gatepass 0.1.0 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +53 -5
  3. data/app/controllers/gatepass/authentication_controller.rb +10 -7
  4. data/app/controllers/gatepass/users_controller.rb +43 -1
  5. data/app/views/gatepass/users/_form.html.erb +8 -1
  6. data/app/views/gatepass/users/_user.html.erb +5 -0
  7. data/app/views/gatepass/users/index.html.erb +5 -0
  8. data/db/migrate/20230726110030_create_gatepass_users.rb +1 -0
  9. data/lib/gatepass/version.rb +1 -1
  10. data/lib/gatepass.rb +2 -1
  11. metadata +20 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6adfbc31cccc12d1786457c468667bcba579db0db4639aae68a01bb61a570e64
4
- data.tar.gz: 5e456e23ddcda822bc391601c88fb0286184abc9f164de6ad2cf35e1765b912d
3
+ metadata.gz: 22e7d410f8cc59147182ef88f8b78fee3f0801f8bef57aea3f469b655f77f294
4
+ data.tar.gz: 1988ca42cd43522a1261885a7b69bac2768435071c5e607bf5de864e8bb179c4
5
5
  SHA512:
6
- metadata.gz: 10d45f2705514fbd230e72a336f13935e88d571b55d76431c1acedb942f47c34b84cb352c55c442842fe1df00d08641b21ac02444ded243149aba3a77f20e0c9
7
- data.tar.gz: 200c1bf025039c8e889951d30afe355dc8b010087c8e66526d854ff38438887b6cb329ccefdb00f063baf4e3f5d4017346b45ba564160890ffc2b3e78a954304
6
+ metadata.gz: bbacc80c229ef6cf208bc16e9a9b769c5b38dbe40dd11220f5b8910669e69200c08c5cd1e7a102e2ab8e142518920707c532a4b001639f35ee8c23e5ccf8fa12
7
+ data.tar.gz: 9610a39b9bfd248cdf2db26317cef29e4bcb9618b4086b181189cbcdf94f3f32f82d0c346f3c9eae3572d68211863b74e892c145f16d497467f1c3a06dde94a4
data/README.md CHANGED
@@ -2,7 +2,17 @@
2
2
  Short description and motivation.
3
3
 
4
4
  ## Usage
5
- How to use my plugin.
5
+ See the Installation section below.
6
+
7
+ For setting up a DEV environment, clone the directory within a rails project and add to the Gemfile:
8
+ ```
9
+ gem 'gatepass', path: 'gatepass'
10
+ ```
11
+ OR
12
+ ```
13
+ gem 'gatepass', git: 'https://github.com/pockettheories/gatepass'
14
+ ```
15
+ See [Bundle Git Guide](https://bundler.io/guides/git.html) for more
6
16
 
7
17
  ## Installation
8
18
  Add this line to your application's Gemfile:
@@ -20,6 +30,16 @@ Or install it yourself as:
20
30
  ```bash
21
31
  $ gem install gatepass
22
32
  ```
33
+ OR
34
+ ```bash
35
+ $ bundle add gatepass
36
+ ```
37
+
38
+ Mount the engine with the following line in `config/routes.rb` :
39
+ ```
40
+ mount Gatepass::Engine => '/gatepass'
41
+ ```
42
+ Ensure you also have the root configured (Eg. `root 'home#index''`) for your Rails application.
23
43
 
24
44
  Modify the application controller to include the Gatepass module and add the authentication check:
25
45
  ```
@@ -29,7 +49,19 @@ class ApplicationController < ActionController::Base
29
49
  end
30
50
  ```
31
51
 
32
- TODO - Configuration parameters
52
+ In `config/application.rb` , define the following configuration parameters:
53
+ ```
54
+ config.ldap_server_hostname = 'myldap.com'
55
+ config.ldap_server_port = 636
56
+ config.ldap_ca_cert = '/etc/path/ca.cert'
57
+ config.ldap_base = 'DN=myldap,DN=com'
58
+ ```
59
+
60
+ Run the migrations with:
61
+ ```
62
+ rails gatepass:install:migrations
63
+ rails db:migrate
64
+ ```
33
65
 
34
66
  Create an initial user account with:
35
67
  ```
@@ -41,18 +73,34 @@ u1.auth_type = 'local'
41
73
  u1.save
42
74
  ```
43
75
 
76
+ Create an initial ActiveDirectory user account with:
77
+ ```
78
+ $ rails c
79
+ u1 = Gatepass::User.new
80
+ u1.username = 'reddy'
81
+ u1.password = 'dummy'
82
+ u1.auth_type = 'activedirectory'
83
+ u1.rolename = 'admin'
84
+ u1.username_mapping = 'CN=reddy,CN=Users,DC=pockettheories,DC=com'
85
+ u1.save
86
+ ```
87
+
44
88
  Login with the above account, and access the user account management page at:
45
89
  http://localhost:3000/gatepass/users
46
90
 
91
+ The logout URL is:
92
+ http://localhost:3000/gatepass/authentication/logout
93
+
47
94
  ## Other Notes
48
95
  The User model has the fields: username:string auth_type:string password_digest:string username_mapping:string
49
-
50
96
  auth_type is `local` or `activedirectory`.
51
-
52
97
  Use a dummy password for activedirectory users.
53
98
 
99
+ If you get the error "SSL_CTX_load_verify_file: system lib" when attempting to login as an ActiveDirectory user, it's
100
+ Ruby complaining about your OpenSSL version. (On MacOS Ventura 13.4.1, rbenv with Ruby 3.1.0 works; Ruby 3.2.2 doesn't)
101
+
54
102
  ## Contributing
55
- Contribution directions go here.
103
+ Create a pull request on GitHub.
56
104
 
57
105
  ## License
58
106
  The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/app/controllers/gatepass/authentication_controller.rb CHANGED
@@ -1,13 +1,17 @@
1
1
  module Gatepass
2
+ # Provides the login/logout functionality
2
3
  class AuthenticationController < ApplicationController
4
+ # Display the login form
3
5
  def login
4
6
  end
5
7
 
8
+ # Remove the user from the session and redirect to the login form
6
9
  def logout
7
10
  session.delete :user
8
11
  redirect_to :action => :login
9
12
  end
10
13
 
14
+ # Process the POST from the login form
11
15
  def authenticate
12
16
  username = params[:username]
13
17
  password = params[:password]
@@ -19,13 +23,13 @@ module Gatepass
19
23
  if user_obj === false
20
24
  redirect_to ({ controller: 'gatepass/authentication', action: 'login' })
21
25
  else
22
- session[:user] = user_obj
26
+ session[:user] = user
23
27
  redirect_to main_app.root_url
24
28
  end
25
29
  elsif user.auth_type == 'activedirectory' # 'ldap'
26
30
  require 'net/ldap'
27
31
 
28
- server_address = Rails.application.config.ldap_server_hostname # 'ad.nitinkatkam.mdbrecruit.net'
32
+ server_address = Rails.application.config.ldap_server_hostname
29
33
  server_port = Rails.application.config.ldap_server_port
30
34
  ca_certificate = Rails.application.config.ldap_ca_cert
31
35
 
@@ -34,7 +38,7 @@ module Gatepass
34
38
  :encryption => {
35
39
  method: :simple_tls,
36
40
  tls_options: {
37
- ca_file: ca_certificate # '/Users/nitin.katkam/Downloads/nitinkatkam-ad-ca.cer',
41
+ ca_file: ca_certificate
38
42
  # verify_mode: OpenSSL::SSL::VERIFY_NONE
39
43
  }
40
44
  },
@@ -45,18 +49,17 @@ module Gatepass
45
49
  }
46
50
 
47
51
  filter = Net::LDAP::Filter.eq("distinguishedname", user.username_mapping)
48
- treebase = Rails.application.config.ldap_base # "dc=nitinkatkam, dc=mdbrecruit, dc=net"
52
+ treebase = Rails.application.config.ldap_base
49
53
 
50
54
  search_result_count = 0
51
55
  ldap.search(:base => treebase, :filter => filter) do |entry|
52
56
  search_result_count += 1
53
- # puts "DN: #{entry.dn}" # CN=bindUser1,CN=Users,DC=nitinkatkam,DC=mdbrecruit,DC=net
54
- # puts "memberOf: #{entry.memberof}" #["CN=peopleOfNitinKatkam,CN=Users,DC=nitinkatkam,DC=mdbrecruit,DC=net", "CN=Administrators,CN=Builtin,DC=nitinkatkam,DC=mdbrecruit,DC=net"]
55
57
 
56
58
  if ldap.get_operation_result.code == 49 or search_result_count == 0
57
59
  redirect_to({ controller: 'gatepass/authentication', action: 'login' })
58
60
  elsif search_result_count == 1
59
- session[:user] = user # entry # user_obj
61
+ session[:user] = user # entry
62
+ session[:user_ldap_info] = entry
60
63
  redirect_to main_app.root_url
61
64
  else
62
65
  redirect_to({ controller: 'gatepass/authentication', action: 'login' })
data/app/controllers/gatepass/users_controller.rb CHANGED
@@ -1,3 +1,8 @@
1
+ #
2
+ #
3
+ # Refactor the code to make it less repetitive
4
+ #
5
+
1
6
  module Gatepass
2
7
  class UsersController < ApplicationController
3
8
  before_action :set_user, only: %i[ show edit update destroy ]
@@ -5,25 +10,50 @@ module Gatepass
5
10
  # GET /users
6
11
  def index
7
12
  @users = User.all
13
+
14
+ @current_user = session[:user]
15
+ if @current_user['rolename'] != 'admin'
16
+ @users = @users.where(:id => @current_user[:id])
17
+ end
8
18
  end
9
19
 
10
20
  # GET /users/1
11
21
  def show
22
+
23
+ @current_user = session[:user]
24
+ if @current_user['rolename'] != 'admin' and @user[:id] != @current_user[:id]
25
+ redirect_to users_url, notice: "You must be an admin to view users"
26
+ end
12
27
  end
13
28
 
14
29
  # GET /users/new
15
30
  def new
16
31
  @user = User.new
32
+
33
+ @current_user = session[:user]
34
+ if @current_user['rolename'] != 'admin'
35
+ redirect_to users_url, notice: "You must be an admin to create a new user"
36
+ end
17
37
  end
18
38
 
19
39
  # GET /users/1/edit
20
40
  def edit
41
+
42
+ @current_user = session[:user]
43
+ if @current_user['rolename'] != 'admin'
44
+ redirect_to users_url, notice: "You must be an admin to edit a user"
45
+ end
21
46
  end
22
47
 
23
48
  # POST /users
24
49
  def create
25
50
  @user = User.new(user_params)
26
51
 
52
+ @current_user = session[:user]
53
+ if @current_user['rolename'] != 'admin'
54
+ redirect_to users_url, notice: "You must be an admin to create a new user"
55
+ end
56
+
27
57
  if @user.save
28
58
  redirect_to @user, notice: "User was successfully created."
29
59
  else
@@ -33,6 +63,12 @@ module Gatepass
33
63
 
34
64
  # PATCH/PUT /users/1
35
65
  def update
66
+
67
+ @current_user = session[:user]
68
+ if @current_user['rolename'] != 'admin'
69
+ redirect_to users_url, notice: "You must be an admin to update a new user"
70
+ end
71
+
36
72
  if @user.update(user_params)
37
73
  redirect_to @user, notice: "User was successfully updated."
38
74
  else
@@ -42,6 +78,12 @@ module Gatepass
42
78
 
43
79
  # DELETE /users/1
44
80
  def destroy
81
+
82
+ @current_user = session[:user]
83
+ if @current_user['rolename'] != 'admin'
84
+ redirect_to users_url, notice: "You must be an admin to delete a new user"
85
+ end
86
+
45
87
  @user.destroy
46
88
  redirect_to users_url, notice: "User was successfully destroyed.", status: :see_other
47
89
  end
@@ -54,7 +96,7 @@ module Gatepass
54
96
 
55
97
  # Only allow a list of trusted parameters through.
56
98
  def user_params
57
- params.require(:user).permit(:username, :auth_type, :password_digest, :username_mapping)
99
+ params.require(:user).permit(:username, :auth_type, :password_digest, :rolename, :username_mapping)
58
100
  end
59
101
  end
60
102
  end
data/app/views/gatepass/users/_form.html.erb CHANGED
@@ -18,7 +18,8 @@
18
18
 
19
19
  <div>
20
20
  <%= form.label :auth_type, style: "display: block" %>
21
- <%= form.text_field :auth_type %>
21
+ <%#= form.text_field :auth_type %>
22
+ <%= form.select :auth_type, ["local", "activedirectory"].map {|e| [e, e]} %>
22
23
  </div>
23
24
 
24
25
  <div>
@@ -26,6 +27,12 @@
26
27
  <%= form.text_field :password_digest %>
27
28
  </div>
28
29
 
30
+ <div>
31
+ <%= form.label :rolename, style: "display: block" %>
32
+ <%#= form.text_field :rolename %>
33
+ <%= form.select :rolename, ["user", "admin"].map {|e| [e, e]} %>
34
+ </div>
35
+
29
36
  <div>
30
37
  <%= form.label :username_mapping, style: "display: block" %>
31
38
  <%= form.text_field :username_mapping %>
data/app/views/gatepass/users/_user.html.erb CHANGED
@@ -14,6 +14,11 @@
14
14
  <%= user.password_digest %>
15
15
  </p>
16
16
 
17
+ <p>
18
+ <strong>Role:</strong>
19
+ <%= user.rolename %>
20
+ </p>
21
+
17
22
  <p>
18
23
  <strong>Username mapping:</strong>
19
24
  <%= user.username_mapping %>
data/app/views/gatepass/users/index.html.erb CHANGED
@@ -12,3 +12,8 @@
12
12
  </div>
13
13
 
14
14
  <%= link_to "New user", new_user_path %>
15
+
16
+ <!--<div>-->
17
+ <!-- <b>Current User:</b>-->
18
+ <%#= session[:user] %>
19
+ <!--</div>-->
data/db/migrate/20230726110030_create_gatepass_users.rb CHANGED
@@ -5,6 +5,7 @@ class CreateGatepassUsers < ActiveRecord::Migration[7.0]
5
5
  t.string :auth_type
6
6
  t.string :password_digest
7
7
  t.string :username_mapping
8
+ t.string :rolename
8
9
 
9
10
  t.timestamps
10
11
  end
data/lib/gatepass/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Gatepass
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.2"
3
3
  end
data/lib/gatepass.rb CHANGED
@@ -2,9 +2,10 @@ require "gatepass/version"
2
2
  require "gatepass/engine"
3
3
 
4
4
  module Gatepass
5
+ # Check if the user is defined in the session; if not, redirects to the login page
5
6
  def check_authenticated
6
7
  if session[:user].nil?
7
- redirect_to user_auth.authentication_login_path ({ :controller => 'gatepass/authentication', :action => :login })
8
+ redirect_to gatepass.authentication_login_path ({ :controller => 'gatepass/authentication', :action => :login })
8
9
  end
9
10
  end
10
11
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gatepass
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nitin Reddy
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-26 00:00:00.000000000 Z
11
+ date: 2023-08-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: 3.1.19
41
+ - !ruby/object:Gem::Dependency
42
+ name: net-ldap
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: 0.18.0
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: 0.18.0
41
55
  description: This Rails plugin enables you to authenticate users against the local
42
56
  database as well as against an ActiveDirectory server
43
57
  email:
@@ -77,9 +91,11 @@ files:
77
91
  - lib/gatepass/engine.rb
78
92
  - lib/gatepass/version.rb
79
93
  - lib/tasks/gatepass_tasks.rake
80
- homepage:
94
+ homepage: https://github.com/pockettheories/gatepass
81
95
  licenses: []
82
- metadata: {}
96
+ metadata:
97
+ homepage_uri: https://github.com/pockettheories/gatepass
98
+ source_code_uri: https://github.com/pockettheories/gatepass
83
99
  post_install_message:
84
100
  rdoc_options: []
85
101
  require_paths: