oa-enterprise 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -11,12 +11,12 @@ module OmniAuth
|
|
|
11
11
|
|
|
12
12
|
# @param [Hash] params configuration options
|
|
13
13
|
# @option params [String, nil] :cas_server the CAS server root URL; probably something like
|
|
14
|
-
#
|
|
14
|
+
# `http://cas.mycompany.com` or `http://cas.mycompany.com/cas`; optional.
|
|
15
15
|
# @option params [String, nil] :cas_login_url (:cas_server + '/login') the URL to which to
|
|
16
|
-
# redirect for logins; options if
|
|
16
|
+
# redirect for logins; options if `:cas_server` is specified,
|
|
17
17
|
# required otherwise.
|
|
18
18
|
# @option params [String, nil] :cas_service_validate_url (:cas_server + '/serviceValidate') the
|
|
19
|
-
# URL to use for validating service tickets; optional if
|
|
19
|
+
# URL to use for validating service tickets; optional if `:cas_server` is
|
|
20
20
|
# specified, requred otherwise.
|
|
21
21
|
def initialize(params)
|
|
22
22
|
parse_params params
|
|
@@ -26,8 +26,7 @@ module OmniAuth
|
|
|
26
26
|
#
|
|
27
27
|
# @param [String] service the service (a.k.a. return-to) URL
|
|
28
28
|
#
|
|
29
|
-
# @return [String] a URL like
|
|
30
|
-
# "http://cas.mycompany.com/login?service=..."
|
|
29
|
+
# @return [String] a URL like `http://cas.mycompany.com/login?service=...`
|
|
31
30
|
def login_url(service)
|
|
32
31
|
append_service @login_url, service
|
|
33
32
|
end
|
|
@@ -37,8 +36,7 @@ module OmniAuth
|
|
|
37
36
|
# @param [String] service the service (a.k.a. return-to) URL
|
|
38
37
|
# @param [String] ticket the ticket to validate
|
|
39
38
|
#
|
|
40
|
-
# @return [String] a URL like
|
|
41
|
-
# "http://cas.mycompany.com/serviceValidate?service=...&ticket=..."
|
|
39
|
+
# @return [String] a URL like `http://cas.mycompany.com/serviceValidate?service=...&ticket=...`
|
|
42
40
|
def service_validate_url(service, ticket)
|
|
43
41
|
url = append_service @service_validate_url, service
|
|
44
42
|
url << '&ticket=' << Rack::Utils.escape(ticket)
|
|
@@ -31,7 +31,7 @@ module OmniAuth
|
|
|
31
31
|
|
|
32
32
|
private
|
|
33
33
|
|
|
34
|
-
# turns an
|
|
34
|
+
# turns an `<cas:authenticationSuccess>` node into a Hash;
|
|
35
35
|
# returns nil if given nil
|
|
36
36
|
def parse_user_info(node)
|
|
37
37
|
return nil if node.nil?
|
|
@@ -45,8 +45,8 @@ module OmniAuth
|
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
# finds an
|
|
49
|
-
# a
|
|
48
|
+
# finds an `<cas:authenticationSuccess>` node in
|
|
49
|
+
# a `<cas:serviceResponse>` body if present; returns nil
|
|
50
50
|
# if the passed body is nil or if there is no such node.
|
|
51
51
|
def find_authentication_success(body)
|
|
52
52
|
return nil if body.nil? || body == ''
|
|
@@ -62,7 +62,7 @@ module OmniAuth
|
|
|
62
62
|
end
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
-
# retrieves the
|
|
65
|
+
# retrieves the `<cas:serviceResponse>` XML from the CAS server
|
|
66
66
|
def get_service_response_body
|
|
67
67
|
result = ''
|
|
68
68
|
http = Net::HTTP.new(@uri.host, @uri.port)
|
|
@@ -192,60 +192,14 @@ module OmniAuth
|
|
|
192
192
|
end
|
|
193
193
|
false
|
|
194
194
|
end
|
|
195
|
-
|
|
196
|
-
def parse_sasl_digest_md5_credential(cred)
|
|
197
|
-
params = {}
|
|
198
|
-
cred.scan(/(\w+)=(\"?)(.+?)\2(?:,|$)/) do |name, sep, value|
|
|
199
|
-
params[name] = value
|
|
200
|
-
end
|
|
201
|
-
params
|
|
202
|
-
end
|
|
203
|
-
CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
|
|
204
|
-
def generate_client_nonce(size=32)
|
|
205
|
-
nonce = ""
|
|
206
|
-
size.times do |i|
|
|
207
|
-
nonce << CHARS[rand(CHARS.size)]
|
|
208
|
-
end
|
|
209
|
-
nonce
|
|
210
|
-
end
|
|
195
|
+
|
|
211
196
|
def sasl_bind_setup_digest_md5(bind_dn, options)
|
|
212
197
|
initial_credential = ""
|
|
213
|
-
nonce_count = 1
|
|
214
198
|
challenge_response = Proc.new do |cred|
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
_("unsupported qops: %s") % qops.inspect
|
|
220
|
-
end
|
|
221
|
-
qop = "auth"
|
|
222
|
-
server = @connection.instance_variable_get("@conn").addr[2]
|
|
223
|
-
realm = params['realm']
|
|
224
|
-
uri = "ldap/#{server}"
|
|
225
|
-
nc = "%08x" % nonce_count
|
|
226
|
-
nonce = params["nonce"]
|
|
227
|
-
cnonce = generate_client_nonce
|
|
228
|
-
requests = {
|
|
229
|
-
:username => bind_dn.inspect,
|
|
230
|
-
:realm => realm.inspect,
|
|
231
|
-
:nonce => nonce.inspect,
|
|
232
|
-
:cnonce => cnonce.inspect,
|
|
233
|
-
:nc => nc,
|
|
234
|
-
:qop => qop,
|
|
235
|
-
:maxbuf => "65536",
|
|
236
|
-
"digest-uri" => uri.inspect,
|
|
237
|
-
}
|
|
238
|
-
a1 = "#{bind_dn}:#{realm}:#{options[:password]||@password}"
|
|
239
|
-
a1 = "#{Digest::MD5.digest(a1)}:#{nonce}:#{cnonce}"
|
|
240
|
-
ha1 = Digest::MD5.hexdigest(a1)
|
|
241
|
-
a2 = "AUTHENTICATE:#{uri}"
|
|
242
|
-
ha2 = Digest::MD5.hexdigest(a2)
|
|
243
|
-
response = "#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}"
|
|
244
|
-
requests["response"] = Digest::MD5.hexdigest(response)
|
|
245
|
-
nonce_count += 1
|
|
246
|
-
requests.collect do |key, value|
|
|
247
|
-
"#{key}=#{value}"
|
|
248
|
-
end.join(",")
|
|
199
|
+
pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
|
|
200
|
+
sasl = SASL.new("DIGEST-MD5", pref)
|
|
201
|
+
response = sasl.receive("challenge", cred)
|
|
202
|
+
response[1]
|
|
249
203
|
end
|
|
250
204
|
[initial_credential, challenge_response]
|
|
251
205
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oa-enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 5
|
|
10
|
+
version: 0.1.5
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- James A. Rosen
|
|
@@ -16,7 +16,7 @@ autorequire:
|
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
18
|
|
|
19
|
-
date: 2010-10-
|
|
19
|
+
date: 2010-10-19 00:00:00 -05:00
|
|
20
20
|
default_executable:
|
|
21
21
|
dependencies:
|
|
22
22
|
- !ruby/object:Gem::Dependency
|
|
@@ -25,12 +25,12 @@ dependencies:
|
|
|
25
25
|
requirements:
|
|
26
26
|
- - "="
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
|
-
hash:
|
|
28
|
+
hash: 17
|
|
29
29
|
segments:
|
|
30
30
|
- 0
|
|
31
31
|
- 1
|
|
32
|
-
-
|
|
33
|
-
version: 0.1.
|
|
32
|
+
- 5
|
|
33
|
+
version: 0.1.5
|
|
34
34
|
requirement: *id001
|
|
35
35
|
name: oa-core
|
|
36
36
|
prerelease: false
|
|
@@ -85,6 +85,23 @@ dependencies:
|
|
|
85
85
|
type: :runtime
|
|
86
86
|
- !ruby/object:Gem::Dependency
|
|
87
87
|
version_requirements: &id005 !ruby/object:Gem::Requirement
|
|
88
|
+
none: false
|
|
89
|
+
requirements:
|
|
90
|
+
- - ~>
|
|
91
|
+
- !ruby/object:Gem::Version
|
|
92
|
+
hash: 65
|
|
93
|
+
segments:
|
|
94
|
+
- 0
|
|
95
|
+
- 0
|
|
96
|
+
- 3
|
|
97
|
+
- 1
|
|
98
|
+
version: 0.0.3.1
|
|
99
|
+
requirement: *id005
|
|
100
|
+
name: pyu-ruby-sasl
|
|
101
|
+
prerelease: false
|
|
102
|
+
type: :runtime
|
|
103
|
+
- !ruby/object:Gem::Dependency
|
|
104
|
+
version_requirements: &id006 !ruby/object:Gem::Requirement
|
|
88
105
|
none: false
|
|
89
106
|
requirements:
|
|
90
107
|
- - ">="
|
|
@@ -93,12 +110,12 @@ dependencies:
|
|
|
93
110
|
segments:
|
|
94
111
|
- 0
|
|
95
112
|
version: "0"
|
|
96
|
-
requirement: *
|
|
113
|
+
requirement: *id006
|
|
97
114
|
name: rake
|
|
98
115
|
prerelease: false
|
|
99
116
|
type: :development
|
|
100
117
|
- !ruby/object:Gem::Dependency
|
|
101
|
-
version_requirements: &
|
|
118
|
+
version_requirements: &id007 !ruby/object:Gem::Requirement
|
|
102
119
|
none: false
|
|
103
120
|
requirements:
|
|
104
121
|
- - ~>
|
|
@@ -109,12 +126,12 @@ dependencies:
|
|
|
109
126
|
- 0
|
|
110
127
|
- 8
|
|
111
128
|
version: 0.0.8
|
|
112
|
-
requirement: *
|
|
129
|
+
requirement: *id007
|
|
113
130
|
name: mg
|
|
114
131
|
prerelease: false
|
|
115
132
|
type: :development
|
|
116
133
|
- !ruby/object:Gem::Dependency
|
|
117
|
-
version_requirements: &
|
|
134
|
+
version_requirements: &id008 !ruby/object:Gem::Requirement
|
|
118
135
|
none: false
|
|
119
136
|
requirements:
|
|
120
137
|
- - ~>
|
|
@@ -125,12 +142,12 @@ dependencies:
|
|
|
125
142
|
- 3
|
|
126
143
|
- 0
|
|
127
144
|
version: 1.3.0
|
|
128
|
-
requirement: *
|
|
145
|
+
requirement: *id008
|
|
129
146
|
name: rspec
|
|
130
147
|
prerelease: false
|
|
131
148
|
type: :development
|
|
132
149
|
- !ruby/object:Gem::Dependency
|
|
133
|
-
version_requirements: &
|
|
150
|
+
version_requirements: &id009 !ruby/object:Gem::Requirement
|
|
134
151
|
none: false
|
|
135
152
|
requirements:
|
|
136
153
|
- - ~>
|
|
@@ -141,12 +158,12 @@ dependencies:
|
|
|
141
158
|
- 3
|
|
142
159
|
- 4
|
|
143
160
|
version: 1.3.4
|
|
144
|
-
requirement: *
|
|
161
|
+
requirement: *id009
|
|
145
162
|
name: webmock
|
|
146
163
|
prerelease: false
|
|
147
164
|
type: :development
|
|
148
165
|
- !ruby/object:Gem::Dependency
|
|
149
|
-
version_requirements: &
|
|
166
|
+
version_requirements: &id010 !ruby/object:Gem::Requirement
|
|
150
167
|
none: false
|
|
151
168
|
requirements:
|
|
152
169
|
- - ~>
|
|
@@ -157,12 +174,12 @@ dependencies:
|
|
|
157
174
|
- 5
|
|
158
175
|
- 4
|
|
159
176
|
version: 0.5.4
|
|
160
|
-
requirement: *
|
|
177
|
+
requirement: *id010
|
|
161
178
|
name: rack-test
|
|
162
179
|
prerelease: false
|
|
163
180
|
type: :development
|
|
164
181
|
- !ruby/object:Gem::Dependency
|
|
165
|
-
version_requirements: &
|
|
182
|
+
version_requirements: &id011 !ruby/object:Gem::Requirement
|
|
166
183
|
none: false
|
|
167
184
|
requirements:
|
|
168
185
|
- - ~>
|
|
@@ -173,7 +190,7 @@ dependencies:
|
|
|
173
190
|
- 4
|
|
174
191
|
- 3
|
|
175
192
|
version: 1.4.3
|
|
176
|
-
requirement: *
|
|
193
|
+
requirement: *id011
|
|
177
194
|
name: json
|
|
178
195
|
prerelease: false
|
|
179
196
|
type: :development
|