maestrano-rails-test 0.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +273 -0
- data/Rakefile +38 -0
- data/app/controllers/maestrano/rails/metadata_controller.rb +8 -0
- data/app/controllers/maestrano/rails/saml_base_controller.rb +40 -0
- data/app/controllers/maestrano/rails/web_hook_controller.rb +16 -0
- data/lib/generators/active_record/maestrano_group_generator.rb +38 -0
- data/lib/generators/active_record/maestrano_user_generator.rb +38 -0
- data/lib/generators/active_record/templates/migration.rb +13 -0
- data/lib/generators/maestrano/USAGE +2 -0
- data/lib/generators/maestrano/group_generator.rb +11 -0
- data/lib/generators/maestrano/install_generator.rb +31 -0
- data/lib/generators/maestrano/orm_helpers.rb +75 -0
- data/lib/generators/maestrano/templates/group_users_controller.rb +26 -0
- data/lib/generators/maestrano/templates/groups_controller.rb +36 -0
- data/lib/generators/maestrano/templates/maestrano.rb +126 -0
- data/lib/generators/maestrano/templates/saml_controller.rb +52 -0
- data/lib/generators/maestrano/user_generator.rb +11 -0
- data/lib/generators/mongoid/maestrano_group_generator.rb +26 -0
- data/lib/generators/mongoid/maestrano_user_generator.rb +26 -0
- data/lib/maestrano-rails.rb +1 -0
- data/lib/maestrano/rails.rb +11 -0
- data/lib/maestrano/rails/controllers/maestrano_security.rb +32 -0
- data/lib/maestrano/rails/models/maestrano_auth_resource.rb +116 -0
- data/lib/maestrano/rails/routing/routes.rb +28 -0
- data/lib/maestrano/rails/version.rb +5 -0
- data/test/controllers/generic_controller_test.rb +56 -0
- data/test/controllers/group_users_controller_test.rb +23 -0
- data/test/controllers/groups_controller_test.rb +24 -0
- data/test/controllers/metadata_controller_test.rb +25 -0
- data/test/controllers/saml_controller_test.rb +123 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +44 -0
- data/test/dummy/log/test.log +6611 -0
- data/test/dummy_activerecord/README.rdoc +261 -0
- data/test/dummy_activerecord/Rakefile +7 -0
- data/test/dummy_activerecord/app/assets/javascripts/application.js +15 -0
- data/test/dummy_activerecord/app/assets/javascripts/pages.js +2 -0
- data/test/dummy_activerecord/app/assets/stylesheets/application.css +13 -0
- data/test/dummy_activerecord/app/assets/stylesheets/pages.css +4 -0
- data/test/dummy_activerecord/app/controllers/application_controller.rb +3 -0
- data/test/dummy_activerecord/app/controllers/maestrano/account/group_users_controller.rb +27 -0
- data/test/dummy_activerecord/app/controllers/maestrano/account/groups_controller.rb +37 -0
- data/test/dummy_activerecord/app/controllers/maestrano/auth/saml_controller.rb +14 -0
- data/test/dummy_activerecord/app/controllers/pages_controller.rb +4 -0
- data/test/dummy_activerecord/app/helpers/application_helper.rb +2 -0
- data/test/dummy_activerecord/app/helpers/pages_helper.rb +2 -0
- data/test/dummy_activerecord/app/models/admin.rb +5 -0
- data/test/dummy_activerecord/app/models/admin/monster.rb +2 -0
- data/test/dummy_activerecord/app/models/mno_crew.rb +7 -0
- data/test/dummy_activerecord/app/models/mno_monster.rb +9 -0
- data/test/dummy_activerecord/app/models/monster.rb +2 -0
- data/test/dummy_activerecord/app/views/layouts/application.html.erb +14 -0
- data/test/dummy_activerecord/app/views/pages/home.html.erb +2 -0
- data/test/dummy_activerecord/config.ru +4 -0
- data/test/dummy_activerecord/config/application.rb +56 -0
- data/test/dummy_activerecord/config/boot.rb +10 -0
- data/test/dummy_activerecord/config/database.yml +25 -0
- data/test/dummy_activerecord/config/environment.rb +5 -0
- data/test/dummy_activerecord/config/environments/development.rb +37 -0
- data/test/dummy_activerecord/config/environments/production.rb +67 -0
- data/test/dummy_activerecord/config/environments/test.rb +37 -0
- data/test/dummy_activerecord/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy_activerecord/config/initializers/inflections.rb +15 -0
- data/test/dummy_activerecord/config/initializers/maestrano.rb +85 -0
- data/test/dummy_activerecord/config/initializers/mime_types.rb +5 -0
- data/test/dummy_activerecord/config/initializers/secret_token.rb +7 -0
- data/test/dummy_activerecord/config/initializers/session_store.rb +8 -0
- data/test/dummy_activerecord/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy_activerecord/config/locales/en.yml +5 -0
- data/test/dummy_activerecord/config/routes.rb +63 -0
- data/test/dummy_activerecord/db/development.sqlite3 +0 -0
- data/test/dummy_activerecord/db/migrate/20140526125222_create_monsters.rb +8 -0
- data/test/dummy_activerecord/db/migrate/20140526125242_create_admin_monsters.rb +8 -0
- data/test/dummy_activerecord/db/migrate/20140526144828_create_mno_monsters.rb +13 -0
- data/test/dummy_activerecord/db/migrate/20140526151139_create_mno_crews.rb +11 -0
- data/test/dummy_activerecord/db/schema.rb +44 -0
- data/test/dummy_activerecord/db/test.sqlite3 +0 -0
- data/test/dummy_activerecord/log/development.log +76 -0
- data/test/dummy_activerecord/log/test.log +326 -0
- data/test/dummy_activerecord/public/404.html +26 -0
- data/test/dummy_activerecord/public/422.html +26 -0
- data/test/dummy_activerecord/public/500.html +25 -0
- data/test/dummy_activerecord/public/favicon.ico +0 -0
- data/test/dummy_activerecord/script/rails +6 -0
- data/test/dummy_mongoid/README.rdoc +261 -0
- data/test/dummy_mongoid/Rakefile +7 -0
- data/test/dummy_mongoid/app/assets/javascripts/application.js +15 -0
- data/test/dummy_mongoid/app/assets/javascripts/pages.js +2 -0
- data/test/dummy_mongoid/app/assets/stylesheets/application.css +13 -0
- data/test/dummy_mongoid/app/assets/stylesheets/pages.css +4 -0
- data/test/dummy_mongoid/app/controllers/application_controller.rb +3 -0
- data/test/dummy_mongoid/app/controllers/maestrano/account/group_users_controller.rb +27 -0
- data/test/dummy_mongoid/app/controllers/maestrano/account/groups_controller.rb +37 -0
- data/test/dummy_mongoid/app/controllers/maestrano/auth/saml_controller.rb +14 -0
- data/test/dummy_mongoid/app/controllers/pages_controller.rb +4 -0
- data/test/dummy_mongoid/app/helpers/application_helper.rb +2 -0
- data/test/dummy_mongoid/app/helpers/pages_helper.rb +2 -0
- data/test/dummy_mongoid/app/models/mno_crew.rb +11 -0
- data/test/dummy_mongoid/app/models/mno_monster.rb +14 -0
- data/test/dummy_mongoid/app/models/monster.rb +3 -0
- data/test/dummy_mongoid/app/views/layouts/application.html.erb +14 -0
- data/test/dummy_mongoid/app/views/pages/home.html.erb +2 -0
- data/test/dummy_mongoid/config.ru +4 -0
- data/test/dummy_mongoid/config/application.rb +59 -0
- data/test/dummy_mongoid/config/boot.rb +10 -0
- data/test/dummy_mongoid/config/environment.rb +5 -0
- data/test/dummy_mongoid/config/environments/development.rb +37 -0
- data/test/dummy_mongoid/config/environments/production.rb +67 -0
- data/test/dummy_mongoid/config/environments/test.rb +37 -0
- data/test/dummy_mongoid/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy_mongoid/config/initializers/inflections.rb +15 -0
- data/test/dummy_mongoid/config/initializers/maestrano.rb +85 -0
- data/test/dummy_mongoid/config/initializers/mime_types.rb +5 -0
- data/test/dummy_mongoid/config/initializers/secret_token.rb +7 -0
- data/test/dummy_mongoid/config/initializers/session_store.rb +8 -0
- data/test/dummy_mongoid/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy_mongoid/config/locales/en.yml +5 -0
- data/test/dummy_mongoid/config/mongoid.yml +80 -0
- data/test/dummy_mongoid/config/routes.rb +63 -0
- data/test/dummy_mongoid/db/migrate/20140526125222_create_monsters.rb +8 -0
- data/test/dummy_mongoid/db/migrate/20140526125242_create_admin_monsters.rb +8 -0
- data/test/dummy_mongoid/db/migrate/20140526144828_create_mno_monsters.rb +13 -0
- data/test/dummy_mongoid/db/migrate/20140526151139_create_mno_crews.rb +11 -0
- data/test/dummy_mongoid/db/schema.rb +44 -0
- data/test/dummy_mongoid/public/404.html +26 -0
- data/test/dummy_mongoid/public/422.html +26 -0
- data/test/dummy_mongoid/public/500.html +25 -0
- data/test/dummy_mongoid/public/favicon.ico +0 -0
- data/test/dummy_mongoid/script/rails +6 -0
- data/test/generators/group/active_record_generator_test.rb +79 -0
- data/test/generators/group/mongoid_generator_test.rb +76 -0
- data/test/generators/group_generator_test.rb +39 -0
- data/test/generators/install_generator_test.rb +45 -0
- data/test/generators/user/active_record_generator_test.rb +79 -0
- data/test/generators/user/mongoid_generator_test.rb +76 -0
- data/test/generators/user_generator_test.rb +39 -0
- data/test/maestrano-rails_test.rb +7 -0
- data/test/models/maestrano_group_via_test.rb +66 -0
- data/test/models/maestrano_user_via_test.rb +70 -0
- data/test/test_files/config/routes.rb +58 -0
- data/test/test_helper.rb +42 -0
- data/test/tmp/app/models/monster.rb +20 -0
- metadata +418 -0
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'rails/generators/active_record'
|
2
|
+
require 'generators/maestrano/orm_helpers'
|
3
|
+
|
4
|
+
module ActiveRecord
|
5
|
+
module Generators
|
6
|
+
class MaestranoUserGenerator < ActiveRecord::Generators::Base
|
7
|
+
include Maestrano::Generators::OrmHelpers
|
8
|
+
source_root File.expand_path("../templates", __FILE__)
|
9
|
+
|
10
|
+
def copy_maestrano_migration
|
11
|
+
migration_template "migration.rb", "db/migrate/add_maestrano_to_#{table_name}.rb"
|
12
|
+
end
|
13
|
+
|
14
|
+
def inject_maestrano_content
|
15
|
+
content = model_contents
|
16
|
+
|
17
|
+
class_path = if namespaced?
|
18
|
+
class_name.to_s.split("::")
|
19
|
+
else
|
20
|
+
[class_name]
|
21
|
+
end
|
22
|
+
|
23
|
+
indent_depth = class_path.size - 1
|
24
|
+
content = content.split("\n").map { |line| " " * indent_depth + line } .join("\n") << "\n"
|
25
|
+
|
26
|
+
inject_into_class(model_path, class_path.last, content) if model_exists?
|
27
|
+
end
|
28
|
+
|
29
|
+
def migration_data
|
30
|
+
<<RUBY
|
31
|
+
## User source identification fields
|
32
|
+
t.string :provider
|
33
|
+
t.string :uid
|
34
|
+
RUBY
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
class AddMaestranoTo<%= table_name.camelize %> < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
change_table(:<%= table_name %>) do |t|
|
4
|
+
<%= migration_data -%>
|
5
|
+
end
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.down
|
9
|
+
# By default, we don't want to make any assumption about how to roll back this migration.
|
10
|
+
# Please edit below which fields you would like to remove in this migration.
|
11
|
+
raise ActiveRecord::IrreversibleMigration
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module Maestrano
|
2
|
+
module Generators
|
3
|
+
class GroupGenerator < ::Rails::Generators::NamedBase
|
4
|
+
include ::Rails::Generators::ResourceHelpers
|
5
|
+
|
6
|
+
source_root File.expand_path("../templates", __FILE__)
|
7
|
+
desc "Configure group model <NAME> for maestrano and create migration"
|
8
|
+
hook_for :orm, as: :maestrano_group
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module Maestrano
|
2
|
+
module Generators
|
3
|
+
class InstallGenerator < ::Rails::Generators::Base
|
4
|
+
source_root File.expand_path("../templates", __FILE__)
|
5
|
+
desc "Creates a Maestrano initializer and a customizable controller for SAML Single Sign-On"
|
6
|
+
|
7
|
+
def copy_initializer
|
8
|
+
template "maestrano.rb", "config/initializers/maestrano.rb"
|
9
|
+
end
|
10
|
+
|
11
|
+
def copy_saml_controller
|
12
|
+
template "saml_controller.rb", "app/controllers/maestrano/auth/saml_controller.rb"
|
13
|
+
end
|
14
|
+
|
15
|
+
def copy_account_groups_controller
|
16
|
+
template "groups_controller.rb", "app/controllers/maestrano/account/groups_controller.rb"
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_account_group_users_controller
|
20
|
+
template "group_users_controller.rb", "app/controllers/maestrano/account/group_users_controller.rb"
|
21
|
+
end
|
22
|
+
|
23
|
+
def add_maestrano_routes
|
24
|
+
maestrano_routes = <<-CONTENT
|
25
|
+
maestrano_routes
|
26
|
+
CONTENT
|
27
|
+
route maestrano_routes
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
module Maestrano
|
2
|
+
module Generators
|
3
|
+
module OrmHelpers
|
4
|
+
|
5
|
+
def model_contents
|
6
|
+
|
7
|
+
if model_type == 'user'
|
8
|
+
buffer = <<-CONTENT
|
9
|
+
# Enable Maestrano for this user
|
10
|
+
maestrano_user_via :provider, :uid do |user,maestrano|
|
11
|
+
user.name = maestrano.first_name
|
12
|
+
user.surname = maestrano.last_name
|
13
|
+
user.email = maestrano.email
|
14
|
+
#user.company = maestrano.company_name
|
15
|
+
#user.country_alpha2 = maestrano.country
|
16
|
+
#user.some_required_field = 'some-appropriate-default-value'
|
17
|
+
end
|
18
|
+
|
19
|
+
CONTENT
|
20
|
+
else
|
21
|
+
buffer = <<-CONTENT
|
22
|
+
# Enable Maestrano for this group
|
23
|
+
maestrano_group_via :provider, :uid do |group, maestrano|
|
24
|
+
group.name = (maestrano.company_name || "Default Group name")
|
25
|
+
#group.country_alpha2 = maestrano.country
|
26
|
+
#group.free_trial_end_at = maestrano.free_trial_end_at
|
27
|
+
#group.some_required_field = 'some-appropriate-default-value'
|
28
|
+
end
|
29
|
+
|
30
|
+
CONTENT
|
31
|
+
end
|
32
|
+
|
33
|
+
buffer += <<-CONTENT if needs_attr_accessible?
|
34
|
+
# Setup protected attributes for your model
|
35
|
+
attr_protected :provider, :uid
|
36
|
+
|
37
|
+
CONTENT
|
38
|
+
buffer
|
39
|
+
end
|
40
|
+
|
41
|
+
def model_type
|
42
|
+
self.class.name.split("::").last.gsub("Maestrano","").gsub("Generator","").downcase
|
43
|
+
end
|
44
|
+
|
45
|
+
def needs_attr_accessible?
|
46
|
+
rails_3? && !strong_parameters_enabled?
|
47
|
+
end
|
48
|
+
|
49
|
+
def rails_3?
|
50
|
+
::Rails::VERSION::MAJOR == 3
|
51
|
+
end
|
52
|
+
|
53
|
+
def strong_parameters_enabled?
|
54
|
+
defined?(ActionController::StrongParameters)
|
55
|
+
end
|
56
|
+
|
57
|
+
private
|
58
|
+
def model_exists?
|
59
|
+
File.exists?(File.join(destination_root, model_path))
|
60
|
+
end
|
61
|
+
|
62
|
+
def migration_exists?(table_name)
|
63
|
+
Dir.glob("#{File.join(destination_root, migration_path)}/[0-9]*_*.rb").grep(/\d+_add_maestrano_to_#{table_name}.rb$/).first
|
64
|
+
end
|
65
|
+
|
66
|
+
def migration_path
|
67
|
+
@migration_path ||= File.join("db", "migrate")
|
68
|
+
end
|
69
|
+
|
70
|
+
def model_path
|
71
|
+
@model_path ||= File.join("app", "models", "#{file_path}.rb")
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
class Maestrano::Account::GroupUsersController < Maestrano::Rails::WebHookController
|
2
|
+
|
3
|
+
# DELETE /maestrano/account/groups/cld-1/users/usr-1
|
4
|
+
# Remove a user from a group
|
5
|
+
def destroy
|
6
|
+
# Set the right uid based on Maestrano.param('sso.creation_mode')
|
7
|
+
user_uid = Maestrano.mask_user(params[:id],params[:group_id])
|
8
|
+
group_uid = params[:group_id]
|
9
|
+
|
10
|
+
# Perform association deletion steps here
|
11
|
+
# --
|
12
|
+
# If Maestrano.param('sso.creation_mode') is set to virtual
|
13
|
+
# then you might want to just delete/cancel/block the user
|
14
|
+
#
|
15
|
+
# E.g
|
16
|
+
# user = User.find_by_provider_and_uid('maestrano',user_uid)
|
17
|
+
# organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
|
18
|
+
#
|
19
|
+
# if Maestrano.param('sso.creation_mode') == 'virtual'
|
20
|
+
# user.destroy
|
21
|
+
# else
|
22
|
+
# organization.remove_user(user)
|
23
|
+
# user.block_access! if user.reload.organizations.empty?
|
24
|
+
# end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
class Maestrano::Account::GroupsController < Maestrano::Rails::WebHookController
|
2
|
+
|
3
|
+
# DELETE /maestrano/account/groups/cld-1
|
4
|
+
# Delete an entire group
|
5
|
+
def destroy
|
6
|
+
group_uid = params[:id]
|
7
|
+
|
8
|
+
# Perform deletion steps here
|
9
|
+
# --
|
10
|
+
# If you need to perform a final checkout
|
11
|
+
# then you can call Maestrano::Account::Bill.create({.. final checkout details ..})
|
12
|
+
# --
|
13
|
+
# If Maestrano.param('sso.creation_mode') is set to virtual
|
14
|
+
# then you might want to delete/cancel/block all users under
|
15
|
+
# that group
|
16
|
+
# --
|
17
|
+
# E.g:
|
18
|
+
# organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
|
19
|
+
#
|
20
|
+
# amount_cents = organization.calculate_total_due_remaining
|
21
|
+
# Maestrano::Account::Bill.create({
|
22
|
+
# group_id: group_uid,
|
23
|
+
# price_cents: amount_cents,
|
24
|
+
# description: "Final Payout"
|
25
|
+
# })
|
26
|
+
#
|
27
|
+
# if Maestrano.param('sso.creation_mode') == 'virtual'
|
28
|
+
# organization.members.where(provider:'maestrano').each do |user|
|
29
|
+
# user.destroy
|
30
|
+
# end
|
31
|
+
#
|
32
|
+
# organization.destroy
|
33
|
+
# render json: {success: true}
|
34
|
+
#
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,126 @@
|
|
1
|
+
Maestrano.configure do |config|
|
2
|
+
|
3
|
+
# ==> Environment configuration
|
4
|
+
# The environment to connect to.
|
5
|
+
# If set to 'production' then all Single Sign-On (SSO) and API requests
|
6
|
+
# will be made to maestrano.com
|
7
|
+
# If set to 'test' then requests will be made to api-sandbox.maestrano.io
|
8
|
+
# The api-sandbox allows you to easily test integration scenarios.
|
9
|
+
# More details on http://api-sandbox.maestrano.io
|
10
|
+
#
|
11
|
+
config.environment = 'test' # or 'production'
|
12
|
+
|
13
|
+
# ==> Application host
|
14
|
+
# This is your application host (e.g: my-app.com) which is ultimately
|
15
|
+
# used to redirect users to the right SAML url during SSO handshake.
|
16
|
+
#
|
17
|
+
config.app.host = (config.environment == 'production' ? 'https://my-app.com' : 'http://localhost:3000')
|
18
|
+
|
19
|
+
# ==> App ID & API key
|
20
|
+
# Your application App ID and API key which you can retrieve on http://maestrano.com
|
21
|
+
# via your cloud partner dashboard.
|
22
|
+
# For testing you can retrieve/generate an api.id and api.key from the API Sandbox directly
|
23
|
+
# on http://api-sandbox.maestrano.io
|
24
|
+
#
|
25
|
+
config.api.id = (config.environment == 'production' ? 'prod_app_id' : 'sandbox_app_id')
|
26
|
+
config.api.key = (config.environment == 'production' ? 'prod_api_key' : 'sandbox_api_key')
|
27
|
+
|
28
|
+
# ==> Single Sign-On activation
|
29
|
+
# Enable/Disable single sign-on. When troubleshooting authentication issues
|
30
|
+
# you might want to disable SSO temporarily
|
31
|
+
#
|
32
|
+
# config.sso.enabled = true
|
33
|
+
|
34
|
+
# ==> Single Sign-On Identity Manager
|
35
|
+
# By default we consider that the domain managing user identification
|
36
|
+
# is the same as your application host (see above config.app.host parameter)
|
37
|
+
# If you have a dedicated domain managing user identification and therefore
|
38
|
+
# responsible for the single sign-on handshake (e.g: https://idp.my-app.com)
|
39
|
+
# then you can specify it below
|
40
|
+
#
|
41
|
+
# config.sso.idm = (config.environment == 'production' ? 'https://idp.my-app.com' : 'http://localhost:3000')
|
42
|
+
|
43
|
+
# ==> SSO Initialization endpoint
|
44
|
+
# This is your application path to the SAML endpoint that allows users to
|
45
|
+
# initialize SSO authentication. Upon reaching this endpoint users your
|
46
|
+
# application will automatically create a SAML request and redirect the user
|
47
|
+
# to Maestrano. Maestrano will then authenticate and authorize the user. Upon
|
48
|
+
# authorization the user gets redirected to your application consumer endpoint
|
49
|
+
# (see below) for initial setup and/or login.
|
50
|
+
#
|
51
|
+
# The controller for this path is automatically
|
52
|
+
# generated when you run 'rake maestrano:install' and is available at
|
53
|
+
# <rails_root>/app/controllers/maestrano/auth/saml.rb
|
54
|
+
#
|
55
|
+
# config.sso.init_path = '/maestrano/auth/saml/init'
|
56
|
+
|
57
|
+
# ==> SSO Consumer endpoint
|
58
|
+
# This is your application path to the SAML endpoint that allows users to
|
59
|
+
# finalize SSO authentication. During the 'consume' action your application
|
60
|
+
# sets users (and associated group) up and/or log them in.
|
61
|
+
#
|
62
|
+
# The controller for this path is automatically
|
63
|
+
# generated when you run 'rake maestrano:install' and is available at
|
64
|
+
# <rails_root>/app/controllers/maestrano/auth/saml.rb
|
65
|
+
#
|
66
|
+
# config.sso.consume_path = '/maestrano/auth/saml/consume'
|
67
|
+
|
68
|
+
# ==> Single Logout activation
|
69
|
+
# Enable/Disable single logout. When troubleshooting authentication issues
|
70
|
+
# you might want to disable SLO temporarily.
|
71
|
+
# If set to false then Maestrano::SSO::Session#valid? - which should be
|
72
|
+
# used in a controller before filter to check user session - always return true
|
73
|
+
#
|
74
|
+
# config.sso.slo_enabled = true
|
75
|
+
|
76
|
+
# ==> SSO User creation mode
|
77
|
+
# !IMPORTANT
|
78
|
+
# On Maestrano users can take several "instances" of your service. You can consider
|
79
|
+
# each "instance" as 1) a billing entity and 2) a collaboration group (this is
|
80
|
+
# equivalent to a 'customer account' in a commercial world). When users login to
|
81
|
+
# your application via single sign-on they actually login via a specific group which
|
82
|
+
# is then supposed to determine which data they have access to inside your application.
|
83
|
+
#
|
84
|
+
# E.g: John and Jack are part of group 1. They should see the same data when they login to
|
85
|
+
# your application (employee info, analytics, sales etc..). John is also part of group 2
|
86
|
+
# but not Jack. Therefore only John should be able to see the data belonging to group 2.
|
87
|
+
#
|
88
|
+
# In most application this is done via collaboration/sharing/permission groups which is
|
89
|
+
# why a group is required to be created when a new user logs in via a new group (and
|
90
|
+
# also for billing purpose - you charge a group, not a user directly).
|
91
|
+
#
|
92
|
+
# == mode: 'real'
|
93
|
+
# In an ideal world a user should be able to belong to several groups in your application.
|
94
|
+
# In this case you would set the 'sso.creation_mode' to 'real' which means that the uid
|
95
|
+
# and email we pass to you are the actual user email and maestrano universal id.
|
96
|
+
#
|
97
|
+
# == mode: 'virtual'
|
98
|
+
# Now let's say that due to technical constraints your application cannot authorize a user
|
99
|
+
# to belong to several groups. Well next time John logs in via a different group there will
|
100
|
+
# be a problem: the user already exists (based on uid or email) and cannot be assigned
|
101
|
+
# to a second group. To fix this you can set the 'sso.creation_mode' to 'virtual'. In this
|
102
|
+
# mode users get assigned a truly unique uid and email across groups. So next time John logs
|
103
|
+
# in a whole new user account can be created for him without any validation problem. In this
|
104
|
+
# mode the email we assign to him looks like "usr-sdf54.cld-45aa2@mail.maestrano.com". But don't
|
105
|
+
# worry we take care of forwarding any email you would send to this address
|
106
|
+
#
|
107
|
+
# config.sso.creation_mode = 'real' # or 'virtual'
|
108
|
+
|
109
|
+
# ==> Account Webhooks
|
110
|
+
# Single sign on has been setup into your app and Maestrano users are now able
|
111
|
+
# to use your service. Great! Wait what happens when a business (group) decides to
|
112
|
+
# stop using your service? Also what happens when a user gets removed from a business?
|
113
|
+
# Well the endpoints below are for Maestrano to be able to notify you of such
|
114
|
+
# events.
|
115
|
+
#
|
116
|
+
# Even if the routes look restful we issue only issue DELETE requests for the moment
|
117
|
+
# to notify you of any service cancellation (group deletion) or any user being
|
118
|
+
# removed from a group.
|
119
|
+
#
|
120
|
+
# The controllers for these hooks path are automatically generated when
|
121
|
+
# you run 'rake maestrano:install' and is available under
|
122
|
+
# <rails_root>/app/controllers/maestrano/account/
|
123
|
+
#
|
124
|
+
# config.webhook.account.groups_path = '/maestrano/account/groups/:id',
|
125
|
+
# config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id',
|
126
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
|
2
|
+
|
3
|
+
#== POST '/maestrano/auth/saml/consume'
|
4
|
+
# Final phase of the Single Sign-On handshake. Find or create
|
5
|
+
# the required resources (user and group) and sign the user
|
6
|
+
# in
|
7
|
+
#
|
8
|
+
# This action is left to you to customize based on your application
|
9
|
+
# requirements. Below is presented a potential way of writing
|
10
|
+
# the action.
|
11
|
+
#
|
12
|
+
# Assuming you have enabled maestrano on a user model
|
13
|
+
# called 'User' and a group model called 'Organization'
|
14
|
+
# the action could be written the following way
|
15
|
+
def consume
|
16
|
+
### 1)Find or create the user and the group
|
17
|
+
### --
|
18
|
+
### The class method 'find_or_create_for_maestrano' is provided
|
19
|
+
### by the maestrano-rails gem on the model you have maestrano-ized.
|
20
|
+
### The method uses the mapping defined in the model 'maestrano_*_via'
|
21
|
+
### block to create the resource if it does not exist
|
22
|
+
### The 'user_auth_hash' and 'group_auth_hash' methods are provided
|
23
|
+
### by the controller.
|
24
|
+
### --
|
25
|
+
# user = User.find_or_create_for_maestrano(user_auth_hash)
|
26
|
+
# organization = Organization.find_or_create_for_maestrano(group_auth_hash)
|
27
|
+
#
|
28
|
+
#
|
29
|
+
### 2) Add the user to the group if not already a member
|
30
|
+
### --
|
31
|
+
### The 'user_group_rel_hash' method is provided by the controller.
|
32
|
+
### The role attribute provided by maestrano is one of the following:
|
33
|
+
### 'Member', 'Power User', 'Admin', 'Super Admin'
|
34
|
+
### The 'member_of?' and 'add_member' methods are not provided by
|
35
|
+
### maestrano and are left to you to implement on your models
|
36
|
+
### --
|
37
|
+
# unless user.member_of?(organization)
|
38
|
+
# organization.add_member(user,role: user_group_rel_hash[:role])
|
39
|
+
# end
|
40
|
+
#
|
41
|
+
#
|
42
|
+
### Sign the user in and redirect to application root
|
43
|
+
### --
|
44
|
+
### The 'sign_in' method is not provided by maestrano but should already
|
45
|
+
### be there if you are using an authentication framework like Devise
|
46
|
+
### --
|
47
|
+
# sign_in(user)
|
48
|
+
# redirect_to root_path
|
49
|
+
|
50
|
+
raise NotImplemented.new("The consume action should be customized to fit your application needs")
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module Maestrano
|
2
|
+
module Generators
|
3
|
+
class UserGenerator < ::Rails::Generators::NamedBase
|
4
|
+
include ::Rails::Generators::ResourceHelpers
|
5
|
+
|
6
|
+
source_root File.expand_path("../templates", __FILE__)
|
7
|
+
desc "Configure user model <NAME> for maestrano and create migration"
|
8
|
+
hook_for :orm, as: :maestrano_user
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'rails/generators/named_base'
|
2
|
+
require 'generators/maestrano/orm_helpers'
|
3
|
+
|
4
|
+
module Mongoid
|
5
|
+
module Generators
|
6
|
+
class MaestranoGroupGenerator < Rails::Generators::NamedBase
|
7
|
+
include Maestrano::Generators::OrmHelpers
|
8
|
+
|
9
|
+
def inject_field_types
|
10
|
+
inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
|
11
|
+
end
|
12
|
+
|
13
|
+
def inject_maestrano_content
|
14
|
+
inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
|
15
|
+
end
|
16
|
+
|
17
|
+
def migration_data
|
18
|
+
<<RUBY
|
19
|
+
## User source identification fields
|
20
|
+
field :provider, type: String, default: ""
|
21
|
+
field :uid, type: String, default: ""
|
22
|
+
RUBY
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|