identity 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +6 -0
- data/identity.gemspec +16 -0
- data/lib/connection_handler.rb +35 -0
- data/lib/identity.rb +84 -0
- data/lib/resolver.rb +9 -0
- data/lib/warden/strategy.rb +65 -0
- metadata +95 -0
data/Gemfile
ADDED
data/identity.gemspec
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
Gem::Specification.new do |s|
|
|
2
|
+
s.name = 'identity'
|
|
3
|
+
s.version = '1.0.1'
|
|
4
|
+
s.date = '2012-09-17'
|
|
5
|
+
s.summary = "Ruby ufp Identity Library"
|
|
6
|
+
s.description = "A Ruby library for integrations with ufp Identity"
|
|
7
|
+
s.authors = ["Richard Levenberg"]
|
|
8
|
+
s.email = 'richardl@ufp.com'
|
|
9
|
+
s.files = Dir["**/*"] - Dir["*.gem"] - Dir["*.pem"] - Dir["Gemfile.lock"]
|
|
10
|
+
s.homepage = 'https://www.ufp.com'
|
|
11
|
+
s.rubyforge_project = "identity"
|
|
12
|
+
s.require_paths = ["lib", "lib/warden"]
|
|
13
|
+
|
|
14
|
+
s.add_dependency("rest-client", "~> 1.6.7")
|
|
15
|
+
s.add_dependency("xml-simple", "~> 1.1.1")
|
|
16
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
require 'rest-client'
|
|
2
|
+
require 'resolver.rb'
|
|
3
|
+
require 'logger'
|
|
4
|
+
|
|
5
|
+
log = Logger.new(STDOUT)
|
|
6
|
+
log.level = Logger::DEBUG
|
|
7
|
+
|
|
8
|
+
RestClient.log = log
|
|
9
|
+
|
|
10
|
+
module Identity
|
|
11
|
+
class ConnectionHandler
|
|
12
|
+
@@resolver = Identity::Resolver::StaticIdentityResolver.new
|
|
13
|
+
|
|
14
|
+
def initialize(key_file, key_pass, cert_file, ca_certs='truststore.pem')
|
|
15
|
+
@resource = RestClient::Resource.new(
|
|
16
|
+
@@resolver.get_host,
|
|
17
|
+
:ssl_client_key => OpenSSL::PKey::RSA.new(File.read(key_file), key_pass),
|
|
18
|
+
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read(cert_file)),
|
|
19
|
+
:ssl_ca_file => ca_certs,
|
|
20
|
+
:verify_ssl => OpenSSL::SSL::VERIFY_PEER)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def make_request(path, parameters)
|
|
24
|
+
@resource = @resource.class.new(@@resolver.get_host, @resource.options)
|
|
25
|
+
response = @resource[path].get :params => parameters
|
|
26
|
+
|
|
27
|
+
if response.code != 200
|
|
28
|
+
result = "<context><name>%s</name><result xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"defaultResult\" message=\"Identity Service Failure : %d\">FAILURE</result></context>" % (parameters[:name].nil? || parameters[:name].empty?) ? 'Unknown' : parameters[:name], response.code
|
|
29
|
+
else
|
|
30
|
+
result = response.to_s
|
|
31
|
+
end
|
|
32
|
+
return result
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
data/lib/identity.rb
ADDED
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
require 'connection_handler.rb'
|
|
2
|
+
require 'xmlsimple'
|
|
3
|
+
require 'warden/strategy.rb'
|
|
4
|
+
|
|
5
|
+
module Identity
|
|
6
|
+
=begin
|
|
7
|
+
<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>
|
|
8
|
+
<authentication_pretext>
|
|
9
|
+
<name>guest3f4c5a36a65d46e2</name>
|
|
10
|
+
<result xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"authenticationResult\" confidence=\"0.0\" level=\"0\" code=\"0\" message=\"OK\">SUCCESS</result>
|
|
11
|
+
<display_item name=\"passphrase\"><display_name>Password</display_name><form_element><input id="AuthParam0" type="password" name="passphrase" class="field required" /></form_element><nickname>Guest Password</nickname></display_item>
|
|
12
|
+
</authentication_pretext>
|
|
13
|
+
=end
|
|
14
|
+
class AuthenticationResult
|
|
15
|
+
attr_accessor :name, :result, :display_items
|
|
16
|
+
|
|
17
|
+
def initialize(xml)
|
|
18
|
+
r = XmlSimple.xml_in(xml, { 'ForceArray' => ['display_item'] })
|
|
19
|
+
self.result = r['result']
|
|
20
|
+
self.name = r['name']
|
|
21
|
+
|
|
22
|
+
if result['content'] == 'SUCCESS' || result['content'] == 'CONTINUE'
|
|
23
|
+
if r['display_item'] && r['display_item'].length > 0
|
|
24
|
+
self.display_items = Array.new
|
|
25
|
+
r['display_item'].each_with_index { |di, index| self.display_items[index] = di }
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
=begin
|
|
32
|
+
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
|
33
|
+
<enrollment_pretext>
|
|
34
|
+
<name>test</name>
|
|
35
|
+
<result code="0" message="OK">SUCCESS</result>
|
|
36
|
+
<form_element display_name="Password" name="passphrase">
|
|
37
|
+
<element><input id="EnrollParam0" type="password" name="passphrase" /></element>
|
|
38
|
+
</form_element>
|
|
39
|
+
</enrollment_pretext>
|
|
40
|
+
=end
|
|
41
|
+
class EnrollmentResult
|
|
42
|
+
attr_accessor :name, :result, :form_elements
|
|
43
|
+
|
|
44
|
+
def initialize(xml)
|
|
45
|
+
r = XmlSimple.xml_in(xml, { 'ForceArray' => ['form_element'] })
|
|
46
|
+
self.name = r['name']
|
|
47
|
+
self.result = r['result']
|
|
48
|
+
if self.result['content'] == 'SUCCESS'
|
|
49
|
+
if r['form_elements'] && r['form_elements'].length > 0
|
|
50
|
+
self.form_elements = Array.new
|
|
51
|
+
r['form_elements'].each_with_index { |fe, index| self.form_elements[index] = fe }
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
module Provider
|
|
58
|
+
class IdentityServiceProvider
|
|
59
|
+
def initialize(handler)
|
|
60
|
+
@handler = handler
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def pre_authenticate(name, remote_host)
|
|
64
|
+
xml = @handler.make_request 'preauthenticate', { :name => name, :client_ip => remote_host }
|
|
65
|
+
return AuthenticationResult.new(xml)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def authenticate(name, remote_host, parameters)
|
|
69
|
+
xml = @handler.make_request 'authenticate', { :name => name, :client_ip => remote_host }.merge(parameters)
|
|
70
|
+
return AuthenticationResult.new(xml)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def pre_enroll(name, remote_host)
|
|
74
|
+
xml = @handler.make_request 'preenroll', { :name => name, :client_ip => remote_host }
|
|
75
|
+
return EnrollmentResult.new(xml)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def enroll(name, remote_host, parameters)
|
|
79
|
+
xml = @handler.make_request 'enroll', { :name => name, :client_ip => remote_host }.merge(parameters)
|
|
80
|
+
return EnrollmentResult.new(xml)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
data/lib/resolver.rb
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
require 'warden'
|
|
2
|
+
|
|
3
|
+
module Warden
|
|
4
|
+
module Strategies
|
|
5
|
+
class IdentityStrategy < Warden::Strategies::Base
|
|
6
|
+
def initialize(env, scope)
|
|
7
|
+
super(env, scope)
|
|
8
|
+
Rails.logger.debug("initialize, #{self}")
|
|
9
|
+
config = Rails.configuration
|
|
10
|
+
handler = Identity::ConnectionHandler.new config.identity_key, config.identity_key_password, config.identity_certificate, config.identity_truststore
|
|
11
|
+
# create the provider
|
|
12
|
+
@provider = Identity::Provider::IdentityServiceProvider.new handler
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def valid?
|
|
16
|
+
Rails.logger.debug("valid?, #{self}")
|
|
17
|
+
#Rails.logger.debug("session #{session.inspect}")
|
|
18
|
+
#Rails.logger.debug("params #{params.inspect}")
|
|
19
|
+
params["username"] || session[:identity_username_key]
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def authenticate!
|
|
23
|
+
Rails.logger.debug("authenticate!, #{self}")
|
|
24
|
+
#Rails.logger.debug("session #{session.inspect}")
|
|
25
|
+
#Rails.logger.debug("params #{params.inspect}")
|
|
26
|
+
|
|
27
|
+
if session[:identity_username_key].nil? && session[:identity_display_items].nil?
|
|
28
|
+
pretext = @provider.pre_authenticate params["username"], request.ip
|
|
29
|
+
if pretext.result['content'] == 'SUCCESS'
|
|
30
|
+
session[:identity_username_key] = pretext.name
|
|
31
|
+
session[:identity_display_items] = pretext.display_items
|
|
32
|
+
else
|
|
33
|
+
fail! pretext.result['message']
|
|
34
|
+
end
|
|
35
|
+
elsif !session[:identity_display_items].nil?
|
|
36
|
+
parameters = {}
|
|
37
|
+
session[:identity_display_items].each do |display_item|
|
|
38
|
+
key = display_item['name']
|
|
39
|
+
Rails.logger.debug "looking for #{key}"
|
|
40
|
+
parameters[key] = params[key]
|
|
41
|
+
end
|
|
42
|
+
context = @provider.authenticate session[:identity_username_key], request.ip, parameters
|
|
43
|
+
case context.result['content']
|
|
44
|
+
when 'CONTINUE'
|
|
45
|
+
session[:identity_display_items] = context.display_items
|
|
46
|
+
flash[:notice] = context.result['message']
|
|
47
|
+
when 'RESET'
|
|
48
|
+
session[:identity_username_key] = nil
|
|
49
|
+
session[:identity_display_items] = nil
|
|
50
|
+
when 'SUCCESS'
|
|
51
|
+
username = context.name
|
|
52
|
+
session[:identity_username_key] = nil
|
|
53
|
+
session[:identity_display_items] = nil
|
|
54
|
+
# this is an ephemeral user that needs to be handled in your custom login controller to associate with a "real" user account
|
|
55
|
+
# password is explicitly nil, keep it that way
|
|
56
|
+
user = User.new(:username => username)
|
|
57
|
+
success! user
|
|
58
|
+
else
|
|
59
|
+
fail! context.result['message']
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: identity
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 1
|
|
7
|
+
- 0
|
|
8
|
+
- 1
|
|
9
|
+
version: 1.0.1
|
|
10
|
+
platform: ruby
|
|
11
|
+
authors:
|
|
12
|
+
- Richard Levenberg
|
|
13
|
+
autorequire:
|
|
14
|
+
bindir: bin
|
|
15
|
+
cert_chain: []
|
|
16
|
+
|
|
17
|
+
date: 2012-09-17 00:00:00 -07:00
|
|
18
|
+
default_executable:
|
|
19
|
+
dependencies:
|
|
20
|
+
- !ruby/object:Gem::Dependency
|
|
21
|
+
name: rest-client
|
|
22
|
+
prerelease: false
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - ~>
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
segments:
|
|
28
|
+
- 1
|
|
29
|
+
- 6
|
|
30
|
+
- 7
|
|
31
|
+
version: 1.6.7
|
|
32
|
+
type: :runtime
|
|
33
|
+
version_requirements: *id001
|
|
34
|
+
- !ruby/object:Gem::Dependency
|
|
35
|
+
name: xml-simple
|
|
36
|
+
prerelease: false
|
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
38
|
+
requirements:
|
|
39
|
+
- - ~>
|
|
40
|
+
- !ruby/object:Gem::Version
|
|
41
|
+
segments:
|
|
42
|
+
- 1
|
|
43
|
+
- 1
|
|
44
|
+
- 1
|
|
45
|
+
version: 1.1.1
|
|
46
|
+
type: :runtime
|
|
47
|
+
version_requirements: *id002
|
|
48
|
+
description: A Ruby library for integrations with ufp Identity
|
|
49
|
+
email: richardl@ufp.com
|
|
50
|
+
executables: []
|
|
51
|
+
|
|
52
|
+
extensions: []
|
|
53
|
+
|
|
54
|
+
extra_rdoc_files: []
|
|
55
|
+
|
|
56
|
+
files:
|
|
57
|
+
- Gemfile
|
|
58
|
+
- identity.gemspec
|
|
59
|
+
- lib/connection_handler.rb
|
|
60
|
+
- lib/identity.rb
|
|
61
|
+
- lib/resolver.rb
|
|
62
|
+
- lib/warden/strategy.rb
|
|
63
|
+
has_rdoc: true
|
|
64
|
+
homepage: https://www.ufp.com
|
|
65
|
+
licenses: []
|
|
66
|
+
|
|
67
|
+
post_install_message:
|
|
68
|
+
rdoc_options: []
|
|
69
|
+
|
|
70
|
+
require_paths:
|
|
71
|
+
- lib
|
|
72
|
+
- lib/warden
|
|
73
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
74
|
+
requirements:
|
|
75
|
+
- - ">="
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
segments:
|
|
78
|
+
- 0
|
|
79
|
+
version: "0"
|
|
80
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
81
|
+
requirements:
|
|
82
|
+
- - ">="
|
|
83
|
+
- !ruby/object:Gem::Version
|
|
84
|
+
segments:
|
|
85
|
+
- 0
|
|
86
|
+
version: "0"
|
|
87
|
+
requirements: []
|
|
88
|
+
|
|
89
|
+
rubyforge_project: identity
|
|
90
|
+
rubygems_version: 1.3.6
|
|
91
|
+
signing_key:
|
|
92
|
+
specification_version: 3
|
|
93
|
+
summary: Ruby ufp Identity Library
|
|
94
|
+
test_files: []
|
|
95
|
+
|