oa-enterprise 0.2.0.beta2 → 0.2.0.beta3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +1 -1
- data/lib/omniauth/strategies/cas.rb +1 -1
- data/lib/omniauth/strategies/ldap.rb +7 -3
- data/lib/omniauth/strategies/ldap/adaptor.rb +28 -12
- metadata +6 -59
data/README.rdoc
CHANGED
|
@@ -25,7 +25,7 @@ See OmniAuth::Strategies::CAS::Configuration for more configuration options.
|
|
|
25
25
|
|
|
26
26
|
== LDAP
|
|
27
27
|
|
|
28
|
-
Use the LDAP strategy as a middleware in your
|
|
28
|
+
Use the LDAP strategy as a middleware in your application:
|
|
29
29
|
|
|
30
30
|
require 'omniauth/enterprise'
|
|
31
31
|
use OmniAuth::Strategies::LDAP,
|
|
@@ -9,7 +9,7 @@ module OmniAuth
|
|
|
9
9
|
autoload :ServiceTicketValidator, 'omniauth/strategies/cas/service_ticket_validator'
|
|
10
10
|
|
|
11
11
|
def initialize(app, options = {}, &block)
|
|
12
|
-
super(app, options
|
|
12
|
+
super(app, options[:name] || :cas, options.dup, &block)
|
|
13
13
|
@configuration = OmniAuth::Strategies::CAS::Configuration.new(options)
|
|
14
14
|
end
|
|
15
15
|
|
|
@@ -55,7 +55,11 @@ module OmniAuth
|
|
|
55
55
|
begin
|
|
56
56
|
creds = session.delete 'omniauth.ldap'
|
|
57
57
|
@ldap_user_info = {}
|
|
58
|
-
|
|
58
|
+
begin
|
|
59
|
+
(@adaptor.bind(:allow_anonymous => true) unless @adaptor.bound?)
|
|
60
|
+
rescue Exception => e
|
|
61
|
+
puts "failed to bind with the default credentials: " + e.message
|
|
62
|
+
end
|
|
59
63
|
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @adaptor.bound?
|
|
60
64
|
bind_dn = creds['username']
|
|
61
65
|
bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
|
|
@@ -65,10 +69,10 @@ module OmniAuth
|
|
|
65
69
|
|
|
66
70
|
@env['omniauth.auth'] = auth_hash
|
|
67
71
|
|
|
68
|
-
call_app!
|
|
69
72
|
rescue Exception => e
|
|
70
|
-
fail!(:invalid_credentials, e)
|
|
73
|
+
return fail!(:invalid_credentials, e)
|
|
71
74
|
end
|
|
75
|
+
call_app!
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
def auth_hash
|
|
@@ -15,7 +15,7 @@ module OmniAuth
|
|
|
15
15
|
class ConnectionError < StandardError; end
|
|
16
16
|
|
|
17
17
|
VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password,
|
|
18
|
-
:try_sasl, :sasl_mechanisms, :uid, :base]
|
|
18
|
+
:try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous]
|
|
19
19
|
|
|
20
20
|
MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
|
|
21
21
|
|
|
@@ -33,15 +33,17 @@ module OmniAuth
|
|
|
33
33
|
@disconnected = false
|
|
34
34
|
@bound = false
|
|
35
35
|
@configuration = configuration.dup
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
36
|
+
@configuration[:allow_anonymous] ||= false
|
|
37
|
+
@logger = @configuration.delete(:logger)
|
|
38
|
+
message = []
|
|
39
|
+
MUST_HAVE_KEYS.each do |name|
|
|
40
|
+
message << name if configuration[name].nil?
|
|
41
|
+
end
|
|
42
|
+
raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
|
|
42
43
|
VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
|
|
43
44
|
instance_variable_set("@#{name}", configuration[name])
|
|
44
45
|
end
|
|
46
|
+
|
|
45
47
|
end
|
|
46
48
|
|
|
47
49
|
def connect(options={})
|
|
@@ -81,14 +83,21 @@ module OmniAuth
|
|
|
81
83
|
|
|
82
84
|
bind_dn = (options[:bind_dn] || @bind_dn).to_s
|
|
83
85
|
try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
|
|
84
|
-
|
|
86
|
+
if options.has_key?(:allow_anonymous)
|
|
87
|
+
allow_anonymous = options[:allow_anonymous]
|
|
88
|
+
else
|
|
89
|
+
allow_anonymous = @allow_anonymous
|
|
90
|
+
end
|
|
85
91
|
# Rough bind loop:
|
|
86
92
|
# Attempt 1: SASL if available
|
|
87
93
|
# Attempt 2: SIMPLE with credentials if password block
|
|
94
|
+
# Attempt 3: SIMPLE ANONYMOUS if 1 and 2 fail and allow anonymous is set to true
|
|
88
95
|
if try_sasl and sasl_bind(bind_dn, options)
|
|
89
|
-
puts "
|
|
96
|
+
puts "bound with sasl"
|
|
90
97
|
elsif simple_bind(bind_dn, options)
|
|
91
|
-
puts "
|
|
98
|
+
puts "bound with simple"
|
|
99
|
+
elsif allow_anonymous and bind_as_anonymous(options)
|
|
100
|
+
puts "bound as anonymous"
|
|
92
101
|
else
|
|
93
102
|
message = yield if block_given?
|
|
94
103
|
message ||= ('All authentication methods for %s exhausted.') % target
|
|
@@ -242,12 +251,19 @@ module OmniAuth
|
|
|
242
251
|
args = {
|
|
243
252
|
:method => :simple,
|
|
244
253
|
:username => bind_dn,
|
|
245
|
-
:password => options[:password]||@password,
|
|
254
|
+
:password => (options[:password]||@password).to_s,
|
|
246
255
|
}
|
|
256
|
+
begin
|
|
247
257
|
execute(:bind, args)
|
|
248
258
|
true
|
|
259
|
+
rescue Exception
|
|
260
|
+
false
|
|
249
261
|
end
|
|
250
|
-
|
|
262
|
+
end
|
|
263
|
+
def bind_as_anonymous(options={})
|
|
264
|
+
execute(:bind, {:method => :anonymous})
|
|
265
|
+
true
|
|
266
|
+
end
|
|
251
267
|
def construct_uri(host, port, ssl)
|
|
252
268
|
protocol = ssl ? "ldaps" : "ldap"
|
|
253
269
|
URI.parse("#{protocol}://#{host}:#{port}").to_s
|
metadata
CHANGED
|
@@ -1,13 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oa-enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
prerelease:
|
|
5
|
-
|
|
6
|
-
- 0
|
|
7
|
-
- 2
|
|
8
|
-
- 0
|
|
9
|
-
- beta2
|
|
10
|
-
version: 0.2.0.beta2
|
|
4
|
+
prerelease: 6
|
|
5
|
+
version: 0.2.0.beta3
|
|
11
6
|
platform: ruby
|
|
12
7
|
authors:
|
|
13
8
|
- James A. Rosen
|
|
@@ -16,7 +11,7 @@ autorequire:
|
|
|
16
11
|
bindir: bin
|
|
17
12
|
cert_chain: []
|
|
18
13
|
|
|
19
|
-
date: 2011-
|
|
14
|
+
date: 2011-02-03 00:00:00 -06:00
|
|
20
15
|
default_executable:
|
|
21
16
|
dependencies:
|
|
22
17
|
- !ruby/object:Gem::Dependency
|
|
@@ -26,12 +21,7 @@ dependencies:
|
|
|
26
21
|
requirements:
|
|
27
22
|
- - "="
|
|
28
23
|
- !ruby/object:Gem::Version
|
|
29
|
-
|
|
30
|
-
- 0
|
|
31
|
-
- 2
|
|
32
|
-
- 0
|
|
33
|
-
- beta2
|
|
34
|
-
version: 0.2.0.beta2
|
|
24
|
+
version: 0.2.0.beta3
|
|
35
25
|
type: :runtime
|
|
36
26
|
prerelease: false
|
|
37
27
|
version_requirements: *id001
|
|
@@ -42,10 +32,6 @@ dependencies:
|
|
|
42
32
|
requirements:
|
|
43
33
|
- - ~>
|
|
44
34
|
- !ruby/object:Gem::Version
|
|
45
|
-
segments:
|
|
46
|
-
- 1
|
|
47
|
-
- 4
|
|
48
|
-
- 2
|
|
49
35
|
version: 1.4.2
|
|
50
36
|
type: :runtime
|
|
51
37
|
prerelease: false
|
|
@@ -57,10 +43,6 @@ dependencies:
|
|
|
57
43
|
requirements:
|
|
58
44
|
- - ~>
|
|
59
45
|
- !ruby/object:Gem::Version
|
|
60
|
-
segments:
|
|
61
|
-
- 0
|
|
62
|
-
- 1
|
|
63
|
-
- 1
|
|
64
46
|
version: 0.1.1
|
|
65
47
|
type: :runtime
|
|
66
48
|
prerelease: false
|
|
@@ -72,10 +54,6 @@ dependencies:
|
|
|
72
54
|
requirements:
|
|
73
55
|
- - ~>
|
|
74
56
|
- !ruby/object:Gem::Version
|
|
75
|
-
segments:
|
|
76
|
-
- 0
|
|
77
|
-
- 1
|
|
78
|
-
- 1
|
|
79
57
|
version: 0.1.1
|
|
80
58
|
type: :runtime
|
|
81
59
|
prerelease: false
|
|
@@ -87,11 +65,6 @@ dependencies:
|
|
|
87
65
|
requirements:
|
|
88
66
|
- - ~>
|
|
89
67
|
- !ruby/object:Gem::Version
|
|
90
|
-
segments:
|
|
91
|
-
- 0
|
|
92
|
-
- 0
|
|
93
|
-
- 3
|
|
94
|
-
- 1
|
|
95
68
|
version: 0.0.3.1
|
|
96
69
|
type: :runtime
|
|
97
70
|
prerelease: false
|
|
@@ -103,8 +76,6 @@ dependencies:
|
|
|
103
76
|
requirements:
|
|
104
77
|
- - ">="
|
|
105
78
|
- !ruby/object:Gem::Version
|
|
106
|
-
segments:
|
|
107
|
-
- 0
|
|
108
79
|
version: "0"
|
|
109
80
|
type: :development
|
|
110
81
|
prerelease: false
|
|
@@ -116,10 +87,6 @@ dependencies:
|
|
|
116
87
|
requirements:
|
|
117
88
|
- - ~>
|
|
118
89
|
- !ruby/object:Gem::Version
|
|
119
|
-
segments:
|
|
120
|
-
- 0
|
|
121
|
-
- 0
|
|
122
|
-
- 8
|
|
123
90
|
version: 0.0.8
|
|
124
91
|
type: :development
|
|
125
92
|
prerelease: false
|
|
@@ -131,10 +98,6 @@ dependencies:
|
|
|
131
98
|
requirements:
|
|
132
99
|
- - ~>
|
|
133
100
|
- !ruby/object:Gem::Version
|
|
134
|
-
segments:
|
|
135
|
-
- 1
|
|
136
|
-
- 3
|
|
137
|
-
- 0
|
|
138
101
|
version: 1.3.0
|
|
139
102
|
type: :development
|
|
140
103
|
prerelease: false
|
|
@@ -146,10 +109,6 @@ dependencies:
|
|
|
146
109
|
requirements:
|
|
147
110
|
- - ~>
|
|
148
111
|
- !ruby/object:Gem::Version
|
|
149
|
-
segments:
|
|
150
|
-
- 1
|
|
151
|
-
- 3
|
|
152
|
-
- 4
|
|
153
112
|
version: 1.3.4
|
|
154
113
|
type: :development
|
|
155
114
|
prerelease: false
|
|
@@ -161,10 +120,6 @@ dependencies:
|
|
|
161
120
|
requirements:
|
|
162
121
|
- - ~>
|
|
163
122
|
- !ruby/object:Gem::Version
|
|
164
|
-
segments:
|
|
165
|
-
- 0
|
|
166
|
-
- 5
|
|
167
|
-
- 4
|
|
168
123
|
version: 0.5.4
|
|
169
124
|
type: :development
|
|
170
125
|
prerelease: false
|
|
@@ -176,10 +131,6 @@ dependencies:
|
|
|
176
131
|
requirements:
|
|
177
132
|
- - ~>
|
|
178
133
|
- !ruby/object:Gem::Version
|
|
179
|
-
segments:
|
|
180
|
-
- 1
|
|
181
|
-
- 4
|
|
182
|
-
- 3
|
|
183
134
|
version: 1.4.3
|
|
184
135
|
type: :development
|
|
185
136
|
prerelease: false
|
|
@@ -215,7 +166,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
215
166
|
requirements:
|
|
216
167
|
- - ">="
|
|
217
168
|
- !ruby/object:Gem::Version
|
|
218
|
-
hash: -
|
|
169
|
+
hash: -3005094770643845587
|
|
219
170
|
segments:
|
|
220
171
|
- 0
|
|
221
172
|
version: "0"
|
|
@@ -224,15 +175,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
224
175
|
requirements:
|
|
225
176
|
- - ">"
|
|
226
177
|
- !ruby/object:Gem::Version
|
|
227
|
-
segments:
|
|
228
|
-
- 1
|
|
229
|
-
- 3
|
|
230
|
-
- 1
|
|
231
178
|
version: 1.3.1
|
|
232
179
|
requirements: []
|
|
233
180
|
|
|
234
181
|
rubyforge_project:
|
|
235
|
-
rubygems_version: 1.
|
|
182
|
+
rubygems_version: 1.5.0
|
|
236
183
|
signing_key:
|
|
237
184
|
specification_version: 3
|
|
238
185
|
summary: Enterprise strategies for OmniAuth.
|