devise_ticketable 0.0.1

data/.gitignore

@@ -0,0 +1,12 @@
+.bundle
+db/*.sqlite3
+log/*.log
+tmp/**/*
+Gemfile.lock
+._*
+.DS_Store
+*~
+.idea/*
+public/stylesheets/compiled/*
+.rvmrc
+public/uploads/**/*

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Morton Jonuschat
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+# devise_ticketable
+
+Adds support to [devise](http://github.com/plataformatec/devise) for acting as a single sign on server
+using [mod\_auth\_tkt](http://www.openfusion.com.au/labs/mod_auth_tkt/) for the [Apache HTTP Server](http://httpd.apache.org/)
+
+## Installation
+
+Rails 2.3 - add the following to your list of gems
+
+    config.gem 'devise_ticketable'
+
+Rails 3 - add the following to your Gemfile
+
+    gem 'devise_ticketable'
+
+## Configuration
+
+devise_ticketable add a few configuration options to devise.
+
+1. The secret used to generate cookies. Set to empty string by default. Should be set to some long and random
+string comparable to the Rails cookie secret. This value needs to mach your webserver configuration!
+
+    config.auth\_tkt\_domain = secret
+
+
+1. The domain for which the cookie is valid. Not set by default. Setting this to something like '.example.com'
+allows single sign on across multiple subdomains
+
+    config.auth\_tkt\_domain = ''
+
+1. Optionally do a Base64 encode of the cookie data. Not enabled by default.
+
+    config.auth\_tkt\_encode = false
+
+1. Ignore the remote ip address when generating or validating the ticket. Not enabled by default.
+
+    config.auth\_tkt\_ignore\_ip = false
+
+## Accessors / Model attributes
+
+devise_ticketable makes use of a few optional but recommended accessors on your user model.
+
+1. :auth\_tkt\_user
+
+    Define this so that it returns the username you might later use to grant access
+
+1. :auth\_tkt\_user\_data
+
+    Can be used to return payload data that mod\_auth\_tkt may use
+
+1. :auth\_tkt\_token\_list
+
+    Should return a list of comma separated tokens can be used for authentication purposes by mod\_auth\_tkt.
+    Possible uses include returning group memberships or roles.
+
+## Limitations
+
+Currently the cookie name is hardcoded to *auth_tkt*. As there is no documentation available for mod\_auth\_tkt that suggests
+that the cookie name is configurable this doesn't pose any serious problems.
+
+## Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+## Copyright
+
+Copyright (c) 2010 Morton Jonuschat. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,53 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "devise_ticketable"
+    gem.summary = %Q{Add support to devise for acting as a SSO server using mod_auth_tkt for apache }
+    gem.description = %Q{Adding device_ticketable to your devise implementaton will integrate it with mod_auth_tkt for the Apache HTTP server by setting/destroying the necessary auth_tkt cookie}
+    gem.email = "yabawock@gmail.com"
+    gem.homepage = "http://github.com/yabawock/devise_ticketable"
+    gem.authors = ["Morton Jonuschat"]
+    gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "devise_ticketable #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/devise_ticketable.gemspec

@@ -0,0 +1,55 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{devise_ticketable}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Morton Jonuschat"]
+  s.date = %q{2010-07-30}
+  s.description = %q{Adding device_ticketable to your devise implementaton will integrate it with mod_auth_tkt for the Apache HTTP server by setting/destroying the necessary auth_tkt cookie}
+  s.email = %q{yabawock@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.md"
+  ]
+  s.files = [
+    ".gitignore",
+     "LICENSE",
+     "README.md",
+     "Rakefile",
+     "VERSION",
+     "devise_ticketable.gemspec",
+     "lib/devise_ticketable.rb",
+     "lib/devise_ticketable/hooks/ticketable.rb",
+     "lib/devise_ticketable/model.rb",
+     "test/helper.rb",
+     "test/test_devise_ticketable.rb"
+  ]
+  s.homepage = %q{http://github.com/yabawock/devise_ticketable}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Add support to devise for acting as a SSO server using mod_auth_tkt for apache}
+  s.test_files = [
+    "test/helper.rb",
+     "test/test_devise_ticketable.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    else
+      s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+  end
+end
+

data/lib/devise_ticketable.rb

@@ -0,0 +1,22 @@
+Devise.add_module :ticketable, :model => 'devise_ticketable/model'
+
+module Devise
+  # Custom domain for auth_tkt_cookies. Not set by default
+  mattr_accessor :auth_tkt_domain
+  @@auth_tkt_domain = false
+
+  # Base64 encode the cookie data. Not set by default
+  mattr_accessor :auth_tkt_encode
+  @@auth_tkt_encode = false
+
+  # Do not check the remote ip address. Not set by default
+  mattr_accessor :auth_tkt_ignore_ip
+  @@auth_tkt_ignore_ip = false
+
+  # Define the secret used to generate cookies. Not set by default
+  mattr_accessor :auth_tkt_secret
+  @@auth_tkt_secret = ''
+end
+
+#module DeviseTicketable
+#end

data/lib/devise_ticketable/hooks/ticketable.rb

@@ -0,0 +1,30 @@
+# Before the user gets logged out we destroy the mod_auth_tkt cookie
+#
+# This is only triggered when the user is explicitly set (with set_user)
+# and on authentication. Retrieving the user from session (:fetch) does
+# not trigger it.
+
+Warden::Manager.before_logout do |record, warden, opts|
+  if record.respond_to?(:destroy_auth_tkt_cookie!)
+    cookie_data = record.destroy_auth_tkt_cookie!
+    warden.cookies[:auth_tkt] = cookie_data
+    warden.cookies.delete(:auth_tkt)
+  end
+end
+
+# After the user gets logged in we set the mod_auth_tkt cookie
+#
+# This callback is triggered the first time one of those three
+# events happens during a request: :authentication, :fetch
+# (from session) and :set_user (when manually set)
+
+Warden::Manager.after_authentication do |record, warden, opts|
+  if record.respond_to?(:get_auth_tkt_cookie!)
+    options = {}
+    options[:user]        = record.auth_tkt_user        if record.respond_to?(:auth_tkt_user)
+    options[:user_data]   = record.auth_tkt_user_data   if record.respond_to?(:auth_tkt_user_data)
+    options[:token_list]  = record.auth_tkt_token_list  if record.respond_to?(:auth_tkt_token_list)
+
+    warden.cookies[:auth_tkt] = record.get_auth_tkt_cookie!(options, warden.request)
+  end
+end

data/lib/devise_ticketable/model.rb

@@ -0,0 +1,101 @@
+require 'devise_ticketable/hooks/ticketable'
+
+module Devise
+  module Models
+    # This module generates cookie tickets compatible
+    # with the "mod_auth_tkt" apache module.
+    #
+    # Based on work by: MESO Web Scapes, Sascha Hanssen
+    # www.meso.net/auth_tkt_rails | hanssen@meso.net
+
+    module Ticketable
+      extend ActiveSupport::Concern
+
+      # destroys the auth_tkt cookie to sign out the current user
+      def destroy_auth_tkt_cookie!
+        # reset ticket value of cookie, safeguard if deleting the cookie fails
+        {:value => '', :expire => Time.at(0), :domain => self.class.auth_tkt_domain}
+      end
+
+      # sets the auth_tkt cookie, returns the signed cookie string
+      def get_auth_tkt_cookie!(options, request)
+        # get signed cookie string
+        tkt_hash = get_tkt_hash(options, request)
+
+        cookie_data = {:value => tkt_hash}
+
+        # set domain for cookie, if wanted
+        cookie_data[:domain] = self.class.auth_tkt_domain if self.class.auth_tkt_domain
+
+        # return signed cookie
+        cookie_data
+      end
+
+      protected
+
+        # returns a string that contains the signed cookie content
+        def get_tkt_hash(user_options, request)
+          options = {
+            :user       => '',
+            :token_list => '',
+            :user_data  => '',
+            :encode     => self.class.auth_tkt_encode,
+            :ignore_ip  => self.class.auth_tkt_ignore_ip
+          }.merge(user_options)
+
+          # set timestamp and binary string for timestamp and ip packed together
+          timestamp  = Time.now.to_i
+          ip_address = options[:ignore_ip] ? '0.0.0.0' : request.remote_ip
+          ip_timestamp = [ip2long(ip_address), timestamp].pack("NN")
+
+          # creating the cookie signature
+          digest0 = Digest::MD5.hexdigest(ip_timestamp + get_secret_key + options[:user] + "\0" + options[:token_list] + "\0" + options[:user_data])
+          digest  = Digest::MD5.hexdigest(digest0 + get_secret_key)
+
+          # concatenating signature, timestamp and payload
+          cookie = digest + timestamp.to_s(16) + options[:user] + '!' +
+                           options[:token_list] + '!' + options[:user_data]
+
+          # base64 encode cookie, if needed
+          if options[:encode]
+            require 'base64'
+            cookie = Base64.encode64(cookie).gsub("\n", '').strip
+          end
+
+          return cookie
+        end
+
+        # returns token list previously saved in auth_tkt cookie
+        def get_auth_tkt_token_list
+          cookie_decoded = Base64.decode64(cookies[:auth_tkt])
+          return cookie_decoded.split('!')[1]
+        end
+
+        # returns user data previously saved in auth_tkt cookie
+        def get_auth_tkt_user_data
+          cookie_decoded = Base64.decode64(cookies[:auth_tkt])
+          return cookie_decoded.split('!')[2]
+        end
+
+        # returns the shared secret string used to sign the cookie
+        def get_secret_key
+          self.class.auth_tkt_secret
+        end
+
+        # function adapted according to php: generates an IPv4 Internet network address
+        # from its Internet standard format (dotted string) representation.
+        def ip2long(ip)
+          long = 0
+          ip.split(/\./).reverse.each_with_index do |x, i|
+            long += x.to_i << (i * 8)
+          end
+          long
+        end
+
+        # Digests the password using the configured encryptor.
+        module ClassMethods
+          Devise::Models.config(self, :auth_tkt_domain, :auth_tkt_encode, :auth_tkt_ignore_ip, :auth_tkt_secret)
+        end
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'devise_ticketable'
+
+class Test::Unit::TestCase
+end

data/test/test_devise_ticketable.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestDeviseTicketable < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification 
+name: devise_ticketable
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Morton Jonuschat
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-30 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: thoughtbot-shoulda
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: Adding device_ticketable to your devise implementaton will integrate it with mod_auth_tkt for the Apache HTTP server by setting/destroying the necessary auth_tkt cookie
+email: yabawock@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.md
+files: 
+- .gitignore
+- LICENSE
+- README.md
+- Rakefile
+- VERSION
+- devise_ticketable.gemspec
+- lib/devise_ticketable.rb
+- lib/devise_ticketable/hooks/ticketable.rb
+- lib/devise_ticketable/model.rb
+- test/helper.rb
+- test/test_devise_ticketable.rb
+has_rdoc: true
+homepage: http://github.com/yabawock/devise_ticketable
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Add support to devise for acting as a SSO server using mod_auth_tkt for apache
+test_files: 
+- test/helper.rb
+- test/test_devise_ticketable.rb