leveret_auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a85472d6ff5fae2cf5ea2c09fb16fdc2a01fca37bfd5b5deb863a8bc99c924ba
+  data.tar.gz: ffb0fcf672c4ed65af3063b2d83371e1b8004d0bf0c582c246343ecfd73b27f5
+SHA512:
+  metadata.gz: 2c93c85be104deec37f841ba5f7dd1b8681c1fe1cfcf52d1809765de49aa891182249acd04d3fef4a8e6234326933558c841d882d245de89f39a81de6983d07b
+  data.tar.gz: d1e439f8fd6c1068c6c7e33459e6a608f5983e587f5c7b853af834d65b7c7a43ce6b24c42e114a0c9644b798a1f6f0e217cd6402cf4c2d685722fc049dfce6ba

data/lib/devise/models/auth_identitable.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Devise
+  module Models
+    module AuthIdentitable
+      extend ActiveSupport::Concern
+
+      included do
+        has_many :identities, class_name: 'LeveretAuth::Identities',
+                              foreign_key: :user_id, dependent: :destroy
+      end
+
+      module ClassMethods
+        def setup_user_from_third_party(provider:, uid:, email:)
+          raise LeveretAuth::Errors::ThirdPartyNotProvideEmail if email.nil? || email.empty?
+
+          identity = LeveretAuth::Identities.find_or_initialize_by(uid: uid, provider: provider)
+          return identity.user unless identity.new_record?
+
+          identity.user = setup_with_temporary_passsword(email)
+          identity.save!
+          identity.user
+        end
+
+        private
+
+        def setup_with_temporary_passsword(email)
+          user = find_or_initialize_by(email: email)
+          user unless user.new_record?
+
+          user.password = LeveretAuth.configuration.user_default_password
+          user.skip_confirmation!
+          user.save!
+          user
+        end
+      end
+    end
+  end
+end

data/lib/generators/leveret_auth/migration_generator.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module LeveretAuth
+  class MigrationGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path('templates', __dir__)
+    desc 'Installs LeveretAuth migration file.'
+
+    def install
+      migration_template(
+        'migration.rb.erb',
+        'db/migrate/create_leveret_auth_tables.rb',
+        migration_version: migration_version
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/leveret_auth/templates/migration.rb.erb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class CreateLeveretAuthTables < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :identities do |t|
+      t.string :uid, null: false
+      t.string :provider, null: false
+      t.references :user, null: false
+      t.timestamps
+    end
+
+    add_index :identities, %i[uid provider]
+
+    # Uncomment below to ensure a valid reference to the user's table
+    # add_foreign_key :identities, <model>, column: :user_id
+  end
+end

data/lib/leveret_auth/config.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module LeveretAuth
+  class MissingConfiguration < StandardError
+    def initialize
+      super('Configuration for leveret auth missing. Do you have on-premise auth initializer?')
+    end
+  end
+
+  class << self
+    def setup
+      run_orm_hooks
+      add_extension_to_devise
+    end
+
+    def configuration
+      @configuration || (raise MissingConfiguration)
+    end
+
+    def configure(&block)
+      @configuration = Config::Builder.new(&block).build
+    end
+
+    private
+
+    def run_orm_hooks
+      LeveretAuth::Orm::ActiveRecord.run_hooks
+    end
+
+    def add_extension_to_devise
+      Devise.add_module :auth_identitable, model: 'devise/models/auth_identitable'
+    end
+  end
+
+  # Default DiviseAuth configuration
+  class Config
+    def providers
+      @providers ||= []
+    end
+
+    def user_model_name
+      @user_model_name.to_s.classify
+    end
+
+    def user_model
+      @user_model ||= user_model_name.constantize
+    end
+
+    def user_default_password
+      @user_default_password
+    end
+
+    def identities_model
+      @identities_model ||= 'LeveretAuth::Identities'.constantize
+    end
+
+    # Default DiviseAuth configuration builder
+    class Builder
+      def initialize(config = Config.new, &block)
+        @config = config
+        instance_eval(&block)
+      end
+
+      def build
+        validate
+        @config
+      end
+
+      def validate
+        if @config.user_default_password.nil?
+          raise ArgumentError,
+                'Must configure user default password by call `user_default_password password`'
+        end
+      end
+
+      def devise_for(model_name)
+        @config.instance_variable_set(:@user_model_name, model_name)
+      end
+
+      def user_default_password(password)
+        @config.instance_variable_set(:@user_default_password, password)
+      end
+
+      def add_provider(name, **opts)
+        opts = Utils.load_json_file(opts[:file_path]) if opts[:file_path]
+        begin
+          klass = Strategies.const_get("#{name.to_s.camelize}Strategy")
+        rescue NameError
+          raise LoadError, "Could not find matching strategy for #{name}."
+        end
+        @config.providers << name.downcase
+        klass.configure(opts.compact)
+      end
+    end
+  end
+end

data/lib/leveret_auth/engine.rb

@@ -0,0 +1,7 @@
+module LeveretAuth
+  class Engine < Rails::Engine
+    config.to_prepare do
+      LeveretAuth.setup
+    end
+  end
+end

data/lib/leveret_auth/errors.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module LeveretAuth
+  module Errors
+    class StrategyNotFound < StandardError; end
+    class ThirdPartyNotProvideEmail < StandardError; end
+    class InvalidCredential < StandardError; end
+  end
+end

data/lib/leveret_auth/ldap/configuration.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module LeveretAuth
+  module Ldap
+    class Configuration
+      class ConfigurationError < StandardError; end
+
+      # For build Net::LDAP::Connection
+      REQUIRED_CONNECTION_CONFIG_KEYS = %i[host port base].freeze
+      OPTIONAL_CONNECTION_CONFIG_KEYS = [
+        encryption: %i[method tls_opitons],
+        auth: %i[method username password]
+      ].freeze
+
+      # For custom search condition
+      REQUIRED_SEARCH_CONFIG_KEYS = [%i[uid filter]].freeze
+
+      attr_reader :uid, :filter
+
+      def initialize(configuration = {})
+        validate_required_keys(configuration)
+
+        permitted_keys = [permitted_connection_keys + permitted_search_keys].flatten
+        Utils.deep_slice(configuration, permitted_keys).each do |k, v|
+          instance_variable_set("@#{k}", v)
+        end
+
+        validate_encryption
+        validate_auth
+      end
+
+      def connection_config
+        permitted_connection_keys.each_with_object({}) do |key, hash|
+          if key.is_a?(Hash)
+            key.each_key { |sub_key| hash[sub_key] = instance_variable_get("@#{sub_key}") }
+          else
+            hash[key] = instance_variable_get("@#{key}")
+          end
+          hash
+        end.compact
+      end
+
+      private
+
+      def validate_required_keys(configuration)
+        required_keys = REQUIRED_CONNECTION_CONFIG_KEYS + REQUIRED_SEARCH_CONFIG_KEYS
+        missing_keys = Utils.validate(configuration, required_keys)
+
+        raise ConfigurationError, Utils.build_error_message(missing_keys) unless missing_keys.empty?
+      end
+
+      def validate_encryption
+        return if @encryption.nil?
+        return unless @encryption.is_a?(Hash)
+
+        @encryption[:method] = @encryption[:method].to_sym
+        return if %i[simple_tls start_tls].include?(@encryption[:method])
+
+        tls_options = @encryption[:tls_options]
+        return if tls_options.nil?
+
+        @encryption[:tls_options] = ::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(tls_options)
+
+        raise ConfigurationError, "unsupported encryption method #{@encryption[:method]}"
+      end
+
+      def validate_auth
+        return if @auth.nil?
+
+        @auth[:method] = @auth[:method].to_sym
+        if %i[simple anonymous].exclude?(@auth[:method])
+          raise ConfigurationError, "unsupported auth method #{@auth[:method]}"
+        end
+
+        if @auth[:method] == :simple
+          return if @auth[:username] && @auth[:password]
+
+          raise ConfigurationError, 'simple auth must have username and password'
+        end
+      end
+
+      def permitted_connection_keys
+        REQUIRED_CONNECTION_CONFIG_KEYS + OPTIONAL_CONNECTION_CONFIG_KEYS
+      end
+
+      def permitted_search_keys
+        REQUIRED_SEARCH_CONFIG_KEYS
+      end
+    end
+  end
+end

data/lib/leveret_auth/ldap/connection.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'net/ldap'
+
+module LeveretAuth
+  module Ldap
+    class Connection
+      def initialize(configuration)
+        @configuration = if configuration.is_a?(Configuration)
+                           configuration
+                         else
+                           Configuration.new(configuration)
+                         end
+        @connection = Net::LDAP.new(@configuration.connection_config)
+      end
+
+      def search(value)
+        @connection.search(filter: build_filter(value))
+      end
+
+      def bind_as(entry_dn, password)
+        @connection.bind(method: :simple, username: entry_dn, password: password)
+      end
+
+      private
+
+      def build_filter(value)
+        if @configuration.filter && !@configuration.filter.empty?
+          Net::LDAP::Filter.construct(@configuration.filter % { username: value })
+        else
+          Net::LDAP::Filter.eq(@configuration.uid, value)
+        end
+      end
+    end
+  end
+end

data/lib/leveret_auth/orm/active_record/identities.rb

@@ -0,0 +1,7 @@
+# require 'leveret_auth/orm/active_record/mixins/identities'
+
+module LeveretAuth
+  class Identities < ::ActiveRecord::Base
+    include LeveretAuth::Orm::ActiveRecord::Mixins::Identities
+  end
+end

data/lib/leveret_auth/orm/active_record/mixins/identities.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module LeveretAuth::Orm::ActiveRecord::Mixins
+  module Identities
+    extend ActiveSupport::Concern
+
+    included do
+      self.table_name = 'identities'
+      self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
+
+      belongs_to :user, class_name: "::#{LeveretAuth.configuration.user_model_name}",
+                        inverse_of: :identities
+    end
+  end
+end

data/lib/leveret_auth/orm/active_record.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+# require 'leveret_auth/orm/active_record/identities'
+
+module LeveretAuth
+  autoload :Identities, 'leveret_auth/orm/active_record/identities'
+
+  module Orm
+    module ActiveRecord
+      module Mixins
+        autoload :Identities, 'leveret_auth/orm/active_record/mixins/identities'
+      end
+
+      def self.run_hooks
+        models.each(&:establish_connection)
+      end
+
+      def self.models
+        [
+          LeveretAuth.configuration.identities_model
+        ]
+      end
+    end
+  end
+end

data/lib/leveret_auth/strategies/base_strategy.rb

@@ -0,0 +1,35 @@
+module LeveretAuth
+  module Strategies
+    class BaseStrategy
+      class << self
+        def config
+          @config ||= {}
+        end
+
+        def configure(configuration)
+          @config = configuration
+        end
+      end
+
+      def initialize(params)
+        permitted_attrs.each do |key|
+          instance_variable_set("@#{key}", params[key])
+        end
+      end
+
+      def authenticate!
+        raise 'Must implement the method: `authenticate!`'
+      end
+
+      private
+
+      def user_model
+        LeveretAuth.configuration.user_model
+      end
+
+      def permitted_attrs
+        raise 'Must implement method: `permitted_attrs`'
+      end
+    end
+  end
+end

data/lib/leveret_auth/strategies/devise_strategy.rb

@@ -0,0 +1,21 @@
+require 'leveret_auth/strategies/base_strategy'
+
+module LeveretAuth
+  module Strategies
+    class DeviseStrategy < BaseStrategy
+      def authenticate!
+        user = user_model.find_for_authentication(email: @email)
+        raise Errors::InvalidCredential if user.nil?
+        raise Errors::InvalidCredential unless user.valid_for_authentication? { user.valid_password?(@password) }
+
+        user
+      end
+
+      private
+
+      def permitted_attrs
+        %i[email password]
+      end
+    end
+  end
+end

data/lib/leveret_auth/strategies/ldap_strategy.rb

@@ -0,0 +1,41 @@
+require 'leveret_auth/strategies/base_strategy'
+require 'leveret_auth/ldap/configuration'
+require 'leveret_auth/ldap/connection'
+
+module LeveretAuth
+  module Strategies
+    class LdapStrategy < BaseStrategy
+      class << self
+        def client
+          @client ||= Ldap::Connection.new(config)
+        end
+
+        def configure(configuration)
+          @config = Ldap::Configuration.new(configuration)
+        end
+      end
+
+      def authenticate!
+        entrys = client.search(@email)
+        raise Errors::InvalidCredential if entrys.nil?
+
+        verified_entry = entrys.find { |entry| client.bind_as(entry.dn, @password) }
+        raise Errors::InvalidCredential if verified_entry.nil?
+
+        user_model.setup_user_from_third_party(uid: verified_entry.dn,
+                                               provider: 'ldap',
+                                               email: @email)
+      end
+
+      private
+
+      def permitted_attrs
+        %i[email password]
+      end
+
+      def client
+        self.class.client
+      end
+    end
+  end
+end

data/lib/leveret_auth/utils.rb

@@ -0,0 +1,42 @@
+module LeveretAuth
+  module Utils
+    class << self
+      def load_json_file(file_path)
+        file = File.open(Rails.root.join(file_path), 'r').read
+        JSON.parse(file).deep_symbolize_keys
+      end
+
+      def validate(hash, required_keys)
+        required_keys.select do |key|
+          if key.is_a?(Array)
+            hash.slice(*key).empty?
+          else
+            hash[key].nil?
+          end
+        end
+      end
+
+      def build_error_message(missing_keys)
+        error_message = missing_keys.map do |key|
+          key.is_a?(Array) ? key.join(' or ') : key
+        end
+        "Missing keys: #{error_message.join(', ')}"
+      end
+
+      def deep_slice(hash, keys)
+        return unless hash.is_a?(Hash)
+
+        keys.each_with_object({}) do |k, new_hash|
+          if k.is_a?(Hash)
+            k.each do |sub_key, sub_value|
+              new_hash[sub_key] = deep_slice(hash[sub_key], sub_value) if hash.key?(sub_key)
+            end
+          else
+            new_hash[k] = hash[k] if hash.key?(k)
+          end
+          new_hash
+        end
+      end
+    end
+  end
+end

data/lib/leveret_auth.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'leveret_auth/utils'
+require 'leveret_auth/config'
+require 'leveret_auth/engine'
+
+# Main LeveretAuth namespace.
+#
+module LeveretAuth
+  autoload :Errors, 'leveret_auth/errors'
+
+  module Strategies
+    autoload :LdapStrategy, 'leveret_auth/strategies/ldap_strategy'
+    autoload :DeviseStrategy, 'leveret_auth/strategies/devise_strategy'
+  end
+
+  module Orm
+    autoload :ActiveRecord, 'leveret_auth/orm/active_record'
+  end
+
+  class << self
+    def auth_with_doorkeeper(params)
+      strategy_class = find_strategy(params[:grant_type], provider: params[:provider])
+      strategy = strategy_class.new(params)
+      strategy.authenticate!
+    end
+
+    private
+
+    def find_strategy(grant_type, provider: nil)
+      dispathcer_name = "#{grant_type.to_s.downcase}_strategy"
+      raise Errors::StrategyNotFound unless respond_to?(dispathcer_name, true)
+
+      method(dispathcer_name).call(provider)
+    end
+
+    def password_strategy(provider)
+      return Strategies::DeviseStrategy if provider.nil?
+      raise Errors::StrategyNotFound unless allowed_provider?(provider)
+
+      const_get("Strategies::#{provider.to_s.camelize}Strategy")
+    end
+
+    def allowed_provider?(provider)
+      return false if provider.nil?
+
+      configuration.providers.include?(provider.downcase.to_sym)
+    end
+  end
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: leveret_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- ChengChih Chang
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-01-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.8.1
+description: auth with different strategy
+email: cc.chang@kdanmobile.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/devise/models/auth_identitable.rb
+- lib/generators/leveret_auth/migration_generator.rb
+- lib/generators/leveret_auth/templates/migration.rb.erb
+- lib/leveret_auth.rb
+- lib/leveret_auth/config.rb
+- lib/leveret_auth/engine.rb
+- lib/leveret_auth/errors.rb
+- lib/leveret_auth/ldap/configuration.rb
+- lib/leveret_auth/ldap/connection.rb
+- lib/leveret_auth/orm/active_record.rb
+- lib/leveret_auth/orm/active_record/identities.rb
+- lib/leveret_auth/orm/active_record/mixins/identities.rb
+- lib/leveret_auth/strategies/base_strategy.rb
+- lib/leveret_auth/strategies/devise_strategy.rb
+- lib/leveret_auth/strategies/ldap_strategy.rb
+- lib/leveret_auth/utils.rb
+homepage: https://github.com/kdan-mobile-software-ltd/leveret_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.22
+signing_key: 
+specification_version: 4
+summary: The devise extension for auth strategy
+test_files: []