oa-enterprise 0.0.4

data/LICENSE.rdoc

@@ -0,0 +1,19 @@
+Copyright (c) 2010 James A. Rosen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,38 @@
+= OmniAuth::Enterprise
+
+OmniAuth strategies for use in your intranet.
+
+== Installation
+
+To get just enterprise functionality:
+
+    gem install oa-enterprise
+    
+For the full auth suite:
+
+    gem install omniauth
+    
+== Stand-Alone Example
+
+Use the strategy as a middleware in your application:
+
+    require 'omniauth/enterprise'
+    
+    use OmniAuth::Strategies::CAS, :server => 'http://cas.mycompany.com/cas'
+    
+Then simply direct users to '/auth/cas' to have them sign in via your company's CAS server.
+See OmniAuth::Strategies::CAS::Configuration for more configuration options.
+
+
+== OmniAuth Builder
+
+If CAS is one of several authentication strategies, use the OmniAuth Builder:
+
+    require 'omniauth/enterprise'
+    require 'omniauth/oauth'  # for Campfire
+    require 'openid/store/filesystem'
+    
+    use OmniAuth::Builder do
+      provider :cas, :server => 'http://cas.mycompany.com/cas'
+      provider :campfire
+    end

data/lib/omniauth/enterprise.rb

@@ -0,0 +1,7 @@
+require 'omniauth/core'
+
+module OmniAuth
+  module Strategies
+    autoload :CAS, 'omniauth/strategies/cas'
+  end
+end

data/lib/omniauth/strategies/cas/configuration.rb

@@ -0,0 +1,88 @@
+require 'rack'
+
+module OmniAuth
+  module Strategies
+    class CAS
+      class Configuration
+        
+        DEFAULT_LOGIN_URL = "%s/login"
+
+        DEFAULT_SERVICE_VALIDATE_URL = "%s/serviceValidate"
+
+        # @param [Hash] params configuration options
+        # @option params [String, nil] :cas_server the CAS server root URL; probably something like
+        #         'http://cas.mycompany.com' or 'http://cas.mycompany.com/cas'; optional.
+        # @option params [String, nil] :cas_login_url (:cas_server + '/login') the URL to which to
+        #         redirect for logins; options if <tt>:cas_server</tt> is specified,
+        #         required otherwise.
+        # @option params [String, nil] :cas_service_validate_url (:cas_server + '/serviceValidate') the
+        #         URL to use for validating service tickets; optional if <tt>:cas_server</tt> is
+        #         specified, requred otherwise.
+        def initialize(params)
+          parse_params params
+        end
+
+        # Build a CAS login URL from +service+.
+        #
+        # @param [String] service the service (a.k.a. return-to) URL
+        # 
+        # @return [String] a URL like
+        # "http://cas.mycompany.com/login?service=..."
+        def login_url(service)
+          append_service @login_url, service
+        end
+
+        # Build a service-validation URL from +service+ and +ticket+.
+        #
+        # @param [String] service the service (a.k.a. return-to) URL
+        # @param [String] ticket the ticket to validate
+        #
+        # @return [String] a URL like
+        # "http://cas.mycompany.com/serviceValidate?service=...&ticket=..."
+        def service_validate_url(service, ticket)
+          url = append_service @service_validate_url, service
+          url << '&ticket=' << Rack::Utils.escape(ticket)
+        end
+
+        private
+
+        def parse_params(params)
+          if params[:cas_server].nil? && params[:cas_login_url].nil?
+            raise ArgumentError.new(":cas_server or :cas_login_url MUST be provided")
+          end
+          @login_url   = params[:cas_login_url]
+          @login_url ||= DEFAULT_LOGIN_URL % params[:cas_server]
+          validate_is_url 'login URL', @login_url
+
+          if params[:cas_server].nil? && params[:cas_service_validate_url].nil?
+            raise ArgumentError.new(":cas_server or :cas_service_validate_url MUST be provided")
+          end
+          @service_validate_url   = params[:cas_service_validate_url]
+          @service_validate_url ||= DEFAULT_SERVICE_VALIDATE_URL % params[:cas_server]
+          validate_is_url 'service-validate URL', @service_validate_url
+        end
+
+        IS_NOT_URL_ERROR_MESSAGE = "%s is not a valid URL"
+
+        def validate_is_url(name, possibly_a_url)
+          url = URI.parse(possibly_a_url) rescue nil
+          raise ArgumentError.new(IS_NOT_URL_ERROR_MESSAGE % name) unless url.kind_of?(URI::HTTP)
+        end
+
+        # Adds +service+ as an URL-escaped parameter to +base+.
+        #
+        # @param [String] base the base URL
+        # @param [String] service the service (a.k.a. return-to) URL.
+        #
+        # @return [String] the new joined URL.
+        def append_service(base, service)
+          result = base.dup
+          result << (result.include?('?') ? '&' : '?')
+          result << 'service='
+          result << Rack::Utils.escape(service)
+        end
+        
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/cas/service_ticket_validator.rb

@@ -0,0 +1,80 @@
+require 'nokogiri'
+
+module OmniAuth
+  module Strategies
+    class CAS
+      class ServiceTicketValidator        
+
+        VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }
+
+        # Build a validator from a +configuration+, a
+        # +return_to+ URL, and a +ticket+.
+        #
+        # @param [OmniAuth::Strategies::CAS::Configuration] configuration the CAS configuration
+        # @param [String] return_to_url the URL of this CAS client service
+        # @param [String] ticket the service ticket to validate
+        def initialize(configuration, return_to_url, ticket)
+          @uri = URI.parse(configuration.service_validate_url(return_to_url, ticket))
+        end
+
+        # Request validation of the ticket from the CAS server's
+        # serviceValidate (CAS 2.0) function.
+        #
+        # Swallows all XML parsing errors (and returns +nil+ in those cases).
+        #
+        # @return [Hash, nil] a user information hash if the response is valid; +nil+ otherwise.
+        #
+        # @raise any connection errors encountered.
+        def user_info
+          parse_user_info(find_authentication_success(get_service_response_body))
+        end
+
+        private
+        
+        # turns an <cas:authenticationSuccess> node into a Hash;
+        # returns nil if given nil
+        def parse_user_info(node)
+          return nil if node.nil?
+          node.children.inject({}) do |hash, child|
+            unless child.kind_of?(Nokogiri::XML::Text) ||
+                   child.name == 'cas:proxies' ||
+                   child.name == 'proxies'
+              hash[child.name.sub(/^cas:/, '')] = child.content
+            end
+            hash
+          end
+        end
+        
+        # finds an <cas:authenticationSuccess> node in
+        # a <cas:serviceResponse> body if present; returns nil
+        # if the passed body is nil or if there is no such node.
+        def find_authentication_success(body)
+          return nil if body.nil? || body == ''
+          begin
+            doc = Nokogiri::XML(body)
+            begin
+              doc.xpath('/cas:serviceResponse/cas:authenticationSuccess')
+            rescue Nokogiri::XML::XPath::SyntaxError
+              doc.xpath('/serviceResponse/authenticationSuccess')
+            end
+          rescue Nokogiri::XML::XPath::SyntaxError
+            nil
+          end
+        end
+        
+        # retrieves the <cas:serviceResponse> XML from the CAS server
+        def get_service_response_body
+          result = ''
+          http = Net::HTTP.new(@uri.host, @uri.port)
+          http.use_ssl = @uri.port == 443 || @uri.instance_of?(URI::HTTPS)
+          http.start do |c|
+            response = c.get "#{@uri.path}?#{@uri.query}", VALIDATION_REQUEST_HEADERS
+            result = response.body
+          end
+          result
+        end
+        
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/cas.rb

@@ -0,0 +1,47 @@
+require 'omniauth/enterprise'
+
+module OmniAuth
+  module Strategies
+    class CAS
+      include OmniAuth::Strategy
+      
+      autoload :Configuration, 'omniauth/strategies/cas/configuration'
+      autoload :ServiceTicketValidator, 'omniauth/strategies/cas/service_ticket_validator'
+      
+      def initialize(app, options = {})
+        super(app, options.delete(:name) || :cas)
+        @configuration = OmniAuth::Strategies::CAS::Configuration.new(options)
+      end
+      
+      protected
+      
+      def request_phase
+        [ 
+          302,
+          {
+            'Location' => @configuration.login_url(callback_url),
+            'Content-Type' => 'text/plain'
+          },
+          ["You are being redirected to CAS for sign-in."]
+        ]
+      end
+
+      def callback_phase
+        ticket = request.params['ticket']
+        return fail!(:no_ticket) unless ticket
+        validator = ServiceTicketValidator.new(@configuration, callback_url, ticket)
+        @user_info = validator.user_info
+        return fail!(:invalid_ticket) if @user_info.nil? || @user_info.empty?
+        super
+      end
+      
+      def auth_hash
+        OmniAuth::Utils.deep_merge(super, {
+          'uid' => @user_info.delete('user'),
+          'extra' => @user_info
+        })
+      end
+      
+    end
+  end
+end

metadata

@@ -0,0 +1,198 @@
+--- !ruby/object:Gem::Specification 
+name: oa-enterprise
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 4
+  version: 0.0.4
+platform: ruby
+authors: 
+- James A. Rosen
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-16 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 0
+        - 0
+        - 4
+        version: 0.0.4
+  requirement: *id001
+  name: oa-core
+  prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 1
+        - 4
+        - 2
+        version: 1.4.2
+  requirement: *id002
+  name: nokogiri
+  prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id003
+  name: rake
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 0
+        - 0
+        - 8
+        version: 0.0.8
+  requirement: *id004
+  name: mg
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 1
+        - 3
+        - 0
+        version: 1.3.0
+  requirement: *id005
+  name: rspec
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 1
+        - 3
+        - 4
+        version: 1.3.4
+  requirement: *id006
+  name: webmock
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        - 5
+        - 4
+        version: 0.5.4
+  requirement: *id007
+  name: rack-test
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 1
+        - 4
+        - 3
+        version: 1.4.3
+  requirement: *id008
+  name: json
+  prerelease: false
+  type: :development
+description: Enterprise strategies for OmniAuth.
+email: james.a.rosen@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/omniauth/enterprise.rb
+- lib/omniauth/strategies/cas/configuration.rb
+- lib/omniauth/strategies/cas/service_ticket_validator.rb
+- lib/omniauth/strategies/cas.rb
+- README.rdoc
+- LICENSE.rdoc
+- CHANGELOG.rdoc
+has_rdoc: true
+homepage: http://github.com/intridea/omniauth
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Enterprise strategies for OmniAuth.
+test_files: []
+