identity 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +6 -0
- data/identity.gemspec +16 -0
- data/lib/connection_handler.rb +35 -0
- data/lib/identity.rb +84 -0
- data/lib/resolver.rb +9 -0
- data/lib/warden/strategy.rb +65 -0
- metadata +95 -0
data/Gemfile
ADDED
data/identity.gemspec
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
Gem::Specification.new do |s|
|
|
2
|
+
s.name = 'identity'
|
|
3
|
+
s.version = '1.0.1'
|
|
4
|
+
s.date = '2012-09-17'
|
|
5
|
+
s.summary = "Ruby ufp Identity Library"
|
|
6
|
+
s.description = "A Ruby library for integrations with ufp Identity"
|
|
7
|
+
s.authors = ["Richard Levenberg"]
|
|
8
|
+
s.email = 'richardl@ufp.com'
|
|
9
|
+
s.files = Dir["**/*"] - Dir["*.gem"] - Dir["*.pem"] - Dir["Gemfile.lock"]
|
|
10
|
+
s.homepage = 'https://www.ufp.com'
|
|
11
|
+
s.rubyforge_project = "identity"
|
|
12
|
+
s.require_paths = ["lib", "lib/warden"]
|
|
13
|
+
|
|
14
|
+
s.add_dependency("rest-client", "~> 1.6.7")
|
|
15
|
+
s.add_dependency("xml-simple", "~> 1.1.1")
|
|
16
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
require 'rest-client'
|
|
2
|
+
require 'resolver.rb'
|
|
3
|
+
require 'logger'
|
|
4
|
+
|
|
5
|
+
log = Logger.new(STDOUT)
|
|
6
|
+
log.level = Logger::DEBUG
|
|
7
|
+
|
|
8
|
+
RestClient.log = log
|
|
9
|
+
|
|
10
|
+
module Identity
|
|
11
|
+
class ConnectionHandler
|
|
12
|
+
@@resolver = Identity::Resolver::StaticIdentityResolver.new
|
|
13
|
+
|
|
14
|
+
def initialize(key_file, key_pass, cert_file, ca_certs='truststore.pem')
|
|
15
|
+
@resource = RestClient::Resource.new(
|
|
16
|
+
@@resolver.get_host,
|
|
17
|
+
:ssl_client_key => OpenSSL::PKey::RSA.new(File.read(key_file), key_pass),
|
|
18
|
+
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read(cert_file)),
|
|
19
|
+
:ssl_ca_file => ca_certs,
|
|
20
|
+
:verify_ssl => OpenSSL::SSL::VERIFY_PEER)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def make_request(path, parameters)
|
|
24
|
+
@resource = @resource.class.new(@@resolver.get_host, @resource.options)
|
|
25
|
+
response = @resource[path].get :params => parameters
|
|
26
|
+
|
|
27
|
+
if response.code != 200
|
|
28
|
+
result = "<context><name>%s</name><result xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"defaultResult\" message=\"Identity Service Failure : %d\">FAILURE</result></context>" % (parameters[:name].nil? || parameters[:name].empty?) ? 'Unknown' : parameters[:name], response.code
|
|
29
|
+
else
|
|
30
|
+
result = response.to_s
|
|
31
|
+
end
|
|
32
|
+
return result
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
data/lib/identity.rb
ADDED
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
require 'connection_handler.rb'
|
|
2
|
+
require 'xmlsimple'
|
|
3
|
+
require 'warden/strategy.rb'
|
|
4
|
+
|
|
5
|
+
module Identity
|
|
6
|
+
=begin
|
|
7
|
+
<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>
|
|
8
|
+
<authentication_pretext>
|
|
9
|
+
<name>guest3f4c5a36a65d46e2</name>
|
|
10
|
+
<result xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"authenticationResult\" confidence=\"0.0\" level=\"0\" code=\"0\" message=\"OK\">SUCCESS</result>
|
|
11
|
+
<display_item name=\"passphrase\"><display_name>Password</display_name><form_element><input id="AuthParam0" type="password" name="passphrase" class="field required" /></form_element><nickname>Guest Password</nickname></display_item>
|
|
12
|
+
</authentication_pretext>
|
|
13
|
+
=end
|
|
14
|
+
class AuthenticationResult
|
|
15
|
+
attr_accessor :name, :result, :display_items
|
|
16
|
+
|
|
17
|
+
def initialize(xml)
|
|
18
|
+
r = XmlSimple.xml_in(xml, { 'ForceArray' => ['display_item'] })
|
|
19
|
+
self.result = r['result']
|
|
20
|
+
self.name = r['name']
|
|
21
|
+
|
|
22
|
+
if result['content'] == 'SUCCESS' || result['content'] == 'CONTINUE'
|
|
23
|
+
if r['display_item'] && r['display_item'].length > 0
|
|
24
|
+
self.display_items = Array.new
|
|
25
|
+
r['display_item'].each_with_index { |di, index| self.display_items[index] = di }
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
=begin
|
|
32
|
+
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
|
33
|
+
<enrollment_pretext>
|
|
34
|
+
<name>test</name>
|
|
35
|
+
<result code="0" message="OK">SUCCESS</result>
|
|
36
|
+
<form_element display_name="Password" name="passphrase">
|
|
37
|
+
<element><input id="EnrollParam0" type="password" name="passphrase" /></element>
|
|
38
|
+
</form_element>
|
|
39
|
+
</enrollment_pretext>
|
|
40
|
+
=end
|
|
41
|
+
class EnrollmentResult
|
|
42
|
+
attr_accessor :name, :result, :form_elements
|
|
43
|
+
|
|
44
|
+
def initialize(xml)
|
|
45
|
+
r = XmlSimple.xml_in(xml, { 'ForceArray' => ['form_element'] })
|
|
46
|
+
self.name = r['name']
|
|
47
|
+
self.result = r['result']
|
|
48
|
+
if self.result['content'] == 'SUCCESS'
|
|
49
|
+
if r['form_elements'] && r['form_elements'].length > 0
|
|
50
|
+
self.form_elements = Array.new
|
|
51
|
+
r['form_elements'].each_with_index { |fe, index| self.form_elements[index] = fe }
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
module Provider
|
|
58
|
+
class IdentityServiceProvider
|
|
59
|
+
def initialize(handler)
|
|
60
|
+
@handler = handler
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def pre_authenticate(name, remote_host)
|
|
64
|
+
xml = @handler.make_request 'preauthenticate', { :name => name, :client_ip => remote_host }
|
|
65
|
+
return AuthenticationResult.new(xml)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def authenticate(name, remote_host, parameters)
|
|
69
|
+
xml = @handler.make_request 'authenticate', { :name => name, :client_ip => remote_host }.merge(parameters)
|
|
70
|
+
return AuthenticationResult.new(xml)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def pre_enroll(name, remote_host)
|
|
74
|
+
xml = @handler.make_request 'preenroll', { :name => name, :client_ip => remote_host }
|
|
75
|
+
return EnrollmentResult.new(xml)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def enroll(name, remote_host, parameters)
|
|
79
|
+
xml = @handler.make_request 'enroll', { :name => name, :client_ip => remote_host }.merge(parameters)
|
|
80
|
+
return EnrollmentResult.new(xml)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
data/lib/resolver.rb
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
require 'warden'
|
|
2
|
+
|
|
3
|
+
module Warden
|
|
4
|
+
module Strategies
|
|
5
|
+
class IdentityStrategy < Warden::Strategies::Base
|
|
6
|
+
def initialize(env, scope)
|
|
7
|
+
super(env, scope)
|
|
8
|
+
Rails.logger.debug("initialize, #{self}")
|
|
9
|
+
config = Rails.configuration
|
|
10
|
+
handler = Identity::ConnectionHandler.new config.identity_key, config.identity_key_password, config.identity_certificate, config.identity_truststore
|
|
11
|
+
# create the provider
|
|
12
|
+
@provider = Identity::Provider::IdentityServiceProvider.new handler
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def valid?
|
|
16
|
+
Rails.logger.debug("valid?, #{self}")
|
|
17
|
+
#Rails.logger.debug("session #{session.inspect}")
|
|
18
|
+
#Rails.logger.debug("params #{params.inspect}")
|
|
19
|
+
params["username"] || session[:identity_username_key]
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def authenticate!
|
|
23
|
+
Rails.logger.debug("authenticate!, #{self}")
|
|
24
|
+
#Rails.logger.debug("session #{session.inspect}")
|
|
25
|
+
#Rails.logger.debug("params #{params.inspect}")
|
|
26
|
+
|
|
27
|
+
if session[:identity_username_key].nil? && session[:identity_display_items].nil?
|
|
28
|
+
pretext = @provider.pre_authenticate params["username"], request.ip
|
|
29
|
+
if pretext.result['content'] == 'SUCCESS'
|
|
30
|
+
session[:identity_username_key] = pretext.name
|
|
31
|
+
session[:identity_display_items] = pretext.display_items
|
|
32
|
+
else
|
|
33
|
+
fail! pretext.result['message']
|
|
34
|
+
end
|
|
35
|
+
elsif !session[:identity_display_items].nil?
|
|
36
|
+
parameters = {}
|
|
37
|
+
session[:identity_display_items].each do |display_item|
|
|
38
|
+
key = display_item['name']
|
|
39
|
+
Rails.logger.debug "looking for #{key}"
|
|
40
|
+
parameters[key] = params[key]
|
|
41
|
+
end
|
|
42
|
+
context = @provider.authenticate session[:identity_username_key], request.ip, parameters
|
|
43
|
+
case context.result['content']
|
|
44
|
+
when 'CONTINUE'
|
|
45
|
+
session[:identity_display_items] = context.display_items
|
|
46
|
+
flash[:notice] = context.result['message']
|
|
47
|
+
when 'RESET'
|
|
48
|
+
session[:identity_username_key] = nil
|
|
49
|
+
session[:identity_display_items] = nil
|
|
50
|
+
when 'SUCCESS'
|
|
51
|
+
username = context.name
|
|
52
|
+
session[:identity_username_key] = nil
|
|
53
|
+
session[:identity_display_items] = nil
|
|
54
|
+
# this is an ephemeral user that needs to be handled in your custom login controller to associate with a "real" user account
|
|
55
|
+
# password is explicitly nil, keep it that way
|
|
56
|
+
user = User.new(:username => username)
|
|
57
|
+
success! user
|
|
58
|
+
else
|
|
59
|
+
fail! context.result['message']
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: identity
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 1
|
|
7
|
+
- 0
|
|
8
|
+
- 1
|
|
9
|
+
version: 1.0.1
|
|
10
|
+
platform: ruby
|
|
11
|
+
authors:
|
|
12
|
+
- Richard Levenberg
|
|
13
|
+
autorequire:
|
|
14
|
+
bindir: bin
|
|
15
|
+
cert_chain: []
|
|
16
|
+
|
|
17
|
+
date: 2012-09-17 00:00:00 -07:00
|
|
18
|
+
default_executable:
|
|
19
|
+
dependencies:
|
|
20
|
+
- !ruby/object:Gem::Dependency
|
|
21
|
+
name: rest-client
|
|
22
|
+
prerelease: false
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - ~>
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
segments:
|
|
28
|
+
- 1
|
|
29
|
+
- 6
|
|
30
|
+
- 7
|
|
31
|
+
version: 1.6.7
|
|
32
|
+
type: :runtime
|
|
33
|
+
version_requirements: *id001
|
|
34
|
+
- !ruby/object:Gem::Dependency
|
|
35
|
+
name: xml-simple
|
|
36
|
+
prerelease: false
|
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
38
|
+
requirements:
|
|
39
|
+
- - ~>
|
|
40
|
+
- !ruby/object:Gem::Version
|
|
41
|
+
segments:
|
|
42
|
+
- 1
|
|
43
|
+
- 1
|
|
44
|
+
- 1
|
|
45
|
+
version: 1.1.1
|
|
46
|
+
type: :runtime
|
|
47
|
+
version_requirements: *id002
|
|
48
|
+
description: A Ruby library for integrations with ufp Identity
|
|
49
|
+
email: richardl@ufp.com
|
|
50
|
+
executables: []
|
|
51
|
+
|
|
52
|
+
extensions: []
|
|
53
|
+
|
|
54
|
+
extra_rdoc_files: []
|
|
55
|
+
|
|
56
|
+
files:
|
|
57
|
+
- Gemfile
|
|
58
|
+
- identity.gemspec
|
|
59
|
+
- lib/connection_handler.rb
|
|
60
|
+
- lib/identity.rb
|
|
61
|
+
- lib/resolver.rb
|
|
62
|
+
- lib/warden/strategy.rb
|
|
63
|
+
has_rdoc: true
|
|
64
|
+
homepage: https://www.ufp.com
|
|
65
|
+
licenses: []
|
|
66
|
+
|
|
67
|
+
post_install_message:
|
|
68
|
+
rdoc_options: []
|
|
69
|
+
|
|
70
|
+
require_paths:
|
|
71
|
+
- lib
|
|
72
|
+
- lib/warden
|
|
73
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
74
|
+
requirements:
|
|
75
|
+
- - ">="
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
segments:
|
|
78
|
+
- 0
|
|
79
|
+
version: "0"
|
|
80
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
81
|
+
requirements:
|
|
82
|
+
- - ">="
|
|
83
|
+
- !ruby/object:Gem::Version
|
|
84
|
+
segments:
|
|
85
|
+
- 0
|
|
86
|
+
version: "0"
|
|
87
|
+
requirements: []
|
|
88
|
+
|
|
89
|
+
rubyforge_project: identity
|
|
90
|
+
rubygems_version: 1.3.6
|
|
91
|
+
signing_key:
|
|
92
|
+
specification_version: 3
|
|
93
|
+
summary: Ruby ufp Identity Library
|
|
94
|
+
test_files: []
|
|
95
|
+
|