iauthu 0.0.1

data/History.txt

@@ -0,0 +1,4 @@
+=== 0.0.1 
+
+* Initial release
+

data/Manifest.txt

@@ -0,0 +1,15 @@
+History.txt
+Manifest.txt
+README.txt
+Rakefile
+bin/iauthu
+lib/iauthu.rb
+lib/iauthu/authenticator/base.rb
+lib/iauthu/authenticator/chained.rb
+lib/iauthu/authenticator/ldap.rb
+lib/iauthu/request.rb
+lib/iauthu/server.rb
+lib/iauthu/site.rb
+lib/iauthu/version.rb
+template/iauthu.conf.tmpl
+test/test_iauthu.rb

data/README.txt

@@ -0,0 +1,68 @@
+= IAuthU
+
+* http://github.com/rheimbuch/iauthu
+
+== DESCRIPTION:
+
+IAuthU provides a basic iTunesU authentication server, along with libraries for building iTunesU authentication servers into your own application.
+
+== FEATURES/PROBLEMS:
+
+* Features
+  * Support for iTunesU authentication system.
+  * Plug-able authentication back-ends.
+  * Includes authentication back-ends for basic LDAP and chained authentication sources.
+  * Supports running as CGI, FastCGI, WEBrick, Mongrel, etc using Rack
+
+== SYNOPSIS:
+
+* Generate the config file in /etc/iauthu/iauthu.conf (see `iauthu -h` for all options)
+
+    $ sudo iauthu -g
+
+* Edit /etc/iauthu/iauth.conf and fill in your iTunesU authentication settings.
+
+* To run as a standalone server:
+
+    $ iauthu
+
+* To run as a cgi, symlink the iauthu binary into your cgi-bin directory or any directory that allows executing cgi scripts:
+
+    $ ln -s /usr/bin/iauthu /usr/lib/cgi-bin/iauthu.cgi
+
+
+== REQUIREMENTS:
+
+* Rack
+* Markaby
+* Ruby-HMAC
+* Net/LDAP
+
+== INSTALL:
+
+  gem install iauthu
+
+== LICENSE:
+
+(The MIT License)
+
+Copyright (c) 2008 Ryan Heimbuch
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,20 @@
+# -*- ruby -*-
+
+require 'rubygems'
+require 'hoe'
+require './lib/iauthu.rb'
+
+Dir['tasks/**/*.rake'].each { |rake| load rake }
+
+Hoe.new('iauthu', IAuthU::VERSION) do |p|
+  p.rubyforge_name = 'iauthu' # if different than lowercase project name
+  p.developer('Ryan Heimbuch', 'rheimbuch@gmail.com')
+  p.remote_rdoc_dir = '' # Release to root
+  p.extra_deps << ['rack', '>=0.3.0']
+  p.extra_deps << ['mongrel', '>=1.1.5']
+  p.extra_deps << ['markaby', '>=0.5']
+  p.extra_deps << ['ruby-hmac', '>=0.3.1']
+  p.extra_deps << ['ruby-net-ldap', '>=0.0.4']
+end
+
+# vim: syntax=Ruby

data/bin/iauthu

@@ -0,0 +1,161 @@
+#!/usr/bin/env ruby
+$:.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
+require 'rubygems'
+require 'fileutils'
+require 'optparse'
+require 'ostruct'
+require 'erb'
+require 'iauthu'
+
+GLOBAL_CONFIG = {:trace => false}
+
+
+module IAuthU
+  module Command # :nodoc:
+    
+    SYSTEM_CONFIG_FILE = "/etc/iauthu/iauthu.conf"
+    
+    def self.call(args)
+      options = Options.new(args)
+      
+      config_file = args.shift
+      config_file = SYSTEM_CONFIG_FILE unless config_file && !config_file.empty?
+        
+      
+      if options.opts["generate"]
+        # Generate a config file
+        self.generate_config(config_file, options.opts)
+      else
+        # Run the server
+        self.run_server(config_file, options.opts)
+      end
+      
+      
+    end
+    
+    def self.run_server(config, options={})
+      
+      if config && File.exist?(config)
+        file = File.read(config)
+        server = IAuthU::Server.build { eval(file) }
+        if ENV['REQUEST_METHOD'] # Detect if running as a cgi
+          server.runner = IAuthU::Server::Builder::RUNNERS[:cgi]
+        end
+        server.run
+      else
+        err = ""
+        raise "No config file is available.\n" \
+              "Specify a config file or run `iauthu -g [FILE]` to generate a config file."
+      end
+    end
+    
+    def self.generate_config(config, options={})
+      if File.exist?(config) && !options["force"]
+        raise "Config file '#{config}' already exists: will not overwrite." 
+      end
+      vars = OpenStruct.new options
+      template_dir = File.join(File.dirname(__FILE__), "..", "template")
+      template = File.read(File.join(template_dir, 'iauthu.conf.tmpl'))
+      result = ERB.new(template).result(vars.send(:binding))
+      unless File.exist?(File.dirname(config))
+        FileUtils.mkdir_p(File.dirname(config))
+      end
+      File.open(config, "w") do |f|
+        f.puts result
+      end
+    end
+    
+    
+    class Options # :nodoc:
+      def initialize(args)
+        @opts = {}
+        parser.parse!(args)
+      end
+      
+      attr_reader :parser
+      
+      def opts
+        @opts
+      end
+      
+      def config
+        @opts
+      end
+      
+      def banner
+        parser.to_s
+      end
+      
+      def parser
+        @parser ||= OptionParser.new do |opts|
+          opts.banner = "Usage: iauthu [CONFIG_FILE]"
+          opts.separator ""
+          opts.separator "If [CONFIG_FILE] is absent, iauthu will look for ./iauthu.conf and /etc/iauthu/iauthu.conf"
+          opts.separator ""
+          
+          opts.on("-g", "--generate", "Generate a config file.") do
+            config["generate"] = true
+          end
+          
+          opts.on("--trace", "Enable error tracebacks and debugging output.") do |trace|
+            GLOBAL_CONFIG[:trace] = trace
+          end
+          
+          opts.separator ""
+          opts.separator "The following options apply only to config file generation."
+          opts.separator ""
+          
+          opts.on("-f", "--force", "Force generation & overwrite config file." ) do |force|
+            config["force"] = force
+          end
+          
+          opts.on("--url [URL]", "Set the iTunesU authentication url.") do |url|
+            config["url"] = url
+          end
+          
+          opts.on("--debug-suffix [SUFFIX]", "Set the iTunesU debug suffix.") do |str|
+            config["debug_suffix"] = str
+          end
+          
+          cred_help = "Set the iTunesU credentials. Format: shortName1::LongCred1;shortName2::LongCred2"
+          opts.on("--cred [CREDSTR]", cred_help) do |str|
+            creds = {}
+            str.split(",").each do |pair|
+              k,v = pair.split("::")
+              k.strip!
+              v.strip!
+              creds[k.to_sym] = v
+            end
+          config["creds"] = creds
+          end
+          
+          opts.on("--secret [SECRET]", "Set the iTunesU shared secret.") do |str|
+            config["shared_secret"] = str
+          end
+          
+          opts.separator ""
+
+          opts.on_tail("-v", "--version", "Display the software version.") do
+            puts IAuthU::VERSION
+            exit
+          end
+
+          opts.on_tail("-h", "--help", "Show this help message.") do
+            puts opts
+            exit
+          end
+        end
+      end
+    end
+    
+    
+  end
+end
+
+begin
+  IAuthU::Command.call(ARGV)
+rescue => ex
+  puts ex.message
+  raise ex if GLOBAL_CONFIG[:trace]
+  exit
+end

data/lib/iauthu/authenticator/base.rb

@@ -0,0 +1,63 @@
+module IAuthU
+  module Authenticator # :nodoc:
+    
+=begin rdoc
+  IAuthU uses 'Authentication' objects to validate and authenticate users.
+  Any object can be used for authentication as long as it follows the following
+  conventions:
+  - has a #call method that accepts a username and password
+  - the #call method returns an identity hash in the form:
+      { :username => 'john.doe',
+        :display_name => 'John Doe',
+        :email => 'john.doe@montana.edu',
+        :identifier => '',
+        :credentials => [:admin, :user] }
+  - the identity hash MUST contain a :username entry
+  - if authentication fails the #call method should return nil
+  
+  This convention allows the use of lambda objects as authenticators:
+      lambda {|user,pass| 
+        if user == 'foo'
+          {:username => user, :credentials => [:admin]}
+        end 
+      }
+  
+  There are also optional behavior methods that authentication objects 
+  should, but are not required to implement:
+  #required::     specifies that an authentication object is required. In an
+                  authentication chain, failure of authenticator objects that are required
+                  causes the entire chain to fail.
+  #sufficient::   specifies that an authentication object is sufficient for
+                  authentication. In an auth chain, authenticator objects that are sufficient
+                  and successfully authenticate halt the execution of the chain and cause the
+                  chain to return a successful authentication.
+  
+  If you require custom authentication, subclass IAuthU::Authenticator::Base
+  and override #call to perform your custom authentication. You may also use
+  any object that implements #call as specified above. If you require multiple
+  authentication steps, you may compose authenticators together using 
+  IAuthU::Authenticator::Chained.
+=end
+    class Base
+      def call(username, password)
+        nil
+      end
+      
+      def required
+        @required ||= false
+      end
+      
+      def required=(bool)
+        @required = !!bool
+      end
+      
+      def sufficient
+        @sufficient ||= false
+      end
+      
+      def sufficient=(bool)
+        @sufficient = !!bool
+      end
+    end
+  end
+end

data/lib/iauthu/authenticator/chained.rb

@@ -0,0 +1,108 @@
+require File.join(File.dirname(__FILE__), 'base')
+module IAuthU
+  module Authenticator # :nodoc:
+    
+=begin rdoc
+  The Chained Authenticator allows multiple authentication objects to 
+  be combined. The order in which authenticators are added is the order
+  in which they are executed. The identity hash that each authenticator
+  returns is combined with the one returned by the previous authenticator.
+  
+    local_auth = IAuthU::Authenticator::Chained.build {
+      #Use builtin htaccess authenticator
+      use IAuthU::Authenticator::FileBased.new('/etc/itunesu/user.auth'), :required => true
+      
+      #Call a custom authenticator
+      use CustomLDAPAuth.new
+      
+      #Add default user credential to all identities
+      use lambda {|user,pass| {:credentials => [:user]}} 
+    }
+=end
+    class Chained < Base
+      
+=begin rdoc
+  Allows easy construction of chained authenticators. The format for 
+  specifying the authentication chain is:
+    use someAuthenticator [, {:required => true|false, :sufficient => true|false}]
+=end
+      def self.build(&block)
+        chained = Builder.new
+        chained.instance_eval(&block)
+        chained.auth
+      end
+      
+      # Creates a new Chained authentication object. A list of authenticators
+      # can be passed. This will create an authentication chain compoased of
+      # the passed authenticators.
+      def initialize(*args)
+        @chain = args || []
+      end
+      
+      # Append an authenticator to the authentication chain.
+      def <<(authenticator)
+        add authenticator
+      end
+      
+      # Append an authenticator to the authentication chain. Optionally specifiy
+      # if the authenticator is required or sufficient for the chain. required and
+      # sufficient both default to false.
+      #   chain.add MyAuth.new  # MyAuth is not required and not sufficient
+      #   chain.add MyAuth.new, :required => true, :sufficient => false
+      def add(authenticator, opts={})
+        authenticator.required = !!opts["required"] if opts["required"] && authenticator.respond_to?('required=')
+        authenticator.sufficient = !!opts["sufficient"] if opts ["sufficient"] && authenticator.respond_to?('sufficient=')
+        @chain << authenticator
+      end
+      
+      # Invoke the authentication chain
+      def call(username,password)
+        auths = @chain.clone
+        identity = {}
+        until auths.empty?
+          auth = auths.shift
+          new_ident = auth.call(username,password)
+          if new_ident.nil? && auth.respond_to?(:required) && auth.required
+            #Authentication failed for a required authenticator
+            return nil
+          end
+          identity = merge_identities(identity, new_ident)
+          if identity && auth.respond_to?(:sufficient) && auth.sufficient
+            #This authenticator is sufficient; do not continue down auth chain.
+            break
+          end
+        end
+        return nil if identity.empty?
+        identity
+      end
+      
+      private
+      def merge_identities(orig, other)
+        ident = {}.merge(orig)
+        return ident if other.nil? || other.empty?
+        creds = other.delete("credentials") || []
+        ident["credentials"] ||= []
+        ident["credentials"] << creds
+        ident["credentials"].flatten!.uniq!
+        
+        ident.merge(other)
+      end
+      
+      
+      class Builder # :nodoc:
+        def initialize
+          @auth = Chained.new
+        end
+        
+        attr_reader :auth
+        
+        def use(authenticator=nil, opts={}, &block)
+          if block && !authenticator
+            authenticator = block
+          end
+          @auth.add authenticator, opts
+        end
+      end
+    end
+  end
+end

data/lib/iauthu/authenticator/ldap.rb

@@ -0,0 +1,79 @@
+require 'rubygems'
+require 'net/ldap'
+
+module IAuthU
+  module Authenticator # :nodoc:
+    class LDAP
+      def self.build(&block)
+        b = Builder.new
+        b.instance_eval(&block)
+        b.ldap_auth
+      end
+      
+      def initialize(opts)
+        @config = opts
+        @login_format = @config.delete(:login_format) || "%s"
+        @credentials = @config.delete(:credentials) || []
+        use_ssl = @config.delete(:use_ssl) || false
+        server_names = @config.delete(:servers) || []
+        
+        @servers = server_names.map do |name|
+          conf = @config.clone
+          conf[:host] = name
+          server = Net::LDAP.new(conf)
+          server.encryption(:simple_tls) if use_ssl
+          server
+        end
+      end
+      
+      def call(user,pass)
+        @servers.each do |s|
+          s.auth(@login_format % user, pass)
+          ident = {"username" => user}
+          ident["credentials"] = @credentials
+          return ident if s.bind
+        end
+        return nil
+      end
+      
+      private
+      class Builder
+        def initialize
+          @config = {}
+        end
+        
+        def servers(*svrs)
+          @config[:servers] = svrs
+        end
+        
+        def port(num)
+          @config[:port] = num
+        end
+        
+        def base(str)
+          @config[:base] = str
+        end
+        
+        def login_format(str)
+          @config[:login_format] = str
+        end
+        
+        def use_ssl(bool=true)
+          @config[:use_ssl]
+        end
+        
+        def config
+          @config
+        end
+        
+        def credentials(creds)
+          @config[:credentials] = creds.to_a
+        end
+        
+        def ldap_auth
+          LDAP.new(config)
+        end
+      end
+    end
+  end
+end

data/lib/iauthu/request.rb

@@ -0,0 +1,90 @@
+require 'rubygems'
+require 'net/http'
+require 'net/https'
+require 'hmac-sha2'
+require 'cgi'
+require 'logger'
+
+module IAuthU
+  
+=begin rdoc
+  IAuthU::Request performs the ITunesU authentication step. Usually you will
+  not create a Request object manually, but will instead recieve it from
+  a Site object. A Request object defers the actual connection to ITunesU
+  until the #call method is invoked. 
+=end
+  class Request
+    def initialize(user, creds, site)
+      @user = user
+      @creds = creds.to_a
+      #raise MissingCredentialsError, "Credentials cannot be empty." if @creds.empty?
+      @site = site
+      @debug = false
+    end
+    
+    attr_accessor :debug
+    
+    def logger
+      CONFIG[:logger]
+    end
+    
+    def call
+      logger.info "Sending request for: #{@user.inspect}"
+      token, data = get_authorization_token(@user, @creds, @site.shared_secret)
+      invoke_action(site_url, data, token)
+    end
+    
+    private
+    
+    def site_url
+      debug ? "#{@site.url}#{@site.debug_suffix}" : @site.url 
+    end
+    
+    def identity_string(identity)
+      display_name = identity["display_name"]
+      email_address = identity["email"]
+      username = identity["username"]
+      user_identifier = identity["identifier"]
+      "\"#{display_name}\" <#{email_address}> (#{username}) [#{user_identifier}]"
+    end
+    
+    def get_authorization_token(identity, credentials, key)
+      identity = identity_string(identity)
+      credentials = credentials * ';'
+      token = {}
+      expiration = Time.new().to_i
+      
+      #Need to escape using CGI.escape; URI.escape doesn't escape '()<>' properly
+      cred = CGI.escape(credentials)
+      id = CGI.escape(identity)
+      exp = CGI.escape(expiration.to_s)
+
+      buffer = "credentials=#{cred}&identity=#{id}&time=#{exp}"
+      
+      sig = HMAC::SHA256.new(key)
+      sig << buffer
+      buffer = buffer + "&signature=#{sig}"
+
+      token = {
+        'credentials' => credentials,
+        'identity' => identity,
+        'time' => expiration.to_s,
+        'signature' => sig.to_s
+      }
+      logger.debug "Request Token: #{token.inspect}"
+      logger.debug "Request Params: #{buffer.inspect}"
+      return token, buffer
+    end
+    
+    def invoke_action(site_url, data, token_hdrs)
+      uri = URI.parse(site_url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      #puts token_hdrs.inspect
+      logger.debug "Request sent to: #{site_url}"
+      response = http.request_post(uri.path, data, token_hdrs)
+      return response
+    end
+  end
+end

data/lib/iauthu/server.rb

@@ -0,0 +1,153 @@
+require 'rubygems'
+require File.join(File.dirname(__FILE__), 'site')
+require File.join(File.dirname(__FILE__), 'authenticator/chained')
+require 'rack'
+require 'rack/showexceptions'
+require 'rack/request'
+require 'rack/response'
+require 'markaby'
+require 'logger'
+
+module IAuthU
+  
+  class Server
+    def self.build(&block)
+      b = Builder.new
+      b.instance_eval(&block)
+      b.server
+    end
+    
+    def initialize
+      @runner = Rack::Handler::WEBrick
+      @port = 9292
+      @login_page = login_form
+    end
+    attr_accessor :site, :auth, :runner, :port, :login_page
+    
+    def logger
+      CONFIG[:logger]
+    end
+    
+    def run
+      raise "Site config is required" unless @site
+      raise "Auth config is required" unless @auth
+      logger.info "Running IAuthU with: #{@runner}"
+      @runner.run(Rack::ShowExceptions.new(Rack::Lint.new(self)), :Port => @port)
+    end
+    
+    def call(env)
+      req = Rack::Request.new(env)
+      user, pass = req.POST["username"], req.POST["password"]
+      # if user && pass
+      #         logged_in, result = login(user, pass)
+      #       else
+      #         logged_in = false
+      #       end
+      #       result = login_page unless logged_in
+      #       res = Rack::Response.new
+      #       res.write result
+      #       res.finish
+      unless req.POST["username"] && req.POST["password"]
+        Rack::Response.new.finish do |res|
+          res.write login_page
+        end
+      else
+        Rack::Response.new.finish do |res|
+          logged_in, result = login(req.POST["username"], req.POST["password"])
+          #puts result
+          res.write result
+        end
+      end
+    end
+    
+    private
+    
+    def login(user, pass)
+      identity = @auth.call(user,pass)
+      if identity
+        req = @site.authentication_request(identity)
+        resp = req.call
+        [:true, resp.body]
+      else
+        [:false, login_page]
+      end
+    end
+    
+    def login_form
+      page_title = "iTunesU Login"
+      m = Markaby::Builder.new
+      m.html do
+        head { title page_title}
+        body do
+          h1 page_title
+          form(:method => 'post') do
+            p {
+              label("Username: ", :for => 'username')
+              input(:type => 'text', :name => 'username', :id => 'username')
+            }
+            p {
+              label("Password: ", :for => 'password')
+              input(:type => 'password', :name => 'password', :id => 'password')
+            }
+            input(:type => 'submit', :value => 'Login')
+          end
+        end
+      end
+      m.to_s
+    end
+    
+    class Builder
+      RUNNERS = { :cgi => Rack::Handler::CGI,
+                  #:fastcgi => Rack::Handler::FastCGI,
+                  :webrick => Rack::Handler::WEBrick,
+                  :mongrel => Rack::Handler::Mongrel
+        }
+        
+      def initialize
+        @server = Server.new
+      end
+      
+      attr_reader :server
+      
+      def site(&block)
+        @server.site = Site.build(&block)
+      end
+      
+      def auth(&block)
+        @server.auth = Authenticator::Chained.build(&block)
+      end
+      
+      def login_page(str_or_file=nil, &block)
+        return if str_or_file == :default
+        if str_or_file
+          if File.exist?(str_or_file)
+            File.open(str_or_file) do |f|
+              @server.login_page = f.read
+            end
+          else
+            @server.login_page = str_or_file
+          end
+          return
+        else
+          @server.login_page = block.call.to_s
+        end
+      end
+      
+      def logger(dest)
+        if dest == :default
+          dest = STDERR
+        end
+        if dest.kind_of?(IO) || dest.kind_of?(String) || dest.kind_of?(Symbol)
+          CONFIG[:logger] = Logger.new(dest)
+        else
+          CONFIG[:logger] = dest
+        end
+      end
+      
+      def run(type, opts={})
+        @server.runner = RUNNERS[type] || RUNNERS[:webrick]
+        @server.port ||= opts[:port]
+      end
+    end
+  end
+end

data/lib/iauthu/site.rb

@@ -0,0 +1,82 @@
+require File.join(File.dirname(__FILE__), 'request')
+require 'logger'
+module IAuthU
+  
+=begin rdoc
+  IAuthU::Site represents your remote ITunesU site. 
+  
+    site = IAuthU::Site.build {
+      url "https://deimos.apple.com/WebObjects/Core.woa/Browse/montana.edu"
+      debug_suffix "/aqc392"
+      shared_secret "WQBMFYFFH7SBPVFXMCEBG43WC2ANW7LQ"
+      cred :admin, "Administrator\@urn:mace:itunesu.com:sites:montana.edu"
+      cred :user, "Authenticated\@urn:mace:itunesu.com:sites:montana.edu"
+    }
+=end
+  class Site
+    def self.build(&block)
+      builder = Builder.new
+      builder.instance_eval(&block)
+      builder.site
+    end
+    
+    def initialize(opts={})
+      @debug = false
+      opts = {:url => "", :debug_suffix => "", :shared_secret => "", :credentials => {}}.merge(opts)
+      opts.keys.each{|var| instance_variable_set "@#{var.to_s}", opts[var]}
+    end
+    attr_accessor :url, :debug_suffix, :debug, :shared_secret, :credentials
+    
+    def logger
+      CONFIG[:logger]
+    end
+    
+    def authentication_request(user)
+      raise SettingsError, "Site url must be set before sending request." unless url && !url.empty?
+      user = user.clone
+      creds = user.delete("credentials") || []
+      tmp = []
+      creds.each{|c| tmp << credentials[c]}
+      
+      begin
+        req = Request.new(user, tmp, self)
+      rescue Request::MissingCredentialsError
+        raise MissingCredentialsError, "Credentials entry is missing in: #{user.inspect}"
+      end
+      req.debug = debug
+      req
+    end
+    
+    class SettingsError < RuntimeError # :nodoc:
+    end
+    
+    class Builder # :nodoc:
+      def initialize
+        @site = Site.new
+      end
+      
+      attr_reader :site
+      
+      def url(url)
+        @site.url = url
+      end
+      
+      def debug_suffix(suffix)
+        @site.debug_suffix = suffix
+      end
+      
+      def debug(bool=true)
+        @site.debug = bool
+      end
+      
+      def shared_secret(str)
+        @site.shared_secret = str
+      end
+      
+      def cred(name, credential)
+        name = name.to_sym
+        @site.credentials[name] = credential.to_s
+      end
+    end
+  end
+end

data/lib/iauthu/version.rb

@@ -0,0 +1,9 @@
+module IAuthU #:nodoc:
+  module VERSION #:nodoc:
+    MAJOR = 0
+    MINOR = 0
+    TINY  = 1
+
+    STRING = [MAJOR, MINOR, TINY].join('.')
+  end
+end

data/lib/iauthu.rb

@@ -0,0 +1,9 @@
+$:.unshift(File.dirname(__FILE__)) unless
+  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
+
+require 'iauthu/server'
+require 'logger'
+module IAuthU
+  VERSION = '0.0.1'
+  CONFIG = {:logger => Logger.new(STDERR)}
+end

data/template/iauthu.conf.tmpl

@@ -0,0 +1,82 @@
+# Specify how IAuthU should run.
+# Available options are: :cgi, :webrick, :mongrel
+# Note: if a cgi environment is detected, IAuthU will run in
+# cgi mode regardless of this setting.
+
+run :webrick, :port => 9292
+
+# Specify the log destination:
+# * :default == STDERR
+# * "/path/to/logfile"
+# * a Logger object
+# note: using STDOUT will interfere with cgi output
+
+logger :default     # :default | "/var/log/iauthu.log" | Logger.new("/var/logs/iauthu.log")
+
+
+# Specify the Login Page
+# Options include:
+#  * :default - displays the builtin login form
+#  * "/path/to/file.html" - displays specified file
+#  * "<html><title>...."  - use a raw html string
+#  * {...} - run a ruby block to generate the page. 
+#            For example, consider using markaby
+
+login_page :default
+
+site {
+    # Specify your iTunesU url
+    url "<%= url || "https://deimos.apple.com/WebObjects/Core.woa/Browse/foo.edu" %>"
+    
+    # Specify your debug suffix if you wish to use iTunesU authentication
+    # in debug mode.
+    <%= "#" unless debug_suffix %> debug_suffix "<%= debug_suffix || "/debug_suffix" %>"
+    
+    # Enable iTunesU authentication debugging. Must specify the debug_suffix.
+    debug <%= debug ? "true" : "false" %>
+    
+    # Shared authentication secret
+    shared_secret "<%= shared_secret || "SHARED-SECRET" %>"
+    
+    # Define your iTunesU login credentials. The alias you specify 
+    # can be used to refer to that credential later in the authentication
+    # section.
+    #
+    # Example:
+    # cred :alias, "FullCred@urn:mace:itunesu.com:sites:urschool.edu"
+    <% unless creds.nil? 
+        creds.keys.each do |key| %>
+    cred <%= key.inspect %>, <%= creds[key].inspect %>
+    <%  end
+      end %>
+}
+
+auth {
+  
+  # Authenticate all users
+  use {|user, pass| 
+    {"display_name" => user,
+     "username" => user,
+     "credentials" => []
+    }
+  }
+  
+  # # Uncomment to Authenticate Users from LDAP
+  # require 'iauthu/authenticator/ldap'
+  # use IAuthU::Authenticator::LDAP.build {
+  #   servers "ldap.urschool.edu"
+  #   login_format "uid=%s,ou=People,o=ldap.urschool.edu,o=cp"
+  #   credentials [:user]
+  # }
+  
+  
+  # # Uncomment to create a 'test' admin user
+  # use {|user, pass|
+  #   if user == 'test' && pass == 'test'
+  #     {"display_name" => "Site Administrator",
+  #       "email" => "acg-support@montana.edu",
+  #       "credentials" => [:admin]}
+  #   end
+  # }
+}
+

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification 
+name: iauthu
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Ryan Heimbuch
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-06-11 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.3.0
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: mongrel
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.1.5
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: markaby
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0.5"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: ruby-hmac
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.3.1
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: ruby-net-ldap
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.0.4
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: hoe
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.5.3
+    version: 
+description: IAuthU provides a basic iTunesU authentication server, along with libraries for building iTunesU authentication servers into your own application.
+email: 
+- rheimbuch@gmail.com
+executables: 
+- iauthu
+extensions: []
+
+extra_rdoc_files: 
+- History.txt
+- Manifest.txt
+- README.txt
+files: 
+- History.txt
+- Manifest.txt
+- README.txt
+- Rakefile
+- bin/iauthu
+- lib/iauthu.rb
+- lib/iauthu/authenticator/base.rb
+- lib/iauthu/authenticator/chained.rb
+- lib/iauthu/authenticator/ldap.rb
+- lib/iauthu/request.rb
+- lib/iauthu/server.rb
+- lib/iauthu/site.rb
+- lib/iauthu/version.rb
+- template/iauthu.conf.tmpl
+- test/test_iauthu.rb
+has_rdoc: true
+homepage: http://github.com/rheimbuch/iauthu
+post_install_message: 
+rdoc_options: 
+- --main
+- README.txt
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: iauthu
+rubygems_version: 1.0.1
+signing_key: 
+specification_version: 2
+summary: IAuthU provides a basic iTunesU authentication server, along with libraries for building iTunesU authentication servers into your own application.
+test_files: 
+- test/test_iauthu.rb