise/aaf_rc_sessions_controller.rb
|
152
|
+
- config/locales/en.yml
|
153
|
+
- devise_aaf_rc_authenticatable.gemspec
|
154
|
+
- lib/devise_aaf_rc_authenticatable.rb
|
155
|
+
- lib/devise_aaf_rc_authenticatable/exception.rb
|
156
|
+
- lib/devise_aaf_rc_authenticatable/logger.rb
|
157
|
+
- lib/devise_aaf_rc_authenticatable/model.rb
|
158
|
+
- lib/devise_aaf_rc_authenticatable/routes.rb
|
159
|
+
- lib/devise_aaf_rc_authenticatable/schema.rb
|
160
|
+
- lib/devise_aaf_rc_authenticatable/strategy.rb
|
161
|
+
- lib/devise_aaf_rc_authenticatable/version.rb
|
162
|
+
- lib/generators/devise_aaf_rc_authenticatable/install_generator.rb
|
163
|
+
- lib/generators/devise_aaf_rc_authenticatable/templates/aaf_rc.yml
|
164
|
+
- rails/init.rb
|
165
|
+
homepage: http://github.com/IntersectAustralia/devise_aaf_rc_authenticatable
|
166
|
+
licenses: []
|
167
|
+
metadata: {}
|
168
|
+
post_install_message:
|
169
|
+
rdoc_options: []
|
170
|
+
require_paths:
|
171
|
+
- lib
|
172
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
173
|
+
requirements:
|
174
|
+
- - ">="
|
175
|
+
- !ruby/object:Gem::Version
|
176
|
+
version: '0'
|
177
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
178
|
+
requirements:
|
179
|
+
- - ">="
|
180
|
+
- !ruby/object:Gem::Version
|
181
|
+
version: '0'
|
182
|
+
requirements: []
|
183
|
+
rubyforge_project:
|
184
|
+
rubygems_version: 2.2.2
|
185
|
+
signing_key:
|
186
|
+
specification_version: 4
|
187
|
+
summary: AAF Rapid Connect authentication module for Devise
|
188
|
+
test_files: []
|