heimdall_auth 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +68 -0
- data/Rakefile +27 -0
- data/app/controllers/heimdall_auth/sessions_controller.rb +36 -0
- data/lib/generators/heimdall_auth/cancan/cancan_generator.rb +19 -0
- data/lib/generators/heimdall_auth/cancan/templates/ability.rb +39 -0
- data/lib/generators/heimdall_auth/dotenv/dotenv_generator.rb +16 -0
- data/lib/generators/heimdall_auth/install/install_generator.rb +12 -0
- data/lib/generators/heimdall_auth/sessions/sessions_generator.rb +26 -0
- data/lib/generators/heimdall_auth/standard_pages/standard_pages_generator.rb +19 -0
- data/lib/generators/heimdall_auth/standard_pages/templates/admin_controller.rb +5 -0
- data/lib/generators/heimdall_auth/standard_pages/templates/admin_view.html.erb +2 -0
- data/lib/generators/heimdall_auth/standard_pages/templates/invalid_user_data.html.erb +2 -0
- data/lib/generators/heimdall_auth/standard_pages/templates/not_enough_rights.html.erb +2 -0
- data/lib/heimdall_auth/controller_additions.rb +75 -0
- data/lib/heimdall_auth/engine.rb +25 -0
- data/lib/heimdall_auth/rails/routes.rb +19 -0
- data/lib/heimdall_auth/railtie.rb +4 -0
- data/lib/heimdall_auth/user.rb +18 -0
- data/lib/heimdall_auth/version.rb +3 -0
- data/lib/heimdall_auth.rb +14 -0
- data/lib/omniauth/stategies/heimdall.rb +47 -0
- data/lib/tasks/puma_dev_link.rake +12 -0
- data/lib/tasks/register.rake +84 -0
- metadata +123 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 29cb7098164d961235da49ead51d3b78af737ffbef7f725bb8b717cfc65b9331
|
4
|
+
data.tar.gz: ae7679f72682edfc40064e8f6693a5dff0aaac36b74bc0810896647852583684
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 1f2f332262c78e6a77e0da0c87c8b1d66764ccf8fefcecc776e03be2d5a76c68105dcf6667e67dd1273234a810fdac9dc7e3b39552dde174c753da5efcc384cb
|
7
|
+
data.tar.gz: 0cf6641c87c3605eedb0782b4e8f7a2322067ff9d1a978537e6a60cfce5e06025b49b76e45c9b64cad33e4e7fbbcc97a0955c1b624a220de22195efc61e760ca
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2019 René Meye
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
# HeimdallAuth
|
2
|
+
This makes it easy to equip an empty rails application with our Heimdall Auth features.
|
3
|
+
|
4
|
+
## Installation and Usage
|
5
|
+
0) Commit the empty rails application (and mention the command you used for generating the app)
|
6
|
+
|
7
|
+
1) Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
gem 'heimdall_auth'
|
11
|
+
```
|
12
|
+
|
13
|
+
2) and afterwards do theses commands (yes... second bundle install ist needed, because the install script adds dotenv gem)
|
14
|
+
```bash
|
15
|
+
bundle install
|
16
|
+
rails puma_dev:link
|
17
|
+
rails generate heimdall_auth:install
|
18
|
+
rails heimdall:register -- -u"rene@vesputi.com" -p"HeimdallPassword" >> .env
|
19
|
+
bundle install
|
20
|
+
```
|
21
|
+
|
22
|
+
3) And please commit directly after executing the lines above so you have clean history
|
23
|
+
|
24
|
+
|
25
|
+
## Linking puma_dev
|
26
|
+
|
27
|
+
This executes a very simple `ln -s` command in order to link our application with appropriate naming to the local puma_dev server.
|
28
|
+
```bash
|
29
|
+
rails puma_dev:link
|
30
|
+
```
|
31
|
+
|
32
|
+
## Heimdall-Auth install scripts
|
33
|
+
This makes a few steps in order to install heimdall stuff to your app.
|
34
|
+
```bash
|
35
|
+
rails generate heimdall_auth:install
|
36
|
+
```
|
37
|
+
executes the following generators
|
38
|
+
1. `rails generate heimdall_auth:cancan`
|
39
|
+
2. `rails generate heimdall_auth:sessions`
|
40
|
+
3. `rails generate heimdall_auth:standard_pages`
|
41
|
+
4. `rails generate heimdall_auth:dotenv`
|
42
|
+
|
43
|
+
### generate heimdall_auth:cancan
|
44
|
+
This adds the ability.rb file of the cancancan gem with default heimdall roles and adds `check_authorization` to the application controller. (For details see the [cancancan gem](https://github.com/CanCanCommunity/cancancan))
|
45
|
+
|
46
|
+
### generate heimdall_auth:sessions
|
47
|
+
This adds the default heimdall_auth routes for session generation to the routes file, switches the application to https only and lowers the log level.
|
48
|
+
|
49
|
+
### generate heimdall_auth:standard_pages
|
50
|
+
This adds the default admin page `/admin` and two error pages: for invalid_user_data and not_enough_rights.
|
51
|
+
|
52
|
+
### generate heimdall_auth:dotenv
|
53
|
+
This adds a default .env.example file (for documentation purposes) to the application and adds the dotenv gem to the gemfile which loads enviroment variables from .env file.
|
54
|
+
|
55
|
+
## Register at local heimdall
|
56
|
+
|
57
|
+
The following command Registeres the service at Heimdall and puts credentials at the end of the `.env` file
|
58
|
+
|
59
|
+
```bash
|
60
|
+
rails heimdall:register -- -u"rene@vesputi.com" -p"12345678" >> .env
|
61
|
+
```
|
62
|
+
Parameters:
|
63
|
+
```
|
64
|
+
-u"rene@vesputi.com" # Username in Heimdall (Needs Admin rights)
|
65
|
+
-p"12345678" # Password in Heimdall
|
66
|
+
-h"https://heimdall.vesp" (Optional) - Protocol and Domain the heimdall is found at
|
67
|
+
-s"https://foo.vesputi-abc.de" # (Optional) - Protocol and Domain the Service is found at
|
68
|
+
```
|
data/Rakefile
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'HeimdallAuth'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.md')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
require 'bundler/gem_tasks'
|
18
|
+
|
19
|
+
require 'rake/testtask'
|
20
|
+
|
21
|
+
Rake::TestTask.new(:test) do |t|
|
22
|
+
t.libs << 'test'
|
23
|
+
t.pattern = 'test/**/*_test.rb'
|
24
|
+
t.verbose = false
|
25
|
+
end
|
26
|
+
|
27
|
+
task default: :test
|
@@ -0,0 +1,36 @@
|
|
1
|
+
class HeimdallAuth::SessionsController < ApplicationController
|
2
|
+
skip_authorization_check
|
3
|
+
|
4
|
+
def new
|
5
|
+
user_token = params[:user_token].presence
|
6
|
+
heimdall_auth_url = auth_provider_url(provider: "heimdall")
|
7
|
+
|
8
|
+
if user_token
|
9
|
+
do_a_signin_precall(user_token, heimdall_auth_url)
|
10
|
+
else
|
11
|
+
redirect_to heimdall_auth_url
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def create
|
16
|
+
auth = request.env["omniauth.auth"]
|
17
|
+
session[:access_token] = auth.credentials.token
|
18
|
+
redirect_to session[:last_url] || root_url
|
19
|
+
end
|
20
|
+
|
21
|
+
def destroy
|
22
|
+
last_url = session[:last_url]
|
23
|
+
reset_session
|
24
|
+
redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || passenger_url}", :notice => 'Signed out!'
|
25
|
+
end
|
26
|
+
|
27
|
+
def failure
|
28
|
+
redirect_to root_url, :alert => "Authentication error: #{params[:message].humanize}"
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
def do_a_signin_precall(user_token, heimdall_auth_url)
|
33
|
+
redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}"
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
module Generators
|
3
|
+
class CancanGenerator < ::Rails::Generators::Base
|
4
|
+
source_root File.expand_path('templates', __dir__)
|
5
|
+
|
6
|
+
def add_ability_file
|
7
|
+
copy_file "ability.rb", "app/models/ability.rb"
|
8
|
+
end
|
9
|
+
|
10
|
+
def add_check_authorization_method
|
11
|
+
inject_into_file 'app/controllers/application_controller.rb', after: "class ApplicationController < ActionController::Base\n" do
|
12
|
+
<<-'RUBY'
|
13
|
+
check_authorization
|
14
|
+
RUBY
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class Ability
|
4
|
+
include CanCan::Ability
|
5
|
+
|
6
|
+
def initialize(user)
|
7
|
+
if user && not(user.is_invalid)
|
8
|
+
can :index, :admin_page
|
9
|
+
# if user.is_editor
|
10
|
+
# can :manage, :all
|
11
|
+
# end
|
12
|
+
# if user.is_operator
|
13
|
+
# end
|
14
|
+
# if user.is_admin
|
15
|
+
# end
|
16
|
+
# if user.is_user_admin
|
17
|
+
# end
|
18
|
+
end
|
19
|
+
|
20
|
+
#
|
21
|
+
# The first argument to `can` is the action you are giving the user
|
22
|
+
# permission to do.
|
23
|
+
# If you pass :manage it will apply to every action. Other common actions
|
24
|
+
# here are :read, :create, :update and :destroy.
|
25
|
+
#
|
26
|
+
# The second argument is the resource the user can perform the action on.
|
27
|
+
# If you pass :all it will apply to every resource. Otherwise pass a Ruby
|
28
|
+
# class of the resource.
|
29
|
+
#
|
30
|
+
# The third argument is an optional hash of conditions to further filter the
|
31
|
+
# objects.
|
32
|
+
# For example, here the user can only update published articles.
|
33
|
+
#
|
34
|
+
# can :update, Article, :published => true
|
35
|
+
#
|
36
|
+
# See the wiki for details:
|
37
|
+
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
module Generators
|
3
|
+
class DotenvGenerator < ::Rails::Generators::Base
|
4
|
+
source_root File.expand_path('templates', __dir__)
|
5
|
+
|
6
|
+
def add_dot_env_support
|
7
|
+
gem_group :development, :test do
|
8
|
+
# Load ENV variables from .env file development and test
|
9
|
+
gem 'dotenv-rails'
|
10
|
+
end
|
11
|
+
|
12
|
+
copy_file ".env.example", ".env.example"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
module Generators
|
3
|
+
class InstallGenerator < ::Rails::Generators::Base
|
4
|
+
def install
|
5
|
+
generate "heimdall_auth:cancan"
|
6
|
+
generate "heimdall_auth:sessions"
|
7
|
+
generate "heimdall_auth:standard_pages"
|
8
|
+
generate "heimdall_auth:dotenv"
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
module Generators
|
3
|
+
class SessionsGenerator < ::Rails::Generators::Base
|
4
|
+
|
5
|
+
def add_session_routes
|
6
|
+
route "use_heimdall_auth"
|
7
|
+
end
|
8
|
+
|
9
|
+
def set_https_only
|
10
|
+
gsub_file 'config/environments/production.rb', '# config.force_ssl = true', 'config.force_ssl = true'
|
11
|
+
inject_into_file 'config/environments/development.rb', after: " config.assets.debug = true\n" do
|
12
|
+
<<-'RUBY'
|
13
|
+
|
14
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
15
|
+
config.force_ssl = true
|
16
|
+
RUBY
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def lower_production_log_level
|
21
|
+
gsub_file 'config/environments/production.rb', 'config.log_level = :debug', 'config.log_level = :warn'
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
module Generators
|
3
|
+
class StandardPagesGenerator < ::Rails::Generators::Base
|
4
|
+
source_root File.expand_path('templates', __dir__)
|
5
|
+
|
6
|
+
def generate_admin_page
|
7
|
+
copy_file "admin_controller.rb", "app/controllers/admin_page_controller.rb"
|
8
|
+
copy_file "admin_view.html.erb", "app/views/admin_page/index.html.erb"
|
9
|
+
route "get '/admin' => 'admin_page#index'"
|
10
|
+
end
|
11
|
+
|
12
|
+
def generate_error_pages
|
13
|
+
copy_file "invalid_user_data.html.erb", "app/views/application/invalid_user_data.html.erb"
|
14
|
+
copy_file "not_enough_rights.html.erb", "app/views/application/not_enough_rights.html.erb"
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module HeimdallAuth
|
4
|
+
# This module is automatically included into all controllers.
|
5
|
+
# It adds methods like current_user but also handles auth-failure redirections
|
6
|
+
module ControllerAdditions
|
7
|
+
|
8
|
+
def self.included(base)
|
9
|
+
base.helper_method :current_user, :current_access_token, :user_signed_in? if base.respond_to? :helper_method
|
10
|
+
base.before_action :store_location_in_session
|
11
|
+
|
12
|
+
base.rescue_from CanCan::AccessDenied do |exception|
|
13
|
+
user_token = params[:user_token].presence
|
14
|
+
|
15
|
+
respond_to do |format|
|
16
|
+
format.json { head :forbidden, content_type: 'text/html' }
|
17
|
+
format.html {
|
18
|
+
if current_user.nil?
|
19
|
+
redirect_to new_user_session_path({user_token: user_token})
|
20
|
+
elsif current_user.is_invalid
|
21
|
+
render 'application/invalid_user_data'
|
22
|
+
else
|
23
|
+
render 'application/not_enough_rights'
|
24
|
+
end
|
25
|
+
}
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
|
31
|
+
def current_ability
|
32
|
+
@current_ability ||= Ability.new(current_user)
|
33
|
+
end
|
34
|
+
|
35
|
+
def store_location_in_session
|
36
|
+
session[:last_url] = request.url if storable_location?
|
37
|
+
logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
|
38
|
+
end
|
39
|
+
|
40
|
+
def storable_location?
|
41
|
+
request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
|
42
|
+
end
|
43
|
+
|
44
|
+
|
45
|
+
def current_access_token
|
46
|
+
session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
|
47
|
+
end
|
48
|
+
|
49
|
+
def current_user
|
50
|
+
begin
|
51
|
+
@current_user ||= get_user_from_auth_server(current_access_token)
|
52
|
+
rescue NoMethodError => e
|
53
|
+
User.new(is_invalid: true)
|
54
|
+
rescue Exception => e
|
55
|
+
nil
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def get_user_from_auth_server(access_token)
|
60
|
+
client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
|
61
|
+
user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
|
62
|
+
User.new(user_data)
|
63
|
+
end
|
64
|
+
|
65
|
+
def user_signed_in?
|
66
|
+
return true if current_user
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
if defined? ActiveSupport
|
72
|
+
ActiveSupport.on_load(:action_controller) do
|
73
|
+
include HeimdallAuth::ControllerAdditions
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
class Engine < Rails::Engine
|
3
|
+
initializer "heimdall_auth.routes" do
|
4
|
+
HeimdallAuth::Rails::Routes.install!
|
5
|
+
end
|
6
|
+
|
7
|
+
initializer "heimdall_auth.middleware" do |app|
|
8
|
+
fail_missing_config! if [ENV['HEIMDALL_SERVER_URL'], ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET']].any? &:nil?
|
9
|
+
app.config.middleware.use OmniAuth::Builder do
|
10
|
+
provider :heimdall,
|
11
|
+
ENV['HEIMDALL_APPLICATION_ID'],
|
12
|
+
ENV['HEIMDALL_APPLICATION_SECRET'],
|
13
|
+
client_options: {
|
14
|
+
site: ENV['HEIMDALL_SERVER_URL']
|
15
|
+
}
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def fail_missing_config!
|
22
|
+
raise "Heimdall configuration is missing. Set the follwing ENV-Variables: HEIMDALL_SERVER_URL, HEIMDALL_APPLICATION_ID and HEIMDALL_APPLICATION_SECRET"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module HeimdallAuth
|
2
|
+
module Rails
|
3
|
+
class Routes
|
4
|
+
module Helper
|
5
|
+
def use_heimdall_auth(options = {}, &block)
|
6
|
+
get '/auth/:provider' => 'heimdall_auth/sessions#create', :as => :auth_provider #This is only fake for url_helpers, because this paths are served by middleware
|
7
|
+
get '/auth/:provider/callback' => 'heimdall_auth/sessions#create', :as => :auth_provider_callback
|
8
|
+
get '/auth/failure' => 'heimdall_auth/sessions#failure'
|
9
|
+
get '/signin' => 'heimdall_auth/sessions#new', :as => :new_user_session
|
10
|
+
get '/signout' => 'heimdall_auth/sessions#destroy', :as => :destroy_user_session
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.install!
|
15
|
+
ActionDispatch::Routing::Mapper.send :include, HeimdallAuth::Rails::Routes::Helper
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
class HeimdallAuth::User
|
2
|
+
include ActiveModel::Conversion
|
3
|
+
extend ActiveModel::Naming
|
4
|
+
|
5
|
+
attr_accessor :is_invalid
|
6
|
+
attr_accessor :id, :name, :email, :is_editor, :is_operator, :is_admin, :is_user_admin
|
7
|
+
|
8
|
+
def initialize(attributes = {})
|
9
|
+
attributes.each do |name, value|
|
10
|
+
setter_method = "#{name}="
|
11
|
+
send(setter_method, value) if self.respond_to? setter_method
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def persisted?
|
16
|
+
false
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require "heimdall_auth/railtie" if defined?(Rails)
|
2
|
+
|
3
|
+
require "heimdall_auth/engine"
|
4
|
+
require "heimdall_auth/rails/routes"
|
5
|
+
|
6
|
+
require "heimdall_auth/user"
|
7
|
+
require "omniauth/stategies/heimdall"
|
8
|
+
|
9
|
+
require "heimdall_auth/controller_additions"
|
10
|
+
|
11
|
+
|
12
|
+
module HeimdallAuth
|
13
|
+
# Your code goes here...
|
14
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'omniauth-oauth2'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
module Strategies
|
5
|
+
class Heimdall < OmniAuth::Strategies::OAuth2
|
6
|
+
option :name, :heimdall
|
7
|
+
option :provider_ignores_state, true
|
8
|
+
|
9
|
+
uid {
|
10
|
+
raw_info['id']
|
11
|
+
}
|
12
|
+
|
13
|
+
info do
|
14
|
+
{
|
15
|
+
name: raw_info['name'],
|
16
|
+
email: raw_info['email'],
|
17
|
+
}
|
18
|
+
end
|
19
|
+
|
20
|
+
extra do
|
21
|
+
{ raw_info: raw_info }
|
22
|
+
end
|
23
|
+
|
24
|
+
def raw_info
|
25
|
+
@raw_info ||= access_token.get('/me.json').parsed
|
26
|
+
end
|
27
|
+
|
28
|
+
def callback_url
|
29
|
+
# If redirect_uri is configured in token_params, use that
|
30
|
+
# value.
|
31
|
+
token_params.to_hash(:symbolize_keys => true)[:redirect_uri] || super
|
32
|
+
end
|
33
|
+
|
34
|
+
def query_string
|
35
|
+
# This method is called by callback_url, only if redirect_uri
|
36
|
+
# is omitted in token_params.
|
37
|
+
if request.params["code"]
|
38
|
+
# If this is a callback, ignore query parameters added by
|
39
|
+
# the provider.
|
40
|
+
""
|
41
|
+
else
|
42
|
+
super
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
namespace :puma_dev do
|
2
|
+
desc 'Fast linking to puma dev'
|
3
|
+
task :link do
|
4
|
+
|
5
|
+
application_name = Rails.application.class.parent_name
|
6
|
+
puma_dev_app_name = "#{application_name.underscore.dasherize}.vesputi-abc"
|
7
|
+
command = "ln -s #{Rails.root} ~/.puma-dev/#{puma_dev_app_name}"
|
8
|
+
|
9
|
+
puts "Script is linking to puma-dev"
|
10
|
+
sh command
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
require 'net/https'
|
3
|
+
require 'json'
|
4
|
+
require 'optparse'
|
5
|
+
|
6
|
+
namespace :heimdall do
|
7
|
+
desc 'Register application at a Heimdall Application'
|
8
|
+
task :register do
|
9
|
+
|
10
|
+
application_name = Rails.application.class.parent_name
|
11
|
+
|
12
|
+
options = {
|
13
|
+
application_name: application_name,
|
14
|
+
service_url: "https://#{application_name.underscore.dasherize}.vesputi-abc.de",
|
15
|
+
heimdall_url: "https://heimdall.vesputi-abc.de",
|
16
|
+
}
|
17
|
+
option_parser = OptionParser.new
|
18
|
+
option_parser.banner = "Usage: rake add [options]"
|
19
|
+
option_parser.on("-h", "--heimdall ARG", String) { |heimdall_url| options[:heimdall_url] = heimdall_url }
|
20
|
+
option_parser.on("-s", "--service ARG", String) { |service_url| options[:service_url] = service_url }
|
21
|
+
option_parser.on("-u", "--username ARG", String) { |username| options[:username] = username }
|
22
|
+
option_parser.on("-p", "--password ARG", String) { |password| options[:password] = password }
|
23
|
+
|
24
|
+
args = option_parser.order!(ARGV) {}
|
25
|
+
option_parser.parse!(args)
|
26
|
+
|
27
|
+
#TODO: strip the trialing slash ... if there is one
|
28
|
+
credentials = create_oauth_application_request(
|
29
|
+
options[:heimdall_url],
|
30
|
+
options[:service_url],
|
31
|
+
"#{options[:application_name]} | (Registered at #{DateTime.current.to_formatted_s(:long)})",
|
32
|
+
options[:username],
|
33
|
+
options[:password]
|
34
|
+
)
|
35
|
+
|
36
|
+
if credentials
|
37
|
+
STDERR.puts "## Sucessfully registered as '#{options[:application_name]}'"
|
38
|
+
STDERR.puts "# Heimdall URL as '#{options[:heimdall_url]}' (change it with -h\"https://heimdall.any-whe.re/\")"
|
39
|
+
STDERR.puts "# Service URL as '#{options[:service_url]}' (change it with -s\"https://foo.bar/\")"
|
40
|
+
puts "HEIMDALL_SERVER_URL=#{options[:heimdall_url]}/"
|
41
|
+
puts "HEIMDALL_APPLICATION_ID=#{credentials['uid']}"
|
42
|
+
puts "HEIMDALL_APPLICATION_SECRET=#{credentials['secret']}"
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
|
48
|
+
def create_oauth_application_request(heimdall_url, application_url, application_name, heimdall_username, heimdall_password)
|
49
|
+
uri = URI("#{heimdall_url}/oauth_applications_api.json")
|
50
|
+
|
51
|
+
# Create client
|
52
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
53
|
+
http.use_ssl = true
|
54
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
55
|
+
dict = {
|
56
|
+
"oauth_application" => {
|
57
|
+
"name" => "#{application_name}",
|
58
|
+
"redirect_uri" =>
|
59
|
+
"#{application_url}/auth/heimdall/callback\n" +
|
60
|
+
"#{application_url}/auth/heimdall/callback/"
|
61
|
+
}
|
62
|
+
}
|
63
|
+
body = JSON.dump(dict)
|
64
|
+
|
65
|
+
# Create Request
|
66
|
+
req = Net::HTTP::Post.new(uri)
|
67
|
+
# Add headers
|
68
|
+
req.add_field "Authorization", "Basic #{Base64.strict_encode64("#{heimdall_username}:#{heimdall_password}")}"
|
69
|
+
# Add headers
|
70
|
+
req.add_field "Content-Type", "application/json; charset=utf-8"
|
71
|
+
# Set body
|
72
|
+
req.body = body
|
73
|
+
|
74
|
+
# Fetch Request
|
75
|
+
res = http.request(req)
|
76
|
+
|
77
|
+
if res.code == "201"
|
78
|
+
return JSON.parse(res.body)
|
79
|
+
else
|
80
|
+
STDERR.puts "Can't Register \n\n Code #{res.code} Body: #{res.body}"
|
81
|
+
end
|
82
|
+
rescue StandardError => e
|
83
|
+
STDERR.puts "HTTP Request failed (#{e.message})"
|
84
|
+
end
|
metadata
ADDED
@@ -0,0 +1,123 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: heimdall_auth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- René Meye
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-12-23 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '5.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '5.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: omniauth
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.9.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.9.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: omniauth-oauth2
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: sqlite3
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: Description of HeimdallAuth.
|
70
|
+
email:
|
71
|
+
- rene@vesputi.com
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- MIT-LICENSE
|
77
|
+
- README.md
|
78
|
+
- Rakefile
|
79
|
+
- app/controllers/heimdall_auth/sessions_controller.rb
|
80
|
+
- lib/generators/heimdall_auth/cancan/cancan_generator.rb
|
81
|
+
- lib/generators/heimdall_auth/cancan/templates/ability.rb
|
82
|
+
- lib/generators/heimdall_auth/dotenv/dotenv_generator.rb
|
83
|
+
- lib/generators/heimdall_auth/install/install_generator.rb
|
84
|
+
- lib/generators/heimdall_auth/sessions/sessions_generator.rb
|
85
|
+
- lib/generators/heimdall_auth/standard_pages/standard_pages_generator.rb
|
86
|
+
- lib/generators/heimdall_auth/standard_pages/templates/admin_controller.rb
|
87
|
+
- lib/generators/heimdall_auth/standard_pages/templates/admin_view.html.erb
|
88
|
+
- lib/generators/heimdall_auth/standard_pages/templates/invalid_user_data.html.erb
|
89
|
+
- lib/generators/heimdall_auth/standard_pages/templates/not_enough_rights.html.erb
|
90
|
+
- lib/heimdall_auth.rb
|
91
|
+
- lib/heimdall_auth/controller_additions.rb
|
92
|
+
- lib/heimdall_auth/engine.rb
|
93
|
+
- lib/heimdall_auth/rails/routes.rb
|
94
|
+
- lib/heimdall_auth/railtie.rb
|
95
|
+
- lib/heimdall_auth/user.rb
|
96
|
+
- lib/heimdall_auth/version.rb
|
97
|
+
- lib/omniauth/stategies/heimdall.rb
|
98
|
+
- lib/tasks/puma_dev_link.rake
|
99
|
+
- lib/tasks/register.rake
|
100
|
+
homepage: https://vesputi.com
|
101
|
+
licenses:
|
102
|
+
- MIT
|
103
|
+
metadata: {}
|
104
|
+
post_install_message:
|
105
|
+
rdoc_options: []
|
106
|
+
require_paths:
|
107
|
+
- lib
|
108
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
109
|
+
requirements:
|
110
|
+
- - ">="
|
111
|
+
- !ruby/object:Gem::Version
|
112
|
+
version: '0'
|
113
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
requirements: []
|
119
|
+
rubygems_version: 3.0.3
|
120
|
+
signing_key:
|
121
|
+
specification_version: 4
|
122
|
+
summary: Summary of HeimdallAuth.
|
123
|
+
test_files: []
|