gatepass 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +53 -5
- data/app/controllers/gatepass/authentication_controller.rb +10 -7
- data/app/controllers/gatepass/users_controller.rb +43 -1
- data/app/views/gatepass/users/_form.html.erb +8 -1
- data/app/views/gatepass/users/_user.html.erb +5 -0
- data/app/views/gatepass/users/index.html.erb +5 -0
- data/db/migrate/20230726110030_create_gatepass_users.rb +1 -0
- data/lib/gatepass/version.rb +1 -1
- data/lib/gatepass.rb +2 -1
- metadata +20 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22e7d410f8cc59147182ef88f8b78fee3f0801f8bef57aea3f469b655f77f294
|
|
4
|
+
data.tar.gz: 1988ca42cd43522a1261885a7b69bac2768435071c5e607bf5de864e8bb179c4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bbacc80c229ef6cf208bc16e9a9b769c5b38dbe40dd11220f5b8910669e69200c08c5cd1e7a102e2ab8e142518920707c532a4b001639f35ee8c23e5ccf8fa12
|
|
7
|
+
data.tar.gz: 9610a39b9bfd248cdf2db26317cef29e4bcb9618b4086b181189cbcdf94f3f32f82d0c346f3c9eae3572d68211863b74e892c145f16d497467f1c3a06dde94a4
|
data/README.md
CHANGED
|
@@ -2,7 +2,17 @@
|
|
|
2
2
|
Short description and motivation.
|
|
3
3
|
|
|
4
4
|
## Usage
|
|
5
|
-
|
|
5
|
+
See the Installation section below.
|
|
6
|
+
|
|
7
|
+
For setting up a DEV environment, clone the directory within a rails project and add to the Gemfile:
|
|
8
|
+
```
|
|
9
|
+
gem 'gatepass', path: 'gatepass'
|
|
10
|
+
```
|
|
11
|
+
OR
|
|
12
|
+
```
|
|
13
|
+
gem 'gatepass', git: 'https://github.com/pockettheories/gatepass'
|
|
14
|
+
```
|
|
15
|
+
See [Bundle Git Guide](https://bundler.io/guides/git.html) for more
|
|
6
16
|
|
|
7
17
|
## Installation
|
|
8
18
|
Add this line to your application's Gemfile:
|
|
@@ -20,6 +30,16 @@ Or install it yourself as:
|
|
|
20
30
|
```bash
|
|
21
31
|
$ gem install gatepass
|
|
22
32
|
```
|
|
33
|
+
OR
|
|
34
|
+
```bash
|
|
35
|
+
$ bundle add gatepass
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Mount the engine with the following line in `config/routes.rb` :
|
|
39
|
+
```
|
|
40
|
+
mount Gatepass::Engine => '/gatepass'
|
|
41
|
+
```
|
|
42
|
+
Ensure you also have the root configured (Eg. `root 'home#index''`) for your Rails application.
|
|
23
43
|
|
|
24
44
|
Modify the application controller to include the Gatepass module and add the authentication check:
|
|
25
45
|
```
|
|
@@ -29,7 +49,19 @@ class ApplicationController < ActionController::Base
|
|
|
29
49
|
end
|
|
30
50
|
```
|
|
31
51
|
|
|
32
|
-
|
|
52
|
+
In `config/application.rb` , define the following configuration parameters:
|
|
53
|
+
```
|
|
54
|
+
config.ldap_server_hostname = 'myldap.com'
|
|
55
|
+
config.ldap_server_port = 636
|
|
56
|
+
config.ldap_ca_cert = '/etc/path/ca.cert'
|
|
57
|
+
config.ldap_base = 'DN=myldap,DN=com'
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
Run the migrations with:
|
|
61
|
+
```
|
|
62
|
+
rails gatepass:install:migrations
|
|
63
|
+
rails db:migrate
|
|
64
|
+
```
|
|
33
65
|
|
|
34
66
|
Create an initial user account with:
|
|
35
67
|
```
|
|
@@ -41,18 +73,34 @@ u1.auth_type = 'local'
|
|
|
41
73
|
u1.save
|
|
42
74
|
```
|
|
43
75
|
|
|
76
|
+
Create an initial ActiveDirectory user account with:
|
|
77
|
+
```
|
|
78
|
+
$ rails c
|
|
79
|
+
u1 = Gatepass::User.new
|
|
80
|
+
u1.username = 'reddy'
|
|
81
|
+
u1.password = 'dummy'
|
|
82
|
+
u1.auth_type = 'activedirectory'
|
|
83
|
+
u1.rolename = 'admin'
|
|
84
|
+
u1.username_mapping = 'CN=reddy,CN=Users,DC=pockettheories,DC=com'
|
|
85
|
+
u1.save
|
|
86
|
+
```
|
|
87
|
+
|
|
44
88
|
Login with the above account, and access the user account management page at:
|
|
45
89
|
http://localhost:3000/gatepass/users
|
|
46
90
|
|
|
91
|
+
The logout URL is:
|
|
92
|
+
http://localhost:3000/gatepass/authentication/logout
|
|
93
|
+
|
|
47
94
|
## Other Notes
|
|
48
95
|
The User model has the fields: username:string auth_type:string password_digest:string username_mapping:string
|
|
49
|
-
|
|
50
96
|
auth_type is `local` or `activedirectory`.
|
|
51
|
-
|
|
52
97
|
Use a dummy password for activedirectory users.
|
|
53
98
|
|
|
99
|
+
If you get the error "SSL_CTX_load_verify_file: system lib" when attempting to login as an ActiveDirectory user, it's
|
|
100
|
+
Ruby complaining about your OpenSSL version. (On MacOS Ventura 13.4.1, rbenv with Ruby 3.1.0 works; Ruby 3.2.2 doesn't)
|
|
101
|
+
|
|
54
102
|
## Contributing
|
|
55
|
-
|
|
103
|
+
Create a pull request on GitHub.
|
|
56
104
|
|
|
57
105
|
## License
|
|
58
106
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
module Gatepass
|
|
2
|
+
# Provides the login/logout functionality
|
|
2
3
|
class AuthenticationController < ApplicationController
|
|
4
|
+
# Display the login form
|
|
3
5
|
def login
|
|
4
6
|
end
|
|
5
7
|
|
|
8
|
+
# Remove the user from the session and redirect to the login form
|
|
6
9
|
def logout
|
|
7
10
|
session.delete :user
|
|
8
11
|
redirect_to :action => :login
|
|
9
12
|
end
|
|
10
13
|
|
|
14
|
+
# Process the POST from the login form
|
|
11
15
|
def authenticate
|
|
12
16
|
username = params[:username]
|
|
13
17
|
password = params[:password]
|
|
@@ -19,13 +23,13 @@ module Gatepass
|
|
|
19
23
|
if user_obj === false
|
|
20
24
|
redirect_to ({ controller: 'gatepass/authentication', action: 'login' })
|
|
21
25
|
else
|
|
22
|
-
session[:user] =
|
|
26
|
+
session[:user] = user
|
|
23
27
|
redirect_to main_app.root_url
|
|
24
28
|
end
|
|
25
29
|
elsif user.auth_type == 'activedirectory' # 'ldap'
|
|
26
30
|
require 'net/ldap'
|
|
27
31
|
|
|
28
|
-
server_address = Rails.application.config.ldap_server_hostname
|
|
32
|
+
server_address = Rails.application.config.ldap_server_hostname
|
|
29
33
|
server_port = Rails.application.config.ldap_server_port
|
|
30
34
|
ca_certificate = Rails.application.config.ldap_ca_cert
|
|
31
35
|
|
|
@@ -34,7 +38,7 @@ module Gatepass
|
|
|
34
38
|
:encryption => {
|
|
35
39
|
method: :simple_tls,
|
|
36
40
|
tls_options: {
|
|
37
|
-
ca_file: ca_certificate
|
|
41
|
+
ca_file: ca_certificate
|
|
38
42
|
# verify_mode: OpenSSL::SSL::VERIFY_NONE
|
|
39
43
|
}
|
|
40
44
|
},
|
|
@@ -45,18 +49,17 @@ module Gatepass
|
|
|
45
49
|
}
|
|
46
50
|
|
|
47
51
|
filter = Net::LDAP::Filter.eq("distinguishedname", user.username_mapping)
|
|
48
|
-
treebase = Rails.application.config.ldap_base
|
|
52
|
+
treebase = Rails.application.config.ldap_base
|
|
49
53
|
|
|
50
54
|
search_result_count = 0
|
|
51
55
|
ldap.search(:base => treebase, :filter => filter) do |entry|
|
|
52
56
|
search_result_count += 1
|
|
53
|
-
# puts "DN: #{entry.dn}" # CN=bindUser1,CN=Users,DC=nitinkatkam,DC=mdbrecruit,DC=net
|
|
54
|
-
# puts "memberOf: #{entry.memberof}" #["CN=peopleOfNitinKatkam,CN=Users,DC=nitinkatkam,DC=mdbrecruit,DC=net", "CN=Administrators,CN=Builtin,DC=nitinkatkam,DC=mdbrecruit,DC=net"]
|
|
55
57
|
|
|
56
58
|
if ldap.get_operation_result.code == 49 or search_result_count == 0
|
|
57
59
|
redirect_to({ controller: 'gatepass/authentication', action: 'login' })
|
|
58
60
|
elsif search_result_count == 1
|
|
59
|
-
session[:user] = user # entry
|
|
61
|
+
session[:user] = user # entry
|
|
62
|
+
session[:user_ldap_info] = entry
|
|
60
63
|
redirect_to main_app.root_url
|
|
61
64
|
else
|
|
62
65
|
redirect_to({ controller: 'gatepass/authentication', action: 'login' })
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
#
|
|
2
|
+
#
|
|
3
|
+
# Refactor the code to make it less repetitive
|
|
4
|
+
#
|
|
5
|
+
|
|
1
6
|
module Gatepass
|
|
2
7
|
class UsersController < ApplicationController
|
|
3
8
|
before_action :set_user, only: %i[ show edit update destroy ]
|
|
@@ -5,25 +10,50 @@ module Gatepass
|
|
|
5
10
|
# GET /users
|
|
6
11
|
def index
|
|
7
12
|
@users = User.all
|
|
13
|
+
|
|
14
|
+
@current_user = session[:user]
|
|
15
|
+
if @current_user['rolename'] != 'admin'
|
|
16
|
+
@users = @users.where(:id => @current_user[:id])
|
|
17
|
+
end
|
|
8
18
|
end
|
|
9
19
|
|
|
10
20
|
# GET /users/1
|
|
11
21
|
def show
|
|
22
|
+
|
|
23
|
+
@current_user = session[:user]
|
|
24
|
+
if @current_user['rolename'] != 'admin' and @user[:id] != @current_user[:id]
|
|
25
|
+
redirect_to users_url, notice: "You must be an admin to view users"
|
|
26
|
+
end
|
|
12
27
|
end
|
|
13
28
|
|
|
14
29
|
# GET /users/new
|
|
15
30
|
def new
|
|
16
31
|
@user = User.new
|
|
32
|
+
|
|
33
|
+
@current_user = session[:user]
|
|
34
|
+
if @current_user['rolename'] != 'admin'
|
|
35
|
+
redirect_to users_url, notice: "You must be an admin to create a new user"
|
|
36
|
+
end
|
|
17
37
|
end
|
|
18
38
|
|
|
19
39
|
# GET /users/1/edit
|
|
20
40
|
def edit
|
|
41
|
+
|
|
42
|
+
@current_user = session[:user]
|
|
43
|
+
if @current_user['rolename'] != 'admin'
|
|
44
|
+
redirect_to users_url, notice: "You must be an admin to edit a user"
|
|
45
|
+
end
|
|
21
46
|
end
|
|
22
47
|
|
|
23
48
|
# POST /users
|
|
24
49
|
def create
|
|
25
50
|
@user = User.new(user_params)
|
|
26
51
|
|
|
52
|
+
@current_user = session[:user]
|
|
53
|
+
if @current_user['rolename'] != 'admin'
|
|
54
|
+
redirect_to users_url, notice: "You must be an admin to create a new user"
|
|
55
|
+
end
|
|
56
|
+
|
|
27
57
|
if @user.save
|
|
28
58
|
redirect_to @user, notice: "User was successfully created."
|
|
29
59
|
else
|
|
@@ -33,6 +63,12 @@ module Gatepass
|
|
|
33
63
|
|
|
34
64
|
# PATCH/PUT /users/1
|
|
35
65
|
def update
|
|
66
|
+
|
|
67
|
+
@current_user = session[:user]
|
|
68
|
+
if @current_user['rolename'] != 'admin'
|
|
69
|
+
redirect_to users_url, notice: "You must be an admin to update a new user"
|
|
70
|
+
end
|
|
71
|
+
|
|
36
72
|
if @user.update(user_params)
|
|
37
73
|
redirect_to @user, notice: "User was successfully updated."
|
|
38
74
|
else
|
|
@@ -42,6 +78,12 @@ module Gatepass
|
|
|
42
78
|
|
|
43
79
|
# DELETE /users/1
|
|
44
80
|
def destroy
|
|
81
|
+
|
|
82
|
+
@current_user = session[:user]
|
|
83
|
+
if @current_user['rolename'] != 'admin'
|
|
84
|
+
redirect_to users_url, notice: "You must be an admin to delete a new user"
|
|
85
|
+
end
|
|
86
|
+
|
|
45
87
|
@user.destroy
|
|
46
88
|
redirect_to users_url, notice: "User was successfully destroyed.", status: :see_other
|
|
47
89
|
end
|
|
@@ -54,7 +96,7 @@ module Gatepass
|
|
|
54
96
|
|
|
55
97
|
# Only allow a list of trusted parameters through.
|
|
56
98
|
def user_params
|
|
57
|
-
params.require(:user).permit(:username, :auth_type, :password_digest, :username_mapping)
|
|
99
|
+
params.require(:user).permit(:username, :auth_type, :password_digest, :rolename, :username_mapping)
|
|
58
100
|
end
|
|
59
101
|
end
|
|
60
102
|
end
|
|
@@ -18,7 +18,8 @@
|
|
|
18
18
|
|
|
19
19
|
<div>
|
|
20
20
|
<%= form.label :auth_type, style: "display: block" %>
|
|
21
|
-
|
|
21
|
+
<%#= form.text_field :auth_type %>
|
|
22
|
+
<%= form.select :auth_type, ["local", "activedirectory"].map {|e| [e, e]} %>
|
|
22
23
|
</div>
|
|
23
24
|
|
|
24
25
|
<div>
|
|
@@ -26,6 +27,12 @@
|
|
|
26
27
|
<%= form.text_field :password_digest %>
|
|
27
28
|
</div>
|
|
28
29
|
|
|
30
|
+
<div>
|
|
31
|
+
<%= form.label :rolename, style: "display: block" %>
|
|
32
|
+
<%#= form.text_field :rolename %>
|
|
33
|
+
<%= form.select :rolename, ["user", "admin"].map {|e| [e, e]} %>
|
|
34
|
+
</div>
|
|
35
|
+
|
|
29
36
|
<div>
|
|
30
37
|
<%= form.label :username_mapping, style: "display: block" %>
|
|
31
38
|
<%= form.text_field :username_mapping %>
|
data/lib/gatepass/version.rb
CHANGED
data/lib/gatepass.rb
CHANGED
|
@@ -2,9 +2,10 @@ require "gatepass/version"
|
|
|
2
2
|
require "gatepass/engine"
|
|
3
3
|
|
|
4
4
|
module Gatepass
|
|
5
|
+
# Check if the user is defined in the session; if not, redirects to the login page
|
|
5
6
|
def check_authenticated
|
|
6
7
|
if session[:user].nil?
|
|
7
|
-
redirect_to
|
|
8
|
+
redirect_to gatepass.authentication_login_path ({ :controller => 'gatepass/authentication', :action => :login })
|
|
8
9
|
end
|
|
9
10
|
end
|
|
10
11
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gatepass
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nitin Reddy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: 3.1.19
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: net-ldap
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 0.18.0
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 0.18.0
|
|
41
55
|
description: This Rails plugin enables you to authenticate users against the local
|
|
42
56
|
database as well as against an ActiveDirectory server
|
|
43
57
|
email:
|
|
@@ -77,9 +91,11 @@ files:
|
|
|
77
91
|
- lib/gatepass/engine.rb
|
|
78
92
|
- lib/gatepass/version.rb
|
|
79
93
|
- lib/tasks/gatepass_tasks.rake
|
|
80
|
-
homepage:
|
|
94
|
+
homepage: https://github.com/pockettheories/gatepass
|
|
81
95
|
licenses: []
|
|
82
|
-
metadata:
|
|
96
|
+
metadata:
|
|
97
|
+
homepage_uri: https://github.com/pockettheories/gatepass
|
|
98
|
+
source_code_uri: https://github.com/pockettheories/gatepass
|
|
83
99
|
post_install_message:
|
|
84
100
|
rdoc_options: []
|
|
85
101
|
require_paths:
|